proactive procurement fraud prevention model

Proactive Procurement Fraud Prevention Model The Association of Certified Fraud Examiners (ACFE) Report to the Nation

for 2002 states that organizations lose 6% of their annual revenues to employee fraud,

waste and abuse. This Report also found that over 90% of the frauds committed by

insiders targeted the Organizations cash accounts. For larger Organizations this risk

centers on accounts payable and purchasing. Accounts payable controls the check book

and purchasing the procurement function. Thus, a proactive approach to fighting fraud in

the procurement and disbursement systems will result in a significant reduction of

internal fraud within an Organization.

The Proactive Procurement Fraud Prevention Model is designed for those large

organizations that wish to stem the rising tide of this type of internal fraud. The design

is based on the authors many years of audit and fraud examination of accounts payable

and procurement systems. The Programs four step process significantly reduces the risk

of fraud in these functions.

Systems Analysis The first step in effectively using the Model is an analysis of the Organizations

System of Internal Controls, Policies and Procedures over the procurement and

disbursement functions. Similar to a thorough review of internal controls performed by

auditors, the analysis focuses on opportunities for compromise by the fraudster.

Understanding the existing systems enhances the other elements of the model such as

employee training and data mining.

Systems and accounting manuals and other supporting documentation are read

initially. Accounts payable and procurement systems are then flowcharted to understand

the process and flow of documents (both written and electronic) from initiation to final

disposition. These flowcharts are reviewed using a fraud risk questionnaire designed to

identify opportunities of exploitation by the fraudster. Often, detailed flowcharts have

already been prepared by the organization and/or its auditors and may be used or

supplement the Model.

Unfortunately, many systems do not function as portrayed. Therefore, it is

necessary to perform tests of the system to insure compliance with the understanding

obtained during the flowcharting process. Differences in the test results and the system

2002 Craig L. Greene, CFE, CPA Confidential and Proprietary Information

Proactive Procurement Fraud Prevention Model as portrayed are documented and evaluated. In addition to document examination,

interviews of employees often reveal noncompliance with an Organizations internal

control system. These interviews can often lead to areas of compromise in the system,

where further examination may find ongoing frauds.

Goals of the testing of the system include such items as identifying the controls

that exist, whether those controls operate properly and what controls are periodically

overridden. Upon completion of the assessment of the systems, key internal control

points are identified. These key internal controls include but are not limited to:

o Segregation of Duties o Supervisory Controls o Receiving Controls o Authorization Controls o Reconciliation Controls o Recording Controls

The lack of these key internal control points raises the possibility of fraud within

the Organization. Finally, a written report is prepared discussing the review. The report

identifies significant weaknesses (if any) in the systems and recommendations for

improvements. The ACFE study found that improvements in an Organizations internal

controls are the Number 1 method of reducing fraud.

The following flowchart gives the reader an overview of the Systems Analysis

component of the Model:


Proactive Procurement Fraud Prevention Model



Communication Communication and training significantly contributes to reducing fraud within the

organization. Procurement and Accounts Payable Employees, as well as Vendors need to

be put on notice and educated as to what constitutes a violation of the Organizations

Code of Ethics. The Organization must provide for a method of reporting suspicious

activity. The ACFE Report found that over 46% of frauds were discovered through tips.

Employees, Vendors and Others need to be aware of the Organizations method of

communications. The flowchart below gives an overview of this component of the

Model:



Ethics/Fraud Policy An Ethics Policy or Code of Conduct articulates the core values of an

Organization. Typically the Policy proscribes to the employee what behavior is

acceptable and what is not. Unfortunately many Policies are often very general, lacking

in specifics, and do not properly address all the issues that may arise within an

Organization. The Model recommends that the Policy be reviewed for such problems


Proactive Procurement Fraud Prevention Model and written to conform to a set of Best Practices which have been developed as part of

the Models implementation.

Likewise, an Organization needs to adopt a Fraud Policy that addresses the

Organizations practices and procedures when fraud is suspected. Without specific

guidance, managers often confront a suspected fraudster and may jeopardize the

investigation and/or prosecution. The Model recommends a Policy that should be

implemented.

Fraud Awareness Training Fraud awareness training is a positive experience that educates employees on the

Organizations Ethics and Fraud Policies, while stressing that fraud is both costly and

detrimental to the Organization. Through this training, employees become aware of the

Red Flags to look for of fraudulent activities and their reporting responsibilities.

Accounts Payable personnel are trained on what to look for in processing

invoices, controls that are crucial to their department, Red Flags of procurement fraud,

and how to report suspicious activities within the Organization.

Procurement personnel are trained on what to look for in selecting vendors and

processing purchase orders, controls that are crucial to their department, Red Flags of

procurement fraud, and how to report suspicious activities within the Organization.

The program stresses the importance of internal controls and the fact that

personnel need to take ownership of those controls.

Procurement Fraud Training for Auditors/Security Auditors and Security personnel receive training in auditing for and investigating

procurement fraud under the Model. The five days of training provides extensive

coverage of the following topics:

Introduction to the Proactive Procurement Fraud Prevention Model Auditing for and Investigating Internal Procurement Fraud Auditing for and Investigating External Procurement Fraud Performing the Vendor Audit


Proactive Procurement Fraud Prevention Model The training is designed to heighten the fraud awareness, investigative skills,

documentation of fraud cases, forensic auditing knowledge of the auditors and security

personnel, completing and prosecuting a fraud examination.

Employee Notices Employees must be put on notice that they have an obligation to report to the

Organizations Compliance Officer when they observe red flags of fraud or are

approached by unscrupulous vendors or other employees. These notices should be

incorporated into the Organizations:

Employment Application Bulletin Board Postings in and around the work area Annual Conflict of Interests Disclosures Intranet Postings The Model recommends that examples of violations of the Organizations Ethics

Policies be posted on the Organizations Intranet. These examples help to clarify

questions that may arise by the employee and reinforce the Organizations No

Tolerance attitude.

