Procurement fraud

CONSUMER MARKETS

Procurement Fraud in Consumer Companies Preventing, Detecting and Taking Action

KPMG INTERNATIONAL

Willy Kruh Global Chair

Consumer Markets KPMG in Canada

ii P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N

© 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.

Message from Willy Kruh

We have found that procurement is an area that is highly susceptible to fraud and misconduct in consumer markets companies. Further, increasingly complex and global supply chains, coupled with a challenging economic environment, lend to an even heightened incidence of this type of fraud. Since financial losses resulting from procurement fraud directly affect a company’s bottom line, minimizing the opportunity for fraud within the procurement cycle can result in substantial gains for consumer companies.

This paper shares the insight and experience of some of KPMG firms’ leading forensic and contract compliance professionals who assist companies in the food, drink, consumer goods (FDCG) and retail sectors with addressing procurement fraud issues. In addition, the report summarizes and analyzes the results from a poll of over 460 FDCG and retail sector procurement and other executives who attended a KPMG Global Consumer Markets webcast on this topic earlier this year. These poll results provide the first-hand perspectives of your industry peers on how their own companies are affected by and dealing with procurement fraud.

I trust that the information herein, on the key procurement fraud risks, leading anti-fraud procurement practices and cross-departmental approaches to procurement fraud, supported by the feedback and insights shared by the KPMG webcast participants, will provide you with relevant and useful guidance that you can apply in your organization.

2 Introduction

3 Procurement fraud risks andways to reduce your exposure

12 Using technology to detectprocurement fraud

18 Making use of supplier auditsto counter fraud and loss

22 Conclusion

Contents

P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N 1


Historically, procurement fraud in consumer markets organizations has not been as proactively or successfully managed as it can be today. Often regarded as an issue not easily identified or prevented, many food, drink and consumer goods (FDCG) and retail organizations were more likely to regard procurement fraud as an unavoidable cost that (they hoped) had minimal impact on the bottom line.

However, according to a survey of 959 Certified Fraud Examiners on Occupational Fraud & Abuse conducted by the Association of Certified Fraud Examiners (ACFE), US organizations are losing nearly 7 percent of their annual revenues to fraud each year.1 If this is typical across industries and in other countries, then clearly it is an issue that consumer businesses around the world cannot afford to ignore. In the UK, procurement fraud is also a rising concern, where Amanda Aldridge, Global Forensics Lead, Consumer Markets, KPMG in the UK, says that she has “seen more incidents of serious procurement fraud in each of the last two years than in any of the previous eighteen.”

In part, this apparent impact of, and rise in, fraud may be due to better detection, but certainly as the issue moves up boardroom agendas, consumer markets companies are beginning to ask themselves difficult questions about their approaches to preventing, detecting and taking action against procurement fraud. They are looking for help to find the answers.

Businesses face a number of key challenges. Have their buyers ‘got the message’ as to what is unacceptable behavior? Are they policing their gifts, entertainment and conflict of interest policies? How effective is their due diligence in relation to new or changing supplier relationships? Are they mobilizing the honest majority of their employees and suppliers to report concerns? Are they using focused audits to uncover overcharging or under-delivery? And have they tried to measure the size and nature of the problem?

This paper looks at some of the risks associated with procurement fraud in the consumer markets sectors and how these companies can reduce their exposure, the use of technology to detect procurement fraud, and how to leverage supplier audits to counter fraud and loss.

During a Global KPMG Consumer Markets webcast on Procurement Fraud held earlier this year, participants were asked a series of questions to gather information as to how consumer markets companies are preventing and detecting procurement fraud in their organizations. Readers will find the results of these polls presented and discussed throughout the paper.

1 Association of Certified Fraud Examiners (ACFE) 2008 Report to the Nation on Occupational Fraud and Abuse

introduction

“ I have seen more incidents of serious procurement fraud in each of the last two years than in any of the previous eighteen.”

Amanda Aldridge Global Forensic Lead, Consumer Markets, KPMG in the UK


Referring again to the survey by the ACFE mentioned in the Introduction, the most common fraud scheme (cited 27 percent of the time) was corruption, including purchase schemes, invoice kickbacks and bid rigging. Schemes involving fraudulent disbursements of cash were cited more than 50 percent of the time with respect to asset misappropriations. Respondents cited a lack of adequate internal controls as the biggest single contributing factor to occupational fraud. One of the keys to reducing those losses therefore lies in managing the risks of fraud and abuse and, clearly, in focusing on the procurement process.

The procurement process

Procurement has two distinct elements: sourcing and purchasing. Sourcing is where an organization can create value by identifying cost savings within its current spend and it starts by identifying specific purchasing opportunities.

For example, by rationalizing the number of vendors and capitalizing on economies of scale, it may be possible to drive down costs per unit. This process can be helped by having a defined competitive bid process.

