Procurement fraud

CONSUMER MARKETS

Procurement Fraud in
Consumer Companies
Preventing, Detecting and Taking Action
K P M G I NT E R N AT I O N A L

ii P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N

Message from Willy Kruh

We have found that procurement is an area that is highly susceptible to fraud and
misconduct in consumer markets companies. Further, increasingly complex and
global supply chains, coupled with a challenging economic environment, lend to
an even heightened incidence of this type of fraud. Since financial losses resulting
from procurement fraud directly affect a company’s bottom line, minimizing the
opportunity for fraud within the procurement cycle can result in substantial gains
for consumer companies.
Willy Kruh
Global Chair This paper shares the insight and experience of some of KPMG firms’ leading
Consumer Markets forensic and contract compliance professionals who assist companies in the food,
KPMG in Canada drink, consumer goods (FDCG) and retail sectors with addressing procurement
fraud issues. In addition, the report summarizes and analyzes the results from a
poll of over 460 FDCG and retail sector procurement and other executives who
attended a KPMG Global Consumer Markets webcast on this topic earlier this
year. These poll results provide the first-hand perspectives of your industry peers
on how their own companies are affected by and dealing with procurement fraud.

I trust that the information herein, on the key procurement fraud risks, leading anti-
fraud procurement practices and cross-departmental approaches to procurement
fraud, supported by the feedback and insights shared by the KPMG webcast
participants, will provide you with relevant and useful guidance that you can
apply in your organization.

© 2010 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are
affiliated with KPMG International. KPMG International provides no client services. All rights reserved.

PROCUREMENT FRAUD IN CONSUMER COMPANIES: PREVENTING, DETECTING AND TAKING ACTION 1

Contents
2 Introduction

3 Procurement fraud risks and
ways to reduce your exposure

12 Using technology to detect
procurement fraud

18 Making use of supplier audits
to counter fraud and loss

22 Conclusion


Introduction

Historically, procurement fraud in consumer markets organizations has not been
as proactively or successfully managed as it can be today. Often regarded as an
“ have seen more
I issue not easily identified or prevented, many food, drink and consumer goods
incidents of serious (FDCG) and retail organizations were more likely to regard procurement fraud as
procurement fraud an unavoidable cost that (they hoped) had minimal impact on the bottom line.

in each of the last However, according to a survey of 959 Certified Fraud Examiners on Occupational
Fraud Abuse conducted by the Association of Certified Fraud Examiners (ACFE),
two years than in US organizations are losing nearly 7 percent of their annual revenues to fraud each
any of the previous year.1 If this is typical across industries and in other countries, then clearly it is an
eighteen.” issue that consumer businesses around the world cannot afford to ignore. In the
UK, procurement fraud is also a rising concern, where Amanda Aldridge, Global
Amanda Aldridge Forensics Lead, Consumer Markets, KPMG in the UK, says that she has “seen
Global Forensic Lead, Consumer
more incidents of serious procurement fraud in each of the last two years than in
Markets, KPMG in the UK
any of the previous eighteen.”

In part, this apparent impact of, and rise in, fraud may be due to better detection, but
certainly as the issue moves up boardroom agendas, consumer markets companies
are beginning to ask themselves difficult questions about their approaches to
preventing, detecting and taking action against procurement fraud. They are
looking for help to find the answers.

Businesses face a number of key challenges. Have their buyers ‘got the message’
as to what is unacceptable behavior? Are they policing their gifts, entertainment
and conflict of interest policies? How effective is their due diligence in relation to
new or changing supplier relationships? Are they mobilizing the honest majority of
their employees and suppliers to report concerns? Are they using focused audits
to uncover overcharging or under-delivery? And have they tried to measure the
size and nature of the problem?

This paper looks at some of the risks associated with procurement fraud in the
consumer markets sectors and how these companies can reduce their exposure,
the use of technology to detect procurement fraud, and how to leverage supplier
audits to counter fraud and loss.

