The Increasing challenge of Preventing, detecting andinvestigating procurement fraud is a source of growing tensionbetween insurance carriers and insured corporations.

The inherent tension between the policy holder and the issuer ofa fidelity claims has been rising with an uptick in the frequencyand losses associated with procurement fraud.

This article describes the sources and offers observationsregarding these topics.

Corporations and other organizations have a greater exposure toprocurement fraud than most senior managers and board membersrealize.

Procurement fraud is progressively more elaborate andincreasingly technology driven and is perpetrated by individualswith significant operational knowledge of the systems theyabuse.

These challenges to the detection and investigation ofprocurement fraud are further exacerbated by many corporations'ineffectiveness in establishing sound fraud management processes,despite significant efforts made in connection with theSarbanes-Oxley Act of 2002 (“SOX”).

It is hard to assess the frequency of procurement fraud and toquantify the cost associated with it, as available statistics aboutthe economic damage resulting from procurement fraud varysignificantly. Publicly available data regarding procurement fraudin the private sector is particularly difficult to estimate ascorporations tend to address this topic internally andconfidentially.

Experience in this field suggests that fraudulent practices inthe area of procurement are more prevalent than most seniormanagers believe–and that the amounts involved are larger thanmight be imagined.

As corporations grow bigger in size and geographic reach, thepurchasing cycle encompasses a bigger monetary value and fargreater numbers of transactions. The result is a greater temptationand opportunity to commit procurement fraud and a greater challengeto detect and investigate it.

Insurance carriers seem to agree with this view. On their website, AIG made the following statement: “Our experience showsapproximately half of all large fidelity losses are linked tovendor fraud, a fact that underscores the vital need for VendorEmployee Dishonesty Insurance in today's marketplace”.

Similarly, according to Chubb, “Mergers, acquisitions,downsizing, restructuring, rapid expansion, and globalization haveincreased the challenges of maintaining a strong system of internalcontrols. Likewise, the expansion of computers has drasticallychanged the speed with which fraud can occur.”

Procurement fraud schemes may take several forms, but the mostcommon include: excess payments made to legitimate vendors;payments made to fictitious vendors; payments directed to anemployee account; product or service substitution bid-rigging andcorruption.

An interesting characteristic of procurement fraud schemes isthat despite being common they are difficult to detect and toinvestigate as generally, procurement fraud tends to be perpetratedby individuals (employees and/or vendors) who have a deepoperational knowledge of the procurement process.

Experience with such cases suggests that these perpetrators havemastered the procurement system over a long period of time prior tostriking with a significant volume of a fraudulenttransactions.

For example, in many cases, procurement fraud occurs “under theradar screen” by a systematic abuse of delegation of authority andhence goes undetected.

Further, procurement fraud is often perpetrated throughcollusion as familiarity and close working relationships betweenemployees in the purchasing and payable units and contractors andservice providers may provide an opportunity for complex fraudschemes against the company.

Procurement Fraud Investigation as a Dual-purpose Process

Generally, full understanding of any procurement fraud requirescomprehensive fact finding into numerous elements including: thetime period and the individual/s involved, the methods employed andthe monetary impact on the corporation.

A fraud investigation is often a long and detailed process whichrequires the use of dedicated internal and external resources. Thecomplexity of procurement fraud schemes which involve analysis oflarge transactional data sets; volumes of invoices; numerous emailcommunications and the need to interview personnel in variouslocations often requires retention of legal and forensicresources.

The initial objective of the investigative effort isestablishing whether misconduct occurred. If so, employment ofresponsible individuals could be severed and law enforcement andregulators could be alerted, as needed.

The successful pursuit of an insurance claim under an employeedishonesty or fidelity policy involves establishing that aviolation of trust and fiduciary duty occurred.

To this end, the objective and the procedures employed in thecourse of an investigation are well aligned with the need tosupport a proof of loss. Severance of employment relationship aswell as criminal prosecution of fraudsters may not require morethan a certain number of instances evidencing wrong-doing.

Establishing a limited number of instances of fraudulentactivity may be sufficient grounds to provide an insurance carrierwith a notice of discovery and perhaps with a preliminary losscalculation.

These procedures may not be sufficient to successfully addressmost insurance carriers' requirement for detailed documentationsupporting a loss calculation and the need to establish the amountof company's assets that were stolen or otherwise abused.