The sourcing process should culminate in negotiated contracts with approved suppliers, delivering lower costs. Obviously, the potential savings can and will vary depending on the following:

• Currentlevelofspendbycategory

• Numberofsupplierspercategory

• Distributionofspendacrossdivisionorbusinesses

• Contractavailability

• Maturityofprocessandpreviouseffortstoimprovevariouscategoriesofspend.

Value can be realized in the procurement process by executing and completing the purchasing cycle. The majority of purchases should be from the list of approved vendors, and many companies will monitor and maintain their list in the form of a supplier catalogue. This catalogue lists the various products (Stock-Keeping Units, or SKUs) that the organization requires, as well as the approved vendors with agreed pricing.

Procurement fraud risks

and ways to reduce your

exposure


This is not a static process. There will likely be ongoing opportunities to reduce cost. As businesses change (products, geography, etc.), consumer markets organizations will need to evaluate their vendors and related processes continuously. Many companies establish specific metrics against which they monitor and evaluate their vendors and spending. Again, this is a continuous process and, to manage it, an organization should constantly assess its supplier relationships and look for opportunities to create value.

Figure 1: The procurement value cycle

Receipt/Pay

PerformanceManagement

IdentifyOpportunities

Specification

RequestProposals

Negotiate

ContractCatalogue

Requisition

PurchaseOrder

CashPerformance

Quality

Value Management

Value Creation

Value Ful

fillm

ent

Pu

rch

asin

g So

urcin

g

Source: KPMG International, 2010

Opportunities for fraud

It is not surprising that within the procurement value cycle (Figure 1), there are several opportunities for fraud and abuse in consumer markets companies. Depending on the nature of the business, and its controls and processes, an organization may be susceptible to risks, including the following:

• Phantomvendors—wherefictitiousvendorsaresetupinthecompany’s vendor master file and payments are dispersed to them

• Bidrigging—wherethereiscollusionbetweenprocurementpersonnel and bidders, or among a number of bidders where they collaborate to drive prices higher

4 P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N


• Agreymarket—wherecompaniescansufferlossesthroughcounterfeitsandknock-offs or where suppliers generate unauthorized production, putting a company’s real products at risk

• Failuretomeetcontractspecifications—resultinginsubstandardproducts and sometimes dangerous goods

• Briberyandcorruption—especiallyinhigher-riskgeographies

• Unauthorizeddisbursements.

The structure and nature of the business can also provide opportunities for fraud. It is our firms’ experience that there is a higher risk of fraud in widely decentralized operations, especially in some emerging economies. Procurement fraud tends to occur where there is an opportunity, and these opportunities can emerge as a company changes and grows. Keeping controls up to date with technology and the growth cycle of the business is critically important.

How can companies protect themselves from such risks?

There are certain basic or ‘core’ internal controls and practices that should be in place to reduce a company’s exposure. These include the following:

• segregationofduties

• standard,consolidatedreporting

• commonpoliciesandprocessstandardization

• asinglesupplierdatabaseandcontractsregister

• asinglepaymentaddress

• riskmanagementcontrols

• proceduresforforecastingthecompany’sdemandfromsuppliers.

For example, the segregation of duties is one of the most basic but effective controls, since it separates the responsibility for supplier selection, the negotiation of the contract and the purchase decision from the receiving function and from the payment function.

It can be expected that many businesses will have these core requirements covered. One of the key decisions facing companies in this area, however, is where to allocate resources to make improvements to their procurement processes. KPMG firms have identified several better or ‘preferred’ practices that can help improve consistency, promote more frequent use of approved suppliers and drive value. These include the following:

• anelectronicprocurementcatalogue

• theuseofpurchasingcards

• commodityspendsimplification

• processautomationandworkflowmanagement

• integrationofenterprisesystems

• real-timespenddatavisibility

• managementbyexception.

This is a continuous process and, to manage it, an organization should constantly assess its supplier relationships and look for opportunities to create value.



Figure 2 identifies some methods that a company might utilize to improve its procurement processes. What drives each organization’s choice of strategies and when to implement them will depend on the following:

• wherethecompanyisintermsofalreadymakingimprovements

• therelevancetheindustryleadingpracticeshavetoitsvarioussystems

• thebalanceofrisk(oftenintermsofcostordisruptiontoexistingsystems)vs.reward for making such changes.

Figure 2: Purchase to Pay — Leading and Common Practices


Technologyenabled

procurement

Work flowcontrol

Sharedservices

eAuctionsProcess

automation& work flow

Managementby exceptionOutsourcing

Supplier relationship

management

Strategicsourcing

Commonprocesses

Futu

reG

oo

d p

ract

ice

Co

re

Low Medium

Typical reward/risk profile

Wave 2 Wave 1

High

Electronicprocurement

catalogue

Purchasingcards

Supplierrelationship

management

More integrated systems can lead to better measurement of effectiveness and promote the right buying behavior among procurement personnel.



