McGovern & Greene logo
Share |

McGovern & Greene LLP Article Archives

Using the Right to Audit Clause
  to Detect Procurement Fraud

by: Craig L. Greene, CPA/CFF, CFE, MCJ

In 1997, the Institute of Management and Administration surveyed the readers of their newsletters and other professionals on the use of the Right to Audit Clauses for vendors. The survey found the participants believed that these clauses were a good idea, citing their use when:

  • Purchasers want to ensure sound financial management.
  • Companies must respond to a dynamic and changing environment
    such as outsourcing, downsizing and ISO 9000.
  • Industry practices include subcontracting.


Further, by carrying out regular audits of vendors there tends to be greater trust in the relationship. It also sends a message that the Company will be monitoring the vendor to ensure that the:

  • Vendor is complying with the Company’s Ethics or Business Standards and that the
  • Vendor is complying with the contractual relationship between buyer and seller.


When the right to audit is exercised, the internal auditor may be looking for fraud by vendors and violations of company ethics policies such as:

  • Fictitious “shell companies” setup by employees or others that
    may or may not provide goods or services;
  • Faulty or inferior quality of goods, such as substitution
    of material schemes;
  • Short shipments or goods not delivered;
  • Services allegedly performed that weren't needed in the first place,
    such as equipment repairs, or services never performed at all;
  • High prices when the goods can be bought directly or less expensively
    from the same or another vendor;
  • Corruption schemes including improper:
    1. Payments and kickbacks;
    2. Conflicts of interest.
    3. Gifts and gratuities to company employees;
    4. Commissions to brokers and others;


The buyer usually obtains the right to examine records of a vendor to determine if a fraud or a violation of company policy has occurred through the following methods:

  • Right-to-audit agreement: The agreement can be printed on the back of a purchase order, or other procurement form. The clause could be worded as follows on a purchase order:

    "Seller shall establish a reasonable accounting system, which enables ready identification of seller's cost of goods and use of funds. Buyer may audit seller's records anytime before three years after final payment to verify buyer's payment obligation and use of buyer's funds. This right to audit shall include subcontractors in which goods or services are subcontracted by seller. Seller shall insure buyer has these rights with subcontractor(s)."

  • Right to Audit Clause in a Contract: If a buyer inserts a right-to-audit clause in a contract, he has a much greater chance to expand definitions and include other compliance provisions for the vendor.
  • Other options for obtaining the right to audit may include:
  • Inserting a specific provision into a contract that's normally entered into
    between buyer and vendor, e.g., construction contract or supply contract
    in addition to the basic right-to-audit clause included in the purchase order;
  • An audit provision included within a special document
    (such as a vendor survey mailed to all new or proposed additions
    to the vendor master file) that's completed and signed by vendors.
  • And finally, the least desirable option is a civil lawsuit in which
    documents and records are subpoenaed.

Shell Company Schemes

It is very common for an ethically challenged employee to form a shell company. A shell company (“Shell”) is an entity created by an employee (and often others) to commit fraud against the employer. It is not unusual that the fraudster forms the Shell using another person's name as the owner ("straw man"). It is common for employees to set up a shell company in the name of a spouse, close relative or friend. Male fraudsters often establish shell companies under their wife's premarital name. An employee might also form a company under a completely fictitious name. Often, the Shell is nothing more than a fabricated name and a post office box or mail drop address that an employee uses to collect the fruits of the fraud. Typically, the fraudster is in a position to:

  • Authorize the purchase of goods and/or services.
  • Approve payment of the goods and/or services.
  • Supervise employees who authorize and or pay for the goods and/or services.

How It Works

Used in an overbilling scheme, the Shell often acts as a “middleman” or “broker” of goods and/or services regularly purchased by the employer. A Shell may also be used to invoice for goods and services never delivered nor rendered. This is also called a false billing scheme. 

Purchase Of Goods

The Shell will be set up by the employee to provide goods and/or services to the employer. In my experience, the goods are typically not a major purchased item, but still will be substantial in amount. Goods supplied by the Shell will typically be “drop shipped” to the employer by a legitimate manufacturer or wholesaler. As the reader may know, “drop shipped” means that the manufacturer or wholesaler will ship the goods directly to the employer, thus the Shell never takes possession. The manufacturer or wholesaler is instructed to invoice the Shell for these goods. The Shell then invoices the employer for the goods, including a healthy price “mark-up”.

