Your SlideShare is downloading. ×
  • Like
Procurement fraud
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Procurement fraud

  • 946 views
Published

Deze publicatie gaat in op de risico's met betrekking tot het inkoopproces bij bedrijven actief in de Consumer Goods & Retail markt. Ook wordt ingegaan op hoe bedrijven deze inkoopfraude risico's …

Deze publicatie gaat in op de risico's met betrekking tot het inkoopproces bij bedrijven actief in de Consumer Goods & Retail markt. Ook wordt ingegaan op hoe bedrijven deze inkoopfraude risico's zouden kunnen reduceren met behulp van technologie en het uitvoeren van supplier audits.

Published in Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
946
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
44
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. CONSUMER MARKETSProcurement Fraud inConsumer CompaniesPreventing, Detecting and Taking ActionK P M G I NT E R N AT I O N A L
  • 2. ii  P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N Message from Willy Kruh We have found that procurement is an area that is highly susceptible to fraud and misconduct in consumer markets companies. Further, increasingly complex and global supply chains, coupled with a challenging economic environment, lend to an even heightened incidence of this type of fraud. Since financial losses resulting from procurement fraud directly affect a company’s bottom line, minimizing the opportunity for fraud within the procurement cycle can result in substantial gains for consumer companies. Willy Kruh Global Chair This paper shares the insight and experience of some of KPMG firms’ leading Consumer Markets forensic and contract compliance professionals who assist companies in the food, KPMG in Canada drink, consumer goods (FDCG) and retail sectors with addressing procurement fraud issues. In addition, the report summarizes and analyzes the results from a poll of over 460 FDCG and retail sector procurement and other executives who attended a KPMG Global Consumer Markets webcast on this topic earlier this year. These poll results provide the first-hand perspectives of your industry peers on how their own companies are affected by and dealing with procurement fraud. I trust that the information herein, on the key procurement fraud risks, leading anti- fraud procurement practices and cross-departmental approaches to procurement fraud, supported by the feedback and insights shared by the KPMG webcast participants, will provide you with relevant and useful guidance that you can apply in your organization. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 3. PROCUREMENT FRAUD IN CONSUMER COMPANIES: PREVENTING, DETECTING AND TAKING ACTION  1Contents  2 Introduction  3 Procurement fraud risks and ways to reduce your exposure12 Using technology to detect procurement fraud18 Making use of supplier audits to counter fraud and loss22 Conclusion© 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms areaffiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 4. Introduction Historically, procurement fraud in consumer markets organizations has not been as proactively or successfully managed as it can be today. Often regarded as an“ have seen more I issue not easily identified or prevented, many food, drink and consumer goods incidents of serious (FDCG) and retail organizations were more likely to regard procurement fraud as procurement fraud an unavoidable cost that (they hoped) had minimal impact on the bottom line. in each of the last However, according to a survey of 959 Certified Fraud Examiners on Occupational Fraud & Abuse conducted by the Association of Certified Fraud Examiners (ACFE), two years than in US organizations are losing nearly 7 percent of their annual revenues to fraud each any of the previous year.1 If this is typical across industries and in other countries, then clearly it is an eighteen.” issue that consumer businesses around the world cannot afford to ignore. In the UK, procurement fraud is also a rising concern, where Amanda Aldridge, GlobalAmanda Aldridge Forensics Lead, Consumer Markets, KPMG in the UK, says that she has “seenGlobal Forensic Lead, Consumer  more incidents of serious procurement fraud in each of the last two years than inMarkets, KPMG in the UK  any of the previous eighteen.” In part, this apparent impact of, and rise in, fraud may be due to better detection, but certainly as the issue moves up boardroom agendas, consumer markets companies are beginning to ask themselves difficult questions about their approaches to preventing, detecting and taking action against procurement fraud. They are looking for help to find the answers. Businesses face a number of key challenges. Have their buyers ‘got the message’ as to what is unacceptable behavior? Are they policing their gifts, entertainment and conflict of interest policies? How effective is their due diligence in relation to new or changing supplier relationships? Are they mobilizing the honest majority of their employees and suppliers to report concerns? Are they using focused audits to uncover overcharging or under-delivery? And have they tried to measure the size and nature of the problem? This paper looks at some of the risks associated with procurement fraud in the consumer markets sectors and how these companies can reduce their exposure, the use of technology to detect procurement fraud, and how to leverage supplier audits to counter fraud and loss. During a Global KPMG Consumer Markets webcast on Procurement Fraud held earlier this year, participants were asked a series of questions to gather information as to how consumer markets companies are preventing and detecting procurement fraud in their organizations. Readers will find the results of these polls presented and discussed throughout the paper. 