Businesses lock their doors at night, and many take care to keep their data secure with passwords and firewalls. Retailers put detection devices on their merchandise. Why? If you measure business success by looking at profits, getting ripped off is something you can’t afford. Many business leaders, however, don’t recognize the growing risk from fraud, and no employer is immune.
Fraud strikes businesses of all sizes and types, and fraud in the purchasing department can be difficult to spot and very costly. It can be years before a fraud scheme is detected, and that’s often by accident. Putting proper internal controls in place, training employees, and conducting an annual fraud diagnostic can be beneficial to any company.
In its most recent Report to the Nation, the Association of Certified Fraud Examiners found that corruption—the category which includes purchasing schemes, bribery, conflicts of interest, kickbacks, and bid rigging—was one of the most common types of fraud. The average corruption scheme in the survey lasted 24 months before it was detected. While tips or accidental discovery is the most common way frauds are detected, internal controls and internal audit together accounted for more than 40% of detections. Fraud training significantly reduces the loss—businesses that trained managers and executives reduced loss by 55.9% and those that trained employees reduced it 51.9%.
Why Target the Purchasing Department?
An ethical and acceptable procurement process means you’re obtaining the highest quality goods and services at the best possible price, through fair and open competition. It’s a long and complicated process. Information gathering, supplier contact, and background review lead to bid solicitation, negotiation, fulfillment, and consumption. Maintenance, disposal, and renewal of contracts are also part of this complex process. Variables like the cost of raw materials or shipping affect the “best price,” as do less quantifiable factors like reliability and quality. This complexity makes procurement an ideal breeding ground for fraud.
Think You’re Too Small to Be a Target? Think Again
According to the ACFE Report, companies with fewer than 100 employees experience fraud more often than larger businesses, with 38% of the frauds in the study occurring in this category. The median loss is $200,000, which is higher than any other category. This may be because smaller companies lack the personnel and financial resources to dedicate to internal controls.
The Red Flags
To protect your business, you need to keep an eye out for these red flags.
- Are your costs rising for goods and services?
- Is a vendor slow in delivering or performing poorly in another way, yet remains as your supplier?
- Have purchases from a specific vendor increased sharply?
- Have purchases of a particular item increased dramatically for no apparent reason?
- Are contracts written to limit competition (for example, sole-source contracts)?
- Does the same vendor always win?
- Do contracts always go to the last bidder?
- Are purchases made in quantities that are too small to require higher level approval?
- Are you paying above-market prices for goods or services? Are you sure? When was the last time you checked?
For Efficient Monitoring, Automate
For early detection and even prevention, a risk-based approach is best: identifying the places where you’re most at risk and, on a regular basis, auditing those areas. Other approaches, such as ad hoc analysis or sampling, may not be sufficient. Many middle- market organizations, however, don’t have the human resources to dedicate to ongoing internal audit. The volume of data and diversity of systems makes it difficult to keep up.
Technology is the answer. Using a data analytics tool like ACL, many companies are automating some of their internal audit functions. They identify key controls, set up a suitable monitoring schedule including regular queries to run on a daily, weekly or monthly basis, and regularly review the exception reports. A few examples:
- Compare vendor and employee records. Look for matching addresses or social security/taxpayer identification numbers.
- Look for multiple vendors with the same address, or vendors with post office box addresses.
- Check for unusual up-ticks in spending with specific vendors, either in unit cost or in units purchased.
- Review the pattern of bids—are jobs consistently awarded to one vendor who always bids last?
- Identify payments just under the threshold that requires management approval.
This proactive approach enables continuous audit of your transactions, comparison of data from different applications, and comprehensive tracking of your process. Subjecting your processes to continuous, unbiased, automated audit is an efficient and effective way to detect fraud and help keep your profits in the business, where they belong.