Going Beyond the Obvious to Root Out Procurement Fraud
Reading supplychain.com recently, I came across this ten point procurement fraud prevention checklist by Paul Guile, a CIPS global procurement fraud advisor from across the pond. Paul outlines some basic best practices that your organization should put in place if you haven’t already.
I want to recap and add to Paul’s list, because while his list is a great starting point, most of the fraud I’ve seen in my career did not and would not have shown up solely through following these best practices. There is still more you need to do. Here Paul’s list:
1. Ensure the risk of procurement fraud is acknowledged on your company risk register, and there is a risk owner who has overall responsibility in the organisation.
2. Ensure all staff who are able to make or are involved in financial decisions are trained how to identify procurement fraud.
3. Ensure a three-way match is carried out.
4. If a staff member moves departments, remove all of their current permissions and authorities and add the permissions applicable to their new role.
5. Ensure the procurement process is followed and is enforced. Has an order been placed before the procurement paperwork has been raised? If so, why?
6. In addition to segregation of duties, a two-person system should be implemented to define who can either add or delete suppliers or change a supplier’s bank account number.
7. When auditing suppliers identify the sub-contractors. Do your contracts stipulate that sub-contractors must be agreed to by your organisation before they are engaged?
8. Implement a variation limit for costs on both contracts and on projects.
9. Be proactive in looking for conflicts of interest. Carry out data set matches of your staff against suppliers looking for shared bank accounts, address and telephone numbers.
10. Analyze spend patterns to ensure you are spending what you think you are. Check that thresholds are being followed and there no evidence of splitting orders to circumvent tender thresholds.
This is a great place to start with fraud prevention. Still, fraud can and will slip through the cracks. Here are some additional safeguards CPOs should put in place to prevent fraud and root it out when it does happen.
- Never say never. Don’t be naïve. Let your folks know what the consequences of breaking the rules are and that they are all accountable for bad behavior and for the integrity of the group. One rotten egg spoils the whole.
- Periodically communicate with key suppliers. Annual or semi-annual meetings are a good start. Share your corporate as well as departmental objectives and provide opportunities for dialog.
- For key suppliers or anyone you make large or repetitive payments to, never send a check. Verify and validate bank and account information and set them up for ACH or electronic funds deposit.
- Always be accessible to suppliers. Talk and act as their advocate. Doing so will make them more comfortable in approaching you if they have or know of an issue.
- Have a supplier audit program and follow through on execution. Make sure you get to new suppliers in the first year. Engage audit to be your partner and create an agreed to risk profile.
- Have a supplier management and governance program and participate in those meetings randomly.
- Always have one means of communication that goes to you and you alone. Confidential voice mail is one example. Make it known that you and only you check it, so callers can be assured of confidentiality and know that you will listen.
- Respond to cryptic or blind calls whenever possible. Someone may be trying to tell you something and not be comfortable leaving much information.
While it is essential to have a prevention plan, keep in mind that most fraud that occurs is identified not by plan but by chance. It usually happens by finding one clue that leads to another that leads to another.
In my experience, consistently collecting information, making yourself available, listening carefully and always following through on trails that look like they might lead somewhere is the key.