The complexity and sophistication of many procurement fraudschemes, in particular the fact that they are employed byperpetrated by individuals who have deep knowledge of theprocurement process, approval limits and vendor set up processes,may result in a difficult situation for corporations.

Not only were they subject to systematic abuse by their vendorsand/or employees, they are now required to incur additional costs –beyond those required for preliminary fact finding and personnelremediation – to establish a loss for insurance purposes.

This dilemma could be solved by adopting a sample approach andby the use of extrapolation and other statistical techniques. Forexample, the selection of a specific time period, certain types oftransactions or vendor accounts and the analysis of the same infull, while sampling other sets of time period or transactions mayprovide a cost relief. These methods may not be accepted byinsurance carriers without further explanation of the methodologyand approach.

Similarly, the need to establish causation between loss sufferedand actions of the individuals perpetrating fraud is an additionalsource of anxiety for corporations.

The proliferation of electronic signatures, electroniccommunication and on-line approval of purchasing orders, invoicesand payment requests makes it a considerable challenge to provethat unauthorized actions were made by a fraudster working outsidetheir authority.

Corporations seldom keep detailed logs of changes to mastervendor files and other data sources that are key to the procurementcycle making it a significant challenge to establish a directconnection between a changed entry and an individual.

Lastly, the need to perform additional procedures in connectionwith the pursuit of a proof of loss is a source of angst and rarelywelcome news for most organizations.

The “Internal Controls Perception Gap” – Challenges to thePrevention, Detection and Investigation of Procurement Fraud

The common denominator in many procurement fraud schemes is thecombination of greed and lack or limited controls. Eradicatinggreed is most likely impossible. Enhancing controls in each andsingle sub-process of the procurement cycle may be an effort worthconsidering given that fraud is more common where deficiencies inorganization's control environment exist.

This includes business units in more geographically remotecorners of the organization where the organization's controls,culture and morale are weaker; in divisions, operations andprocesses that are not central to a company's main business; inoperations that are soon to be discontinued; in businesses thatenjoy fast growth; and in units that are subject to severe costcutting pressures.

Further, it seems that procurement fraud is more likely to occurin subsidiaries or business units that are below financialmateriality and therefore outside the assessment and testing ofinternal controls in connection with Sarbanes-Oxley Section 404purposes of both corporations' and their external auditors.

In light of the significant amount of resources that have beenpoured into the improvement of internal controls in recent years,it may be understandable that many executives assume thatimprovements in internal controls mandated by Sarbanes-Oxley hadstrengthened companies' defenses against various types of fraud,including procurement fraud.

The facts speak for themselves: according toPricewaterhouseCoopers Global Economic Crime Survey 2007, internalaudit and fraud risk management account for 19 percent and 4percent respectively, of fraud detection methods. In comparison,whistle-blowing system and tip-off account for 8 percent and 35percent respectively.

The gap between the real effectiveness of internal controls inaddressing fraud and the perception that many corporations'managements have about them, widens further in corporationsoperating in environments that are more tolerant to fraud andcorruption.

There are a variety of key factors that make it difficult toprevent and detect procurement fraud, which also contribute to thecomplexity and cost associated with investigating procurementfraud.

These factors include easy to fabricate legitimately-lookingsource documentation, frequent use of electronic authorization andelectronic signatures; corporate policy that does not matchon-the-ground realities; proliferation of outsourcing of accountspayable and shared services units; and the complexity of dataprocessing systems

Insurance carriers and corporations recognize that it isimpossible to eradicate procurement fraud. Hence, it may beadvisable to develop ways to tackle the emerging trend ofprocurement fraud and develop proactive approach to discourageit.

In seeking to limit its spread through stronger internalcontrols, it is recommended that companies review their procurementcycles while focusing specifically on high risk geographies and onoperational controls.

It is also necessary to do away with the widely held myth thateffective corporate anti-fraud program is virtually complete withthe establishment of codes of ethics and whistle-blowerprograms.

Simply acknowledging the importance of these measures by settingup an appropriate organizational culture, will not by itself ensurethat a fraud scheme, once detected, is promptly and thoroughlyinvestigated and adequately remediated.

Acknowledging the increasing burden of investigating procurementfraud schemes in light of their breadth and technologicalsophistication, insurance carriers should allow for greaterflexibility in the submission of proof of loss.

Dalit Stern is a Partner in PricewaterhouseCoopers LLP Advisorygroup focusing on investigation and remediation of fraud andmisconduct. [email protected]

Body Copy