A vendor can be an entity's best colleague or worst nemesis. Keep the relationship pleasant and successful by conducting vendor audits.
Bigco Inc., a Midwest manufacturer, hired Energy Services Limited, an energy consulting firm, to provide specialized procurement services to acquire inexpensive and reliable energy for its manufacturing plants and offices. Energy Services sent invoices to each of Bigco's divisions and its corporate headquarters based on hourly charges for its professional staff and related out-of-pocket costs. Bigco's CF0 found Energy Service's invoices had quintupled in a three-year period and called in our firm.
When we examined the invoices in total, we found that some of Energy Service's professionals had billed each division and the corporate headquarters for seven hours a day for a total of more than 24 hours. We also found that most of the Energy Service's professionals consistently exceeded an eight-hour workday and some worked on holidays. Yet the routine services they provided could have been performed during a normal eight-hour workday. Routine vendor audits would have prevented the overcharging.
Entities often implicitly trust vendors. But just as good fences make good neighbors, vendor audits produce good relationships.
The participants of an Institute of Management and Administration survey said they use "right-to-audit" clauses in vendor contracts when they want to ensure sound financial management; when they must respond to dynamic environments such as outsourcing, downsizing and ISO 9000; and when they need to use subcontractors.
Routine vendor audits send the message that the entity is always monitoring the vendor to ensure that it is complying with ethics or business standards and contractual agreements. When the entity exercises the right to audit, the fraud examiner may be looking for such vendor fraud and violations of company ethics policies as:
• Fictitious "shell entities" set up by employees or others that may or may substitution-of-material schemes that supply faulty or inferior goods;
• Short shipments or goods not delivered;
• Services allegedly performed that were not needed in the first place, such as equipment repairs, or services never performed at all;
• High prices when the goods can be bought directly or less expensively from the same or another vendor; and
• Corruption schemes including improper payments and kickbacks, conflicts of interest, gifts and gratuities to company employees, and commissions to brokers and others.
Shell Entity Scheme
In this scheme, an ethically challenged employee creates a false entity – a shell – to become a middleman or broker who supplies goods and services to the original business but includes a healthy price "mark-up" on the invoice. The fraudster also may use the shell to submit invoices for goods and services that are never delivered or rendered. Often, the shell is nothing more than a fabricated name and a post office box or mail drop address that the culprit uses to collect the fruits of the fraud.
Typically, the fraudsters can approve the purchases and the payment of goods and services, or they supervise employees who can perform those functions.
In my experience, the individual purchases are not large but will be substantial in the aggregate. The shell never takes possession of the goods because a legitimate manufacturer or wholesaler "drop ships" the goods directly to the employer. However, the fraudster instructs the manufacturer or wholesaler to invoice the shell for these goods and that is when the shell can take its illegal cut.
If the shell is in a service business, it actually may contract with individuals to provide services to the employer. The shell again instructs the subcontractors to invoice it for the services rendered to the employer and then invoices the employer for the services with the healthy mark-up. In a recent case I investigated, an employer's vice president instructed several employees to quit. He then hired them as subcontractors through a business controlled by his father-in-law. This business then contracted these same employees and others to the employer through the assistance of the son-in-law, the vice-president. The vice president paid his father-in-law's company healthy hourly rates for his ex-employees and pocketed a portion as his fruits of the fraud through a shell he created to "consult" with the father-in-law's business.
To bill the employer and minimize detection of the scheme, the fraudster will open a bank account in the shell's name with the fraudsters and co-conspirators as authorized signers.
Vendor Overcharges and Material Substitution Schemes
Vendors may defraud a company by overcharging for goods and services or substituting unexpected materials. In an overcharging scheme, the vendor may use prices other than those agreed to or bill separately for items that should be part of a contract price. Material substitution schemes typically employ lesser quality materials, which are billed at a higher amount. These types of schemes can be as diverse as business itself. Following are two case examples.
Overcharging for Contractor Labor and Materials
The vendor, an electrical contractor to a local governmental agency, invoiced each job it performed. It charged for labor using hourly union rates for work performed and supplies used. During our examination we discovered the contractor had significantly overcharged the agency by charging for employees that were not present on the job site and for more than 24 hours a day for the same foreman. The contractor also charged higher journeyman rates for apprentices working on the job site and for more materials than actually used.
Material Substitution and Freight Over-billing
The vendor, a raw-materials commodity supplier to a large manufacturing plant, invoiced materials using various prices depending on the source of the materials and the location of the materials. Our examination found the vendor consistently charged for higher-priced materials that it said was from a high-quality source. However, the vendor's records showed that it received a significant portion of these materials from lesser-quality sources. We also found that the vendor billed fraudulent freight charges for materials that they obtained locally.
Employee Corruption Schemes
Sometimes an employee will extort a vendor to receive favorable treatment or to avoid unfavorable treatment. Vendors then often may over-bill to cover the cost. Economic extortion is the opposite of commercial bribery in which the vendor offers payment to an employee to influence his business decision.
