Curbing Rampant Procurement Fraud
Procurement Fraud and Vendor Fraud are Rampant.
Procurement and vendor fraud schemes are far and away the most common form of corporate crime. It accounts for 19% of all corporate crime. They range from highly complex to very simplistic. It usually involves someone in a position of trust who can both approve vendors and approve vendor invoices.
It is very easy for someone in a position of trust to create one or a series of fraudulent vendors, submit and approve fictitious invoices, and pocket the proceeds. More complex types of vendor frauds sometimes involve the trusted insider conspiring with one or more established vendors to submit and approve the payment of inflated invoices or intersperse fraudulent invoices amongst a flurry of otherwise legitimate invoices. Vendor frauds that are a conspiracy between company insiders and vendors typically run longer and result in a larger financial loss than the more simplistic forms of vendor fraud.
Further adding to the challenge is the fact that in many organizations, vendor onboarding is often a very decentralized process driven by a need someone in the organization has who then begins navigating the onboarding process and may not follow all of the required onboarding procedures or the process itself is lacking in sufficient controls. Because of its decentralized nature, in larger organizations, no one person knows all of the vendors. As a consequence, it can be difficult to recognize when there is something wrong.
Just like it is a prudent thing to look at your consumer credit report periodically for signs of identity theft, it is likewise prudent to periodically review your vendor master file sorted by aggregate spend. Who are your biggest vendors, what are you buying from them and are there any vendor names that are high on the aggregate spend list that are unexpected or unknown?
Once you have a good list of vendors about which you have raised questions, take a look at the supporting documentation. A normal vendor file should have some type of vendor agreement – on your letterhead or theirs – along with invoices, correspondence back and forth, evidence of the receipt of goods or services such as shipping records, bills of lading, airbills etc. If it is a services vendor, in addition to the contract, there should be progress reports or other evidence that the services are in the process of being performed or they have been completed. There should also be one or more people in your organization who are the designated points of contact. Does that person have buying authority and does it make sense that this individual is procuring this type of service? Does the company have a website and does how it presents itself correspond with the goods or services being invoiced? Not having website can be a red flag. The absence of a website alone doesn’t necessarily mean the company isn’t real or doesn’t exist. Perform some additional Internet research and look to see how often the company appears in internet references. Even the smallest of businesses have some type of Internet presence. A complete lack of references to the company on the Internet is unusual and warrants further investigation.
While the Internet is a good starting point, it is not the same as an open source, public record background investigation. Here in the U.S., such investigative research consists of searching a wide range of electronically available public records. Some examples including state corporate registration records, civil litigation, criminal records, bankruptcy filings, liens and judgements, Uniform Commercial Code filings (a type of secured interest), company profile databases (such as Dun & Bradstreet, Hoovers etc.) and media research. Individuals can also be searched but given the fact that some people have common names, you will need to couple their names with unique identifiers such as addresses, social security numbers dates of birth to make sure that you are researching the correct people. Individuals can also appear in civil, criminal, bankruptcy, liens and judgement repositories and corporate registrations. They can also be identifiable with professional license and disciplinary records, education records, consumer credit information, real estate deeds and mortgages, vehicle and boat registrations and titles, aircraft ownership records and of course, in social media such as Facebook, Instagram and LinkedIn.
Some of the aforementioned records repositories are available at no cost through various government websites but it can be an inefficient process and lead inexperienced investigators down rabbit holes. There are subscription services through which you can access a large swath of publicly available information all at once. And of course, there are investigative firms who employ experts in investigative and social media research.
If you’ve never looked across your vendor master file for evidence of fraud, there’s a good chance you’re going to find some once your start looking for it. If your initial research confirms suspicions of vendor fraud, consider discussing your situation with an outside investigative firm. Most such firms will brainstorm with you at no cost and then put together a proposed investigative approach along with a timetable and budget estimate.
The Association of Certified Fraud Examiners publishes its Report to the Nations every two years. And every two years, the report lends further credence to the statistic that organizations on average lose 5% of their revenue to fraud, waste and abuse. With procurement fraud accounting for 19% of all frauds, that seems like a good place for you to start looking for fraud.