The recently publicized scandals related to an alleged case of large scale fraud at a local government-owned company, have led many people to question how this could have happened. Even though the details about the case are vague and the investigation is still ongoing, one thing is certain: the fraud schemes revolve around the purchasing activities within the company.
In this article, we will shed some light on the most common types of procurement (or purchasing) fraud schemes. We will furthermore highlight some vital management control measures that can be implemented to counter purchasing fraud risks.
Even though it may not be the number one concern that keeps organization leaders awake at night, employee fraud may be a significant drain on a company’s bottom line and cause a number of serious negative impacts on the organization, including damages to the brand and company reputation. According to a 2016 publication by The Association of Certified Fraud Examiners (ACFE) titled Report to the Nations on Occupation Fraud and Abuse, asset misappropriation is by far the most common of the three primary categories of occupational fraud and the majority of deceptions committed in this category are related to procurement.
The procurement function of an organization includes the acquisition of goods and services for the business for different purposes. The acquisition of goods may include; inventory (merchandise products purchased intended for resale), raw materials (basic materials used in the production process), office supplies (consumables and small equipment for office use) and capital assets (tangible goods such as machinery, equipment and vehicles for long-term use). The acquisition of services from external agencies may include; marketing and advertising services, repair and maintenance services, cleaning services, IT-related services, professional (legal, accounting) services, and so on.
So it seems obvious that the procurement function is highly vulnerable to fraudulent practices because 1) it relates to the acquisition of many types of goods and services and 2) it involves the disbursement of large volumes of company funds. In fact, it is where most cash leaves the company. The following section discusses a couple of typical procurement fraud schemes in more detail.
Procurement fraud schemes
There are seven basic categories of procurement fraud schemes that may be attempted by employees: 1) fictitious invoices 2) duplicate invoices 3) overbilling 4) altered invoices 5) payment diversion 6) corrupt influence, and 7) conflicts of interest.
A fictitious invoice is any invoice submitted by a vendor to the company which is not represented by a legitimate sale and purchase for the company. There are two types of fictitious invoicing schemes: 1) The invoice was prepared and submitted to the company, while the products and services have never been delivered, or 2) The offender (employee) benefited from the products and services, while the vendor sends the bill to the company for payment. The scheme usually involves a vendor acting in complicity with the purchasing employee of the victim organization who then share in the profits.
A duplicate invoice is an invoice submitted a second time by a vendor for products delivered and services rendered that have already been billed and paid. Especially when there are large volumes of purchasing transactions and controls at the accounts payable department are lacking, this type of fraud can easily occur. In this type of scheme the vendor, the purchasing employee and accounts payable personnel may act in collusion and split the gains from the scheme.
Overbilling is a method where the vendor submits an inflated invoice for payment. Either quantities invoiced do not match the number of items actually delivered or the prices of items have been upwardly adjusted in order to make the purchasing company pay more than it should. This type of fraud may happen when there is no appropriate control for item receipts when the goods are delivered, and no regular price comparisons are made to determine if the company is getting the best deals from the existing vendor. This scheme will only work if the purchasing employee and the vendor act in collusion.
Altered invoices occur when the purchasing employee makes changes to the invoice before submitting it to accounts payable for payment. In this case the vendor is unaware of the alteration. Especially in this digital age, many invoices are submitted electronically by vendors. Employees can alter the invoice data or recreate an invoice similar to the original one, but with inflated quantities and/or prices. The employee will have to act in collusion with an accounts payable clerk who is authorized to process payments. To make this scheme work, the accounts payable clerk has to process two payments, one payment for the original (actual) invoice amount to the vendor, and a second disbursement for the difference to a bank account belonging to the offender.
Employees can create payments to themselves by sidestepping the control system so that payments are diverted directly to themselves or to companies they control. Collusion with accounts payable personnel is probably necessary and may require someone having the authorization to over-ride. Accounts payable managers, for example, often have the ability to over-ride control mechanisms for duplicate payments. In such cases they can authorize duplicate payments to an existing vendor or to a bank account belonging to the perpetrator.
Corrupt influence happens when the procuring executive gives preference to a specific vendor, either because some kind of bribery was offered to him/her or there is gain to be shared with the supplier. Corrupt influence includes buying more items than are needed, using more services than is required, intentionally qualifying an untested or unqualified vendor and deliberately excluding qualified bidders. The offender might also tailor or narrow specifications to such a degree that only his/her favorite bidder can win.
Conflicts of interest
Conflicts of interest occur when an employee, manager, or executive has an undisclosed economic interest in a transaction that affects the company in a harmful way. It is not necessary that the company actually suffer damages for the existing conflict of interest to be considered detrimental. The effect need only be potentially adverse. A conflict of interest scheme often involves other schemes. Since the employee profits from the transaction, e.g. by owning shares in the supplying company, he or she will attempt to maximize his/her benefits from the scheme by purchasing more than is necessary, by acquiring substandard product qualities (and pay premium price), and/or by inflating invoice quantities and prices.
Most of the times, the purchasing company will end up being the victim of unnecessary, excessive or inappropriate purchases of goods or services as a result of conflicts of interests.
Preventing procurement fraud schemes
There are a couple of imperative measures that can be implemented to reduce the risk of procurement fraud. Below I have summarized some vital internal control actions:
Large organizations that deal with purchasing should acknowledge procurement fraud on their company risk register.
Management and employees should be trained to ascertain minor red flags indicating possible fraud such as a perceived intimate relationship by an employee with a particular supplier and outspoken favoritism for a vendor.
A three-way match should always be carried out, to verify alignment between amounts documented on the requisition, purchase order and invoice. Also very important: the delivery note presented by the delivery clerk should also check against the contract schedule.
Strict procurement policies and procedures should be in place and management should make sure they are followed and enforced. E.g., purchase requisition policies and vendor selection procedures are key aspects of procurement that need to be properly documented.
Segregation of duties is an effective barrier to procurement fraud however it is not always strictly enforced. It is the means by which no one person has sole control over the lifespan of a transaction. E.g. the person in charge of procurement should not be the one who signs and perform controls for item receipts.
A two-person system should be implemented to define who can either add or delete a supplier from the approved supplier list or change a supplier’s bank account number.
Management or internal auditors should carry out proactive data set matches of the company’s staff against suppliers by looking for shared bank accounts, address and telephone numbers. There is other information that can be gathered from this data apart from conflicts of interest such as suppliers sharing office buildings that management did not know about.
Proper analysis should be made of spend patterns with suppliers to verify if excessive outlay is being made. Procurement thresholds should also be checked in order to validate if there isn’t evidence of splitting orders to bypass tender thresholds.
In our course Financial Analysis & Reporting for Controllers we cover the basics of management control and we also discuss some key measures to prevent many types of occupational frauds.