Purchase Of Services

In providing services the Shell may have employees or more often will contract out the services to a legitimate supplier. Likewise, the supplier is instructed to invoice the Shell for the services rendered to the employer. The Shell then invoices the employer for the services, again including a healthy “mark-up”.

Forming A Shell Company

In order to negotiate payments from the employer and minimize detection of the scheme, the employee will open a bank account in the Shell's name. The documents filed with the bank will list the employee or a co-conspirator as an authorized signer on the account. In order to obtain this information it would be necessary to file a legal action against the “vendor.” Since there are sanctions against attorneys for filing frivolous suits, the internal auditor would need to find other evidence discussed below, prior to the initiation of the legal action. 

Most banks require evidence that a business has been legally formed. Such evidence includes:

  1. Articles of Incorporation
  2. "Assumed Name Act" (or D/B/A) Certificate
  3. Partnership Agreement

These are documents that a fraudster obtains through state or local governmental agencies. This can be accomplished for a small fee, the cost of which will be more than offset by a successful fraud scheme.

Another issue involved in forming a shell company is the entity's address: the place where fraudulent checks will be collected. Often, an employee rents a post office box and lists it as the mailing address of the Shell. Using data analysis software, (such as MS Access or Excel, ACL, Idea, etc.) a listing of addresses using postal boxes can be generated and reviewed for shell companies. 

Some employees list their home address instead. A comparison of employee addresses to vendor addresses might reveal shell companies in an accounts payable system. Employees often use their home addresses or mail box drops such as (“MailBoxes, etc.” or “Pak-Mail”) to collect fraudulent disbursements because many businesses are wary of sending checks to vendors that have a post office box for a mailing address. Likewise, data analysis software can discover vendor addresses that match these mail box drops. Other common collection sites for shell company schemes are the addresses of relatives, friends, or accomplices. 

Submitting False Invoices

Once the shell has been formed and a bank account established the employee can begin billing his employer. Invoices can be created by numerous means such as a professional printer, a personal computer, or even a typewriter. False invoices do not always need to be of professional quality to generate fraudulent disbursements. Even the most primitive quality invoices are often sufficient to generate checks.

The internal auditor should make a thorough examination of the invoice. Many of these invoices lack telephone numbers, sequential numbering, and other common items found on legitimate invoices. Further, it has been the writer’s experience that the invoices typically lack descriptive language.

Investigating the Shell

Once a Shell is suspected, the following is a suggested approach to investigate the fraud.

Background Investigation

The Internal Auditor should investigate the background of the company and its principals using public records and online tools. Online investigative databases such as ChoicePoint, DataBase Technologies (DBT), and Information America (KnowX) can be used for these searches. Further, many state and local governments are posting public record information on their Internet sites. The Internal Auditor may also use internal or private fraud examiners and/or investigators to perform these searches. Some suggested steps in researching the Shell’s background include:

  1. Obtaining copies of the suspected Shell’s Articles of Incorporation,
    Partnership Agreement or D/B/A filing from the applicable local government.
  2. Obtaining copies of all annual reports (if incorporated) from the
    State’s Secretary or other applicable office.
  3. Obtaining a copy of the suspected Shell’s Dun & Bradstreet (“D&B”) full business report.
  4. Searching public records for the suspected Shell and its principal(s), including litigation filings.
  5. Searching the Internet and other relevant business information sources
    such as business directories, trade journals and directories, Chamber of Commerce listings, etc.
  6. Examining shipping documents, such as bills of lading, to determine the source of goods purchased.
  7. Obtaining fair market values for the goods and or services being
    purchased from the suspected Shell, by:

    a) Making a pretense call to the identified supplier in step 6, above.

    b) Calling other competitors of the suspected Shell.