During a Global KPMG Consumer Markets webcast on Procurement Fraud held
earlier this year, participants were asked a series of questions to gather information
as to how consumer markets companies are preventing and detecting procurement
fraud in their organizations. Readers will find the results of these polls presented
and discussed throughout the paper.

1
A
ssociation of Certified Fraud Examiners (ACFE) 2008 Report to the Nation on Occupational Fraud and Abuse


Procurement
fraud risks
and ways to
reduce your
exposure

Referring again to the survey by the ACFE mentioned in the Introduction, the
most common fraud scheme (cited 27 percent of the time) was corruption,
including purchase schemes, invoice kickbacks and bid rigging. Schemes involving
fraudulent disbursements of cash were cited more than 50 percent of the time
with respect to asset misappropriations. Respondents cited a lack of adequate
internal controls as the biggest single contributing factor to occupational fraud.
One of the keys to reducing those losses therefore lies in managing the risks of
fraud and abuse and, clearly, in focusing on the procurement process.

The procurement process
Procurement has two distinct elements: sourcing and purchasing. Sourcing is where
an organization can create value by identifying cost savings within its current spend
and it starts by identifying specific purchasing opportunities.

For example, by rationalizing the number of vendors and capitalizing on economies
of scale, it may be possible to drive down costs per unit. This process can be helped
by having a defined competitive bid process.

The sourcing process should culminate in negotiated contracts with approved
suppliers, delivering lower costs. Obviously, the potential savings can and will
vary depending on the following:
• Current level of spend by category
• Number of suppliers per category
• Distribution of spend across division or businesses
• Contract availability
• Maturity of process and previous efforts to improve various categories of spend.

Value can be realized in the procurement process by executing and completing the
purchasing cycle. The majority of purchases should be from the list of approved
vendors, and many companies will monitor and maintain their list in the form of
a supplier catalogue. This catalogue lists the various products (Stock-Keeping
Units, or SKUs) that the organization requires, as well as the approved vendors
with agreed pricing.


4 P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N

This is not a static process. There will likely be ongoing opportunities to reduce
cost. As businesses change (products, geography, etc.), consumer markets
organizations will need to evaluate their vendors and related processes
continuously. Many companies establish specific metrics against which they
monitor and evaluate their vendors and spending. Again, this is a continuous
process and, to manage it, an organization should constantly assess its supplier
relationships and look for opportunities to create value.

Figure 1: The procurement value cycle

Identify
Performance
Opportunities
Management

Receipt/ Specification
Manageme
Pay lue nt
Va
Pur c has i ng

Sou r c i ng
Cash
Purchase Request
Performance
ment

Order Quality Value Proposals
lfill

Cr
Fu

ea

e tio
lu n
Va
Requisition Negotiate

Catalogue Contract

Source: KPMG International, 2010

Opportunities for fraud
It is not surprising that within the procurement value cycle (Figure 1), there are
several opportunities for fraud and abuse in consumer markets companies.
Depending on the nature of the business, and its controls and processes, an
organization may be susceptible to risks, including the following:
• Phantom vendors — where fictitious vendors are set up in the company’s
vendor master file and payments are dispersed to them
• Bid rigging — where there is collusion between procurement personnel
and bidders, or among a number of bidders where they collaborate to drive
prices higher



• A grey market — where companies can suffer losses through counterfeits and
knock-offs or where suppliers generate unauthorized production, putting a
This is a continuous company’s real products at risk
process and, to • Failure to meet contract specifications — resulting in substandard products
manage it, an and sometimes dangerous goods

organization should • Bribery and corruption — especially in higher-risk geographies

constantly assess its • Unauthorized disbursements.

supplier relationships The structure and nature of the business can also provide opportunities for fraud.
It is our firms’ experience that there is a higher risk of fraud in widely decentralized
and look for operations, especially in some emerging economies. Procurement fraud tends to
opportunities to occur where there is an opportunity, and these opportunities can emerge as a
create value. company changes and grows. Keeping controls up to date with technology and
the growth cycle of the business is critically important.

