When a US firm enlisted a risk consultancy to investigate suspiciously large sums on an employee’s travel and entertainment expenses claim, it opened a can of worms. After investigations, it emerged the employee had set up some fictitious companies to supply financial reports to her employer.
“She would submit these fraudulent reports herself, forge her boss’ signature, claiming to have bought them because people on her team needed to analyse them,” says David Holley, senior managing director of business intelligence and investigations at Kroll, who was one of the investigators working on the case.
“So she tapped into the system with a small amount and when she looked around and realised nobody was paying attention, took a little more and then boom, $5,000, $10,000, sometimes $15,000 a month. She ultimately got in excess of $1.5m.”
The fraudster got a jail sentence in a US state prison.
This case is at the extreme end of procurement fraud – which can cover bribery, self-dealing, kickbacks and conflicts of interest, and for which punishment can vary vastly. But whatever the method, the number of companies falling victim to procurement fraud grew in the past year.
The Global Fraud Report from the Economist Intelligence Unit and Kroll reports a five per cent rise annual rise in the number of companies worldwide affected by vendor, supplier or procurement fraud. In 2011, one-fifth of the 1,200 senior executives worldwide surveyed say this has affected their businesses.
Other research backs this finding up. KPMG’s fraud barometer published earlier this year noted that overall total fraud in the UK in 2011 amounted to £3.5 billion, of which £5 million was lost to procurement embezzlement.
While some cases go through the British justice system, most fraudulent behaviour is dealt with in a number of different ways and will not necessarily show up on the radar of such research because it goes unreported. For many organisations, drawing attention to corruption within their ranks is a double whammy of humiliation and one best not publicised.
“If a company discovers something they don’t like, they’ll do a lot of things to make a person they don’t want around go away,” says former head of global procurement Mike Inman, now partner at TableForce (and CPO Agenda columnist). “I think a lot of companies tempt moral hazard and think: ‘Let’s pay this one person to go away.’ Employers don’t want the press to hear about fraud. Once the press gets wind of a problem, it can grow to be an entire company’s problem. Everyone then is tainted by that one person’s behaviour.”
Range of response
Inman’s own experience of fraudulent staff members have seen the companies’ responses range from informing the external authorities, to firing offenders with a pay off, or even ignoring it.
One purchasing employee had an acquaintance who was misrepresenting who he had worked with and bidding on the job too. “Instead of terminating the person’s contract, they kept him,” Inman says. “It was an awful situation – there was a sense that the company was saying to him: ‘We’ve got you and you’ll do as we say because we caught you doing something wrong’,” Inman says.
In an ideal world, the most appropriate response for CPOs would be to report their suspicions to the relevant central stakeholders in the business, such as legal or internal audit, HR or security functions, says Hitesh Patel, KPMG forensic partner. “It would then be down to the internal independent group to undertake appropriate investigative steps (usually with the support of external specialists) to respond to the CPO’s concerns,” he says.
But many senior buyers feel alerting the authorities on fraudulent behaviour is the only reasonable response. Andrew Vaughan, group procurement director at BDR Thermea, says most companies would involve the police as it sends a clear message internally, adding: “In previous companies [I have worked] where issues have occurred then we decided to make sure everybody was aware of what happened and they were clear on the consequences.”
Patel adds: “Most companies take such matters seriously and will investigate reported allegations or concerns.” However, he knows that a number of pressures – such as the loss of reputation or cost concerns – may make companies deal with the matter in different ways.
“Companies will respond in a varying manner by [for example] moving the alleged fraudulent employee elsewhere in the organisation, discontinuing employment, exit through compromise agreements and often a pay off,” he says. “Police do get called in occasionally, but it depends on the nature, magnitude, complexity of the problems, likelihood of proving the allegations, company culture and appetite to respond robustly to such matters.”
Doing nothing would not just be ethically questionable, says Patel, but foolhardy. “Often this will lead to the creation of a poor anti-fraud culture and will only exacerbate the situation,” he says. “In addition, if an organisation is known to third parties to be weak in response to fraud or vulnerable because of poor management controls, it will become a target of fraudsters and organised criminals.”
Even paying off employees who have committed fraud encourages the behaviour that may have led to the fraud in the first place, says Inman. “If somebody is doing something wrong, relatively few people know about it. But when others start noticing an unaccounted-for ‘other’ in the accounts, for example, it can quickly become known by a lot more people and when it gets out people may think: ‘What do I do to get money?’,” he says. “Paying people to leave drives long-term risk behaviour.”
At the very least, Inman says, companies that have paid someone to leave should follow up with some kind of ethics training for other employees. “This is a way to keep people from being unethical, to make them realise that something has happened and to restore their faith in the company in taking ethical issues seriously.”
Involving the most senior staff in the company, as with other issues, plays an important role in both dealing with fraud once it has happened and taking steps to prevent it. Vaughan says: “If the CEO or senior board are seen to be active in addressing procurement fraud, then it will get attention.”
However, when it comes to procurement, most responsibility should lie with the line manager. “They need to be mindful if any supplier is shown to be favoured in any way and working closely with suppliers at different levels of seniority is also useful as it can highlight what is happening at each relationship ‘touch point’,” Vaughan says.
