The Proactive Procurement Fraud Prevention Model ("Model") is designed for those organizations that wish to stem the rising tide of internal fraud. A product based upon many years of audit and fraud examination of procurement and accounts payable systems, the Model's four step process can significantly reduce the risk of fraud within these functions. McGovern & Greene can assist your organization in its implementation.
An analysis of your Organization's System of Internal Controls, Policies and Procedures over the procurement and disbursement functions is completed, with a focus on opportunities for compromise and fraud. The process is then flowcharted and evaluated using a fraud risk questionnaire specifically designed to identify fraud opportunities.
Unfortunately, many processes and systems do not function as portrayed. Therefore, it is necessary to perform tests of the system to insure compliance with the understanding obtained during the flowcharting process. Identifying the controls that exist, determining that controls operate properly and understanding which controls are periodically overridden are all goals of system testing. Interviews of key employees can be of significant benefit in understanding potential areas of compromise. Subsequent to completion of testing, key control points are identified, including, but not limited to:
• Segregation of Duties
• Supervisory Controls
• Receiving Controls
• Authorization/Approval Controls
• Reconciliation Controls
• Recording Controls
A written report will be prepared, identifying significant weaknesses, if any, in the process and providing recommendations for improvement as identified. The ACFE study concluded that improvement in an Organization's System of Internal Controls is the Number 1 method in reducing fraud.
Communication and training contributes significantly to reducing the potential for fraud within an Organization. Should an Organization not have an Employee Standards of Business Conduct or an Ethics Policy in place, one must be implemented. These policies should be designed to clearly communicate to employees the specifics of legal and acceptable behavior as they fulfill their organizational duties. Unfortunately many policies lack specifics and may not adequately address that which may arise. The Model recommends that such guidelines be written to conform to a set of Best Practices which have been developed as part of the Model's implementation.
Mandatory training for all employees regarding Conduct and Ethics policies is essential in teaching them to be alert to the red flags which may signal the potential for fraudulent activity. Training should be conducted annually, with employees signing an acknowledgement form with regard to their understanding of, and commitment to, Conduct and Ethics policies.
The Organization's vendor community must be aware of these policies, as well. It is recommended that an abridged version be sent to each vendor at lease annually. The vendor mailing should contain a tear-off acknowledgement form that will be returned to the appropriate department within the Organization. These forms should be retained in the event there is an "incident" at some point involving individual vendors.
The ACFE Report found that over 40% of frauds were discovered through tips. Toward that end, the Organization must establish an independent, anonymous system that allows for the reporting of suspicious activity. Employees are often reluctant to confide in fellow employees or supervisors, yet the ACFE Report found that 60% of fraud tips were offered by employees when a third-party reporting system was employed.
The Fraudster in the commission of his crime often uses computers. The Computer is also a very effective weapon in combating fraud within an Organization. Over time, sophisticated data mining techniques have been developed to identify indicators of fraud within the procurement system. Data rich environments are ideal for continuous monitoring. McGovern & Greene LLP and its strategic partner, Automated Auditors, LLC have developed proprietary data mining software to identify fraud indicators.
Employee Master and Earnings Files — The model focuses not only on procurement systems, such as accounts payable and purchasing documents, but employee information files as well. The master employee files generally contain identifier information for the Organization. Comparisons of addresses, tax identification numbers and telephone numbers between the Master Employee File and like information found in the Master Vendor File may lead to discovery of Conflicts of Interest situations and fictitious vendors. Many fraudsters in the commission of their crimes form fictitious businesses to receive the "fruits of their crimes". It is not unusual that the fraudster reports these activities on their income tax returns and have additional taxes withheld from their paychecks to pay these taxes. An analysis of net earnings as a percentage of gross earnings will reveal those employees.
Master Vendor File — An Organization's Master Vendor File is an often overlooked and extremely important control in fighting fraud. It contains information used in processing disbursements of the Organization's cash and provides the Fraudster with plenty of opportunities. McGovern & Greene's Data Mining techniques can be used to detect various fraud schemes. Many of the tests are designed to locate fictitious companies such as address comparisons to employees, Postal Box and Mail Drop addresses. Examinations of existing audit logs for address changes may reveal other schemes. Another benefit of finding duplicate addresses is it provides a method for "cleaning up" the file of duplicate vendor entries.
Vendor Invoice/Payment History Files— Analyses of these files search for anomalies in amounts, invoice numbering, unusual period changes and other red flags of fraud. The data mining techniques also use Benford's Law that focuses on the frequency of numbers in large data sets to find unusual patterns that may be indicative of fraud. Examinations of large and unusual amounts are also performed. Organizations often establish risk levels such as all checks less than $10,000 are "machine signed". Fraudsters learn of these levels and construct their schemes to target amounts just below these levels. Therefore, an effective data mining method used by McGovern & Greene is to examine those amounts.
Purchase Order File — Data mining of the Purchase Order file may lead to other indicators of fraud such as increasing unit prices, unusual amendments and different ship to addresses. Purchase Order files may also be mined to look for patterns of orders, requisitioners, non-compliance with policies and other anomalies.
Performing a detailed vendor audit is the most effective means to discover:
— Fictitious ("Shell") Companies
— Corruption Schemes
— Vendor Frauds
An additional byproduct of this process is building effective and trusting relations with the Organization's Vendors. In the Model the Vendor Audit is used as an investigative step when fraud is suspected.
Vendor Research — Prior to performing the vendor audit, intelligence needs to be gathered as to the Vendor's business, organization and principals. The Model recommends that searches be performed of public records, Dun & Bradstreet, the Internet and other sources to gain an understanding of the Vendor and its principals. McGovern & Greene's forensic accountants regularly scour information sources for these investigative leads. It is not unusual to find circumstantial evidence from the research that enhances the fraud examination.
Forensic Examination of Vendor Documents — Prior to the Vendor Audit, A detailed forensic examination of the Vendor's documents in the possession of the Organization is performed. The examination focuses on errors, anomalies, or other irregularities contained in these documents. Like the research discussed above, circumstantial evidence may be found during the examination.
Onsite Examination — The onsite examination focuses on the credibility of the Vendor. A combination of interviewing and document examination techniques often leads to a confession if wrongdoing is involved. Depending on the case, the Model suggests a number of procedures to be performed.