How can companies protect themselves from such risks?
There are certain basic or ‘core’ internal controls and practices that should be in
place to reduce a company’s exposure. These include the following:
• segregation of duties
• standard, consolidated reporting
• common policies and process standardization
• a single supplier database and contracts register
• a single payment address
• risk management controls
• procedures for forecasting the company’s demand from suppliers.

For example, the segregation of duties is one of the most basic but effective
controls, since it separates the responsibility for supplier selection, the negotiation
of the contract and the purchase decision from the receiving function and from
the payment function.

It can be expected that many businesses will have these core requirements
covered. One of the key decisions facing companies in this area, however,
is where to allocate resources to make improvements to their procurement
processes. KPMG firms have identified several better or ‘preferred’ practices
that can help improve consistency, promote more frequent use of approved
suppliers and drive value. These include the following:
• an electronic procurement catalogue
• the use of purchasing cards
• commodity spend simplification
• process automation and workflow management
• integration of enterprise systems
• real-time spend data visibility
• management by exception.



Figure 2 identifies some methods that a company might utilize to improve its
procurement processes. What drives each organization’s choice of strategies
and when to implement them will depend on the following:
• where the company is in terms of already making improvements
• the relevance the industry leading practices have to its various systems
• the balance of risk (often in terms of cost or disruption to existing systems) vs.
reward for making such changes.

Figure 2: Purchase to Pay — Leading and Common Practices

Wave 2 Wave 1

Supplier Strategic
relationship sourcing
management
Core

Common
processes

Technology
enabled Electronic Purchasing
procurement procurement cards
catalogue
Supplier
Good practice

relationship
management

Work flow
control

Shared Process
eAuctions
services automation
More integrated work flow

systems can lead to
Future

better measurement Outsourcing
Management
by exception

of effectiveness and
promote the right
buying behavior Low Medium High
among procurement
Typical reward/risk profile
personnel.



The delineation between Wave 1 and Wave 2 will be different for each organization.
Wave 1 strategies can often be considered as the “lowest hanging fruit” — those
that will result in the shortest-term gains on a cost-effective basis.

More integrated systems can lead to better measurement of effectiveness and
promote the right buying behavior among procurement personnel. In addition,
better scrutiny of spending and real-time reporting will lead to more timely
and more effective management by exception. This can be used to identify
unauthorized variances in pricing, purchases from non-approved vendors and
inappropriate/excessive quantities of purchases compared with inventory levels
or forecasted demand.

Many consumer markets companies seem to lack a strategic approach to
managing procurement. In a poll during the recent KPMG webcast on
Procurement Fraud, only 19 percent of over 300 respondents from the FDCG
and retail sectors said their companies had a comprehensive strategic sourcing
initiative in place. Another 30 percent said that their processes needed
improvement (see Poll Question 1).

Poll Question 1: Extent of current processes

To what extent does your organization have defined processes to
manage procurement:

Comprehensive strategic sourcing initiatives 19

Core requirements plus some leading practices 26

Core requirements covered 24

Processes need improvement 30

0% 10% 20% 30% 40%




Where are consumer companies falling short?
In our work in this area, KPMG firms frequently find certain recurring system
failures. These include the following:
• non-compliance or ‘maverick buying’
• lack of segregation of duties
• lack of an effective three-way matching process
• failure to adopt proper purchasing procedures.

Maverick buying is where purchases are made from local non-approved vendors.
This is common practice when it is believed to be an easier or quicker way to get
the needed product. However, it is not always possible to control the costs of
such purchases centrally, and experience has shown that they are sometimes
inappropriate (i.e. from phantom vendors or where local purchasing agents are
receiving kickbacks). Maverick buying is something KPMG firms see in almost
every investigation of expenditures involving a geographically distant division or
subsidiary. It is important to note, however, that there isn’t always fraud. We
often simply find people trying to work around the system of internal controls
to make their lives easier. Either way, it should not happen.

