Are You Prepared?

Procurement
Pressures and incentives, opportunity, and
rationalization its the recipe for fraud, any
type of fraud. Abuse within the procurement
cycle is common and can be damaging, from
the magnitude of potential monetary losses to
the reputational damage that can come from a
loss of trust of important stakeholders such as
investors, customers, and other suppliers.
Consider a long time employee who is suddenly
struggling with making ends meet at home.
Through many years of service in the
procurement department, he has gained the
trust of co-workers, established personal
relationships with vendors, and has an intimate
knowledge of the controls system and any gaps
that may exist. Almost effortlessly, he could
approach a vendor to inate invoices and direct
surplus payments to his personal bank account.
Such collusion is common in procurement frauds.
2 | At Risk | Volume 6, No. 1
2012 KPMG LLP, a Canadian limited liability partnership and a member rm of the KPMG network of independent
member rms afliated with KPMG International Cooperative (KPMG International), aSwiss entity. All rights reserved.
At Risk | Volume 6, No. 1 | 3
is a Manager in KPMGs Forensic practice and holds a Chartered
Accountancy designation. Over the course of her three years with the
practice, Erin has participated in alleged procurement fraud investigations
and has provided proactive fraud risk management services to clients.
Her Forensic experience extends to data analytics, as well as litigation
support, damage quantication, and contract compliance assignments.
In addition to her Forensic experience, Erin has assisted clients with
evaluating their internal controls over nancial reporting, including the
evaluation of fraud risk mitigation in the procurement cycle.
Erin Wight
Contact: ewight@kpmg.ca or (416) 777-3019
The economy these days is in ux. For some
companies, the agenda is recovery while others
are still struggling. Experience shows that
fraud can ourish in times of economic boom
or bust. Change can have a signicant impact
on people at all levels in the organization. As
management works through the turbulence,
corners may be cut. Less staff resources may
be available due to earlier cutbacks and the
demands on experienced staffs time may
be split between control responsibilities and
managing the integration of newly acquired
business units.
In either scenario, the offender will justify their
actions: the company wont miss this; its a small
drop in the bucket, or Ill pay it back as soon as I am
able. Perhaps less obvious; but equally alarming,
it becomes increasingly enticing to accept gifts
from a supplier when the demands on staffs time
is expanded and compensation is frozen or not
increasing to the extent of the former glory days
of growth and protability when the economy was
ourishing. Employees rationalize actions that are
not in the best interest of the company and this
attitude and abuse of opportunity can spread through
the organization if not kept in check throughout the
transitional phase of the business lifecycle.
In the push for short-term results it becomes
more challenging to stay two steps ahead of the
more unethical among us. Could this happen to
you? Are youprepared? How condent are you
with your answer?
2012 KPMG LLP, a Canadian limited liability partnership and a member rm of the KPMG network of independent member rms
afliated with KPMG International Cooperative (KPMG International), aSwiss entity. All rights reserved.
4 | At Risk | Volume 6, No. 1
Could This Happen to You?
It is very true that most payments to
vendors are legitimate; but, consider
what it would mean to your business
if even a small proportion of such
payments were fraudulent.
Fraud does not discriminate, not by
geography or industry. Globally, KPMGs
Forensic professionals have seen a
rise in fraud over the past few years as
industries and global economies have
found themselves working to emerge
from financial crises.
In KPMG in the US' 2009 survey,
65% of respondents perceive
fraud as a significant risk in their
industry today while 32% expect
fraud will continue to increase. The
most significant risk for 31% of
respondents is bribery, corruption,
market rigging, and/or conflicts of
interest. This perception is more
predominant in government and
healthcare industries (39%) than
consumer markets and information,
communication, and entertainment
(21% and 15% respectively); but an
admitted prevalence of fraud within
15% of companies is not something
to ignore.
1
Respondents to KPMGs 2008 fraud
survey in Australia and New Zealand
have seen a significant increase in
the occurrence of fraud, where 45%
of respondents to that survey had
experienced at least one fraud during
the survey period. When reported,
the average losses amounted to
AUD$1 million.
2
KPMG in Indias 2010 survey also
notes an increase in the prevalence
of fraud, particularly in supply chain
fraud, including the procurement
function. Seventy-five percent of
respondents to that survey said that
fraud in corporate India is on the rise.
Respondents from the real estate
and industrial markets industries
identified the procurement process
as the most vulnerable to fraud, 57%
and 39% of the time respectively.
