Proactive Procurement Fraud Prevention Model

Proactive Procurement Fraud Prevention Model
The Association of Certified Fraud Examiners (ACFE) Report to the Nation

for 2002 states that organizations lose 6% of their annual revenues to employee fraud,
waste and abuse. This Report also found that over 90% of the frauds committed by
insiders targeted the Organizations cash accounts. For larger Organizations this risk
centers on accounts payable and purchasing. Accounts payable controls the check book
and purchasing the procurement function. Thus, a proactive approach to fighting fraud in
the procurement and disbursement systems will result in a significant reduction of
internal fraud within an Organization.
The Proactive Procurement Fraud Prevention Model is designed for those large
organizations that wish to stem the rising tide of this type of internal fraud. The design
is based on the authors many years of audit and fraud examination of accounts payable
and procurement systems. The Programs four step process significantly reduces the risk
of fraud in these functions.
Systems Analysis
The first step in effectively using the Model is an analysis of the Organizations
System of Internal Controls, Policies and Procedures over the procurement and
disbursement functions. Similar to a thorough review of internal controls performed by
auditors, the analysis focuses on opportunities for compromise by the fraudster.
Understanding the existing systems enhances the other elements of the model such as
employee training and data mining.
Systems and accounting manuals and other supporting documentation are read
initially. Accounts payable and procurement systems are then flowcharted to understand
the process and flow of documents (both written and electronic) from initiation to final
disposition. These flowcharts are reviewed using a fraud risk questionnaire designed to
identify opportunities of exploitation by the fraudster. Often, detailed flowcharts have
already been prepared by the organization and/or its auditors and may be used or
supplement the Model.
Unfortunately, many systems do not function as portrayed.
Therefore, it is
necessary to perform tests of the system to insure compliance with the understanding
obtained during the flowcharting process. Differences in the test results and the system
2002 Craig L. Greene, CFE, CPA Confidential and Proprietary Information

as portrayed are documented and evaluated. In addition to document examination,
interviews of employees often reveal noncompliance with an Organizations internal
control system. These interviews can often lead to areas of compromise in the system,
where further examination may find ongoing frauds.
Goals of the testing of the system include such items as identifying the controls
that exist, whether those controls operate properly and what controls are periodically
overridden. Upon completion of the assessment of the systems, key internal control
points are identified. These key internal controls include but are not limited to:
o Segregation of Duties
o Supervisory Controls
o Receiving Controls
o Authorization Controls
o Reconciliation Controls
o Recording Controls
The lack of these key internal control points raises the possibility of fraud within
the Organization. Finally, a written report is prepared discussing the review. The report
identifies significant weaknesses (if any) in the systems and recommendations for
improvements. The ACFE study found that improvements in an Organizations internal
controls are the Number 1 method of reducing fraud.
The following flowchart gives the reader an overview of the Systems Analysis
component of the Model:

Communication
Communication and training significantly contributes to reducing fraud within the
organization. Procurement and Accounts Payable Employees, as well as Vendors need to
be put on notice and educated as to what constitutes a violation of the Organizations
Code of Ethics. The Organization must provide for a method of reporting suspicious
activity. The ACFE Report found that over 46% of frauds were discovered through tips.
Employees, Vendors and Others need to be aware of the Organizations method of
communications. The flowchart below gives an overview of this component of the
Model:
Ethics/Fraud Policy
An Ethics Policy or Code of Conduct articulates the core values of an
Organization.
Typically the Policy proscribes to the employee what behavior is
acceptable and what is not. Unfortunately many Policies are often very general, lacking
in specifics, and do not properly address all the issues that may arise within an
Organization. The Model recommends that the Policy be reviewed for such problems

and written to conform to a set of Best Practices which have been developed as part of
the Models implementation.
Likewise, an Organization needs to adopt a Fraud Policy that addresses the
Organizations practices and procedures when fraud is suspected.
Without specific
guidance, managers often confront a suspected fraudster and may jeopardize the
investigation and/or prosecution. The Model recommends a Policy that should be
implemented.
Fraud Awareness Training

Fraud awareness training is a positive experience that educates employees on the
Organizations Ethics and Fraud Policies, while stressing that fraud is both costly and
detrimental to the Organization. Through this training, employees become aware of the
Red Flags to look for of fraudulent activities and their reporting responsibilities.
Accounts Payable personnel are trained on what to look for in processing
invoices, controls that are crucial to their department, Red Flags of procurement fraud,
and how to report suspicious activities within the Organization.
Procurement personnel are trained on what to look for in selecting vendors and
processing purchase orders, controls that are crucial to their department, Red Flags of
procurement fraud, and how to report suspicious activities within the Organization.
The program stresses the importance of internal controls and the fact that
personnel need to take ownership of those controls.
Procurement Fraud Training for Auditors/Security

Auditors and Security personnel receive training in auditing for and investigating
procurement fraud under the Model.
The five days of training provides extensive
coverage of the following topics:

Introduction to the Proactive Procurement Fraud Prevention Model
Auditing for and Investigating Internal Procurement Fraud
Auditing for and Investigating External Procurement Fraud
Performing the Vendor Audit

The training is designed to heighten the fraud awareness, investigative skills,
documentation of fraud cases, forensic auditing knowledge of the auditors and security
personnel, completing and prosecuting a fraud examination.
Employee Notices
Employees must be put on notice that they have an obligation to report to the
Organizations Compliance Officer when they observe red flags of fraud or are
approached by unscrupulous vendors or other employees.
These notices should be
incorporated into the Organizations:

Employment Application
Bulletin Board Postings in and around the work area
Annual Conflict of Interests Disclosures
Intranet Postings
The Model recommends that examples of violations of the Organizations Ethics
Policies be posted on the Organizations Intranet.
These examples help to clarify
questions that may arise by the employee and reinforce the Organizations No
Tolerance attitude.
Annual Conflicts of Interests Disclosures is a form of confirmation by the
employee.
The statement should acknowledge that the employee understands the
Organizations Ethics Policy, has complied with it, and is unaware of any violations with
it, except as disclosed.
It is not unusual for the fraudster not to return the Disclosure
form, if a follow-up system is not in place. Therefore, data mining or other follow-ups of
these disclosures may lead to ongoing fraud schemes.
Vendor Notices
Organization vendors need to be placed on notice of the Organizations Ethics
Policy, as well. One effective method in reducing the likelihood of fictitious vendors and
conflicts of interest is performing thorough due diligence of the vendor. The Model
requires the use of a vendor application process that discloses ownership, financial
condition and references.
Use of a Right to Audit Provision helps to ensure the integrity of the
procurement system. Vendor Audits are an integral part of the Model, therefore it

recommends that this Provision be communicated to the vendors during the application
process, as well as, contained in any contracts and included on all purchase orders issued
by the Organization.
An annual letter is to be sent to all vendors reminding them as to the Companys
Ethics Policy. The Organizations audit or compliance departments should send the
letters and control the mailing, including those returned as non-deliverable.
The
Organization may want to use this letter also as a positive confirmation and follow-up on
those letters that are not returned.
Data Mining
The Fraudster in the commission of his crime often uses computers.
The
Computer is also a very effective weapon in combating fraud within an Organization.

Over time, sophisticated data mining techniques have been developed to identify
indicators of fraud within the procurement system. Data rich environments are ideal for
continuous monitoring.
The following flowchart shows some, but not all, of these
techniques:
Employee Master and Earnings Files

As the reader can see, the model focuses not only on procurement systems, such
as accounts payable and purchasing documents, but employee information files as well.
The master employee files generally contain identifier information for the Organizations

employees. Comparisons of addresses, tax identification numbers, telephone numbers,
and electronic funds transfer routing information between the Master Employee File and
like information found in the Master Vendor File may lead to discovery of Conflicts of
Interest situations and fictitious vendors.
Many fraudsters in the commission of their crimes form fictitious businesses to
receive the fruits of their crimes. It is not unusual that the fraudster reports these
activities on their income tax returns and have additional taxes withheld from their
paychecks to pay these taxes. An analysis of net earnings as a percentage of gross
earnings may reveal those employees.
Master Vendor File

An Organizations Master Vendor File is an often overlooked and extremely
important control in fighting fraud.
It contains information used in processing
disbursements of the Organizations cash and provides the Fraudster with plenty of
opportunities. Data Mining techniques can be used to detect various fraud schemes.
Many of the tests are designed to locate fictitious companies such as address comparisons
to employees, Postal Box and Mail Drop addresses. Examinations of existing audit logs
for address changes may reveal other schemes. Another benefit of finding duplicate
addresses is it provides a method for cleaning up the file of duplicate vendor entries.
Vendor Invoice/Payment History Files

Analyses of these files search for anomalies in amounts, invoice numbering,
unusual period changes and other red flags of fraud. The data mining techniques use
Benfords Law that focuses on the frequency of numbers in large data sets to find unusual
patterns that may be indicative of fraud. Examinations of large and unusual amounts are
also performed.
Organizations often establish risk levels such as all checks less than $10,000 are
machine signed. Fraudsters learn of these levels and construct their schemes to target
amounts just below these levels.
Therefore, an effective data mining method is to
examine those amounts.

Purchase Order File
Data Mining of the Purchase Order file may lead to other indicators of fraud such
as increasing unit prices, unusual amendments and different ship to addresses. Purchase
Order files may also be mined to look for patterns of orders, requisitioners, noncompliance with policies and other anomalies.

Vendor Audit
Performing a detailed vendor audit is the most effective means to discover:
Fictitious (Shell) Companies
Corruption Schemes
Vendor Frauds
An additional byproduct of this process is building effective and trusting relations with
the Organizations Vendors. In the Model the Vendor Audit is used as an investigative
step when fraud is suspected.
The following flowchart depicts the common steps in performing a Vendor Audit
as a part of a fraud examination:
Vendor Research
Prior to performing the vendor audit, intelligence needs to be gathered as to the
Vendors business, organization and principals. The Model recommends that searches be

performed of public records, Dun & Bradstreet, the Internet and other sources to gain an
understanding of the Vendor and its principals. It is not unusual to find circumstantial
evidence from the research that enhances the fraud examination.
Forensic Examination of Vendor Documents

Prior to the Vendor Audit, A detailed forensic examination of the Vendors
documents in the possession of the Organization is performed. The examination focuses
on errors, anomalies, or other irregularities contained in these documents. Like the
research discussed above, circumstantial evidence may be found during the examination.
Onsite Examination
The onsite examination focuses on the credibility of the Vendor. A combination
of interviewing and document examination techniques often leads to a confession if
wrongdoing is involved.
Depending on the case, the Model suggests a number of
procedures to be performed.

Proactive Procurement Fraud Prevention Model

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Proactive Procurement Fraud Prevention Model

Hochgeladen von

Copyright:

Verfügbare Formate

Proactive Procurement Fraud Prevention Model

The Association of Certified Fraud Examiners (ACFE) Report to the Nation