Procurement Fraud (part 4) – Six Anti-Fraud Principles

In previous installments of this series, (here, here and here) we’ve looked at the motivations behind procurement fraud, and then some ways of considering or classifying the types of fraud.  Now, the sixty-million dollar question; how can organisations stop fraud, or at least make it as difficult as possible?

While there are a wide variety of frauds, there are a relatively small number of key principles that, if understood and acted upon properly, can make fraud at least more difficult. (It is never impossible)!  Some of the principles also make it more likely that fraud is detected, even if it hasn’t been cut off at source.

As we said previously, fraud relies on extracting money from the organisation, either in return for nothing, or in return for less value than the money justifies. So the basic counter-fraud principles must be around controlling the flow of money out of the organisation, and ensuring that full value has been obtained for that money.

But as well as the key principles, there is also an overarching need to codify the processes and the policies that are in force and followed in the organisation. So they should cover how procurement is executed; for instance, how a Procurement Card should be used, or the flow of requisitions and orders. These policies are the key “rules” – so everything from the need to declare conflict of interest, to when a single tender can be used, to sign-off limits on invoices.

But back to our principles - 3 today and three tomorrow. We will describe broadly the principle and what needs to be done – but note at this stage we are not going to get into the full implications, or, for instance, the technology that might be used to counter fraudulent activities.

1.         It must be clear who is entitled to spend money in the organisation.

A basic principle, yet one that often isn’t followed. Only certain people in an organisation should be allowed to commit the organisation’s money to third parties. That doesn’t mean of course that they will do it well or properly, but by restricting the number we do at least reduce the overall field of potential fraudsters. Clarity in this area also makes it more difficult for the fraudster who is discovered to say  “I didn’t know I wasn’t allowed to do it like this”

It is also important to clarify the difference between a budget holder – who has accountability for expenditure generally – and a procurement authority – someone who can agree contracts with third parties. They may be one and the same person, but that is not necessarily so.

2.         Any expenditure committed must be authorised properly.

A fundamental precaution against fraud should be the check on what is being committed to a third party. Does the commitment look appropriate? Are the goods or services the sort of things we would expect to see the organisation ordering? Does the supplier look genuine? Is the commitment within the individuals authority levels? These are the sort of questions that should be considered by the authoriser of the expenditure.

We often see a temptation to allow more senior managers to place orders without any further authorisation. Apart from very low value orders, we do not consider this good practice. Evidence suggests that it is often middle and senior executives who commit fraud, which is simply a case of those being the people who have the opportunity to do so. It is not an insult to ask a Director to have their expenditure authorised; it is good practice at any level of the organisation.

3.         All entities to which money is paid must be verified and authorised.

The principle above gives a basic sense-check of an order. But how do we know that order isn’t going to a dummy company, controlled by the order placer (the fraudster) or their associates? That “supplier” may still supply the goods and services required, or something approximating to them, with the fraud being the nature / quality or quantity of what is provided. Or they may supply nothing, relying on no-one other than the fraudster realising this, or on a time-lag which gives everyone including the internal fraudster the chance to safely disappear before anyone says, “where are those 5000 laptops that we ordered (and paid for)”?

So checking that the entity to whom orders are placed and / or money is paid are genuine is key. Are they a genuine company with a trading history? Do they have a track record? Who are the Directors? Without getting into specifics here, this is clearly an area where appropriate supplier information management processes, systems and tools absolutely come into their own.

(Principles 4-6 to follow..)

First Voice

Discuss this:

Your email address will not be published. Required fields are marked *