Fraud can occur during any stage within the procurement life cycle, resulting in recurring and significant losses. Organizations may be at risk of fraudulent activities conducted by internal staff, collusion between internal staff and external service providers, or collusion among suppliers. Procurement fraud can be perpetrated in many ways, and it can be difficult to detect.
Twelve common pitfalls, in particular, can increase the risk of fraud in the procurement process. By remaining alert to these areas, internal auditors can help protect their organizations from procurement-related losses.
1. Weak control environment. When formalized policies are inadequate or ineffective, and staff training to help the organization prevent and detect procurement fraud is insufficient, employees may write off fraudulent or unethical activities as cultural norms. They might assume, for example, that receiving gifts and entertainment from vendors — regardless of value — is always acceptable. These perceptions can result in widespread control weaknesses and increased potential for fraud.
Procurement policies and procedures that lack comprehensive review, approval, and monitoring of scenarios will also increase the risk of procurement fraud. For instance, in the absence of well-defined guidelines and controls, purchases can be designated as "urgent" or "emergencies" to bypass the need to compare competitive quotes.
2. Incompetent purchase budget review or approval. Reviewers and approvers may not have been equipped with relevant antifraud skills to ask the right questions before requested items are approved in the purchase budget. After budget approval, users or requestors can make purchases much more easily. Effective budget reviews are therefore especially critical to fraud prevention.
3. Inadequate purchase request scrutiny. In the absence of proper scrutiny, staff members might be able to request and make excessive or unnecessary purchases. It is therefore essential for those charged with evaluating the validity of purchase requests to carefully review and assess the justifications for items to be purchased.
4. Inadequate review of purchase specifications. Organizations require specific expertise to evaluate the validity and appropriateness of purchase specifications indicated for sourcing. Without this resource, purchase specifications can be customized to favor certain vendors and cause unnecessary financial losses to the organization.
5. Ineffective quote reviews. Without effective assessment of quotes or bids before contract award, intentional favoritism of a particular vendor might not be easily detected. It is easy to enable a particular vendor to be selected when limited criteria are used to assess competing vendors. Management should carefully review and decide on vendor assessment criteria and then evaluate the competing quotes or bids received accordingly.
6. Insufficient background checks. The organization may fail to conduct effective background checks on new vendors. It may approve vendors without requiring them to provide appropriate documentation, such as business registration details. This deficiency creates, for example, the potential for staff members or their relatives to set up a shell company to make excessive or fictitious purchases that benefit themselves or their relatives at the expense of the organization.
7. Ineffective conflict-of-interest declaration procedures. Periodic conflict-of-interest declaration procedures may become a check-the-box exercise instead of a meaningful control activity to prevent and detect inappropriate transactions. For example, the procedures may lack adequate vendor details to help staff identify the companies with which their organization is transacting. Without well-designed procedures, employees may perceive the conflict-of-interest declaration as routine and fail to recognize its importance.
8. Ineffective inspection of goods and services received. If goods and services are delivered to the organization without being checked and acknowledged by independent, competent parties, intentional underdelivery, damaged goods, or inferior goods could go undetected.
9. Ineffective project monitoring. Without robust controls in place to monitor ongoing projects — including periodic reviews of percentage-of-completion, estimated costs-to-complete, etc. — the organization may not detect warning signs of fraud such as excessive change orders and cost mischarging.
10. Ineffective three-way matching. Those responsible for reviewing invoices submitted for payment may lack the expertise to recognize potentially fraudulent items, such as personal purchases, inflated invoices, and fictitious purchases. Moreover, they may neglect to perform a three-way match among the purchase order, receipt of goods, and supplier invoice. As a result, procurement fraud schemes may go undetected prior to vendor payment.
11. Absence of robust procurement analytics. Highly irregular one-time payments may be relatively easy to spot with periodic checking and basic review procedures. But when irregularities occur more frequently, with lower dollar amounts that seem insignificant in isolation, they might easily go unnoticed without more sophisticated analytics. The organization can perform analytics with indicators that reflect repeated purchase orders with amounts just below the approval threshold limits, excessive purchases made from particular vendors, etc., to facilitate the identification of irregular activity.
12. Inadequate criteria for evaluating vendors. Once a vendor is hired, the organization may neglect to monitor its performance on an ongoing basis. Robust criteria, such as applicable quantitative and qualitative performance criteria and indicators (e.g., price competitiveness, timeliness of delivery, product or service quality, and customer service responsiveness), should be evaluated periodically to ensure staff make value-for-money purchases, instead of excessive or fraudulent purchases, on the organization's behalf.
Avoiding the Pitfalls
Opportunities for procurement fraud abound in nearly every organizational setting. With awareness of the potential pitfalls, internal auditors can take steps to equip themselves with crucial knowledge to review and provide advice on control procedures that can prevent unnecessary procurement fraud losses.