Procurement Fraud Prevention and Detection – How to protect your organisation from one of the most common frauds

Technology Insights

Procurement fraud is multi-faceted and may take many different forms. Therefore, the prevention and detection mechanisms to combat procurement fraud must be just as multi-faceted and sophisticated.

Procurement occurs any time an organisation obtains a good, service or benefit from another party. Therefore, procurement fraud can occur at any time within an organisation and can affect any organisation, regardless of size or industry.


blue_risk_2.png

Many organisations have internal controls in place to combat procurement fraud, including delegations of authority for approving payments to suppliers. However, where many potential fraudsters take advantage of the procurement process for their personal gain is a situation where the procurement of the good, service or benefit is time sensitive and must occur quickly. In these circumstances internal controls are often bypassed, either with or without the knowledge of the usual approver of the process. While the bypassing of these controls may be conducted in an innocent manner to expedite legitimate procurement needs, it also presents an opportunity for potential fraudsters to engage in fraudulent procurement procedures with a ready-made excuse that they were simply acting under time pressure. This may cause loss to the organisation in a number of different ways including reputational damage, procurement of poor-quality goods and services, a requirement to pay above market rates to a supplier or being locked into a long-term contract with a supplier where the needs of the organisation require a short-term agreement.

Types of Procurement Fraud

There are many different ways in which either an employee or a potential supplier may perpetrate fraud during the procurement process at an organisation. It is vital for an organisation to understand the different ways in which fraud can be perpetrated during this process in order to be able to combat any wrongdoing. Examples of the different types of procurement fraud include the following.

Procurement Fraud Occurring Prior to the Solicitation of Bids

Procurement employees may convince the organisation that excessive or unnecessary goods or services are required. This usually coincides with the procurement employee receiving a bribe or kickback from the supplier for enabling the ordering of excessive or unnecessary goods. Red flags relating to such activity include the organisation consistently being overstocked, not ordering stock at the optimal reorder point, having large amounts of stock write-offs and a heavy reliance on ordering from one supplier.

Procurement employees may also engage in bid tailoring by drafting specifications in a way that gives an unfair advantage to a certain supplier. This is usually done in collusion with the particular supplier whereby the employee may receive a bribe or kickback in return. Bid specifications may be too narrow, to eliminate other bidders, too broad to allow the specific supplier into the bidding process or too vague to enable contract or price amendments. Red flags with regards to bid tailoring include only one or few bidders responding, the contract not being rebid despite the process not producing the minimum number of required bids or a high number of bidding awards to one particular supplier.

Procurement Fraud Occurring During the Solicitation of Bids

Procurement employees may manipulate the bidding process to benefit a particular supplier. This is usually performed in collusion with the supplier in order to receive some form of benefit or gratuity. This can be done by the employee by publishing the tender in an obscure location or during holiday periods, accepting late bids, disqualifying bids for improper reasons, altering bids, and extending bid opening dates without justification. Red flags created by such behaviour include consistently voiding a winning bid due to error, the winning bid came in later than usually allowed by the bidding process or constantly changing bid deadlines.

Suppliers may also collude with one another to rig the bidding process. This may be done by rotating which supplier submits the winning bid, illegally supressing or withdrawing a bid so another supplier wins the contract or submitting a token bid to attempt to influence the price for another supplier. Red flags of supplier collusion include the same suppliers always bidding on each project, a winning bidder subcontracts work to a losing bidder, few bids are received for the project or a pattern where the last bidder always wins the contract.

Procurement Fraud Occurring After the Contract is Awarded

Fraud may be perpetrated by the winning bidder even after the contract has been awarded. Generally, this requires collusion with a procurement employee within the organisation who will approve wrongdoing by the supplier. This may be done by providing poor quality goods and services, overcharging for materials or labour, charging costs that are not allowable under the contract or consistently increasing prices through change orders.

