2016 was a very busy year!
We as a forensic practice conducted many investigations on many topics. But one recurring theme was the abuse of procurement.
What we saw, in both private and public sector organisations, covered the full spectrum of abuse; from merely circumventing policies and procedures just for expediency, through to significant conflicts of interest, kickbacks and fraud.
We find that the procurement function is probably the most often abused. There are many reasons for this, but they come back to large amounts of money and human nature. No matter what an organisation does, there will always be someone (often someone who has been in the same role for a long time) who will find a way around processes and controls to benefit themselves or someone they know.
So, why does the procurement function continue to suffer abuse and how can procurement integrity be achieved?
Employees from satellite offices in remote locations in small communities are prone to favouritism and conflicts of interest. There may be some legitimate challenges, like a limited pool of suppliers. But often, employees fail to understand conflicts of interest and the obligation to report them, or they intentionally ignore the conflicts.
One of our investigations uncovered corrupt activity occurring over a long period, costing our client many millions of dollars. Senior management had participated in conflicts of interest for personal gain. When this happens it's more difficult to identify and rectify because other staff may be unwilling to report the conduct; or if there is no reporting mechanism.
Subsidiaries overseas are also prone to conflicts of interest and kickbacks in procurement. It happens everywhere, but particularly in regions such as Southeast Asia, where there may be cultural norms to direct business to relatives and associates. And there may also be an expectation that a gift (usually of cash) is needed to get business.
An investigation in Malaysia some years ago revealed a simple example of insufficient management leading to a procurement fraud. The circumstances (which raised a myriad of red flags) were:
- Subsidiary of a large multi-national
- Expatriate senior operational management who had engineering backgrounds and whose focus was more on operations than accounting
- Small accounting/accounts management team who also managed local procurement (with limited segregation of duties)
- Accounting function headed by a local senior accounts executive
- Head office infrequently visited the subsidiary to audit the operations.
So, what happened?
We found that the senior accounts executive had:
- Set up his own company and a company of an associate as suppliers to the business
- Raised false invoices in the name of his and his associate's company
- Authorised payments of RM8 million (about AUD2.4 million) over a period of 12 months.
Why wasn't this picked up?
- A lack of oversight by senior management to confirm that services were actually being delivered - and a failure to regularly scrutinise:
- the vendor listing - regular review of the vendor listing would have identified unfamiliar vendors; and further investigation would have shown them to be fraudulent
- regular monthly reporting such as spend by vendor.
- 2Poor due diligence processes - there were no documents showing why the new vendors had been taken on; or that their bona fides had been checked. For example, a simple register search on one of the companies would have shown that the account executive was a director of a supplier company.
There seems to be a view in Australia that higher levels of governance and technological sophistication prevent these sorts of incidents from happening. We find this not to be the case.
Failing to follow procedure and adhere to financial delegations
Some other common themes include established procurement procedures and processes not being followed; or, delegations of authority being breached.
In one case a State Government employees engaged contract trade labour through a recruitment agency, without a suitable contract or even purchase order in place. Further, the employee responsible for authorising the payments of the invoices had a delegation of authority of only $15,000. The first of the invoices may have been within this delegation, but multiple ones were not. This all happened despite the client's procurement policy stating that contract labour could only be used short term; and that the delegation authority could only be used for payments relating to one resource up to the delegation limit.
No-one thought they were doing anything wrong: just getting the job done. But, the way services were procured provided no control or oversight of the level of spend.
So, how do we reduce the incidence of abuse of procurement?
Adequate management oversight and avoiding complacency
Of course we advocate best practice: preventative policies and procedures, including adopting limited tenure in procurement roles; and detective mechanisms such as data analysis and having a whistleblowing mechanisms. These measures are all important (though their extent will vary with the size and complexity of a business).
But, at a higher level, procurement integrity depends on a culture of management oversight and avoiding complacency.
This means that all new suppliers are first subjected to due diligence. Due diligence is important because it may identify business partner risk that should be investigated further, or lead to a clear decision not to engage at all with a particular supplier. Evidence of the due diligence should be kept in case later issues arise.
Ongoing monitoring of suppliers is needed to prevent or detect abuse. Supplier listings should be reviewed regularly. Recent additions to the list, the goods and services delivered and the payments made should be queried. In the Malaysian case mentioned above, such a review would have found that there was no documentation of due diligence, that no services were being delivered, and that an employee was a director of a supplier company.
Where the business has an internal audit function, these reviews should also be part of the internal audit plan. For good measure, occasional random audits should be conducted.
Training and communication
Getting the right culture in this - or any area - of a business, hinges on continuous training and communication about:
- Policies and procedures, including the need to be vigilant and maintain continuous monitoring of suppliers.
- Promoting ethical conduct: in particular, ensuring that all employees understand what a conflict of interest is and what should be done when a real or perceived conflict arises.
- Known procurement issues in the industry sector in which the business operates. A good way to get to know these issues is to join an association such as the Chartered Institute of Procurement and Supply (CIPS)1, who issue regular newsletters and provide other resources about procurement generally.
Complacency can creep into a business function when nothing bad has been found to have happened recently; or if abuse is just missed through a lack of oversight.
Vigilance against abuse should be second nature. As, Pubilius Syrus wrote, in the first century BC: "He is most free from danger, who, even when safe, is on his guard."
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.