Accounting Analyses

After completing a work-up of the background of the suspected Shell, the Internal Auditor should perform forensic accounting analyses of financial and other documents. In obtaining these documents, the Internal Auditor should be cognizant that the employee may be “tipped off” to the audit. It is recommended that this portion of the audit appear to be a routine vendor or purchasing review, and other vendors records should be obtained at the same time in an effort not to draw suspicion to the suspected Shell. Some suggested steps in analyzing the Shell’s financial transactions include:

1) Obtaining the following internal documents for the suspected Shell:

a) History of payments, including invoice number, invoice date,
    invoice amount, check number for payment and accounting classification,
    preferably in an electronic form.

b) Purchase orders sent to the suspected Shell

c) Purchase order requisitions

d) Receiving documents

e) Other internal files, including:

i)  Bid files

ii)  Purchasing correspondence files

iii) Operations correspondence files

2) The following analyses should be performed:

a) Determine total payments to the suspected Shell for each year.

b) Sort the invoices by amount to find duplicate payments
    and unusual amounts.

c) Sort the invoices by invoice number to determine if a sequential numbering
    pattern exists and also to identify duplicate payments.

d) Compare total payments to sales reported to D&B to determine the
     percentage ofbusiness your organization does with the vendor.

3) The following “audit” procedures should be performed:

a) Compare quantities received and pricing to the applicable purchase order(s).

b) Recalculate the billing amounts and math as shown on the invoices.

c) Determine the individuals who requisitioned the items and completed
    the purchase orders.

d) Examine other files to determine any relevant information to the examination.

4) Preparation of estimate of damages

a) Using the fair market value established in the background phase of the
    examination, compare that amount to the amount paid to determine an
    estimate of potential damages.

Vendor On-Site Audit

Of course, the most effective means of concluding a successful investigation of a suspected Shell is an on-site audit of their books and records. This audit is conducted pursuant to a “Right to Audit Clause” discussed above. If such a clause does not exist, the internal auditor should still request the vendor to submit to an audit. It has been the writer’s experience that the vendor will often submit voluntarily to the audit. Of course, if the vendor refuses to submit to the audit, then this is a Red Flag that the vendor may be guilty of fraud or some other questionable act.

Included in the appendices to this presentation is a sample audit program used in performing vendor audits. The program is designed for routine vendor audits but may be used in an audit to find fraud. In investigating a suspected shell company the Internal Auditor should especially focus on:

1) Reviewing the cash disbursements of the vendor, identifying:

a) Any payments to employees

b) Any payments to employee controlled entities

c) Excessive owner distributions and

d) Other unusual transactions.

2) Ascertaining the gross profit of the company on sales made to the employer.

3) Examining Forms 1099 for any payments to employees or employee
    controlled entities.

4) Examining expense reports to identify excessive expenditures for employees.

5) Determining the “true” ownership of the suspected Shell by examining tax
    returns,equity accounts, loan documents, or other documents.

6) Performing a detailed investigative interview to ascertain:

a) History and background of the suspected Shell, specifically who
    introduced the company to the employer?

b) Previous experience and knowledge of the suspected Shell’s
    principals in the industry it serves.

c) List of employees that the suspected Shell’s principals deal with.

d) Explanations for charges to the employer above
    fair market value.

e) Admission as to ownership by the employee.

Wrapping it Up

Following the vendor audit the Internal Auditor may find it necessary to prepare additional analyses and damage estimates. If there is sufficient predication, the Internal Auditor should review their findings with management and legal counsel for possible prosecution criminally and/or civilly. The writer always recommends that an audit report be written to document the work performed.


Vendors may defraud the employer by overcharging for their goods and/or services or employ a material substitution scheme. In an overcharging scheme the vendor may use prices other than those agreed to, or bill separately for items that should be part of a contract price. Material substitution schemes typically employ lesser quality materials being shipped to the employer but being billed at a higher amount.

How It Works

These types of schemes can be as diverse as business itself. The following are some examples based on the writer’s experience:

Overcharging for Professional Hours

The vendor was a consulting firm retained by the company to provide specialized procurement services. The firm invoiced the company based on hourly charges for its professional staff and its related out-of-pocket costs. Separate invoices were made to each of the company’s divisions and its corporate headquarters. When the invoices were examined in total, it was found that some of the professionals had billed each division and the corporate headquarters for seven hours a day, resulting in a total time charge that exceeded 24 hours. It was also found that most of the professionals consistently exceeded 8 hours a day and some worked on holidays. Our investigation found the services provided by the consulting company were routine and could be performed during a normal 8-hour workday.