The delineation between Wave 1 and Wave 2 will be different for each organization. Wave1strategiescanoftenbeconsideredasthe“lowesthangingfruit”—thosethat will result in the shortest-term gains on a cost-effective basis.

More integrated systems can lead to better measurement of effectiveness and promote the right buying behavior among procurement personnel. In addition, better scrutiny of spending and real-time reporting will lead to more timely and more effective management by exception. This can be used to identify unauthorized variances in pricing, purchases from non-approved vendors and inappropriate/excessive quantities of purchases compared with inventory levels or forecasted demand.

Many consumer markets companies seem to lack a strategic approach to managing procurement. In a poll during the recent KPMG webcast on Procurement Fraud, only 19 percent of over 300 respondents from the FDCG and retail sectors said their companies had a comprehensive strategic sourcing initiative in place. Another 30 percent said that their processes needed improvement (see Poll Question 1).

Poll Question 1: Extent of current processes

0% 10% 20% 30% 40%

Core requirements covered

Comprehensive strategic sourcing initiatives

Processes need improvement 30

24

26

19

Core requirements plus some leading practices

To what extent does your organization have defined processes to manage procurement:






Where are consumer companies falling short?

In our work in this area, KPMG firms frequently find certain recurring system failures. These include the following:

• non-complianceor‘maverickbuying’

• lackofsegregationofduties

• lackofaneffectivethree-waymatchingprocess

• failuretoadoptproperpurchasingprocedures.

Maverick buying is where purchases are made from local non-approved vendors. This is common practice when it is believed to be an easier or quicker way to get the needed product. However, it is not always possible to control the costs of such purchases centrally, and experience has shown that they are sometimes inappropriate (i.e. from phantom vendors or where local purchasing agents are receiving kickbacks). Maverick buying is something KPMG firms see in almost every investigation of expenditures involving a geographically distant division or subsidiary. It is important to note, however, that there isn’t always fraud. We often simply find people trying to work around the system of internal controls to make their lives easier. Either way, it should not happen.

Surprisingly, KPMG professionals still see instances where consumer markets companies make disbursements based on invoice alone, without comparing them to approved purchase orders and related receiving documentation. In these cases, it is not possible to know whether the product was actually received or approved in the first instance. This basic requirement to match the invoice, purchase order, and receiving document, so that an organization can actually prove it received the goods, is essential. If segregation of duties is inadequate in this area, it may be possible for payment to be made where no goods or only some of the goods and/or services have actually been received.

Proper purchasing procedures require defined protocols around tendering and the bidding process. However, in our firms’ experience, far too many organizations donotkeeptheresultsoftheprocurementprocess—orwhatwewouldcall an‘audittrail’—toconfirmthattheprocessisworkingasitshould.Ifthereisno requirement to keep these documents, there is a greater risk of abuse of the system, making it that much harder to recognize exceptions and violations.

Another area where companies can fall short is in performing due diligence on their suppliers to fully understand with whom they are doing business. Industry leading practice suggests that there should be a defined process, with a process owner and a system for archiving the results of the background reviews. This reduces the risk of fictitious vendors being set up on the vendor master file and can reveal situations where potentially inappropriate payments might be made by a distant subsidiary.

Red flags

There are several red flags that should alert companies to potential fraud. Some of the most common red flags seen by our firms’ professionals include:

• Closesocializationwithgovernmentofficialswithgifts,expenses,etc.,incurred

• Alosingbidderbeinghiredbyawinningbidder,suggestingcollusionorthatthe winning bidder really did not have the capability to deliver the product or service

• Alosingbidderthatisnotlistedinbusinessdirectories,whichmightsuggestthat the bidder was fictitious and was only put into the process to make it look as if there was a competitive process

• Alowinitialbidbutmanychangeorders,whichmayappearascollusionwiththe buyer

• Continuedacceptanceofhigh-priced,low-qualitygoods,whichmightrevealproblems with the Quality Assurance (QA) department and the existence of kickbacks

• Avendorwhoseaddressisamaildropbox,multiplepurchaseordersofsmallamounts, unnecessary middlemen in the procurement process, or a losing bid that cannot be located or where there is minimal documentation.

Consumer markets companies should be well-informed about their customers and vendors, and, in some countries, they should be especially wary in their dealings with government officials. Having a robust process to evaluate potential suppliers should reduce the risks associated with the red flags listed above. Common sense dictates that if a supplier has gone to the trouble of having a post office box set up as a street address, further investigation is warranted. Equally, continued failing of quality standards by a supplier or a concentration of such suppliers linked to a single buyer may be the warning signs of a buyer involved in procurement fraud. If there are unnecessary middlemen in the process, then companies should also investigate further. Our firms’ professionals have uncovered numerous instances where entities have been set up solely for the purpose of paying commissions.