In this corruption scheme, the corrupt payer figures the corruption payments as a cost of the deal. The corrupt payer will blend in the cost by inflating the selling price to the employer and/or shipping lesser quality goods and services to reduce operating costs. He also may deviate from the specifications of the items or services purchased. For example, the contract for road construction may call for concrete to be poured to a depth of 12 inches but the corrupt payer may pour only nine inches.
The fraudster employee may set up a shell to accept the corrupt payments. To the corrupt payer, the shell appears to be a legitimate business to which he can make payments and obtain a corresponding tax deduction. Likewise, the employee often reports the income from the shell, thereby laundering the corrupt payment and avoiding a potential criminal charge for tax evasion if the corruption scheme is discovered.
Regardless of the scheme, some basic techniques are useful in uncovering the nature and extent of the corrupt activities. Routine vendor audits should reduce fraud in any entity. Following are general audit procedures and some recommended techniques.
Use online public records found on Web-based tools (such as ChoicePoint, DataBase Technologies [DBT], and Information America [KnowX]) and retain fraud examiners or private investigators to examine the backgrounds of the vendor, suspected employee, and corrupt payer, as well as the fictitious company and its principals. Concentrate on locating the shell that the employee may have set up to facilitate the fraud. Prepare a personal and financial profile and a net worth analysis of the employee. (Refer to the ACFE's "Fraud Examiners Manual," 3.629 and 3.633, of the Investigation section, on assembling a subject's financial and personal profile and preparing a net worth analysis.)
To obtain the personal banking information of a suspected shell, you must either obtain it voluntarily from the suspected shell or file legal action against the vendor. However, you may need to find other evidence prior to the initiation of the legal action because the courts are not adverse to imposing sanctions on lawyers for filing frivolous suits.
Most banks require such public records as an article of incorporation, assumed name act (or "Doing Business As" – DBA) certificate, or a partnership agreement to prove that a business has been legally formed. However, do not be persuaded only by the existence of these documents because the fraudster can easily obtain them through state or local government agencies.
Examine the suspected shell's address. You can use data analysis software (such as MS Access or Excel, ACL, Idea, etc.), to examine a list of postal box addresses or residential addresses. Compare vendor addresses to employee addresses to discover shell companies in an accounts payable system. Also use data analysis software to match vendor addresses to mailbox-drop companies. The fraudster may also use addresses of relatives, friends, or accomplices.
Thoroughly examine the suspected shell entity's invoices. Many are sequentially numbered and lack telephone numbers, descriptive language, and other common items found on legitimate invoices. Obtain copies of the suspected shell's articles of incorporation, partnership agreement or DBA filing from the applicable local government.
Obtain copies of the suspected shell's annual reports (if incorporated) from the state's secretary and a copy of its Dun & Bradstreet (D&B) full business report. Search the Internet and other relevant business information sources such as business directories, trade journals and directories, chamber of commerce listings, etc.
Examine shipping documents, such as bills of lading, to determine the source of goods purchased. Obtain fair market values for the goods and services being purchased from the suspected shell by calling the identified supplier and by calling other competitors of the suspected shell.
During the background investigation phase, perform a detailed litigation search to determine if other customers have sued the vendor for overcharges or other shenanigans. In performing the forensic accounting analyses, evaluate the individual transactions and the actual receipt of the goods or services. If the goods or services are subject to a contract, thoroughly understand the billing terms and specifications.
After completing a work-up of the suspected shell's background, perform forensic accounting analyses of financial documents. While obtaining these documents, remember that the employee may have been tipped off to the audit so present the vendor or purchasing review as routine and obtain other records of other vendors so you do not draw suspicion.
Obtain the following internal documents for the suspected shell:
• History of payments, including invoice number, invoice date, invoice amount, check number for payment and accounting classification, preferably in an electronic form;
• Contracts between the entity and the suspected shell;
• Purchase orders sent to the suspected shell;
• Purchase order requisitions;
• Receiving documents; and
• Other internal files, including bid files, purchasing correspondence files, and operations correspondence files.
Perform the following analyses:
• Determine total payments to the suspected shell for each year.
• Sort the invoices by amount to find duplicate payments and unusual amounts.
• Sort the invoices by invoice number to determine if a sequential numbering pattern exists and also to identify duplicate payments.
• Compare total payments to the vendor's sales reported to D&B to determine the percentage of the vendor's business your company represents.
Perform these audit procedures:
• Compare quantities received and pricing to the applicable purchase order(s).
• Recalculate the billing amounts shown on the invoices.
• Determine the individuals who requisitioned the items and completed the purchase orders.
• Examine other files to determine any relevant information to the examination.
Using the fair market value established in the background phase of the examination, compare that amount to the amount paid to determine an estimate of potential damages. Also, determine the need for the items purchased.