3
Although respondents to the various
KPMG fraud surveys all agree that
fraud is a significant risk that has been
on the rise, it is important to be aware
that the nature of fraud conducted in
each region may differ from that in
your home industry. As businesses
seek avenues to streamline production
and reduce associated costs,
supply chains are extending to new,
international borders. Even smaller
companies today deal with offshore
suppliers who could have very
different values, controls or business
practices. Companies must recognize
this and be extra diligent in managing
these relationships.
With this type of experience,
procurement fraud is something that
simply cannot be ignored. People
contemplating fraud or other actions not
in the companys best interest can side-
step those internal controls operating
as your first line of defense. Perhaps
the more pertinent question in todays
environment is why couldnt this
happen to me?
Companies should reduce the
opportunity for employees to not act
in the companys best interest by
increasing the risk of being caught. This
added risk to the individual can act as a
rather convincing deterrent.
1
Fraud Survey 2009, KPMG in the US, 2009
2
Fraud Survey 2008, KPMG in Australia, 2009
3
India Fraud Survey Report 2010, KPMG in India, 2010
2012 KPMG LLP, a Canadian limited liability partnership and a member rm of the KPMG network of independent member rms
afliated with KPMG International Cooperative (KPMG International), aSwiss entity. All rights reserved.
At Risk | Volume 6, No. 1 | 5
What Could Happen?
The first step in assessing the
vulnerability of your procurement cycle
and designing mechanisms to detect
and prevent the fraud is to understand
the common fraud schemes.
There are many procurement fraud
schemes, with multiple themes
and variations on certain basic fraud
approaches. Some of the more common
schemes are as follows:
Phantom vendors or other
manipulation of the vendor
master file by creating a record in
the vendor master file that directs
payment to a fictitious company or
a legitimate company that does not
provide services to the organization,
an opportunity is created to generate
a payment record and transfer
money to a recipient that may be
controlled by an employee or a third
party in collusion with procurement
personnel. Detection may be
challenged where the magnitude
of such payments are designed to
fly under the radar of more senior
approval authorities. A variation
on this basic approach involves
changing address and bank details
of a legitimate but inactive vendor of
the company, essentially hijacking a
companys identity to facilitate illicit
payments.
Cheque forgery perhaps easily
lost in the volume of transactions,
a manual cheque can be transacted
through forgery of the designated
approval authority.
Fictitious invoicing and inflated
billing rates invoices could be
generated for processing through
Accounts Payable that do not relate
to goods received or services
rendered. Consider that an employee
may generate an invoice payable to
a vendor using their home address.
Alternatively, unannounced to
your diligent procurement staff, a
vendor, even one that is regularly
providing legitimate services to your
organization, may submit an invoice
for services that were not provided
or at rates that are above those
agreed upon.
Conflicts of interest where
procurement personnel have a
financial interest in the success of
a supplier entity, their purchasing
decisions may be biased towards
that entity to the detriment of your
organization.
Vendor kickbacks and bribery
almost innocently, vendors may
send gifts to procurement personnel
because of long-term relationships.
This can create a conflict where a
personal relationship between the
buyer and vendor is established that
may put pressure on the buyers
efforts to act in the companys best
interest.
Less innocently, vendors may
collude with procurement staff in
order to work around established
procurement controls and
fraudulently withdraw money from
your organization. Suppliers may
bribe a buyer in your organization
to purchase from them despite
above-market rates or poor product
quality. In another scenario, bribes
or kickbacks may be offered to
procurement personnel to approve
fictitious charges.
Bid rigging through collusion
between procurement personnel
involved in the vendor selection
process and outside vendors, or
between outside vendors participating
in the bidding process, inflated rates
may be contracted for projects.
Fraud does not discriminate,
not by geography or industry.
Globally, KPMG's Forensic
professionals have seen a rise in
fraud over the past few years as
industries and global economies
have found themselves working
to emerge from nancial crises.
2012 KPMG LLP, a Canadian limited liability partnership and a member rm of the KPMG network of independent member rms
afliated with KPMG International Cooperative (KPMG International), aSwiss entity. All rights reserved.
6 | At Risk | Volume 6, No. 1
Are You Prepared?
How to Prevent It
The foundation of any fraud prevention
program is the tone at the top,
the message that management is
conveying to guide how business is to
be conducted. If staff see management
abusing authority or promoting unethical
activities, the flood gates are forced
wide open for all staff to demonstrate
the same abuse. Communication of
behaviour expectations should be
formalized in a code of conduct that
addresses such matters as avoiding
potential conflicts of interest and
reporting suspected fraudulent activity.
Formalizing the documentation alone is
insufficient. It must be ingrained in the
way business is conducted in a clear and
unambiguous manner through active
enforcement of its principles.