Consumer markets companies should be well-informed about their customers and vendors, and in some countries they should be especially wary in their dealings with government officials.



Risks in the “New World”

With procurement assuming an ever-increasing strategic role in many organizations, it is important to not only know the potential benefits, but also the associated risks of driving change within the procurement process.

Investigations held by KPMG firms revealed that many instances of misconduct do not occur at head office, but rather at remote locations where there are very different cultures and ways of doing business. Notwithstanding these differences, international companies will generally be held to the regulatory standards that apply in the country where their head office is located. As regulators globally increase their efforts to stamp out bribery and corruption with ever-increasing penalties, it becomes increasingly important for companies to be well-informed of their business partners.

To drive cost and other efficiencies, many companies are entering into joint ventures and partnering arrangements with local businesses. These arrangements need very careful consideration as companies that enter into joint ventures are, to some extent, putting their reputations and capital in the hands of others.

As a company’s business dealings assume greater complexities and geographic dispersion, so should its approach to managing the ever-evolving associated risks. An example of an industry-leading practice in this area is to move procurement personnel and buyers periodically between categories.

To drive cost and other efficiencies, many companies are entering into joint ventures and partnering arrangements with local businesses.

Case study

A company had observed that when one of its buyers was moved to a different category as part of a planned move, a number of the suppliers appeared to move with him. This was peculiar and was raised as a red flag since the categories of goods were very different. One would expect that if the category of goods is very different, so too would be the appropriate suppliers. It was ultimately discovered through investigation that some of the suppliers were nothing more than middlemen sourcing product for the buyer. At a minimum, the company incurred costs that it should not have incurred, and at worst, the company was defrauded. In this example, moving the buyer and effectively monitoring the spend paid dividends.



This example shows that there is an increasing role for internal auditors, who better understand the challenges that lay before them and the specific risks that procurement presents. Before conducting an internal audit for a particular location, KPMG firms’ professionals see it as preferred practice to brainstorm the specific risks that might be present in the market, as well as discussing and finalizing key indicators for the internal audit team. If possible, we would also suggest having a discussion with someone who is very experienced and knowledgeable about the market, but is also independent. This would provide additional perspective on local schemesandrelatedrisks—makingtheauditmoreeffectiveandefficient.

When asked who is primarily responsible for the management of fraud and misconduct risk in their procurement process, 31 percent of the survey respondents from consumer markets companies indicated that this was the responsibility of internal audit and 33 percent said it was down to the function itself. These are very interesting responses since in the first instance, the role of internal audits is generally limited to monitoring and testing of controls, and in the second, there may be an inherent conflict if the same function is responsible for controlling itself (see Poll Question 2).

Poll Question 2: Primary responsibility for management

Who is primarily responsible for the management of fraud and misconduct risk in your procurement processes:

0% 10% 20% 30% 40% 50%

Accounting

Internal audit

None of the above

Legal/compliance

9

14

10

33

31

Procurement




Forensic data analysis

One of the key technology tools for detecting procurement fraud and abuse is forensic data analysis where the focus is on being proactive. Companies collect vast amounts of data on a daily basis for the purposes of running their businesses. But are they extracting additional value from this data that could help them identify fraud or misconduct?

Proactive forensic data analysis is a powerful weapon against fraud and misconduct. A holistic approach is necessary (Figure 3) and this includes the use of more traditional methods of fraud control, such as the use of telephone hotlines and fraud risk assessment programs.

Using technology

to detect procurement

fraud

Companies often overlook other valuable sources of information, such as itemized phone call listings, access control logs for offices and other publicly available databases.

Figure 3: Forensic data analysis as part of a holistic approach

Prevention

DetectionResponse

Identify potential fraud,misconduct and waste through sophisticated analytics testing,

cross-matching and non-obvious relationship identification



In support of this holistic approach, the focus of forensic data analysis is on detection. By extracting and combining available electronic information, proactive forensic data analysis seeks to identify potential fraud misconduct and waste through sophisticated analysis testing, cross-matching and non-obvious relationship identification.

Data analytics can be applied to detecting existing frauds hidden within a company’s data, it can inform fraud risk assessments and identify process and control weaknesses, and it supports the detection of non-obvious frauds.

Other applications include performing analysis to assist an investigation prompted by behavioral red flags traditionally associated with fraud or misconduct such as living beyond one’s means, an unusually close association with a customer and the infrequent taking of holidays.

Before performing data analysis, however, it is important for companies to understand the data landscape. All organizations are aware that they have a valuable amount of information in their financial systems. But companies often overlook other valuable sources of information, such as itemized phone call listings, access control logs for offices and other publicly available databases. These sources can be used to supplement the data a company already has and allowittoextractadditionalvalue—andshouldnotbeoverlooked.

