Procurement fraud is progressively more elaborate and increasingly technology driven and is perpetrated by individuals with significant operational knowledge of the systems they abuse.

These challenges to the detection and investigation of procurement fraud are further exacerbated by many corporations' ineffectiveness in establishing sound fraud management processes, despite significant efforts made in connection with the Sarbanes-Oxley Act of 2002 (“SOX”).

It is hard to assess the frequency of procurement fraud and to quantify the cost associated with it, as available statistics about the economic damage resulting from procurement fraud vary significantly. Publicly available data regarding procurement fraud in the private sector is particularly difficult to estimate as corporations tend to address this topic internally and confidentially.

Experience in this field suggests that fraudulent practices in the area of procurement are more prevalent than most senior managers believe–and that the amounts involved are larger than might be imagined.

As corporations grow bigger in size and geographic reach, the purchasing cycle encompasses a bigger monetary value and far greater numbers of transactions. The result is a greater temptation and opportunity to commit procurement fraud and a greater challenge to detect and investigate it.

Insurance carriers seem to agree with this view. On their web site, AIG made the following statement: “Our experience shows approximately half of all large fidelity losses are linked to vendor fraud, a fact that underscores the vital need for Vendor Employee Dishonesty Insurance in today's marketplace”.

Similarly, according to Chubb, “Mergers, acquisitions, downsizing, restructuring, rapid expansion, and globalization have increased the challenges of maintaining a strong system of internal controls. Likewise, the expansion of computers has drastically changed the speed with which fraud can occur.”

Procurement fraud schemes may take several forms, but the most common include: excess payments made to legitimate vendors; payments made to fictitious vendors; payments directed to an employee account; product or service substitution bid-rigging and corruption.

An interesting characteristic of procurement fraud schemes is that despite being common they are difficult to detect and to investigate as generally, procurement fraud tends to be perpetrated by individuals (employees and/or vendors) who have a deep operational knowledge of the procurement process.

Experience with such cases suggests that these perpetrators have mastered the procurement system over a long period of time prior to striking with a significant volume of a fraudulent transactions.

For example, in many cases, procurement fraud occurs “under the radar screen” by a systematic abuse of delegation of authority and hence goes undetected.

Further, procurement fraud is often perpetrated through collusion as familiarity and close working relationships between employees in the purchasing and payable units and contractors and service providers may provide an opportunity for complex fraud schemes against the company.

Procurement Fraud Investigation as a Dual-purpose Process

Generally, full understanding of any procurement fraud requires comprehensive fact finding into numerous elements including: the time period and the individual/s involved, the methods employed and the monetary impact on the corporation.

A fraud investigation is often a long and detailed process which requires the use of dedicated internal and external resources. The complexity of procurement fraud schemes which involve analysis of large transactional data sets; volumes of invoices; numerous email communications and the need to interview personnel in various locations often requires retention of legal and forensic resources.

The initial objective of the investigative effort is establishing whether misconduct occurred. If so, employment of responsible individuals could be severed and law enforcement and regulators could be alerted, as needed.

The successful pursuit of an insurance claim under an employee dishonesty or fidelity policy involves establishing that a violation of trust and fiduciary duty occurred.

To this end, the objective and the procedures employed in the course of an investigation are well aligned with the need to support a proof of loss. Severance of employment relationship as well as criminal prosecution of fraudsters may not require more than a certain number of instances evidencing wrong-doing.

Establishing a limited number of instances of fraudulent activity may be sufficient grounds to provide an insurance carrier with a notice of discovery and perhaps with a preliminary loss calculation.

These procedures may not be sufficient to successfully address most insurance carriers' requirement for detailed documentation supporting a loss calculation and the need to establish the amount of company's assets that were stolen or otherwise abused.

The complexity and sophistication of many procurement fraud schemes, in particular the fact that they are employed by perpetrated by individuals who have deep knowledge of the procurement process, approval limits and vendor set up processes, may result in a difficult situation for corporations.

