There is arguably no area more susceptible to fraud than procurement. Why? The answer revolves around a disconnect between how organizations view internal buyers of their goods, versus how the marketplace views those same individuals.
If your organization is like most, buyers are valued employees, typically in line- or middle-management positions. However, the sesame individuals are considered extraordinarily powerful by vendors in the marketplace—hence the disconnect and related vulnerability for problems.
To vendors, buyers are effectively the “guard at the palace gate,” empowered to open the door at their discretion for relatively few third parties. Once in, vendors enjoy the benefits of a steady revenue stream, often for several years—all to the detriment of competitors who wait outside for an opportunity to get beyond the guard. The power of a buyer, particularly those affiliated with large entities, is significant. They can potentially change the destiny of a vendor by simply endorsing a particular product over another, ultimately creating a relationship with a new vendor. The entrée into one organization can also allow a new vendor access to related entities, thereby providing an enormous opportunity to a vendor previously unknown to the overall organization. Consequently, this line- or middle-management employee can mean the difference between a vendor struggling to survive and one reaping significant financial rewards.
How Vulnerable Are You?
The answer here depends largely on how your organization assesses risk and how much priority has been assigned to procurement. If internal personnel charged with monitoring questionable activity don’t distinguish procurement from other areas, you are likely at significant risk. If the persons monitoring procurement data, both operationally and for audit purposes, don’t understand the many forms a true anomaly can take, you may be losing a great deal of money, which could have been passed through to customers in lower prices or stockholders in higher earnings.
No matter what industry you are in, if your business buys large volumes of goods, you are a prime target. In these scenarios, masking a problem is easy for a corrupt buyer, since he or she can adjust price on a per item basis, in nominal amounts, making it quite difficult to spot the problem.
Moreover, for those who spot a particular variance, it may be common for this to be disregarded as immaterial. However, nominal amounts per item can mean big dollars in aggregate. In my experience, there are many brand-name entities who would attest to this, having been burned by procurement personnel with an “entrepreneurial spirit.”
How Do They Do It?
If fraudsters took only one path toward retirement, prevention would be easy. While there are many games that can be played in procurement, here is a sampling of the tricks we typically see.
Initial Selection of Vendor. The buyer often has the opportunity to champion a vendor “through the gate.” This advocacy process can be quite valuable to entities that prefer that certain information about them be filtered out of the equation. For example, the entity moving through the process may lack necessary capacity, have a questionable past, have principals who would prefer to remain anonymous, or other issues. A buyer who is corrup twill oftentimes filter the information made available and deflect damaging business intelligence as it arises.
Of course, procurement fraud is not limited to new vendors. However, vendors with a strong desire to pass through the gate are more likely to consider a creative advancement technique than one already enjoying the benefits of a volume relationship. Moreover, once an entity is through the gates and interacting with numerous persons, having proven themselves as a good business partner, they are less vulnerable to the views of one person in the organization.
Allocation of Goods Purchased. Since the buyer is often the person who decides how to “spread the wealth” among sourcing companies, vendors are often creative in helping to persuade the buyer in the allocation of dollars…in a manner beneficial to themselves. If buyers are managed by bottom-line numbers, without regard to the product’s source, the purchases may be dominated by certain “less than arms length” relationships, resulting in the company paying more than they need or getting fewer products than they should.
Overpayment for Goods. Why would someone purposely overpay for products purchased? There are many vendors who would gladly share a small piece of the action through kickbacks, particularly if it’s built into an inflated price. There is significant risk here since large volume buyers can mask small price discrepancies with ease. This issue doesn’t typically hit the screen of internal audit since, by its nature, it iscounterintuitive.
It’s important for someone other than the actual buyer to be monitoring individual prices to determine whether they are consistent with market and whether variances have a plausible explanation. Obviously, promotional allowances need to be factored into this equation such that the net price per item is reasonable.
Change Orders. If you procure goods in an environment with specified contract ceilings, the person empowered with modifying the ceiling, typically through change orders, waves a powerful wand. A corrupt procurement agent can drastically change the intent and magnitude of a contract through multiple change orders. With the knowledge and help of an insider, a vendor can bid low, acquire invaluable knowledge, and recoup early costs through change-orders, ultimately resulting in a higher cost and typically lower-quality product.
Can We Trust Our Procurement Personnel?
We can and should place a great deal of trust in our procurement personnel. However, it’s imperative we recognize the unique position in which they are placed. This recognition requires building appropriate controls to address unique risks present in this area. Ideally, these controls should blend into a strong overall control environment within the organization, the first step of which is an appropriate tone at the top. Absent a clear policy about what’s acceptable (and what’s not) and a perception of adherence in the company, an individual buyer may be persuaded to open the gate for those willing to pave his or her personal path. In this example, perception is reality. Policies concerning integrity in the vendor relationship area are meaningless unless followed at all levels within an organization.
And should you believe your buyers are unaware of what’s transpiring above them with respect to vendor relationships—think again. If the buyer doesn’t see or hear about something internally, the marketplace via those vendors trying to get through the gate will alert them.
The goal here is not to put controls before business, but rather to recognize particular vulnerabilities and attach appropriate controls. Moreover, this is an area that can be handled proactively, avoiding cost and embarrassment often associated with reactive situations.
Is This Intuitive?
While this may seem like common sense, numerous cases of financial fraud in this area demonstrate it is not. We want to believe that none of the employees we hire, particularly those whom we pay well and place a great deal of trust, would steal from us. However, the fact is that a certain percentage will.
Procurement fraud gets its greatest publicity from the public sector, where there are countless examples of overpricing or substitutions of product.