In our poll of procurement specialists, we learned that the majority were not usingdataanalyticsnearlytotheextenttheycouldbe—65percentsaidtheyused data analytics either not at all or to a very limited extent to detect and prevent fraud (see Poll Question 3).

Poll Question 3: Use of data analytics

To what extent does your organization use data analytics to prevent or detect procurement fraud?

0% 10% 20% 30% 40% 50%

Periodic retrospective testing

Not at all

Entrenched continuous monitoring 7

26

47

18

Very limited


Rules-based analysis

There are many different approaches to proactive forensic data analysis. All approaches are based on a basic set of principles and knowledge.

The first level of analysis combines knowledge of known fraud schemes and indicators, with a knowledge of business systems and principles. Figure 4 on the next page depicts a procurement scenario where the skilled analyst uses knowledge of how a business process should be conducted to develop and implement tests which help to identify deviations from the norm.

Tests can be developed to determine whether invoices were received after payment had been made, and even if orders appear to have been split, to defeat the limits on delegation.



Case study

In one investigation carried out by a KPMG member firm, knowledge of the format used to create VAT numbers helped to identify fictitious vendors. These vendors had been added to the vendor master file to facilitate payment to an employee whose bank details were loaded as the vendors’ bank details.

Combining and scoring allows identification of potentially anomalous behaviors, and reduces the number of potential false positives—reducing the investigative burden.

PO Receipt Invoice PaymentRequisition

Master data maintenance

Test VATnumber validity

PO splittingPO afterreceipt

Payment forun-cleared PO

Suspiciouskeywords

Break-pointanalysis

Paymentbefore invoice



Figure 4: Rules-based analysis


In addition to testing conformity to business rules, rules-based analytics can consider externally enforced or regulated factors. For example, most jurisdictions have well-defined formats for certain sets of data, such as Value Added Tax (VAT) numbers. Thus, if the format or mechanism used to create VAT numbers by the respective tax authorities is understood, our firms’ professionals can very easily implement a test to determine whether a VAT number stored in the company’s vendor master file is valid or not.

False positives

An important factor to consider is that with this approach there is a risk of a largenumberoffalsepositives—alargenumberofexceptionsorirregularitiesidentified are not really problems, but justified business peculiarities that can be explained easily. Therefore, the approach needs to be enhanced, ensuring that the exceptions identified are meaningful and warrant further investigation.

Combining and scoring

This approach still relies on knowledge of fraud schemes, but introduces scoring as a mechanism to prioritize, or highlight, areas of most concern. Combining red flag indicators, such as divorce or instability in life circumstances, unusually close association with a customer or complaining about inadequate pay, can provide

additional layers of protection. Combining and scoring then allows identification of potentially anomalous behaviors, and reduces the number of potential false positives—reducingtheinvestigativeburden.

Figure 5 shows the various tests on the population of invoices for an organization. The table lists the different tests carried out in the left hand column and the next twocolumnsshowtheresultsofthetestsagainsttwospecificinvoices—12345Aand 98765S. The checkmark against a test for a specific invoice indicates that the invoice generated an exception on that specific test.

Figure 5: Example of scoring method for two invoices

invoice 12345A 98765S

Round sum amount ✔ ✘

Processed at night ✘ ✔

Paid within a week ✘ ✔

Segregation of Duty breach ✘ ✔

Unauthorized approval ✘ ✘

Similar to previous invoice ✘ ✔

Score 1 4


If we look at each test in isolation, we can expect to find that the number of exceptions for each test is generally large and, for example, if we take the test of ‘paid within a week,’ it may not be practical to investigate all invoices paid within a week. But when the results are combined in a scoring matrix, the problem invoices quickly come to the fore. The second invoice, 98765S, has a score of four and clearly merits further investigation. By scoring and selecting invoices in thisway,wecanreducethenumberoffalsepositivesrequiringinvestigation—allowing for better allocation of limited resources.

Supplementing data and more advanced analysis

The next step is to enhance the analysis by supplementing the original source data with information from other systems or from external sources.

During the normal course of business, organizations often perform a review of payments to vendors. The organization would then examine spend per cost center, providing a good indication of its expenditure.

If a company were to supplement its vendor master file with publicly available information on the sectors that the vendors in the vendor master file operate in, it might reveal anomalies that bear further investigation. Figure 6 on the following page shows an example where supplementary data identified an organization that was classified as an automotive vendor, with an expenditure marked against the catering cost center. This spend, which was previously considered normal, now merits further investigation.



Figure 6: Data enhancement


If the company were then to combine this information with the employee master file information and itemized telephone listings, it could identify a potentially suspicious relationship between a vendor and an employee in a position of influence.

Similarly, collecting publicly available information on company directorships and combining it with data on the vendor master file might help to identify possible conflicts of interests. Taking this approach even further, companies could add geographical data and visualization to examine a population of data for trends or groupings which appear unusual.