Surprisingly, KPMG professionals still see instances where consumer markets
companies make disbursements based on invoice alone, without comparing
them to approved purchase orders and related receiving documentation. In
these cases, it is not possible to know whether the product was actually
received or approved in the first instance. This basic requirement to match the
invoice, purchase order, and receiving document, so that an organization can
actually prove it received the goods, is essential. If segregation of duties is
inadequate in this area, it may be possible for payment to be made where no
goods or only some of the goods and/or services have actually been received.



Proper purchasing procedures require defined protocols around tendering and the
bidding process. However, in our firms’ experience, far too many organizations
do not keep the results of the procurement process — or what we would call
an ‘audit trail’ — to confirm that the process is working as it should. If there is
no requirement to keep these documents, there is a greater risk of abuse of the
system, making it that much harder to recognize exceptions and violations.

Another area where companies can fall short is in performing due diligence on
their suppliers to fully understand with whom they are doing business. Industry
leading practice suggests that there should be a defined process, with a process
owner and a system for archiving the results of the background reviews. This
reduces the risk of fictitious vendors being set up on the vendor master file and
can reveal situations where potentially inappropriate payments might be made by
a distant subsidiary.

Red flags
There are several red flags that should alert companies to potential fraud. Some
of the most common red flags seen by our firms’ professionals include:
• Close socialization with government officials with gifts, expenses, etc., incurred
• A losing bidder being hired by a winning bidder, suggesting collusion or that
the winning bidder really did not have the capability to deliver the product or
service
• A losing bidder that is not listed in business directories, which might suggest
that the bidder was fictitious and was only put into the process to make it look
as if there was a competitive process
• A low initial bid but many change orders, which may appear as collusion with
the buyer
• Continued acceptance of high-priced, low-quality goods, which might reveal

Consumer markets problems with the Quality Assurance (QA) department and the existence of
kickbacks
companies should • A vendor whose address is a mail drop box, multiple purchase orders of small
be well-informed amounts, unnecessary middlemen in the procurement process, or a losing bid
about their that cannot be located or where there is minimal documentation.

customers and Consumer markets companies should be well-informed about their customers and
vendors, and, in some countries, they should be especially wary in their dealings
vendors, and in with government officials. Having a robust process to evaluate potential suppliers
some countries they should reduce the risks associated with the red flags listed above. Common sense
should be especially dictates that if a supplier has gone to the trouble of having a post office box set
up as a street address, further investigation is warranted. Equally, continued failing
wary in their of quality standards by a supplier or a concentration of such suppliers linked to a
dealings with single buyer may be the warning signs of a buyer involved in procurement fraud.

government officials. If there are unnecessary middlemen in the process, then companies should also
investigate further. Our firms’ professionals have uncovered numerous instances
where entities have been set up solely for the purpose of paying commissions.



Risks in the “New World”

To drive cost and With procurement assuming an ever-increasing strategic role in many organizations,
it is important to not only know the potential benefits, but also the associated risks
other efficiencies, of driving change within the procurement process.
many companies Investigations held by KPMG firms revealed that many instances of misconduct
are entering into do not occur at head office, but rather at remote locations where there are very
joint ventures different cultures and ways of doing business. Notwithstanding these differences,
international companies will generally be held to the regulatory standards that
and partnering apply in the country where their head office is located. As regulators globally
arrangements with increase their efforts to stamp out bribery and corruption with ever-increasing

local businesses. penalties, it becomes increasingly important for companies to be well-informed
of their business partners.

To drive cost and other efficiencies, many companies are entering into joint
ventures and partnering arrangements with local businesses. These arrangements
need very careful consideration as companies that enter into joint ventures are, to
some extent, putting their reputations and capital in the hands of others.

As a company’s business dealings assume greater complexities and geographic
dispersion, so should its approach to managing the ever-evolving associated risks.
An example of an industry-leading practice in this area is to move procurement
personnel and buyers periodically between categories.