1 A  ssociation of Certified Fraud Examiners (ACFE) 2008 Report to the Nation on Occupational Fraud and Abuse © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 5. Procurement fraud risks and ways to reduce your exposure Referring again to the survey by the ACFE mentioned in the Introduction, the most common fraud scheme (cited 27 percent of the time) was corruption, including purchase schemes, invoice kickbacks and bid rigging. Schemes involving fraudulent disbursements of cash were cited more than 50 percent of the time with respect to asset misappropriations. Respondents cited a lack of adequate internal controls as the biggest single contributing factor to occupational fraud. One of the keys to reducing those losses therefore lies in managing the risks of fraud and abuse and, clearly, in focusing on the procurement process. The procurement process Procurement has two distinct elements: sourcing and purchasing. Sourcing is where an organization can create value by identifying cost savings within its current spend and it starts by identifying specific purchasing opportunities. For example, by rationalizing the number of vendors and capitalizing on economies of scale, it may be possible to drive down costs per unit. This process can be helped by having a defined competitive bid process. The sourcing process should culminate in negotiated contracts with approved suppliers, delivering lower costs. Obviously, the potential savings can and will vary depending on the following: • Current level of spend by category • Number of suppliers per category • Distribution of spend across division or businesses • Contract availability • Maturity of process and previous efforts to improve various categories of spend. Value can be realized in the procurement process by executing and completing the purchasing cycle. The majority of purchases should be from the list of approved vendors, and many companies will monitor and maintain their list in the form of a supplier catalogue. This catalogue lists the various products (Stock-Keeping Units, or SKUs) that the organization requires, as well as the approved vendors with agreed pricing. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 6. 4  P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N This is not a static process. There will likely be ongoing opportunities to reduce cost. As businesses change (products, geography, etc.), consumer markets organizations will need to evaluate their vendors and related processes continuously. Many companies establish specific metrics against which they monitor and evaluate their vendors and spending. Again, this is a continuous process and, to manage it, an organization should constantly assess its supplier relationships and look for opportunities to create value. Figure 1: The procurement value cycle Identify Performance Opportunities Management Receipt/ Specification Manageme Pay lue nt Va Pur c has i ng Sou r c i ng Cash Purchase Request Performance ment Order Quality Value Proposals lfill Cr Fu ea e tio lu n Va Requisition Negotiate Catalogue Contract Source: KPMG International, 2010 Opportunities for fraud It is not surprising that within the procurement value cycle (Figure 1), there are several opportunities for fraud and abuse in consumer markets companies. Depending on the nature of the business, and its controls and processes, an organization may be susceptible to risks, including the following: • Phantom vendors — where fictitious vendors are set up in the company’s vendor master file and payments are dispersed to them • Bid rigging — where there is collusion between procurement personnel and bidders, or among a number of bidders where they collaborate to drive prices higher © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 7. PROCUREMENT FRAUD IN CONSUMER COMPANIES: PREVENTING, DETECTING AND TAKING ACTION  5 • A grey market — where companies can suffer losses through counterfeits and knock-offs or where suppliers generate unauthorized production, putting aThis is a continuous company’s real products at riskprocess and, to • Failure to meet contract specifications — resulting in substandard productsmanage it, an and sometimes dangerous goodsorganization should • Bribery and corruption — especially in higher-risk geographiesconstantly assess its • Unauthorized disbursements.supplier relationships The structure and nature of the business can also provide opportunities for fraud. It is our firms’ experience that there is a higher risk of fraud in widely decentralizedand look for operations, especially in some emerging economies. Procurement fraud tends toopportunities to occur where there is an opportunity, and these opportunities can emerge as acreate value. company changes and grows. Keeping controls up to date with technology and the growth cycle of the business is critically important. How can companies protect themselves from such risks? There are certain basic or ‘core’ internal controls and practices that should be in place to reduce a company’s exposure. These include the following: • segregation of duties • standard, consolidated reporting • common policies and process standardization • a single supplier database and contracts register • a single payment address • risk management controls • procedures for forecasting the company’s demand from suppliers. For example, the segregation of duties is one of the most basic but effective controls, since it separates the responsibility for supplier selection, the negotiation of the contract and the purchase decision from the receiving function and from the payment function. It can be expected that many businesses will have these core requirements covered. One of the key decisions facing companies in this area, however, is where to allocate resources to make improvements to their procurement processes. KPMG firms have identified several better or ‘preferred’ practices that can help improve consistency, promote more frequent use of approved suppliers and drive value. These include the following: • an electronic procurement catalogue • the use of purchasing cards • commodity spend simplification • process automation and workflow management • integration of enterprise systems • real-time spend data visibility • management by exception. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 8. 6  P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N Figure 2 identifies some methods that a company might utilize to improve its procurement processes. What drives each organization’s choice of strategies and when to implement them will depend on the following: • where the company is in terms of already making improvements • the relevance the industry leading practices have to its various systems • the balance of risk (often in terms of cost or disruption to existing systems) vs. reward for making such changes. Figure 2: Purchase to Pay — Leading and Common Practices Wave 2 Wave 1 Supplier Strategic relationship sourcing management Core Common processes Technology enabled Electronic Purchasing procurement procurement cards catalogue Supplier Good practice relationship management Work flow control Shared Process eAuctions services automation More integrated & work flow systems can lead to Future better measurement Outsourcing Management by exception of effectiveness and