Procurement is one of the most important functions of business, impacting strategy, operational performance, and risk management. Internal auditors are key players in the process, providing assurance that procurement practices foster access, competition, and fairness.
Internal auditors also have a responsibility to promptly identify and report deceptive activity, and provide recommendations that strengthen internal controls. Internal auditors must be alert to red flags for dishonest conduct in procurement activities that can lead to significant financial losses for the organization. Red flags can alert internal auditors to four common methods of procurement fraud and give them the foresight to make recommendations that prevent it in the future.
To avoid competing with one another, or to inflate the price of goods and services, contractors in the same market will work together to circumvent a transparent and ethical bidding process. As a result, the procurement entity loses its right to fair, ethical, and competitive prices. Internal auditors should be aware of several types of collusion among contractors.
Complementary Bidding In an effort to influence the contract price and who it is awarded to, contractors intentionally submit false token bids in the procurement process that appear to be genuine. Token bids typically are too high to be accepted, appear to be competitive but do not meet other bidding requirements, or contain special terms and conditions known to be unacceptable to a potential buyer.
Bid Rotation Instead of bidding competitively, two or more contractors tacitly agree to submit tailored bids and conspire to alternate the business among themselves. Each contractor wins a portion of the total business.
For example, Suppliers A, B, and C are bidding on three separate contracts. They agree that A's bid will be the lowest on the first contract, B's will be the lowest on the second, and C's on the third. So, no one gets all three contracts, but each gets a share. Meanwhile, they may also plan their bids to raise the contract price artificially. Often, losing bidders are appointed as subcontractors by the winning contractor to tide over their cash flow while they wait for their winning bid.
Bid Suppression Bids are suppressed when two or more contractors enter into an unlawful agreement, and one or more conspirators abstain from bidding on proposals. They also may withdraw a previously submitted bid with the goal of getting the desired bid accepted.
Market Division Colluding contractors may divide the market according to various criteria, such as geographic area or different segments. Firms that meet the same criteria will not bid against each other, may submit complementary bids, or may rotate bids. Market division also can happen via shell companies used to submit fictitious bids. This allows the real companies to inflate prices because the fraudulent bids are designed to validate the higher price quoted by the real bidder.
When trying to determine this type of collusion, internal auditors may notice peculiar behavior from contractors, such as unqualified contractors consistently bidding high on each project while qualified contractors don't submit bids at all. The winning bidder uses the losing bidder as a subcontractor and losing bids are poorly prepared and designed to fail. In addition, prices fall when a new contractor enters the competition and there may be a pattern of conduct whereby the last party to submit a bid wins the contract.
Collusion Between Contractors and Buyer's Employees
A contractor or supplier may attempt to get an advantage in the bidding process by influencing the procuring company's staff with bribes, gifts, and hospitality. This results in a higher cost to the buyer through various inside schemes.
Need Recognition A procuring company employee who is in on the scheme may overestimate — quantitatively or qualitatively — the actual need of the product/service and convince his or her supervisor of the excessive need to get the procurement authorized.
Internal audit should be alert to some common red flags to identify likely collusion. For example, the needs assessment may be inadequately developed or inaccurately documented. It also is likely that no alternative supplier has been identified, resulting in continuous procurement from a single source. Specifications may be drawn up in a way that only particular suppliers or contractors can deliver, and purchases may be made without receiving reports. Auditors also may come across excessive inventory levels or large write-offs to justify excessive purchases.
Bid Tailoring In this situation, the corrupt employee manipulates specifications to suit a preferred contractor or supplier and eliminate competitors. Specifications may be too narrow to accommodate the preferred supplier, too broad so that an otherwise unqualified contractor is qualified, or vague so that bid specifications are omitted to allow the preferred contractor to raise the price through contract amendments.
Some red flags include weak control over the bidding process, one or few bid responses to invitations, a contract not being rebid despite fewer than the minimum bidders, or a high number of competitive awards going to one supplier. It also is likely that the request for bid submissions does not provide clear submission information, or the specifications for the type of goods/services being procured are too narrow or broad. Bid tailoring often is accompanied by a large number of change orders or variations after the order is placed.
Manipulating Bids Corrupt employees may tamper with bids to favor particular contractors or suppliers by using obscure publications to publish bid solicitations, opening bids prematurely, extending bid opening dates without justification, discarding or losing a bid, accepting delayed bids, falsifying bid registers, or altering bids received. Often, they limit the time for submitting bids so that only those with advance notice have time to prepare and submit. Unethical employees may even void bids for unsubstantiated, frivolous errors in specification or for other false, arbitrary, or personal reasons.