Case study
A company had observed that when one of its buyers was moved to a different
category as part of a planned move, a number of the suppliers appeared
to move with him. This was peculiar and was raised as a red flag since the
categories of goods were very different. One would expect that if the category
of goods is very different, so too would be the appropriate suppliers. It was
ultimately discovered through investigation that some of the suppliers were
nothing more than middlemen sourcing product for the buyer. At a minimum,
the company incurred costs that it should not have incurred, and at worst,
the company was defrauded. In this example, moving the buyer and effectively
monitoring the spend paid dividends.


P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N 11

This example shows that there is an increasing role for internal auditors, who
better understand the challenges that lay before them and the specific risks that
procurement presents. Before conducting an internal audit for a particular location,
KPMG firms’ professionals see it as preferred practice to brainstorm the specific
risks that might be present in the market, as well as discussing and finalizing key
indicators for the internal audit team. If possible, we would also suggest having a
discussion with someone who is very experienced and knowledgeable about the
market, but is also independent. This would provide additional perspective on local
schemes and related risks — making the audit more effective and efficient.

When asked who is primarily responsible for the management of fraud and
misconduct risk in their procurement process, 31 percent of the survey
respondents from consumer markets companies indicated that this was the
responsibility of internal audit and 33 percent said it was down to the function
itself. These are very interesting responses since in the first instance, the role
of internal audits is generally limited to monitoring and testing of controls, and in
the second, there may be an inherent conflict if the same function is responsible
for controlling itself (see Poll Question 2).

Poll Question 2: Primary responsibility for management

Who is primarily responsible for the management of fraud and
misconduct risk in your procurement processes:

Internal audit 31

Procurement 33

Accounting 14

Legal/compliance 10

None of the above 9

0% 10% 20% 30% 40% 50%



Using
technology
to detect
procurement
fraud

Forensic data analysis

Companies often One of the key technology tools for detecting procurement fraud and abuse is
forensic data analysis where the focus is on being proactive. Companies collect
overlook other vast amounts of data on a daily basis for the purposes of running their businesses.
valuable sources of But are they extracting additional value from this data that could help them identify

information, such as fraud or misconduct?

itemized phone call Proactive forensic data analysis is a powerful weapon against fraud and misconduct.
A holistic approach is necessary (Figure 3) and this includes the use of more
listings, access traditional methods of fraud control, such as the use of telephone hotlines and
control logs for fraud risk assessment programs.

offices and other
Figure 3: Forensic data analysis as part of a holistic approach
publicly available
databases.
Prevention

Identify potential fraud,
misconduct and waste through
Response Detection sophisticated analytics testing,
cross-matching and non-obvious
relationship identification


In support of this holistic approach, the focus of forensic data analysis is on
detection. By extracting and combining available electronic information, proactive
forensic data analysis seeks to identify potential fraud misconduct and waste
through sophisticated analysis testing, cross-matching and non-obvious
relationship identification.

Data analytics can be applied to detecting existing frauds hidden within a
company’s data, it can inform fraud risk assessments and identify process and
control weaknesses, and it supports the detection of non-obvious frauds.



Other applications include performing analysis to assist an investigation prompted
by behavioral red flags traditionally associated with fraud or misconduct such as
living beyond one’s means, an unusually close association with a customer and
the infrequent taking of holidays.

Before performing data analysis, however, it is important for companies to
understand the data landscape. All organizations are aware that they have a
valuable amount of information in their financial systems. But companies often
overlook other valuable sources of information, such as itemized phone call
listings, access control logs for offices and other publicly available databases.
These sources can be used to supplement the data a company already has and
allow it to extract additional value — and should not be overlooked.

In our poll of procurement specialists, we learned that the majority were not
using data analytics nearly to the extent they could be — 65 percent said they
used data analytics either not at all or to a very limited extent to detect and
prevent fraud (see Poll Question 3).

Poll Question 3: Use of data analytics

To what extent does your organization use data analytics to
prevent or detect procurement fraud?