promote the right buying behavior Low Medium High among procurement Typical reward/risk profile personnel. Source: KPMG International, 2010 © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 9. PROCUREMENT FRAUD IN CONSUMER COMPANIES: PREVENTING, DETECTING AND TAKING ACTION  7 The delineation between Wave 1 and Wave 2 will be different for each organization. Wave 1 strategies can often be considered as the “lowest hanging fruit” — those that will result in the shortest-term gains on a cost-effective basis. More integrated systems can lead to better measurement of effectiveness and promote the right buying behavior among procurement personnel. In addition, better scrutiny of spending and real-time reporting will lead to more timely and more effective management by exception. This can be used to identify unauthorized variances in pricing, purchases from non-approved vendors and inappropriate/excessive quantities of purchases compared with inventory levels or forecasted demand. Many consumer markets companies seem to lack a strategic approach to managing procurement. In a poll during the recent KPMG webcast on Procurement Fraud, only 19 percent of over 300 respondents from the FDCG and retail sectors said their companies had a comprehensive strategic sourcing initiative in place. Another 30 percent said that their processes needed improvement (see Poll Question 1). Poll Question 1: Extent of current processes To what extent does your organization have defined processes to manage procurement: Comprehensive strategic sourcing initiatives 19Core requirements plus some leading practices 26 Core requirements covered 24 Processes need improvement 30 0% 10% 20% 30% 40% Source: KPMG International, 2010 © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 10. 8  P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N Where are consumer companies falling short? In our work in this area, KPMG firms frequently find certain recurring system failures. These include the following: • non-compliance or ‘maverick buying’ • lack of segregation of duties • lack of an effective three-way matching process • failure to adopt proper purchasing procedures. Maverick buying is where purchases are made from local non-approved vendors. This is common practice when it is believed to be an easier or quicker way to get the needed product. However, it is not always possible to control the costs of such purchases centrally, and experience has shown that they are sometimes inappropriate (i.e. from phantom vendors or where local purchasing agents are receiving kickbacks). Maverick buying is something KPMG firms see in almost every investigation of expenditures involving a geographically distant division or subsidiary. It is important to note, however, that there isn’t always fraud. We often simply find people trying to work around the system of internal controls to make their lives easier. Either way, it should not happen. Surprisingly, KPMG professionals still see instances where consumer markets companies make disbursements based on invoice alone, without comparing them to approved purchase orders and related receiving documentation. In these cases, it is not possible to know whether the product was actually received or approved in the first instance. This basic requirement to match the invoice, purchase order, and receiving document, so that an organization can actually prove it received the goods, is essential. If segregation of duties is inadequate in this area, it may be possible for payment to be made where no goods or only some of the goods and/or services have actually been received. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 11. PROCUREMENT FRAUD IN CONSUMER COMPANIES: PREVENTING, DETECTING AND TAKING ACTION  9 Proper purchasing procedures require defined protocols around tendering and the bidding process. However, in our firms’ experience, far too many organizations do not keep the results of the procurement process — or what we would call an ‘audit trail’ — to confirm that the process is working as it should. If there is no requirement to keep these documents, there is a greater risk of abuse of the system, making it that much harder to recognize exceptions and violations. Another area where companies can fall short is in performing due diligence on their suppliers to fully understand with whom they are doing business. Industry leading practice suggests that there should be a defined process, with a process owner and a system for archiving the results of the background reviews. This reduces the risk of fictitious vendors being set up on the vendor master file and can reveal situations where potentially inappropriate payments might be made by a distant subsidiary. Red flags There are several red flags that should alert companies to potential fraud. Some of the most common red flags seen by our firms’ professionals include: • Close socialization with government officials with gifts, expenses, etc., incurred • A losing bidder being hired by a winning bidder, suggesting collusion or that the winning bidder really did not have the capability to deliver the product or service • A losing bidder that is not listed in business directories, which might suggest that the bidder was fictitious and was only put into the process to make it look as if there was a competitive process • A low initial bid but many change orders, which may appear as collusion with the buyer • Continued acceptance of high-priced, low-quality goods, which might revealConsumer markets problems with the Quality Assurance (QA) department and the existence of kickbackscompanies should • A vendor whose address is a mail drop box, multiple purchase orders of smallbe well-informed amounts, unnecessary middlemen in the procurement process, or a losing bidabout their that cannot be located or where there is minimal documentation.customers and Consumer markets companies should be well-informed about their customers and vendors, and, in some countries, they should be especially wary in their dealingsvendors, and in with government officials. Having a robust process to evaluate potential supplierssome countries they should reduce the risks associated with the red flags listed above. Common senseshould be especially dictates that if a supplier has gone to the trouble of having a post office box set up as a street address, further investigation is warranted. Equally, continued failingwary in their of quality standards by a supplier or a concentration of such suppliers linked to adealings with single buyer may be the warning signs of a buyer involved in procurement fraud.government officials. If there are unnecessary middlemen in the process, then companies should also investigate further. Our firms’ professionals have uncovered numerous instances where entities have been set up solely for the purpose of paying commissions. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 12. 10  P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N Risks in the “New World” To drive cost and With procurement assuming an ever-increasing strategic role in many organizations, it is important to not only know the potential benefits, but also the associated risks other efficiencies, of driving change within the procurement process. many companies Investigations held by KPMG firms revealed that many instances of misconduct are entering into do not occur at head office, but rather at remote locations where there are very joint ventures different cultures and ways of doing business. Notwithstanding these differences, international companies will generally be held to the regulatory standards that and partnering apply in the country where their head office is located. As regulators globally arrangements with increase their efforts to stamp out bribery and corruption with ever-increasing local businesses. penalties, it becomes increasingly important for companies to be well-informed of their business partners. To drive cost and other efficiencies, many companies are entering into joint ventures and partnering arrangements with local businesses. These arrangements need very careful consideration as companies that enter into joint ventures are, to some extent, putting their reputations and capital in the hands of others. As a company’s business dealings assume greater complexities and geographic dispersion, so should its approach to managing the ever-evolving associated risks. An example of an industry-leading practice in this area is to move procurement personnel and buyers periodically between categories. Case study A company had observed that when one of its buyers was moved to a different category as part of a planned move, a number of the suppliers appeared to move with him. This was peculiar and was raised as a red flag since the categories of goods were very different. One would expect that if the category of goods is very different, so too would be the appropriate suppliers. It was ultimately discovered through investigation that some of the suppliers were nothing more than middlemen sourcing product for the buyer. At a minimum, the company incurred costs that it should not have incurred, and at worst, the company was defrauded. In this example, moving the buyer and effectively monitoring the spend paid dividends. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 13. P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N   11 This example shows that there is an increasing role for internal auditors, who better understand the challenges that lay before them and the specific risks that procurement presents. Before conducting an internal audit for a particular location, KPMG firms’ professionals see it as preferred practice to brainstorm the specific risks that might be present in the market, as well as discussing and finalizing key indicators for the internal audit team. If possible, we would also suggest having a discussion with someone who is very experienced and knowledgeable about the market, but is also independent. This would provide additional perspective on local schemes and related risks — making the audit more effective and efficient. When asked who is primarily responsible for the management of fraud and misconduct risk in their procurement process, 31 percent of the survey respondents from consumer markets companies indicated that this was the responsibility of internal audit and 33 percent said it was down to the function itself. These are very interesting responses since in the first instance, the role of internal audits is generally limited to monitoring and testing of controls, and in the second, there may be an inherent conflict if the same function is responsible for controlling itself (see Poll Question 2). Poll Question 2: Primary responsibility for management Who is primarily responsible for the management of fraud and misconduct risk in your procurement processes: Internal audit 31 Procurement 33 Accounting 14 Legal/compliance 10 None of the above 9 0% 10% 20% 30% 40% 50% Source: KPMG International, 2010 © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 14. Using technology to detectprocurement fraud Forensic data analysisCompanies often One of the key technology tools for detecting procurement fraud and abuse is forensic data analysis where the focus is on being proactive. Companies collectoverlook other vast amounts of data on a daily basis for the purposes of running their businesses.valuable sources of But are they extracting additional value from this data that could help them identifyinformation, such as fraud or misconduct?itemized phone call Proactive forensic data analysis is a powerful weapon against fraud and misconduct. A holistic approach is necessary (Figure 3) and this includes the use of morelistings, access traditional methods of fraud control, such as the use of telephone hotlines andcontrol logs for fraud risk assessment programs.offices and other Figure 3: Forensic data analysis as part of a holistic approachpublicly availabledatabases. Prevention Identify potential fraud, misconduct and waste through Response Detection sophisticated analytics testing, cross-matching and non-obvious relationship identification Source: KPMG International, 2010 In support of this holistic approach, the focus of forensic data analysis is on detection. By extracting and combining available electronic information, proactive forensic data analysis seeks to identify potential fraud misconduct and waste through sophisticated analysis testing, cross-matching and non-obvious relationship identification. Data analytics can be applied to detecting existing frauds hidden within a company’s data, it can inform fraud risk assessments and identify process and control weaknesses, and it supports the detection of non-obvious frauds. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 15. P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N   13 Other applications include performing analysis to assist an investigation prompted by behavioral red flags traditionally associated with fraud or misconduct such as living beyond one’s means, an unusually close association with a customer and the infrequent taking of holidays. Before performing data analysis, however, it is important for companies to understand the data landscape. All organizations are aware that they have a valuable amount of information in their financial systems. But companies often overlook other valuable sources of information, such as itemized phone call listings, access control logs for offices and other publicly available databases. These sources can be used to supplement the data a company already has and allow it to extract additional value — and should not be overlooked. In our poll of procurement specialists, we learned that the majority were not using data analytics nearly to the extent they could be — 65 percent said they used data analytics either not at all or to a very limited extent to detect and prevent fraud (see Poll Question 3). Poll Question 3: Use of data analytics To what extent does your organization use data analytics to prevent or detect procurement fraud? Not at all 18 Very limited 47 Periodic retrospective testing 26Entrenched continuous monitoring 7 0% 10% 20% 30% 40% 50% Source: KPMG International, 2010 Rules-based analysis There are many different approaches to proactive forensic data analysis. All approaches are based on a basic set of principles and knowledge. The first level of analysis combines knowledge of known fraud schemes and indicators, with a knowledge of business systems and principles. Figure 4 on the next page depicts a procurement scenario where the skilled analyst uses knowledge of how a business process should be conducted to develop and implement tests which help to identify deviations from the norm. Tests can be developed to determine whether invoices were received after payment had been made, and even if orders appear to have been split, to defeat the limits on delegation. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 16. 14  P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O NFigure 4: Rules-based analysis PO after Payment Break-point PO splitting receipt before invoice analysis Requisition PO Receipt Invoice Payment Master data maintenance Test VAT Payment for Suspicious number validity un-cleared PO keywordsSource: KPMG International, 2010 In addition to testing conformity to business rules, rules-based analytics can consider externally enforced or regulated factors. For example, most jurisdictions Combining and have well-defined formats for certain sets of data, such as Value Added Tax (VAT) scoring allows numbers. Thus, if the format or mechanism used to create VAT numbers by the identification respective tax authorities is understood, our firms’ professionals can very easily implement a test to determine whether a VAT number stored in the company’s of potentially vendor master file is valid or not. anomalous behaviors, and Case study reduces the number In one investigation carried out by a KPMG member firm, knowledge of the format used to create VAT numbers helped to identify fictitious vendors. of potential false These vendors had been added to the vendor master file to facilitate payment positives — to an employee whose bank details were loaded as the vendors’ bank details. reducing the investigative burden. False positives An important factor to consider is that with this approach there is a risk of a large number of false positives — a large number of exceptions or irregularities identified are not really problems, but justified business peculiarities that can be explained easily. Therefore, the approach needs to be enhanced, ensuring that the exceptions identified are meaningful and warrant further investigation. Combining and scoring This approach still relies on knowledge of fraud schemes, but introduces scoring as a mechanism to prioritize, or highlight, areas of most concern. Combining red flag indicators, such as divorce or instability in life circumstances, unusually close association with a customer or complaining about inadequate pay, can provide © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 17. P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N   15 additional layers of protection. Combining and scoring then allows identification of potentially anomalous behaviors, and reduces the number of potential false positives — reducing the investigative burden. Figure 5 shows the various tests on the population of invoices for an organization. The table lists the different tests carried out in the left hand column and the next two columns show the results of the tests against two specific invoices — 12345A and 98765S. The checkmark against a test for a specific invoice indicates that the invoice generated an exception on that specific test. Figure 5: Example of scoring method for two invoices Invoice 12345A 98765S Round sum amount ✔ ✘ Processed at night ✘ ✔ Paid within a week ✘ ✔ Segregation of Duty breach ✘ ✔ Unauthorized approval ✘ ✘ Similar to previous invoice ✘ ✔ Score 1 4 Source: KPMG International, 2010 If we look at each test in isolation, we can expect to find that the number of exceptions for each test is generally large and, for example, if we take the test of ‘paid within a week,’ it may not be practical to investigate all invoices paid within a week. But when the results are combined in a scoring matrix, the problem invoices quickly come to the fore. The second invoice, 98765S, has a score of four and clearly merits further investigation. By scoring and selecting invoices in this way, we can reduce the number of false positives requiring investigation — allowing for better allocation of limited resources. Supplementing data and more advanced analysis The next step is to enhance the analysis by supplementing the original source data with information from other systems or from external sources. During the normal course of business, organizations often perform a review of payments to vendors. The organization would then examine spend per cost center, providing a good indication of its expenditure. If a company were to supplement its vendor master file with publicly available information on the sectors that the vendors in the vendor master file operate in, it might reveal anomalies that bear further investigation. Figure 6 on the following page shows an example where supplementary data identified an organization that was classified as an automotive vendor, with an expenditure marked against the catering cost center. This spend, which was previously considered normal, now merits further investigation. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 18. 