Annual Conflicts of Interests Disclosures is a form of confirmation by the

employee. The statement should acknowledge that the employee understands the

Organizations Ethics Policy, has complied with it, and is unaware of any violations with

it, except as disclosed. It is not unusual for the fraudster not to return the Disclosure

form, if a follow-up system is not in place. Therefore, data mining or other follow-ups of

these disclosures may lead to ongoing fraud schemes.

Vendor Notices Organization vendors need to be placed on notice of the Organizations Ethics

Policy, as well. One effective method in reducing the likelihood of fictitious vendors and

conflicts of interest is performing thorough due diligence of the vendor. The Model

requires the use of a vendor application process that discloses ownership, financial

condition and references.

Use of a Right to Audit Provision helps to ensure the integrity of the

procurement system. Vendor Audits are an integral part of the Model, therefore it


Proactive Procurement Fraud Prevention Model recommends that this Provision be communicated to the vendors during the application

process, as well as, contained in any contracts and included on all purchase orders issued

by the Organization.

An annual letter is to be sent to all vendors reminding them as to the Companys

Ethics Policy. The Organizations audit or compliance departments should send the

letters and control the mailing, including those returned as non-deliverable. The

Organization may want to use this letter also as a positive confirmation and follow-up on

those letters that are not returned.

Data Mining The Fraudster in the commission of his crime often uses computers. The

Computer is also a very effective weapon in combating fraud within an Organization.

Over time, sophisticated data mining techniques have been developed to identify

indicators of fraud within the procurement system. Data rich environments are ideal for

continuous monitoring. The following flowchart shows some, but not all, of these

techniques:



Employee Master and Earnings Files As the reader can see, the model focuses not only on procurement systems, such

as accounts payable and purchasing documents, but employee information files as well.

The master employee files generally contain identifier information for the Organizations


Proactive Procurement Fraud Prevention Model employees. Comparisons of addresses, tax identification numbers, telephone numbers,

and electronic funds transfer routing information between the Master Employee File and

like information found in the Master Vendor File may lead to discovery of Conflicts of

Interest situations and fictitious vendors.

Many fraudsters in the commission of their crimes form fictitious businesses to

receive the fruits of their crimes. It is not unusual that the fraudster reports these

activities on their income tax returns and have additional taxes withheld from their

paychecks to pay these taxes. An analysis of net earnings as a percentage of gross

earnings may reveal those employees.

Master Vendor File An Organizations Master Vendor File is an often overlooked and extremely

important control in fighting fraud. It contains information used in processing

disbursements of the Organizations cash and provides the Fraudster with plenty of

opportunities. Data Mining techniques can be used to detect various fraud schemes.

Many of the tests are designed to locate fictitious companies such as address comparisons

to employees, Postal Box and Mail Drop addresses. Examinations of existing audit logs

for address changes may reveal other schemes. Another benefit of finding duplicate

addresses is it provides a method for cleaning up the file of duplicate vendor entries.

Vendor Invoice/Payment History Files Analyses of these files search for anomalies in amounts, invoice numbering,

unusual period changes and other red flags of fraud. The data mining techniques use

Benfords Law that focuses on the frequency of numbers in large data sets to find unusual

patterns that may be indicative of fraud. Examinations of large and unusual amounts are

also performed.

Organizations often establish risk levels such as all checks less than $10,000 are

machine signed. Fraudsters learn of these levels and construct their schemes to target

amounts just below these levels. Therefore, an effective data mining method is to

examine those amounts.


Proactive Procurement Fraud Prevention Model Purchase Order File Data Mining of the Purchase Order file may lead to other indicators of fraud such

as increasing unit prices, unusual amendments and different ship to addresses. Purchase

Order files may also be mined to look for patterns of orders, requisitioners, non-

compliance with policies and other anomalies.



Vendor Audit Performing a detailed vendor audit is the most effective means to discover:

Fictitious (Shell) Companies Corruption Schemes Vendor Frauds

An additional byproduct of this process is building effective and trusting relations with

the Organizations Vendors. In the Model the Vendor Audit is used as an investigative

step when fraud is suspected.

The following flowchart depicts the common steps in performing a Vendor Audit

as a part of a fraud examination:



Vendor Research Prior to performing the vendor audit, intelligence needs to be gathered as to the

Vendors business, organization and principals. The Model recommends that searches be


Proactive Procurement Fraud Prevention Model performed of public records, Dun & Bradstreet, the Internet and other sources to gain an

understanding of the Vendor and its principals. It is not unusual to find circumstantial

evidence from the research that enhances the fraud examination.

Forensic Examination of Vendor Documents Prior to the Vendor Audit, A detailed forensic examination of the Vendors

documents in the possession of the Organization is performed. The examination focuses

on errors, anomalies, or other irregularities contained in these documents. Like the

research discussed above, circumstantial evidence may be found during the examination.

Onsite Examination The onsite examination focuses on the credibility of the Vendor. A combination

of interviewing and document examination techniques often leads to a confession if

wrongdoing is involved. Depending on the case, the Model suggests a number of

procedures to be performed.


Systems AnalysisCommunicationEthics/Fraud PolicyFraud Awareness TrainingProcurement Fraud Training for Auditors/SecurityEmployee NoticesVendor Notices

Data MiningEmployee Master and Earnings FilesMaster Vendor FileVendor Invoice/Payment History FilesPurchase Order File

Vendor AuditVendor ResearchForensic Examination of Vendor DocumentsOnsite Examination

/ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages true /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects false /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (None) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False

/Description >>> setdistillerparams> setpagedevice