Six Steps to Prevent Procurement Fraud
Even though procurement fraud may be hard to spot, there are a number of steps you can take to mitigate the risk.
1 - CREATE AN APPROVED VENDOR LIST. "Companies have to have a system to verify each vendor to make sure the company exists. Once that is done, that vendor is put into the 'approved vendor list,'" says Joel Bartow, director of fraud prevention at ClientLogic, a business process outsourcer based in Nashville, Tenn. "No invoice should be paid to any vendor who is not on the approved listand at the address that has been verified. A Web site does not mean there is a company, nor does an answering machine. A phone listing is a good clue; so is a conversation with a real receptionist. One red flag is when invoices are submitted but have not been folded, which means they have not been mailedrather, they have been created at the office and slipped into the system."
That said, sometimes even a company on the approved list can prove to be a shadow operation.
2 - SEPARATE JOB RESPONSIBILITIES. One of the underlying enablers of procurement fraud is a lack of separation of job responsibilities, says Cary Meiners, second vice president of financial and professional services at St. Paul Travelers, an insurance company in St. Paul, Minn. "For example, you can't have the same person approving contracts and doing the audits," Meiners says. "There are no checks and balances in place in that kind of a situation." In companies undergoing mergers and acquisitions or accelerated growth, he adds, these checks and balances are particularly likely to fall by the wayside, leaving the organizations vulnerable.
3 - LOOK OUT FOR CLIQUES. In many cases, according to Karen Schnatterly, a white-collar-crime expert at the University of Minnesota's Carlson School of Management, fraud comes about when there's a tight clique within an organization, especially one in which the members feel entitled and perhaps a little smarter than anyone else in the room. The Association of Certified Fraud Examiners (ACFE) concurs, noting that when more than one person commits fraud, the median loss rises dramatically. "When multiple perpetrators conspire to commit a fraud, this makes it easier to circumvent anti-fraud controls," the ACFE said in its latest fraud report.
4 - ESTABLISH A HOT LINE FOR WHISTLE-BLOWERS. Sarbanes-Oxley dictates that companies establish confidential reporting mechanisms for employees. The ACFE reports that fraud is much more likely to be detected by a tip from employees than from internal or external audits.
5 - DO THE PARKING-LOT TEST. If a $90,000-a-year I.T. manager comes to work in a $50,000 automobile, as allegedly did several of the men in the ERCOT case, or lives in a multimillion-dollar mansion, it might be a clue that all is not kosher with said manager's finances.
6 - GET INSURANCE. If you don't have it already, take out what's called employee dishonesty fraud insurance. Buca, which had such a policy in place prior to its fraud problems, has recovered much of what it lost. "We were fortunate and had a responsive carrier," says Rich Erstad, the company's general counsel. Meiners says that in applying for this kind of policy, companies have to answer 40 to 50 questions about what kinds of financial controls and procedures they have in place. "Even if a company says it doesn't want to take the insurance, we encourage them to respond to the questions," he explains. It forces a company to think about the ways in which it's vulnerable.
Of course, all of these measures taken together can't make your organization bulletproof. "There are always going to be smart people who are going to find ways of getting in under the radar," Schnatterly says. Maybe so, but if the recently defrauded companies had adopted the above safeguards, they all would've had a far better chance of dodging the bullet.