16  P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N Figure 6: Data enhancement In our poll of Invoice ID Amount Vendor CostCentre G67689 140,317 Gamma Plc Catering procurement D678D 66,340 Delta SA Catering specialists, we T7852H AA4567 4,272 3,105 Theta & Sons Alpha Ltd Maintenance Catering learned that B45632 G78512 4,828 4,272 Beta Ltd Gamma Plc Catering Catering 17 percent did O3214 48,282 Omega Co Maintenance D254K 42,724 Delta SA Catering not know which E0987 Invoice ID Amount Vendor CostCentre Industry Lookup employees were Z12369 T7852H AA1234 16,947 Alpha Ltd Catering Food Suppliers B87765 3,234 Beta Ltd Catering Food Suppliers processing B87765 L36985 G67689 140,317 Gamma Plc Catering Food Suppliers transactions on O3693 D678D K09870 66,340 265,491 Delta SA Kappa Co Catering Catering Food Suppliers Food Suppliers S87654 their systems. U7536 AA4567 B45632 3,105 4,828 Alpha Ltd Beta Ltd Catering Catering Food Suppliers Food Suppliers K09870 G78512 4,272 Gamma Plc Catering Food Suppliers U3567 G46523 3,105 Gamma Plc Catering Food Suppliers AA1234 D254K 42,724 Delta SA Catering Food Suppliers G46523 E0987 48,282 Epsilon Partners Catering Automotive Z12369 4,828 Zeta Inc Maintenance Building Materials T7852H 4,272 Theta & Sons Maintenance Building Materials T7852H 48,282 Theta & Sons Maintenance Building Materials O3693 42,724 Omega Co Maintenance Building Materials L36985 3,105 Lambda Ltd Maintenance Building Materials U3567 4,828 Upsilon Ltd Maintenance Building Materials S87654 4,272 Sigma BV Maintenance Building Materials O3214 48,282 Omega Co Maintenance Building Materials U7536 42,724 Upsilon Ltd Maintenance Building Materials Source: KPMG International, 2010 If the company were then to combine this information with the employee master file information and itemized telephone listings, it could identify a potentially suspicious relationship between a vendor and an employee in a position of influence. Similarly, collecting publicly available information on company directorships and combining it with data on the vendor master file might help to identify possible conflicts of interests. Taking this approach even further, companies could add geographical data and visualization to examine a population of data for trends or groupings which appear unusual. When investigating these unusual transactions it is important to be able to trace the entire life cycle of the transaction. One needs to identify the persons initiating, capturing and approving the transactions. In our poll of procurement specialists, 17 percent of the respondents did not know which employees were processing transactions on their systems. Eighty-two percent of the respondents reported to have audit trails and well-defined control policies in place (Poll Question 4). The next step for these respondents would be to determine whether the audit logs are actively monitored for red flags. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 19. P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N   17 Poll Question 4: Audit trail of transactions Do you know which employees are processing transactions on your systems? No 17Yes, we have enabled audit trails and implemented 82 a well-defined system access control policy 0% 20% 40% 60% 80% 100% Source: KPMG International, 2010 This proactive data analysis requires a systematic approach once all available knowledge has been gathered. The first step of the approach, as illustrated in Figure 7, is to identify specific risks through knowledge of the business environment. Figure 7: Systematic approach Identify specific Define potential Determine event Determine risks schemes indicators routines Source: KPMG International, 2010 The next step is to define potential schemes through good industry knowledge. A good understanding of the industry is essential, which will then determine event indicators and alert the organization to problem areas. Finally, by using this library of knowledge it is then possible to determine specific routines, with the assistance of scoring and data enhancement, as part of the holistic approach in preventing and detecting procurement fraud, in conjunction with a documented response plan. Case study In a recent investigation, KPMG firms performed data analysis on the procurement data at one regional cluster of a global organization. The results of the test were used to help the company set a benchmark for comparison. We then developed automation, to run the same sets of analysis routines on the procurement data, at each of the organization’s other regional clusters. This allowed for comparisons against the benchmark and for the prioritization of precious internal audit resources — improving the fraud risk environment. The organization now has the ability to re-run the same analysis every month to track the effectiveness of its corrective measures and identify the regional clusters with the biggest problems. In this way, proactive data analysis not only highlighted indicators of fraud, but also helped the organization to manage its resources and realign its approach. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 20. Making use of supplier audits tocounter fraud and loss There are a lot of supplier relationships in which consumer markets companies rely on their suppliers to bill the correct amount. These types of supplier contractsThe credit crunch, generally give the customer organization audit rights, where they can go into athe increase supplier’s site and check their records to ensure they are billing the correctin regulation amount.surrounding anti- When audit rights are exercised, the type of data analyzed can range from reviewing time sheets, through to the invoices from the supplier’s own suppliers,bribery and to examining costs to ensure they are being passed on without inappropriatecorruption, and data markups.privacy and security, Another big area of focus for supplier audits is rebates and discounts. The audithave all added to will look for any rebates and discounts received by the supplier from its own suppliers and ensure that the rebates are being passed on, if that is what thethe burden of contract requires.managing andmonitoring Who owns supplier audits?suppliers. In some organizations, supplier audits are owned by internal audit and in other organizations, they are owned by procurement or operational management. In the KPMG poll of procurement specialists from the consumer markets industry, internal audit was most frequently identified (40 percent) as the department that was primarily responsible (see Poll Question 5 on the opposite page). These business units — internal audit and procurement — are under a lot of pressure to demonstrate that they are adding value, and dealing with the increased levels of complexity and risk only adds to the challenge. The credit crunch, the increase in regulation surrounding anti-bribery and corruption, and data privacy and secu- rity, have all added to the burden of managing and monitoring suppliers. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 21. P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N   19 Poll Question 5: Responsibility for supplier contract audits Who is primarily responsible for exercising the right to supplier contract audits? Internal audit 40 Procurement 27 Operational management 20 None of the above 11 0% 10% 20% 30% 40% 50% Source: KPMG International, 2010 The purpose of a supplier audit is to give an organization comfort that its suppliers are only billing it for what it has received and that it is paying the right price as agreed in the contract. Supplier audits are not about putting the squeeze on suppliers; they are more about keeping suppliers honest. Potential benefits of supplier audits Do supplier audits help organizations differentiate between fraud and contractual non-compliance? In KPMG firms’ experience, finding evidence of clear intent to defraud is rare. Where there are suspicions of fraud within a supplier, it is more usual for the organization to hand over the investigation to the supplier itself. Suppliers will frequently claim that system inadequacies, incompetence of junior staff, or human error are the reason for overbillings uncovered by exercising audit rights. More often than not, where factual evidence is presented to them, they will admit to their mistakes and reimburse the customer company. This begs the question of how often suppliers voluntarily send overpayments back to their customers. In the normal course of business, this is rare. But once an intention to audit has been notified, it is not uncommon to find suppliers confessing to any over-billing and putting into place measures to reimburse the customer. Repayments of over-billed amounts can be significant, as described in the following case study. Case study In 2005, a global marketing and advertising group had to refund around GBP250 million to consumer markets and other clients around the world, of which three million was given to a single supermarket chain. The money had been built-up in the marketing and advertising group’s balance sheet, from credits and rebates from media owners that were not passed back to its clients. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 22. 20  P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N KPMG firms have recently uncovered instances of overpayments in outdoor advertising because the time on display was not honored. The audit revealed In KPMG firms’ that customers were being charged for a month, but the material on display experience, when was being changed after two weeks. This disparity was revealed by our audit we conduct and involved date reconciliations to the scheduling of the people who changed the posters on the billboards. supplier audits, we Another common finding in the area of media and marketing is inappropriate find that more than markups and double-billing of external costs. 70 percent of the third parties we Figure 8: Flushing out the ‘known unknowns’ review have made errors in their self- reporting, filed SUPPLIER inappropriate claims, charged inappropriate prices or all of the above. TRANSACTIONS SUPPLIER’S BETWEEN PARTIES INTERNAL DATA (common data and (Visible to understanding) supplier only) CUSTOMER CUSTOMER’S UNDETECTED DATA AND ERRORS PROCESSES (Visible to neither (Visible to party without detailed customer only) investigation) Source: KPMG International, 2010 © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 23. P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N   21 Using supplier audits to flush out information The size of the problem caused by ineffective control and management of supplier contracts is significant. The Aberdeen Group estimates resultant losses to businesses around the world at US$153 billion per annum.2 In Figure 8, there are two “buckets” of information visible to the customer — its own data and the data that is provided to the company by the supplier. The supplier can see both the data it has provided to the customer and its own internal data, which is not visible to the customer (in the top right hand box). In the bottom right-hand box are undetected errors, the unknown unknowns, which are not available to either party. The supplier audit will expose for the customer what is in both right-hand boxes. In KPMG firms’ experience, when we conduct supplier audits, we find that more than 70 percent of the third parties we review have made errors in their self- reporting, filed inappropriate claims, charged inappropriate prices or all of the above. It is clear that businesses that do not exercise their rights of audit, as was the case with 36 percent of the webcast poll respondents (see Poll Question 6), are not capitalizing on significant potential recoveries. Poll Question 6: Auditing supplier contracts To what extent does your organization exercise rights of audit in supplier contracts? Established program of supplier audits 13Some audit activity in specific categories 44 Only for media/advertising spend 5 Not at all 36 0% 10% 20% 30% 40% 50% Source: KPMG International, 2010 2 Aberdeen Group, The Contract Management Benchmark Report, 2006 © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 24. Conclusion Procurement is where the money is and, therefore, an area ripe for fraud and misconduct. The procurement process is growing in importance as many organizations aim to improve the value they can create. There are several steps organizations can take to tighten existing controls, many of which have been described by the preferred leading practices outlined in this paper. Proactive forensic data analysis can be used to detect fraud and misconduct through a systematic analysis of the available data, which includes data that is both internal and external to an organization. Unless companies exercise their rights of audit, they cannot be sure their suppliers are billing in line with the contract. While many companies may have concerns about the impact of an audit on their relationships with suppliers, our firms’ experience suggests audits can enhance relationships by creating a more balanced relationship between the