Prevention and Detection of Procurement Fraud

In Australia, the Australian Standard AS 8001:2021 Fraud and Corruption Control has been the preeminent guide on how to prevent, detect and respond to the risks of fraud and corruption. In June 2021, AS 8001 underwent a refresh, with the revised version called AS 8001:2021. Regarding procurement fraud, AS 8001:2021 outlines the following controls that could be implemented with respect to vetting suppliers:

  • Search of company register;
  • ABN and bank account confirmation;
  • Verification of the personal details of directors;
  • Director bankruptcy search;
  • Disqualified director search;
  • Educational qualifications claimed;
  • Assessment of credit rating;
  • Search of legal proceedings pending, and judgements entered;
  • Telephone listing verification;
  • Trading address verification;
  • Media search including social media and online sources;
  • Search of available debarment, sanction, and watch-lists; and
  • Search for politically exposed persons.

AS 8001:2021 also states that organisations shall implement pressure testing procedures for assessing the effectiveness of internal controls. This involves an independent person or team testing transactions to assess the effectiveness of controls related to those transactions. An example of this in relation to procurement fraud may be submitting a fake invoice for payment to the accounts payable team to see if the team effectively follows the documented policies, procedures, and internal controls of the organisation. Common vulnerabilities that can be uncovered through pressure testing include:basic_illustrations-04-risk_management_legal_advisory - Copy.png

  • A lack of fraud awareness;
  • Inadequate quality assurance;
  • Not verifying information or evidence;
  • A lack of effective oversight;
  • Weak technology controls;
  • Inadequate detection controls; and
  • A lack of reporting or reconciliation.

Corruption commissions / integrity bodies from around Australia often provide better practice guidance for public sector organisations that is just as relevant to the private sector. An example is with Victoria’s  Independent Broad-Based Anti-Corruption Commission (IBAC) that outlines on its website the following suggested control measures to assist in preventing and detecting procurement fraud.

  • Audits and checks should be conducted at regular and random intervals to look for trends and patterns. These audits should check the veracity of invoices, whether goods and services have actually been delivered, quality of goods and services, checking invoices against prices in the awarded contract and auditing employee access to sensitive tender information.
  • Conflicts of interest framework should be established to allow employees to declare conflicts of interest and review identified conflicts. Rotation of employees and separation of duties should be used in procurement functions, particularly in high-risk positions.
  • Due diligence procedures should be conducted to establish the legitimacy of suppliers.
  • Check financial delegate paperwork is complete prior to approving expenditure.
  • Require staff to sign invoices to verify goods or services have been received.
  • Establish automated controls in the accounting system to ensure duplicate invoices cannot be entered.
  • Monitor variations in contracts and project scope after approval.
  • Conduct regular staff training and staff development with respect to procurement procedures, conflicts of interest and fraud and corruption control.
  • Encourage reporting of suspicious activity and abide by relevant whistleblower legislation.

IBAC provide an example of a breakdown of controls with respect to procurement relating to an irregularity of processing invoices at a local Council. The investigation uncovered how an employee had been over ordering alcohol and on-selling the surplus for a gain. Alcohol costs were distributed across multiple cost centres by the employee to avoid detection. The Council’s Manager, Risk Management and Contracts Compliance stated “saleable items should have had double accounting processes applied… Procurement policies and structures that grant permission for delegated employees to order and expend funds should have their approvals tested from time to time to ensure compliance.

Another example of a better practice guide relevant to mitigating the risk of procurement fraud is from the New South Wales (NSW) Independent Commission Against Corruption (ICAC) and its publication on ‘Supplier Due Diligence: A Guide for NSW Public Sector Agencies’ June 2020 which is also just as applicable to private sector organisations. This NSW ICAC guide includes how to check on:

  • Is the supplier genuine?
  • Is the supplier capable and reliable?
  • Is the supplier financially viable?
  • Does the supplier have the required authorities, licences and status?
  • Is the supplier of good repute and integrity?

 

Please do not hesitate to contact Roger Darvall-Stevens, Milind Sheth, Chris Scott or any others in RSM’s Fraud & Forensic Services team to discuss how your organisation can prevent and detect potential procurement fraud, or discuss how we can help your organisation with fraud and corruption control better practice.

Authors

Roger Darvall-Stevens
Partner and Head of Fraud & Forensic Services
Milind Sheth
Senior Manager - Melbourne
Chris Scott
Manager - Melbourne
asset_3.png

Subscribe to Risk Insider to stay up to date with the latest in Technology, Fraud and Security.