Not at all 18

Very limited 47

Periodic retrospective testing 26

Entrenched continuous monitoring 7

0% 10% 20% 30% 40% 50%


Rules-based analysis
There are many different approaches to proactive forensic data analysis. All
approaches are based on a basic set of principles and knowledge.

The first level of analysis combines knowledge of known fraud schemes and
indicators, with a knowledge of business systems and principles. Figure 4 on
the next page depicts a procurement scenario where the skilled analyst uses
knowledge of how a business process should be conducted to develop and
implement tests which help to identify deviations from the norm.

Tests can be developed to determine whether invoices were received after
payment had been made, and even if orders appear to have been split, to
defeat the limits on delegation.



Figure 4: Rules-based analysis

PO after Payment Break-point
PO splitting
receipt before invoice analysis

Requisition PO Receipt Invoice Payment

Master data maintenance

Test VAT Payment for Suspicious
number validity un-cleared PO keywords


In addition to testing conformity to business rules, rules-based analytics can
consider externally enforced or regulated factors. For example, most jurisdictions
Combining and have well-defined formats for certain sets of data, such as Value Added Tax (VAT)
scoring allows numbers. Thus, if the format or mechanism used to create VAT numbers by the
identification respective tax authorities is understood, our firms’ professionals can very easily
implement a test to determine whether a VAT number stored in the company’s
of potentially vendor master file is valid or not.
anomalous
behaviors, and Case study
reduces the number In one investigation carried out by a KPMG member firm, knowledge of the
format used to create VAT numbers helped to identify fictitious vendors.
of potential false These vendors had been added to the vendor master file to facilitate payment
positives — to an employee whose bank details were loaded as the vendors’ bank details.
reducing the
investigative burden. False positives
An important factor to consider is that with this approach there is a risk of a
large number of false positives — a large number of exceptions or irregularities
identified are not really problems, but justified business peculiarities that can be
explained easily. Therefore, the approach needs to be enhanced, ensuring that
the exceptions identified are meaningful and warrant further investigation.

Combining and scoring
This approach still relies on knowledge of fraud schemes, but introduces scoring
as a mechanism to prioritize, or highlight, areas of most concern. Combining red
flag indicators, such as divorce or instability in life circumstances, unusually close
association with a customer or complaining about inadequate pay, can provide



additional layers of protection. Combining and scoring then allows identification
of potentially anomalous behaviors, and reduces the number of potential false
positives — reducing the investigative burden.

Figure 5 shows the various tests on the population of invoices for an organization.
The table lists the different tests carried out in the left hand column and the next
two columns show the results of the tests against two specific invoices — 12345A
and 98765S. The checkmark against a test for a specific invoice indicates that the
invoice generated an exception on that specific test.

Figure 5: Example of scoring method for two invoices

Invoice 12345A 98765S
Round sum amount ✔ ✘
Processed at night ✘ ✔
Paid within a week ✘ ✔
Segregation of Duty breach ✘ ✔
Unauthorized approval ✘ ✘
Similar to previous invoice ✘ ✔
Score 1 4


If we look at each test in isolation, we can expect to find that the number of
exceptions for each test is generally large and, for example, if we take the test of
‘paid within a week,’ it may not be practical to investigate all invoices paid within
a week. But when the results are combined in a scoring matrix, the problem
invoices quickly come to the fore. The second invoice, 98765S, has a score of
four and clearly merits further investigation. By scoring and selecting invoices in
this way, we can reduce the number of false positives requiring investigation —
allowing for better allocation of limited resources.

Supplementing data and more advanced analysis
The next step is to enhance the analysis by supplementing the original source
data with information from other systems or from external sources.

During the normal course of business, organizations often perform a review of
payments to vendors. The organization would then examine spend per cost
center, providing a good indication of its expenditure.