supplier and customer. How KPMG firms can help KPMG’s Risk and Compliance professionals are trusted advisers to some of the world’s leading enterprises. Our network of forensic and contract compliance professionals work in 28 accredited practices within KPMG member firms around the world. This network brings a global approach, combined with a tailored local focus, to sensitive and complicated local or cross-border engagements. Forensic Services Our Forensic services are aimed at helping our firms’ consumer markets clients: • prevent instances of fraud and misconduct from occurring in the first place, • detect instances when they do occur, • respond appropriately, and • take corrective action when instances arise. Professionals in KPMG’s Forensic practice draw upon extensive experience in forensic accounting, law enforcement, fraud and misconduct control assessments, legal damage quantification and analysis, expert witness testimony, international arbitration, asset tracing, computer forensics and forensic data analysis. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 25. P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N   23 Contract Compliance Services Our Contract Compliance Services (CCS) are aimed at helping our firms’ consumer markets clients: • identify significant cost recoveries or other improvement opportunities, and • audit and enforce contracts with their suppliers. KPMG’s CCS professionals are experienced in serving a variety of our firms’ consumer markets clients in areas such as royalties, licensing, distribution agreements, advertising and more. As a result, we understand the complexities and nuances of a range of business contracts, processes and procedures and have been able to help companies identify and recover overpayments to suppliers, while maintaining and improving relationships with them. Using a range of technology tools, KPMG member firms’ professionals help organizations address the risks and costs involved with evidence and discovery management and as well as the acquisition, management and analysis of large data sets. Our professionals work alongside consumer markets clients to handle information from its creation to its preservation, collection, analysis and presentation in discovery. We also apply computer forensic and data analysis techniques to assist with detecting fraud and misconduct. Whether your needs call for a fraud and misconduct risk assessment, the design of a global compliance program or better use of technology to enable continuous transaction monitoring — our Fraud Risk Management and Contract Compliance services are designed to be targeted, scalable and tailored to your specific requirements. About KPMG and the Global Consumer Markets Practice KPMG is a global network of professional firms providing Audit, Tax and Advisory services. We have 140,000 outstanding professionals working together to deliver value in 146 countries worldwide. KPMG is organized by industry sectors across our member firms. The Consumer Markets practice, which focuses on the Food, Drink and Consumer Goods and Retail sectors, comprises an international network of professionals throughout the Americas, Europe, the Middle East, Africa and Asia-Pacific. This industry-focused network enables KPMG member firm professionals, with deep experience in the consumer markets sectors, to provide consistent services and thought leadership to our clients globally, while maintaining a strong knowledge of local issues and markets. © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 26. 24  P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O NContact usFor more information about the detection and prevention of procurement fraud inyour company, please contact any of the following KPMG professionals:Willy KruhGlobal Chair, Consumer MarketsKPMG in Canada+1 416 777 8710wkruh@kpmg.caAmanda AldridgeGlobal Forensic Lead, Consumer MarketsKPMG in the UK+44 20 7311 8073amanda.aldridge@kpmg.co.ukGrant JamiesonKPMG in China+852 2140 2804grant.jamieson@kpmg.com.hkGraham MurphyKPMG in the US+1 312 665 1840grahammurphy@kpmg.comKajen SubramoneyKPMG in the UAE+971 (4) 424 8900kajen@kpmg.com © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 27. P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N   25About the AuthorsAmanda Aldridge is the Global Forensic Lead for Consumer Markets in KPMG inthe UK. She has experience in dispute advisory including loss of profits, forensictransaction services (completion accounts disputes and expert determinations)and rights of minority shareholders as well as Intellectual Property & ContractGovernance including supplier audits, royalty and licensed product audits andmedia distribution audits.Kajen Subramoney is the Head of Forensic Technology for Consumer Marketsin the UAE. He joined KPMG’s South African firm after completing his studiesin Computer Engineering. Kajen has had broad experience in ForensicTechnology work including digital evidence recovery, e-discovery and forensicdata analysis.Graham Murphy is the US Forensic Lead for Consumer Markets in KPMG in theUS. Graham specializes in investigations, fraud risk management, arbitrations anddispute advisory. He has conducted numerous financial investigations, includingprocurement fraud, alleged earnings management, contract compliance, theft andmisappropriation of assets and conflict of interest issues.© 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms areaffiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  • 28. kpmg.comThe information contained herein is of a general nature and is not intended to address the © 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network ofcircumstances of any particular individual or entity. Although we endeavour to provide accurate and independent firms are affiliated with KPMG International. KPMGtimely information, there can be no guarantee that such information is accurate as of the date it is International provides no client services. No member firm hasreceived or that it will continue to be accurate in the future. No one should act on such information any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG Internationalwithout appropriate professional advice after a thorough examination of the particular situation. have any such authority to obligate or bind any member firm. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity. Designed by Evalueserve. Publication name:  rocurement Fraud in Consumer P Companies: Preventing, Detecting and Taking Action Publication number: 100704 Publication date: August 2010