When investigating these unusual transactions it is important to be able to trace the entire life cycle of the transaction. One needs to identify the persons initiating, capturing and approving the transactions. In our poll of procurement specialists, 17 percent of the respondents did not know which employees were processing transactions on their systems. Eighty-two percent of the respondents reported to have audit trails and well-defined control policies in place (Poll Question 4). The next step for these respondents would be to determine whether the audit logs are actively monitored for red flags.

In our poll of procurement specialists, we learned that 17 percent did not know which employees were processing transactions on their systems.

invoice iD Amount Vendor CostCentreG67689 140,317 Gamma Plc CateringD678D 66,340 Delta SA Catering

T7852H 4,272 Theta & Sons MaintenanceAA4567 3,105 Alpha Ltd CateringB45632 4,828 Beta Ltd CateringG78512 4,272 Gamma Plc CateringO3214 48,282 Omega Co MaintenanceD254K 42,724 Delta SA CateringE0987

Z12369T7852HB87765L36985O3693

S87654U7536

K09870U3567

AA1234G46523

invoice iD Amount Vendor CostCentre industry LookupAA1234 16,947 Alpha Ltd Catering Food SuppliersB87765 3,234 Beta Ltd Catering Food SuppliersG67689 140,317 Gamma Plc Catering Food SuppliersD678D 66,340 Delta SA Catering Food Suppliers

K09870 265,491 Kappa Co Catering Food SuppliersAA4567 3,105 Alpha Ltd Catering Food SuppliersB45632 4,828 Beta Ltd Catering Food SuppliersG78512 4,272 Gamma Plc Catering Food SuppliersG46523 3,105 Gamma Plc Catering Food SuppliersD254K 42,724 Delta SA Catering Food SuppliersE0987 48,282 Epsilon Partners Catering Automotive

Z12369 4,828 Zeta Inc Maintenance Building MaterialsT7852H 4,272 Theta & Sons Maintenance Building MaterialsT7852H 48,282 Theta & Sons Maintenance Building MaterialsO3693 42,724 Omega Co Maintenance Building Materials

L36985 3,105 Lambda Ltd Maintenance Building MaterialsU3567 4,828 Upsilon Ltd Maintenance Building Materials

S87654 4,272 Sigma BV Maintenance Building MaterialsO3214 48,282 Omega Co Maintenance Building MaterialsU7536 42,724 Upsilon Ltd Maintenance Building Materials



Poll Question 4: Audit trail of transactions

0% 20% 40% 60% 80% 100%

No

Do you know which employees are processing transactions on your systems?

82

17

Yes, we have enabled audit trails and implementeda well-defined system access control policy


This proactive data analysis requires a systematic approach once all available knowledge has been gathered. The first step of the approach, as illustrated in Figure 7, is to identify specific risks through knowledge of the business environment.

Figure 7: Systematic approach


The next step is to define potential schemes through good industry knowledge. A good understanding of the industry is essential, which will then determine event indicators and alert the organization to problem areas.

Finally, by using this library of knowledge it is then possible to determine specific routines, with the assistance of scoring and data enhancement, as part of the holistic approach in preventing and detecting procurement fraud, in conjunction with a documented response plan.

Case study

In a recent investigation, KPMG firms performed data analysis on the procurement data at one regional cluster of a global organization. The results of the test were used to help the company set a benchmark for comparison. We then developed automation, to run the same sets of analysis routines on the procurement data, at each of the organization’s other regional clusters. This allowed for comparisons against the benchmark and for the prioritization ofpreciousinternalauditresources—improvingthefraudriskenvironment.The organization now has the ability to re-run the same analysis every month to track the effectiveness of its corrective measures and identify the regional clusters with the biggest problems. In this way, proactive data analysis not only highlighted indicators of fraud, but also helped the organization to manage its resources and realign its approach.

identify specific risks

Define potential schemes

Determine event indicators

Determine routines



Making use of supplier

audits to counter fraud

and loss

The credit crunch, the increase in regulation surrounding anti-bribery and corruption, and data privacy and security, have all added to the burden of managing and monitoring suppliers.


There are a lot of supplier relationships in which consumer markets companies rely on their suppliers to bill the correct amount. These types of supplier contracts generally give the customer organization audit rights, where they can go into a supplier’s site and check their records to ensure they are billing the correct amount.

When audit rights are exercised, the type of data analyzed can range from reviewing time sheets, through to the invoices from the supplier’s own suppliers, to examining costs to ensure they are being passed on without inappropriate markups.

Another big area of focus for supplier audits is rebates and discounts. The audit will look for any rebates and discounts received by the supplier from its own suppliers and ensure that the rebates are being passed on, if that is what the contract requires.

Who owns supplier audits?