Bid Splitting In this case, employees break a large project into several small projects that fall below the mandatory bidding threshold and award some or all of the component jobs to a contractor or supplier with whom they are conspiring. Internal auditors should be alert for multiple, similar, or identical procurement from the same party, unjustified split procurements in amounts that are just under the upper-level review or competitive bidding threshold, or sequential procurements just under the upper-level review or competitive bidding threshold. This may be followed by change order abuse.
Unjustified Sole-source Procurements Dishonest employees may use noncompetitive procurement to exclude competition and steer contracts toward particular vendors. Justification for sole-source contracting occurs when the product is available from only the single source, when exigent circumstances preclude competitive solicitation, or when solicitation is deemed inadequate after a reasonable search.
Telltale signs of this collusion include frequent use of sole-source procurement contracts — often to the same supplier — or requests for sole-source procurements when there is an available pool of contractors to compete for the project. Often, the procuring staff does not keep accurate minutes of pre-bid meetings or does not obtain the required review for sole source justification. Again, false statements may be made to justify noncompetitive procurements or justifications may be approved by employees without authority.
Negotiated Contract Pricing Schemes
Negotiated contracts are more common in circumstances where conditions are not conducive to competitive, sealed bidding. It is a contracting method that permits negotiations between the procurement entity and potential contractors. In negotiated contracting, potential contractors submit cost or pricing data, such as vendor quotes or already-attained discounts. Unethical contractors will intentionally use inaccurate cost or pricing data to inflate costs in negotiated contracts.
Internal auditors should look for inaccurate or incomplete documentation provided by the contractor to support cost proposals. Sometimes, the contractor may delay providing supporting documentation for cost or pricing data, which may be inconsistent with actual prices or out-of-date pricing. It also is possible that the contractor does not include its negotiated discounts or rebates, or includes an unrealistic profit margin in pricing. Sometimes, contractors use different vendors and subcontractors during contract performance than the ones named in the original proposal. It is also possible that materials and components used are different than the ones included in the original proposal.
Fraud in the post-contract phase mainly focuses on contract management and payments made on contracts. Most organizations use an electronic accounts payable system with key controls around separation of duties between requisition, ordering, checking receipts of goods/services, and authorizing payments. Schemes are designed, often in collusion with in-house staff, to bypass these controls.
Nonconforming Goods or Services Here, the supplier intentionally delivers goods or services that do not conform to agreed specifications, substituting cheaper or inferior products. One red flag for internal auditors is a high percentage of returns or defects for noncompliance with specifications. Another red flag could be missing, altered, or modified product compliance certificates or compliance certificates signed by employees with no quality assurance responsibilities. Contractors and suppliers should not be allowed to select the sample of goods to be tested for quality assurance, prepare it for testing, or perform their own testing using their personnel and facilities.
Change Order Abuse Change orders and variations are written agreements between the procuring entity and the contractor to make changes to the finalized contract. This is a scheme whereby colluding parties — the contractor and the procuring staff — submit and accept a lower bid to win/award a contract and later bump up the cost via change orders or variations. These typically receive less scrutiny than the usual procurement contracts, which makes them vulnerable to dishonest contractors and employees looking to misuse and abuse established procurement processes for their own gain.
Change order misuse often is characterized by poor internal controls, making it difficult for management to ensure that all change orders are really necessary for work that was unknown at the time the contract was awarded. Usually, procurement employees act out of scope and numerous change orders are justified on a variety of grounds, including the need to substitute more expensive alternatives, unavailability of material or equipment, change in price, and inflation. There is, usually, a repeated pattern of change orders that increases the price, scope, or agreement period. Internal auditors may also find questionable change orders favoring particular contractors.
Cost Mischarging Here, the contractor charges the procuring entity for costs that are unreasonable or unallowable. They also may charge costs that cannot be allocated directly or indirectly to the contract, or may mischarge for accounting, labor, or materials. Internal auditors should be alert to inadequate or absent audit trails supporting the costs charged. Sometimes cost estimates are inconsistent with prices charged or the contractor may even use outdated standards.
Internal auditors should be alert to distorted rationalizations used by staff and managers to justify noncompliance with established policies, procedures, and practices. Ultimately, it is management's responsibility to take appropriate steps to prevent fraud and minimize procurement risks. This is done through data analytics implementation, strengthening the first two lines in the internal control structure, and staff awareness and training to identify vulnerabilities in the procurement process. The overarching requirement is to improve organizational culture, whereby ethical breaches are identified and reported by employees early and rectified promptly.