Fraud can occur during any stage within the procurement life cycle, resulting in recurring and significant losses. Organizations may be at risk of fraudulent activities conducted by internal staff, collusion between internal staff and external service providers, or collusion among suppliers. Procurement fraud can be perpetrated in many ways, and it can be difficult to detect. Internal auditors can help safeguard the organization from losses. Twelve common pitfalls and vulnerable areas are:
1. Weak control environment. When formalized policies are inadequate or ineffective, and staff training to help the organization prevent and detect procurement fraud is insufficient, employees may write off fraudulent or unethical activities as cultural norms. They might assume, for example, that receiving gifts and entertainment from vendors — regardless of value — is always acceptable. These perceptions can result in widespread control weaknesses and increased potential for fraud.
Procurement policies and procedures that lack comprehensive review, approval, and monitoring of scenarios will also increase the risk of procurement fraud. For instance, in the absence of well-defined guidelines and controls, purchases can be designated as «urgent» or «emergencies» to bypass the need to compare competitive quotes.
2. Incompetent purchase budget review or approval. Reviewers and approvers may not have been equipped with relevant antifraud skills to ask the right questions before requested items are approved in the purchase budget. After budget approval, users or requestors can make purchases much more easily. Effective budget reviews are therefore especially critical to fraud prevention.
3. Inadequate purchase request scrutiny. In the absence of proper scrutiny, staff members might be able to request and make excessive or unnecessary purchases. It is therefore essential for those charged with evaluating the validity of purchase requests to carefully review and assess the justifications for items to be purchased.
4. Inadequate review of purchase specifications. Organizations require specific expertise to evaluate the validity and appropriateness of purchase specifications indicated for sourcing. Without this resource, purchase specifications can be customized to favor certain vendors and cause unnecessary financial losses to the organization.
5. Ineffective quote reviews. Without effective assessment of quotes or bids before contract award, intentional favouritism of a particular vendor might not be easily detected. It is easy to enable a particular vendor to be selected when limited criteria are used to assess competing vendors. Management should carefully review and decide on vendor assessment criteria and then evaluate the competing quotes or bids received accordingly.
6. Insufficient background checks. The organization may fail to conduct effective background checks on new vendors. It may approve vendors without requiring them to provide appropriate documentation, such as business registration details. This deficiency creates, for example, the potential for staff members or their relatives to set up a shell company to make excessive or fictitious purchases that benefit themselves or their relatives at the expense of the organization.
7. Ineffective conflict-of-interest declaration procedures. Periodic conflict-of-interest declaration procedures may become a check-the-box exercise instead of a meaningful control activity to prevent and detect inappropriate transactions. For example, the procedures may lack adequate vendor details to help staff identify the companies with which their organization is transacting. Without well-designed procedures, employees may perceive the conflict-of-interest declaration as routine and fail to recognize its importance.
8. Ineffective inspection of goods and services received. If goods and services are delivered to the organization without being checked and acknowledged by independent, competent parties, intentional under delivery, damaged goods, or inferior goods could go undetected.
9. Ineffective project monitoring. Without robust controls in place to monitor ongoing projects — including periodic reviews of percentage-of-completion, estimated costs-to-complete, etc. — the organization may not detect warning signs of fraud such as excessive change orders and cost mischarging.
10. Ineffective three-way matching. Those responsible for reviewing invoices submitted for payment may lack the expertise to recognize potentially fraudulent items, such as personal purchases, inflated invoices, and fictitious purchases. Moreover, they may neglect to perform a three-way match among the purchase order, receipt of goods, and supplier invoice. As a result, procurement fraud schemes may go undetected prior to vendor payment.
11. Absence of robust procurement analytics. Highly irregular one-time payments may be relatively easy to spot with periodic checking and basic review procedures. But when irregularities occur more frequently, with lower dollar amounts that seem insignificant in isolation, they might easily go unnoticed without more sophisticated analytics. The organization can perform analytics with indicators that reflect repeated purchase orders with amounts just below the approval threshold limits, excessive purchases made from particular vendors, etc., to facilitate the identification of irregular activity.
12. Inadequate criteria for evaluating vendors. Once a vendor is hired, the organization may neglect to monitor its performance on an ongoing basis. Robust criteria, such as applicable quantitative and qualitative performance criteria and indicators (e.g., price competitiveness, timeliness of delivery, product or service quality, and customer service responsiveness), should be evaluated periodically to ensure staff make value-for-money purchases, instead of excessive or fraudulent purchases, on the organization’s behalf.
In conclusion, I would just like to say that as Compliance & Internal Audit Manager, I give you some suggestion based of comprehensive frameworks and guidance on enterprise risk management, internal control, and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations. If you liked this content use the buttons below to share with your friends on social networks! 😊
If you want to leave your opinion, remember that it is always positive and with respect. On the contrary, any aggressive opinion, conduct or expressions that go against respect, dignity, or constitute insults or slander will be blocked, and reported to the Authorities in accordance with the provisions of article 208 of the Spanish Penal Code. The crime of libel provides for a fine ranging from 3 to 14 months and for slander the penalty will be imprisonment from 6 months to 2 years or a fine from 6 to 24 months.