Fraud awareness training is also an
effective tool in empowering frontline
personnel to minimize inappropriate
behaviour; but, it also sends the
message to potential fraudsters that
detection is a priority and there are
many eyes watching to minimize fraud
opportunities.
Finally, invest the appropriate time and
due diligence in performing a detailed
fraud risk assessment surrounding the
procurement process. In your business
and industry today, what are the risks
that pose the most significant threats?
The answer to this question is ever
evolving and requires regular evaluation.
Focusing the efforts of procurement
personnel on the key controls to mitigate
these fraud risks is critical. Making staff
accountable for the performance of these
controls is also fundamental in ensuring
their effectiveness. Conducting regular
reviews of the compliance with the fraud
prevention control program through
audits is a good approach.
At a very practical level, one of the
weaknesses common to many of the
most basic (and easily preventable)
schemes is control over a companys
vendor listing. Adding vendors or
changing vendor information needs to
be tightly controlled. When activity with
a vendor is dormant for a set period
of time, the vendor should be deleted
from the approved vendor list. Other
internal controls related to common
procurement processes, approval and
monitoring should be reviewed to
ensure that they are appropriate and
sufficient to minimize risk in this area.
How to Detect It
Perpetrating these types of frauds
often involves the side stepping or
overriding of controls that are designed to
detect inappropriate spending. In these
scenarios, it is important to be aware of
the red flags that may raise suspicion
before too much loss is suffered [see
Red Flags sidebar]. In KPMG Australias
2008 fraud survey, 22% of frauds
reported by respondents were ultimately
discovered after many red flags were
ignored. In efforts to identify fraud
earlier, an awareness of potential red
flags and an establishment of reporting
mechanisms to detect these indicators
will be beneficial.
Many business information systems
contain the facts that can point a finger
at impropriety if the right lens is applied
to the data. Data analytics tools can
be used to focus detection efforts.
Whether analyzing spending trends,
irregular transactions, or potential buyer
and supplier relationship indicators,
these tools have the capacity to filter
large volumes of information [see table].
Efforts to implement a continuous
monitoring program with these tools,
or response to a suspected fraud are
two avenues for leveraging the vast
capabilities of data analytics.
Procurement
Fraud RedFlags
Round dollar value invoices
Lack of control around the
bidding process including poor
documentation, absence of
appropriate competition
Poor documentation of
expenditures or failure to
complete a match of invoices
to receiving and order
documentation
Consistent use of a vendor
who is delivering poor quality
goods, particularly where this
issue is concentrated with
one buyer
Duplicate invoice payments
Excessive entertaining of
procurement staff by suppliers
Vendors with a post office box
as the sole address
Absence of a legitimate GST or
HST registration number
Off-hour transactions
Out-of-sequence invoice
numbers for a particular vendor
Payments to inactive vendors
Low initial bids followed by
excessive change orders
Poor cash management
practices (i.e., paying invoices
right away despite the
accepted practice of 30 to
60 day payment terms in a
particular industry)
Cheques set aside for pick-up
2012 KPMG LLP, a Canadian limited liability partnership and a member rm of the KPMG network of independent member rms
afliated with KPMG International Cooperative (KPMG International), aSwiss entity. All rights reserved.
At Risk | Volume 6, No. 1 | 7
Conclusion
The procurement cycle is fundamental
to the profitability of an organization,
especially in times when top line growth
is challenged. Increasing focus on
this cost centre, controls and financial
results can help avoid unnecessary cash
flow leakage from fraud. While the cost
of obtaining this business intelligence
may seem to outweigh the probability
of losses from such a theft, consider
for a moment the other repercussions
of such a breach of trust: loss of
public trust, legal fines or sanctions, or
damaged share price.
4
Data Analytics
Irregular Transactions Trends & Summary
Reporting
Relationship Indicators
Duplicate invoices
Unusual invoice sequencing
Inactive vendors receiving
payments
Off-hour transactions
Transactions exceeding
approval authority or invoice
splitting to bypass authority
Vendors with fake GST or
HST numbers
Invoices received after
payments are made
Top vendors by payment
type
Top vendors with quality
issues (e.g., returns)
Top vendors with the
highest short shipment rate
Vendor address or phone
numbers vs. payroll records
Vendor directors vs.
procurement personnel
Multiple vendors with
same contact coordinates
(address, phone numbers,
PO boxes, etc.)
4
Fraud Survey 2009, KPMG in the US, 2009, page 4, respondents identified these as the most concerning costs of
fraud 71%, 54%, and 34% respectively.
2012 KPMG LLP, a Canadian limited liability partnership and a member rm of the KPMG network of independent member rms
afliated with KPMG International Cooperative (KPMG International), aSwiss entity. All rights reserved.