If a company were to supplement its vendor master file with publicly available
information on the sectors that the vendors in the vendor master file operate in,
it might reveal anomalies that bear further investigation. Figure 6 on the following
page shows an example where supplementary data identified an organization
that was classified as an automotive vendor, with an expenditure marked against
the catering cost center. This spend, which was previously considered normal,
now merits further investigation.



Figure 6: Data enhancement

In our poll of Invoice ID Amount Vendor CostCentre
G67689 140,317 Gamma Plc Catering
procurement D678D 66,340 Delta SA Catering

specialists, we T7852H
AA4567
4,272
3,105
Theta Sons
Alpha Ltd
Maintenance
Catering
learned that B45632
G78512
4,828
4,272
Beta Ltd
Gamma Plc
Catering
Catering
17 percent did O3214 48,282 Omega Co Maintenance
D254K 42,724 Delta SA Catering
not know which E0987
Invoice ID Amount Vendor CostCentre Industry Lookup
employees were Z12369
T7852H
AA1234 16,947 Alpha Ltd Catering Food Suppliers
B87765 3,234 Beta Ltd Catering Food Suppliers
processing B87765
L36985
G67689 140,317 Gamma Plc Catering Food Suppliers

transactions on O3693
D678D
K09870
66,340
265,491
Delta SA
Kappa Co
Catering
Catering
Food Suppliers
Food Suppliers
S87654
their systems. U7536
AA4567
B45632
3,105
4,828
Alpha Ltd
Beta Ltd
Catering
Catering
Food Suppliers
Food Suppliers
K09870
U3567
AA1234
D254K 42,724 Delta SA Catering Food Suppliers
G46523
E0987 48,282 Epsilon Partners Catering Automotive
Z12369 4,828 Zeta Inc Maintenance Building Materials
T7852H 4,272 Theta Sons Maintenance Building Materials
T7852H 48,282 Theta Sons Maintenance Building Materials
O3693 42,724 Omega Co Maintenance Building Materials
L36985 3,105 Lambda Ltd Maintenance Building Materials
U3567 4,828 Upsilon Ltd Maintenance Building Materials
S87654 4,272 Sigma BV Maintenance Building Materials
O3214 48,282 Omega Co Maintenance Building Materials
U7536 42,724 Upsilon Ltd Maintenance Building Materials


If the company were then to combine this information with the employee master file
information and itemized telephone listings, it could identify a potentially suspicious
relationship between a vendor and an employee in a position of influence.

Similarly, collecting publicly available information on company directorships and
combining it with data on the vendor master file might help to identify possible
conflicts of interests. Taking this approach even further, companies could add
geographical data and visualization to examine a population of data for trends or
groupings which appear unusual.

When investigating these unusual transactions it is important to be able to trace
the entire life cycle of the transaction. One needs to identify the persons initiating,
capturing and approving the transactions. In our poll of procurement specialists,
17 percent of the respondents did not know which employees were processing
transactions on their systems. Eighty-two percent of the respondents reported to
have audit trails and well-defined control policies in place (Poll Question 4). The
next step for these respondents would be to determine whether the audit logs
are actively monitored for red flags.



Poll Question 4: Audit trail of transactions

Do you know which employees are processing transactions on
your systems?

No 17

Yes, we have enabled audit trails and implemented
82
a well-defined system access control policy

0% 20% 40% 60% 80% 100%


This proactive data analysis requires a systematic approach once all available
knowledge has been gathered. The first step of the approach, as illustrated in
Figure 7, is to identify specific risks through knowledge of the business environment.

Figure 7: Systematic approach

Identify specific Define potential Determine event Determine
risks schemes indicators routines


The next step is to define potential schemes through good industry knowledge.
A good understanding of the industry is essential, which will then determine
event indicators and alert the organization to problem areas.

Finally, by using this library of knowledge it is then possible to determine specific
routines, with the assistance of scoring and data enhancement, as part of the
holistic approach in preventing and detecting procurement fraud, in conjunction
with a documented response plan.