In some organizations, supplier audits are owned by internal audit and in other organizations, they are owned by procurement or operational management. In the KPMG poll of procurement specialists from the consumer markets industry, internal audit was most frequently identified (40 percent) as the department that was primarily responsible (see Poll Question 5 on the opposite page). These businessunits—internalauditandprocurement—areunderalotofpressure to demonstrate that they are adding value, and dealing with the increased levels of complexity and risk only adds to the challenge. The credit crunch, the increase in regulation surrounding anti-bribery and corruption, and data privacy and secu-rity, have all added to the burden of managing and monitoring suppliers.

Poll Question 5: Responsibility for supplier contract audits

Who is primarily responsible for exercising the right to supplier contract audits?

0% 10% 20% 30% 40% 50%

Operational management

Internal audit

None of the above 11

20

27

40

Procurement


The purpose of a supplier audit is to give an organization comfort that its suppliers are only billing it for what it has received and that it is paying the right price as agreed in the contract. Supplier audits are not about putting the squeeze on suppliers; they are more about keeping suppliers honest.

Potential benefits of supplier audits

Do supplier audits help organizations differentiate between fraud and contractual non-compliance? In KPMG firms’ experience, finding evidence of clear intent to defraud is rare. Where there are suspicions of fraud within a supplier, it is more usual for the organization to hand over the investigation to the supplier itself. Suppliers will frequently claim that system inadequacies, incompetence of junior staff, or human error are the reason for overbillings uncovered by exercising audit rights. More often than not, where factual evidence is presented to them, they will admit to their mistakes and reimburse the customer company.

This begs the question of how often suppliers voluntarily send overpayments back to their customers. In the normal course of business, this is rare. But once an intention to audit has been notified, it is not uncommon to find suppliers confessing to any over-billing and putting into place measures to reimburse the customer.

Repayments of over-billed amounts can be significant, as described in the following case study.

Case study

In 2005, a global marketing and advertising group had to refund around GBP250 million to consumer markets and other clients around the world, of which three million was given to a single supermarket chain. The money had been built-up in the marketing and advertising group’s balance sheet, from credits and rebates from media owners that were not passed back to its clients.



KPMG firms have recently uncovered instances of overpayments in outdoor advertising because the time on display was not honored. The audit revealed that customers were being charged for a month, but the material on display was being changed after two weeks. This disparity was revealed by our audit and involved date reconciliations to the scheduling of the people who changed the posters on the billboards.

Another common finding in the area of media and marketing is inappropriate markups and double-billing of external costs.

Figure 8: Flushing out the ‘known unknowns’


In KPMG firms’ experience, when we conduct supplier audits, we find that more than 70 percent of the third parties we review have made errors in their self-reporting, filed inappropriate claims, charged inappropriate prices or all of the above.

TRANSACTIONSBETWEEN PARTIES(common data and

understanding)

SUPPLIER’SINTERNAL DATA

(Visible tosupplier only)

CUSTOMER’SDATA AND

PROCESSES(Visible to

customer only)

UNDETECTEDERRORS

(Visible to neitherparty without detailed

investigation)

SUPPLIER

CUSTOMER



Using supplier audits to flush out information

The size of the problem caused by ineffective control and management of supplier contracts is significant. The Aberdeen Group estimates resultant losses to businesses around the world at US$153 billion per annum.2

InFigure8,therearetwo“buckets”ofinformationvisibletothecustomer—itsown data and the data that is provided to the company by the supplier. The supplier can see both the data it has provided to the customer and its own internal data, which is not visible to the customer (in the top right hand box). In the bottom right-hand box are undetected errors, the unknown unknowns, which are not available to either party. The supplier audit will expose for the customer what is in both right-hand boxes.

In KPMG firms’ experience, when we conduct supplier audits, we find that more than 70 percent of the third parties we review have made errors in their self-reporting, filed inappropriate claims, charged inappropriate prices or all of the above. It is clear that businesses that do not exercise their rights of audit, as was the case with 36 percent of the webcast poll respondents (see Poll Question 6), are not capitalizing on significant potential recoveries.

Poll Question 6: Auditing supplier contracts


2 Aberdeen Group, The Contract Management Benchmark Report, 2006

To what extent does your organization exercise rights of audit in supplier contracts?

0% 10% 20% 30% 40% 50%

Only for media/advertising spend

Established program of supplier audits

Not at all 36

5

44

13

Some audit activity in specific categories



Procurement is where the money is and, therefore, an area ripe for fraud and misconduct. The procurement process is growing in importance as many organizations aim to improve the value they can create. There are several steps organizations can take to tighten existing controls, many of which have been described by the preferred leading practices outlined in this paper.

Proactive forensic data analysis can be used to detect fraud and misconduct through a systematic analysis of the available data, which includes data that is both internal and external to an organization.