Since the underlying business issue concerns the buying and selling of goods, this type of fraud has no boundaries. It is international, and it applies to both government and corporate operations. Our experience in the retail marketplace suggests a real need for robust controls. With high volume, thousands of individual products, and variability in promotional terms, it can be quite difficult to police this activity.
If You’re Not Looking, You Won’t Find It
Many organizations spend a great deal of time and money instituting controls without first assessing risk. The assessment process has to contemplate fraud—what types of persons or entities may try it, and how might they attack?
Absent a clear policy about what’s acceptable (and what’s not) and a perception of adherence in the company, an individual buyer may be persuaded to open the gate for those willing to pave his or her personal path.
One odd characteristic I find over and over again is that internal monitors very rarely know what fraud looks like. Auditors or other staff assigned to monitor questionable activity are significantly disadvantaged if they don’t know where the organization is most vulnerable and what a fraudulent transaction looks like. While there is not a finite universe of schemes to study, there are common techniques with many derivatives. Understanding how these apply to the specific entity you’re in and what the underlying documents may look like can help auditors or loss prevention specialists grasp conceptually where they are at greatest risk. My experience also suggests that internal professionals are very willing to get this training, since they are keenly aware of expectations around them to ferret out fraudulent transactions.
What Can I Do Proactively?
With respect to procurement, there should be two general levels of review, one operational, the other loss prevention or audit.
The operational review simply ensures that information surrounding the purchase of goods or services is making its way to the next tier of management, and, most importantly, that those managers understand what the information is and how it compares to performance benchmarks.
This may sound intuitive, but history suggests otherwise. In the land of volume and numerous reports flowing throughout a company, it’s not uncommon for reports to go unread or worse, read but not understood. In either case, “pockets” of autonomy can develop and people, in this case buyers, perceive an opportunity where their actions will go unnoticed. Spreading the information to operational managers and training them in what to look for will go a long way toward the elimination of these “pockets.”
As for loss prevention professionals, the general level of review should recognize procurement as a target area of fraud and ensure the appropriate staff is properly trained in how to recognize a problem.
One of the most beneficial techniques for those tasked with this responsibility area in my opinion, is the development of what I call “smart reports.” These reports can be run regularly, and effectively serve as the basis for real-time questioning of activity. Rather than waiting for two or three years to cycle through the procurement area, these reports are soliciting current activity monthly, looking for aberrations. Sound too easy? If they are set-up properly, they will help significantly, and their assistance is not limited to fraud detection. These reports will also identify certain operational issues that can wreak havoc in the company’s systems.
For example, what is the likelihood of a buyer “structuring payments” within your organization to avoid additional approval signatures? By simply knowing what the thresholds are, loss prevention professionals can easily craft reports to look for payments just below the approval threshold or cumulative totals during the month that exceed the threshold. Is that fraud? You won’t know until you look. And when you look in a focused manner, people know you are looking, which acts as a deterrent by itself.
Patterns of this type of problem can be spotted easily with a well designed report. The answers you will get when you start asking questions around this are amazing. In a recent case we worked on, where the procurement agent diverted $1 million and has since pled guilty in U.S. District Court, the procurement staff was actually instructing vendors to split invoice amounts (avoiding thresholds) if they wanted to be paid promptly. In this case, the invoices split were both legitimate and illegitimate—legitimate invoices avoiding approvals and illegitimate invoices to fictitious vendors avoiding all scrutiny. The perpetrator in this matter was a twenty-year veteran of the company and a department director. In other words, he knew nobody was watching.
There are numerous other reports that can be designed for the procurement area. Each smart report would target a different audit flag and would focus on issues such as duplicate payments, duplicate vendors, multiple payments in the same period, and similar issues.
In addition to the smart reports and periodic reviews, there are other techniques that can be applied to protect your company from procurement fraud. When you accept a new vendor into your company operation, how much business intelligence is gathered in advance? Do you want to know if this entity or its principals have a long history of defaulting on contracts and have spent significant time in court? Do you want to know whether there are a string of related parties attached to this company, and that you may be buying marked-up goods from a party that is less than arms-length?
In many cases, we find this information bubbles to the surface after it’s too late. Typically, in what would have been a small proactive intelligence gathering effort, the company ends up using significant external resources to maneuver through the legal playing field of recouping assets.
Whether it’s acquiring a new vendor or a new business, intelligence gathering is a great investment. Knowing information that may be derogatory doesn’t necessarily kill the deal. However, it can empower management with new negotiating leverage to mitigate risk if the deal is to go forward.
Similar to the vendor intelligence example above, it can be extremely valuable to know some additional information about the buyers on your staff. For example, might your buyers be owners of outside entities that could be conduits for kickbacks? Do your buyers have a history of liens or judgments against them? Do your buyers or any entities they are affiliated with have an address that matches a company in your vendor masterfile? Do your buyers live lifestyles that exceed what they are financially capable of?
Doing some behind-the-scenes checking in this area can reveal some scary facts. Another of our recent cases is a good example. A thirty-year procurement veteran decided his middle management salary was insufficient and he funneled $650,000 of kickbacks through a side company. Unfortunately, this was found out by his employer reactively rather than proactively and had cost the company (and ultimately its customers) a significant sum of money through overpricing of goods. How many of these veteran employees are in your company? What effect do you believe this has on profits?
While it may not be pleasant to look into an employee’s activities, curbing fraud in businesses with scale is difficult without some level of internal review. Like the business intelligence above, the information obtained on individuals is publicly available. It can, for a relatively small cost in advance, save companies a great deal of money, time, and embarrassment. This methodology can be applied anywhere in the company, but is most useful here, given the autonomy and related third-party risks that exist in the procurement area.
In sum, oversight over procurement should be parallel with your exposure, which in most retail environments, is significant. A proactive strategy will not only identify fraudsters costing you money, it will send a message to potential wrong doers that they will likely be caught if they try.