Audit the activities that took place prior to the purchase. Determine if the employee used a valid method of determining the employer's need for the item and why he chose this particular supplier. Decide if contract specifications were met and evaluate solicitations for bids, proposals, and quotations. Also, determine if the employee searched the widest range of competition available and if he used the vendor as his sole source.
Maintain security of bids before and after opening by looking for:
• Acceptance of late bids;
• Allowance for vendors to make corrections to their bids after bid openings;
• Pre-releasing purchasing information;
• Surreptitious opening of sealed bids to make changes for favored vendors; and
• Poor security for sealed and/or unsealed bids
Ensure that vendor is qualified to receive the award by looking for adequate financial resources or the ability to obtain such resources and follow the required or proposed delivery or performance schedule.
In addition, look for a satisfactory record of performance and integrity, and the qualifications and eligibility under applicable laws and regulations. The vendor should have the necessary experience, operational controls, and technical skills, production, construction, and technical equipment or facilities or the ability to obtain them.
Also, ensure integrity of award procedures, monitor the vendor's production process and quality assurance, search for waivers granted and collusion in the bidding, and be alert to "buying in."
Vendor On-site Audit
Of course, the most effective means of concluding a successful investigation of any suspected fraud scheme is an on-site audit of the vendors' books and records. The audit's focus will be determined by the scheme employed.
The buyer usually obtains the right to examine records of a vendor to determine if a fraud or a violation of company policy has occurred through a right-to-audit agreement or a right-to-audit clause in the contract. The agreement can be printed on the back of a purchase order or other procurement form. This could be the wording of the clause on a purchase order:
"Seller shall establish a reasonable accounting system, which enables ready identification of seller's cost of goods and use of funds. Buyer may audit seller's records anytime before three years after final payment to verify buyer's payment obligation and use of buyer's funds. This right to audit shall include subcontractors in which goods or services are subcontracted by seller. Seller shall insure buyer has these rights with subcontractor(s)." ¹
If a buyer inserts a right-to-audit clause in a contract, he has a much greater chance to expand definitions and include other compliance provisions for the vendor.
The buyer may be able to obtain the right to audit by inserting a specific provision into a contract that is normally entered into between buyer and vendor, e.g., a construction contract or supply contract in addition to the basic right-to-audit clause included in the purchase order. Additionally, the buyer may include an audit provision within a special document, such as a vendor survey mailed to all new or proposed additions to the vendor master file, that the vendors complete and sign. And finally, the least desirable option is a civil lawsuit that subpoenas documents and records.
If such a clause does not exist, you should still request the vendor to submit to an audit. The vendor often will volunteer to an audit, but, of course, his refusal is a bright red flag.
When examining the vendor's records, focus on:
• Reviewing the cash disbursements of the vendor, identifying:
• Any payments to employees and to employee-controlled entities;
• Excessive owner distributions; and
• Other unusual transactions.
Proving delivery of goods and services by examining shipping or proof of receipt documents, time cards, time and billing sheets, and the like;
Ascertaining the gross profit of the company on sales made to the employer;
Examining tax reporting forms issued by the vendor for any payments to employees, family members, or employee-controlled entities;
Examining expense reports to identify excessive expenditures for your employees;
Determining the "true" ownership of the suspected shell by examining tax returns, equity accounts, loan documents, or other documents; and
Performing a detailed investigative interview to ascertain:
• History and background of the suspected shell and who specifically introduced the company to the employer;
• Previous experience and knowledge of the suspected shell's principals in the industry it serves;
• List of employees that the suspected shell's principals deal with;
• Explanations for charges to the employer above fair market value; and
• Admission of the ownership by the employee.
The focus of the audit will be to find the payments to the employee or the employee's shell. Though it is rare, some corruption payments are paid in cash. Determine that all checks paid by the employer have been deposited into the suspected corrupt payer's account and have not been cashed or laundered through an offshore account to provide for a cash payment. Also, examine closely any cash distributions to the suspected corrupt payer's principals, other cash withdrawals, or wire transfers that may be the source of the corruption payment.
Wrapping It up
The offended entity often calls upon the fraud examiner to discuss his or her findings with the vendor's representatives to settle the matter. The entity should review any outstanding payables it has with the vendor and determine if a debit memo for the overcharge may be used to offset the amounts due. Consider performing an investigative interview of the employee(s) involved to obtain a confession of the fraud. If you cannot obtain a confession then, following discussions with legal counsel, request that the employee voluntarily produce his personal financial records for examination.
Following the vendor audit, you may find it necessary to prepare additional analyses and damage estimates. If there is sufficient predication, review the findings with management and legal counsel for possible criminal or civil prosecution. Always write an examination report to document your work.
A vendor can be an entity's best colleague or worst nemesis. Keep the relationship pleasant and successful by conducting proactive vendor audits.
¹ Summerford, CFE, CPA, CVA, Ralph, "Reserving the Right to Audit the Suspicious Vendor," The White Paper, May/June 2001. (back to quote)
Questions or comments?