Overcharging for Contractor Labor and Materials Used

The vendor was an electrical contractor to a local governmental agency and invoiced for each job it performed. The invoices were for the contractor’s labor using hourly union rates for the worked performed and the contractor’s charges for the supplies used. During the examination it was discovered that the contractor had significantly overcharged the agency by:

1) Charging for employees that were not present on the job site.

2) Charging journeyman rates for apprentices working on the job site.

3) Charging for more than 24 hours a day for the same foreman.

4) Charging for more materials than actually used on the job site.

Material Substitution and Freight Overbilling Scheme

The vendor was a raw materials commodity supplier to a large manufacturing plant. These materials were invoiced using various prices depending on the source of the materials (quality measures) and the location of the materials (freight charges). The examination found that the vendor consistently charged for higher priced materials allegedly from a high quality source. An examination of the vendor’s records showed a significant portion of these materials was, in fact, received from lesser quality sources. It was also found that portions of local materials were being invoiced as coming from a remote source. This caused the vendor to overbill the materials for freight charges that were not incurred.

Investigating Vendor Overcharges and/or
Material Substitution Schemes

Once a vendor scheme is suspected, the Internal Auditor will use many of the same procedures as outlined previously. During the background investigation phase, the Internal Auditor should perform a detailed litigation search to determine if other customers have ever sued the vendor for overcharges. In performing the forensic accounting analyses, a great amount of scrutiny should be focused on the individual transactions and the actual receipt of the goods or services. If the goods or services are subject to a contract, the Internal Auditor should thoroughly understand the billing terms and specifications included in it. Finally, the major investigative technique used in investigating vendor overcharges will be the vendor onsite audit. The audit’s focus will be determined by the scheme employed.

Wrapping it Up

Following the vendor audit the Internal Auditor again may find it necessary to prepare additional analyses and damage estimates. If there is sufficient predication, the Internal Auditor should meet with legal counsel and management to discuss possible criminal and/or civil prosecution. Often the Internal Auditor is called upon to discuss his or her findings with the vendor’s representatives to settle the matter. The company should review any outstanding payables it has with the vendor and determine if a debit memo for the overcharge may be used to offset the amounts due. Again, an audit report should be written.

Employee Corruption Schemes

Vendors often overbill when employees are receiving bribes or extorting payments from vendors for favorable treatment. 

Bribery may be defined as:

  • Giving or receiving (or offering or soliciting) any “thing of value” to
    influence an official act

Commercial bribery may be defined as:

  • Giving or receiving (or offering or soliciting) any “thing of value” to influence
    a business decision without the employer’s knowledge and consent

Economic extortion may be defined as:

  • A demand of payment by the recipient to refrain from discriminating
    against a business decision

Economic extortion is the opposite of commercial bribery. Instead of a vendor offering payment to an employee to influence his business decision, the employee demands that the vendor pay him/her for favorable treatment or to avoid unfavorable treatment.

How It Works

In a corruption scheme the Internal Auditor needs to look at the economics of the transaction. That is, the corruption payments must be figured as a cost of the deal to the corrupt payer. Typically, the corrupt payer will figure in the cost by one or more of the following methods:

  1. Inflating the selling price to the employer to include the corrupt payment.
  2. Shipping lesser quality goods or providing lesser quality services to reduce
    their operating costs to provide for the corrupt payment.
  3. Deviating from the specifications of the items or services purchased. 
    For example, the contract for a road to be built may call for the concrete
    to be poured to a depth of 12”. Instead, the corrupt payer pours 9” of concrete.

It has been the writer’s experience that a Shell, as previously described, is set up by the employee or strawman to accept the corrupt payments. The Shell offers the corrupt payer what appears to be a legitimate business to make payments to and obtain a corresponding tax deduction. Likewise, the employee often reports the income from the Shell, thus laundering the corrupt payment and avoiding a potential criminal charge for tax evasion, if the corruption scheme is discovered. 