Not only were they subject to systematic abuse by their vendors and/or employees, they are now required to incur additional costs – beyond those required for preliminary fact finding and personnel remediation – to establish a loss for insurance purposes.

This dilemma could be solved by adopting a sample approach and by the use of extrapolation and other statistical techniques. For example, the selection of a specific time period, certain types of transactions or vendor accounts and the analysis of the same in full, while sampling other sets of time period or transactions may provide a cost relief. These methods may not be accepted by insurance carriers without further explanation of the methodology and approach.

Similarly, the need to establish causation between loss suffered and actions of the individuals perpetrating fraud is an additional source of anxiety for corporations.

The proliferation of electronic signatures, electronic communication and on-line approval of purchasing orders, invoices and payment requests makes it a considerable challenge to prove that unauthorized actions were made by a fraudster working outside their authority.

Corporations seldom keep detailed logs of changes to master vendor files and other data sources that are key to the procurement cycle making it a significant challenge to establish a direct connection between a changed entry and an individual.

Lastly, the need to perform additional procedures in connection with the pursuit of a proof of loss is a source of angst and rarely welcome news for most organizations.

The “Internal Controls Perception Gap” – Challenges to the Prevention, Detection and Investigation of Procurement Fraud

The common denominator in many procurement fraud schemes is the combination of greed and lack or limited controls. Eradicating greed is most likely impossible. Enhancing controls in each and single sub-process of the procurement cycle may be an effort worth considering given that fraud is more common where deficiencies in organization's control environment exist.

This includes business units in more geographically remote corners of the organization where the organization's controls, culture and morale are weaker; in divisions, operations and processes that are not central to a company's main business; in operations that are soon to be discontinued; in businesses that enjoy fast growth; and in units that are subject to severe cost cutting pressures.

Further, it seems that procurement fraud is more likely to occur in subsidiaries or business units that are below financial materiality and therefore outside the assessment and testing of internal controls in connection with Sarbanes-Oxley Section 404 purposes of both corporations' and their external auditors.

In light of the significant amount of resources that have been poured into the improvement of internal controls in recent years, it may be understandable that many executives assume that improvements in internal controls mandated by Sarbanes-Oxley had strengthened companies' defenses against various types of fraud, including procurement fraud.

The facts speak for themselves: according to PricewaterhouseCoopers Global Economic Crime Survey 2007, internal audit and fraud risk management account for 19 percent and 4 percent respectively, of fraud detection methods. In comparison, whistle-blowing system and tip-off account for 8 percent and 35 percent respectively.

The gap between the real effectiveness of internal controls in addressing fraud and the perception that many corporations' managements have about them, widens further in corporations operating in environments that are more tolerant to fraud and corruption.

There are a variety of key factors that make it difficult to prevent and detect procurement fraud, which also contribute to the complexity and cost associated with investigating procurement fraud.

These factors include easy to fabricate legitimately-looking source documentation, frequent use of electronic authorization and electronic signatures; corporate policy that does not match on-the-ground realities; proliferation of outsourcing of accounts payable and shared services units; and the complexity of data processing systems

Insurance carriers and corporations recognize that it is impossible to eradicate procurement fraud. Hence, it may be advisable to develop ways to tackle the emerging trend of procurement fraud and develop proactive approach to discourage it.

In seeking to limit its spread through stronger internal controls, it is recommended that companies review their procurement cycles while focusing specifically on high risk geographies and on operational controls.

It is also necessary to do away with the widely held myth that effective corporate anti-fraud program is virtually complete with the establishment of codes of ethics and whistle-blower programs.

Simply acknowledging the importance of these measures by setting up an appropriate organizational culture, will not by itself ensure that a fraud scheme, once detected, is promptly and thoroughly investigated and adequately remediated.

Acknowledging the increasing burden of investigating procurement fraud schemes in light of their breadth and technological sophistication, insurance carriers should allow for greater flexibility in the submission of proof of loss.

Dalit Stern is a Partner in PricewaterhouseCoopers LLP Advisory group focusing on investigation and remediation of fraud and misconduct. [email protected]

Body Copy