Part of the problem lies in identifying the nature of the offence and the fact that throughout the procurement process, there are many opportunities for fraud to be committed (see panel, opposite). “The story starts with subtleties,” says Inman. “Is a buyer really presenting the correct information to a sourcing committee?” There are many opportunities for procurement professionals to influence bidding processes and use their power to lie to a committee, he adds.
Political pressures may influence the behaviour of buyers when it comes to state contracts. A former CPO, who wanted to remain anonymous, says a public sector organisation he worked for did not put an overdue contract to tender and kept its incumbent supplier because the senator representing the area in which the supplier was based was up for re-election. When he raised the issue, he was told that as employees at the supplier were voters, losing potential votes was not an option and left the company on that basis.
Similarly, finding non-compliance in procurement strategy execution, such as someone downstream deciding unilaterally to go with a different supplier, should ring alarm bells, says Jonathan Watt, former CPO and executive interim. “Root cause analysis of the non-compliance will lead you in the right direction and then ‘follow the money!’ he says.
Such examples show that determining and proving criminal activity from such examples is extremely difficult, which is why establishing a counter-fraud culture that spells out the nature of offences is essential in dealing with and preventing fraud. “It is necessary for the organisation to be very clear on what the acceptable guidelines are regarding gifts or hospitality and contract sign-off levels,” says Vaughan.
While such measures to establish due diligence in countering procurement fraud are essential, it’s also important to consider the motivations for committing procurement fraud.
The reasons for people committing fraud are varied and can be selfish or altruistic. But the increase in procurement fraud in the current economic climate is no coincidence. “Individual and corporate pressures drive the wrong behaviour,” says Patel. “People trying to maintain lifestyles, service debts, keep their jobs, and so on in very difficult economic conditions means that they will increasingly resort to improper and fraudulent means to get money out of the business.”
The downturn also acts as a catalyst for companies to examine the cost base and restructure businesses, Patel adds, and as a result more procurement fraud is being identified.
“Fraud itself has moved up the corporate agenda and with it the infrastructure to prevent, detect and investigate it. The UK Bribery Act has also helped in that to receive a bribe in award of contracts is now regarded with much more seriousness.”
However, he adds that collusive procurement fraud within an organisation is very difficult to detect.
Mike Inman doesn’t believe companies are getting better at finding it, particularly in the recession, when looking for fraud is not a priority. “Purchasing departments are usually understaffed in a recession and they are asked to focus on saving money, but not given the people to help achieve this,” he says.
What is clear from the plethora of sorry tales the purchasing committee has about this sort of behaviour is that including it as part of a procurement strategy is essential, not just in saving money, but in reputation and employee morale. Whether the wider economic situation has acerbated the problem remains to be proven, but while career fraudsters will always exist, it seems the economic situation could be causing people to do things they wouldn’t normally.
Fraud risks throughout the procurement process
Each stage and area of the procurement process holds different risks of fraud, according to Hitesh Patel, KPMG forensic partner:
- Determining requirements: parties may be in a position to falsify specifications.
- Selection and ordering: the bid process could be rigged and kickbacks offered or accepted to facilitate inflated contract values. Employees could fix bids by releasing confidential information to suppliers and colluding with counterparties. Connected companies or bogus agents may be invited to bid or join the supplier base.
- Receipt of goods or services: make sure the correct quantity and quality of goods or services has been supplied.
- Receipt and recording of the supplier’s invoice: frauds can occur with the creation of dummy suppliers, misuse of credit notes, rebates and volume discounts. It is crucial to establish whether or not an invoice is genuine and then ensure prices and quantities are correct.
- Payment: payments must only be made in respect of authorised invoices. Proper security must be maintained over chequebooks and use of money transfer systems.
Checklist Avoiding procurement fraud
Ensure you have effective due diligence: it might be basic, such as verifying what’s been provided, or having a third part verify it.
Procurement professionals need to audit and test the relationship with the supplier, the amount involved, where they expected the goods or services to be at the outset and whether inventories are matching that.
As the risk level gets higher and the ability to control that vendor or third party gets more difficult and distant, then you might want to engage in a background investigation or allowing a third party to conduct reference interviews, or some aggressive combination of all of it.
Undertake risk assessments: apply a forensic lens and tools and techniques to the procurement spend to identify weaknesses in the system as well as ongoing fraud. Often risks associated with time, cost and quality are considered only from an operational perspective with fraud risks not being considered at the same time.
Utilise technological resources: The ease of technology is making fraud easier. People can run an entire fraudulent website business off their mobile phone now. But technology can also aid a business in detecting fraud, for example in making electronic trails difficult to erase, or managing supplier data and ensuring it’s up to date.
Establish a counter fraud culture: senior management at the company needs to make clear that all forms of fraud are unacceptable, and will be dealt with appropriately. Employees should be incentivised to prevent, detect and report fraud.
Create an effective whistleblowing system: internal staff and external suppliers need an anonymous hotline or email address to take their concerns to. This could be sourced by a third party.
Training in anti-corruption and anti-fraud for procurement staff: if the mandate for such training comes from senior staff down. It will go to everyone along the chain from the CFO, to the CPO, to procurement.
Look at root causes: if procurement fraud has occurred, after an external investigation, CPOs must look to establish why it occurred and ensure internal controls, policies and procedures are revised and guidelines provided on what unethical behaviour is.