Investigating A Corruption Scheme

Once a corruption scheme is suspected, the following is a suggested approach
to investigate the fraud.

Background Investigation

A thorough background investigation, as previously described, should be performed of the employee, the suspected corrupt payer, and its principals. The Internal Auditor should concentrate on locating the Shell that the employee may have set up. In addition, the Internal Auditor should prepare a personal and financial profile and a net worth analysis of the employee. (The reader is referred to the Association of Certified Fraud Examiner’s Fraud Examiners Manual for instruction on assembling a subject’s financial and personal profile and preparing a net worth analysis.)

Accounting Analyses

After completing a work-up of the background of the employee, suspected corrupt payer and its principals, a forensic accounting analysis should be performed of financial and other documents. In obtaining these documents, the Internal Auditor is reminded to be cognizant that the fraudster may be “tipped” to the examination. Many of the suggested steps performed in investigating a Shell should also be performed in a corruption investigation. In addition, the Internal Auditor should also:

1) Determine the need of the items purchased. 

2) Audit the activities before purchasing actions.

a) Determine if the employee(s) used a valid method
    of determining the employer’s need for the item.

b) Why he or she chose this particular supplier.

3) Determine if contract specifications were met.

4) Scrutinize solicitations for bids, proposals, and quotations.

a) Determine if the employee has used the widest
    range of competition available.

b) Determine if the employee has used the vendor as his or her
    sole source.

5) Maintain security of bids before and after opening by looking for:

a) Acceptance of late bids.

b) Allowance for vendors to make corrections to their bids
    after bid openings.

c) Prereleasing purchasing information

d) Surreptitious opening of sealed bids to make changes for
    favored vendors, and

e) Poor security for sealed and/or unsealed bids

6) Ensure that vendor is qualified to receive award by looking for:

a) Adequate financial resources or the ability to obtain
    such resources

b) Ability to follow the required or proposed
    delivery or performance schedule

c) A satisfactory record of performance

d) A satisfactory record of integrity

e) Qualifications and eligibility under applicable laws
    and regulations

f) Have the necessary organization, experience, operational
    controls, and technical skills, or the ability to obtain them.

g) Have the necessary production, construction, and technical
    equipment or facilities, or the ability to obtain them.

7) Ensure integrity of award procedures

8) Monitor vendor’s production process

9) Monitor quality assurance

10) Search for waivers granted

11) Search for any collusion in the bidding

12) Be alert to “buying in”

Vendor On-Site Audit

Upon completion of the necessary background searches and forensic accounting analyses and audit procedures, the Internal Auditor should perform an on-site audit of the vendor as previously described and as detailed in the appendices. The focus of the audit will be to find the payments to the employee or the employee’s Shell. Though rare, some corruption payments are paid in cash. The Internal Auditor should determine that all checks paid by the employer have been deposited into the suspected corrupt payer’s account and have not been cashed or laundered through an offshore account to provide for a cash payment. Also, the Internal Auditor should examine closely any cash distributions to the suspected corrupt payer’s principals, other cash withdrawals, or wire transfers that may be the source of the corruption payment.

Wrapping it Up

Following the vendor audit, the Internal Auditor again may find it necessary to prepare additional analyses and damage estimates. If there is sufficient predication, the Internal Auditor should perform an investigative interview of the employee to obtain a confession with regard to the fraud. The Internal Auditor should then meet with legal counsel and management to discuss possible criminal and/or civil prosecution. If a confession is not obtained, and, following discussions with legal counsel, the Internal Auditor may request that the employee voluntarily produce their personal financial records for examination. As previously mentioned, a fraud examination report should always be written.



Audit Procedures

Vendor Questionnaire



McGovern & Greene LLP
Chicago Office: 200 W. Jackson Blvd. Suite 2325 Chicago IL 60606 — PH: 312.692.1000
Las Vegas Office: 2831 St. Rose Parkway Suite 227 Henderson NV 89052 — PH: 702.818.1168
Naperville Office: 190 E. 5th Ave.Suite 23 Naperville IL 60563 — PH: 312.692.1000
© 2013 McGovern & Greene LLP