Unless companies exercise their rights of audit, they cannot be sure their suppliers are billing in line with the contract. While many companies may have concerns about the impact of an audit on their relationships with suppliers, our firms’ experience suggests audits can enhance relationships by creating a more balanced relationship between the supplier and customer.

How KPMG firms can helpKPMG’s Risk and Compliance professionals are trusted advisers to some of the world’s leading enterprises. Our network of forensic and contract compliance professionals work in 28 accredited practices within KPMG member firms around the world. This network brings a global approach, combined with a tailored local focus, to sensitive and complicated local or cross-border engagements.

Forensic Services

Our Forensic services are aimed at helping our firms’ consumer markets clients:

• preventinstancesoffraudandmisconductfromoccurringinthefirstplace,

• detectinstanceswhentheydooccur,

• respondappropriately,and

• takecorrectiveactionwheninstancesarise.

Professionals in KPMG’s Forensic practice draw upon extensive experience in forensic accounting, law enforcement, fraud and misconduct control assessments, legal damage quantification and analysis, expert witness testimony, international arbitration, asset tracing, computer forensics and forensic data analysis.

Conclusion


Contract Compliance Services

Our Contract Compliance Services (CCS) are aimed at helping our firms’ consumer markets clients:

• identifysignificantcostrecoveriesorotherimprovementopportunities,and

• auditandenforcecontractswiththeirsuppliers.

KPMG’s CCS professionals are experienced in serving a variety of our firms’ consumer markets clients in areas such as royalties, licensing, distribution agreements, advertising and more. As a result, we understand the complexities and nuances of a range of business contracts, processes and procedures and have been able to help companies identify and recover overpayments to suppliers, while maintaining and improving relationships with them.

Using a range of technology tools, KPMG member firms’ professionals help organizations address the risks and costs involved with evidence and discovery management and as well as the acquisition, management and analysis of large data sets. Our professionals work alongside consumer markets clients to handle information from its creation to its preservation, collection, analysis and presentation in discovery. We also apply computer forensic and data analysis techniques to assist with detecting fraud and misconduct.

Whether your needs call for a fraud and misconduct risk assessment, the design of a global compliance program or better use of technology to enable continuoustransactionmonitoring—ourFraudRiskManagementandContractCompliance services are designed to be targeted, scalable and tailored to your specific requirements.

About KPMG and the Global Consumer Markets Practice

KPMG is a global network of professional firms providing Audit, Tax and Advisory services. We have 140,000 outstanding professionals working together to deliver value in 146 countries worldwide.

KPMG is organized by industry sectors across our member firms. The Consumer Markets practice, which focuses on the Food, Drink and Consumer Goods and Retail sectors, comprises an international network of professionals throughout the Americas, Europe, the Middle East, Africa and Asia-Pacific.

This industry-focused network enables KPMG member firm professionals, with deep experience in the consumer markets sectors, to provide consistent services and thought leadership to our clients globally, while maintaining a strong knowledge of local issues and markets.



Contact us For more information about the detection and prevention of procurement fraud in your company, please contact any of the following KPMG professionals:

Willy KruhGlobal Chair, Consumer Markets KPMG in Canada +1 416 777 8710 [email protected]

Amanda AldridgeGlobal Forensic Lead, Consumer Markets KPMG in the UK +44 20 7311 8073 [email protected]

Grant JamiesonKPMG in China +852 2140 2804 [email protected]

Graham MurphyKPMG in the US +1 312 665 1840 [email protected]

Kajen SubramoneyKPMG in the UAE +971 (4) 424 8900 [email protected]



mailto:[email protected]





About the AuthorsAmanda Aldridge is the Global Forensic Lead for Consumer Markets in KPMG in the UK. She has experience in dispute advisory including loss of profits, forensic transaction services (completion accounts disputes and expert determinations) and rights of minority shareholders as well as Intellectual Property & Contract Governance including supplier audits, royalty and licensed product audits and media distribution audits.

Kajen Subramoney is the Head of Forensic Technology for Consumer Markets in the UAE. He joined KPMG’s South African firm after completing his studies in Computer Engineering. Kajen has had broad experience in Forensic Technology work including digital evidence recovery, e-discovery and forensic data analysis.

Graham Murphy is the US Forensic Lead for Consumer Markets in KPMG in the US. Graham specializes in investigations, fraud risk management, arbitrations and dispute advisory. He has conducted numerous financial investigations, including procurement fraud, alleged earnings management, contract compliance, theft and misappropriation of assets and conflict of interest issues.



The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

© 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.

KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.

Designed by Evalueserve.

Publication name: Procurement Fraud in Consumer Companies: Preventing, Detecting and Taking Action

Publication number: 100704

Publication date: August 2010

kpmg.com

www.kpmg.com

Procurement fraud

Business

Transcript of Procurement fraud