Case study
In a recent investigation, KPMG firms performed data analysis on the
procurement data at one regional cluster of a global organization. The results
of the test were used to help the company set a benchmark for comparison.
We then developed automation, to run the same sets of analysis routines on
the procurement data, at each of the organization’s other regional clusters.
This allowed for comparisons against the benchmark and for the prioritization
of precious internal audit resources — improving the fraud risk environment.
The organization now has the ability to re-run the same analysis every month
to track the effectiveness of its corrective measures and identify the regional
clusters with the biggest problems. In this way, proactive data analysis not only
highlighted indicators of fraud, but also helped the organization to manage its
resources and realign its approach.


Making use
of supplier
audits to
counter fraud
and loss

There are a lot of supplier relationships in which consumer markets companies
rely on their suppliers to bill the correct amount. These types of supplier contracts
The credit crunch, generally give the customer organization audit rights, where they can go into a
the increase supplier’s site and check their records to ensure they are billing the correct
in regulation amount.

surrounding anti- When audit rights are exercised, the type of data analyzed can range from
reviewing time sheets, through to the invoices from the supplier’s own suppliers,
bribery and to examining costs to ensure they are being passed on without inappropriate
corruption, and data markups.
privacy and security, Another big area of focus for supplier audits is rebates and discounts. The audit
have all added to will look for any rebates and discounts received by the supplier from its own
suppliers and ensure that the rebates are being passed on, if that is what the
the burden of contract requires.
managing and
monitoring Who owns supplier audits?

suppliers. In some organizations, supplier audits are owned by internal audit and in other
organizations, they are owned by procurement or operational management. In
the KPMG poll of procurement specialists from the consumer markets industry,
internal audit was most frequently identified (40 percent) as the department that
was primarily responsible (see Poll Question 5 on the opposite page). These
business units — internal audit and procurement — are under a lot of pressure
to demonstrate that they are adding value, and dealing with the increased levels
of complexity and risk only adds to the challenge. The credit crunch, the increase
in regulation surrounding anti-bribery and corruption, and data privacy and secu-
rity, have all added to the burden of managing and monitoring suppliers.



Poll Question 5: Responsibility for supplier contract audits

Who is primarily responsible for exercising the right to supplier
contract audits?

Internal audit 40

Procurement 27

Operational management 20

None of the above 11

0% 10% 20% 30% 40% 50%


The purpose of a supplier audit is to give an organization comfort that its suppliers
are only billing it for what it has received and that it is paying the right price as
agreed in the contract. Supplier audits are not about putting the squeeze on
suppliers; they are more about keeping suppliers honest.

Potential benefits of supplier audits
Do supplier audits help organizations differentiate between fraud and contractual
non-compliance? In KPMG firms’ experience, finding evidence of clear intent to
defraud is rare. Where there are suspicions of fraud within a supplier, it is more
usual for the organization to hand over the investigation to the supplier itself.
Suppliers will frequently claim that system inadequacies, incompetence of junior
staff, or human error are the reason for overbillings uncovered by exercising audit
rights. More often than not, where factual evidence is presented to them, they
will admit to their mistakes and reimburse the customer company.

This begs the question of how often suppliers voluntarily send overpayments
back to their customers. In the normal course of business, this is rare. But once
an intention to audit has been notified, it is not uncommon to find suppliers
confessing to any over-billing and putting into place measures to reimburse
the customer.

Repayments of over-billed amounts can be significant, as described in the
following case study.

Case study
In 2005, a global marketing and advertising group had to refund around GBP250
million to consumer markets and other clients around the world, of which three
million was given to a single supermarket chain. The money had been built-up in
the marketing and advertising group’s balance sheet, from credits and rebates
from media owners that were not passed back to its clients.



KPMG firms have recently uncovered instances of overpayments in outdoor
advertising because the time on display was not honored. The audit revealed
In KPMG firms’ that customers were being charged for a month, but the material on display
experience, when was being changed after two weeks. This disparity was revealed by our audit

we conduct and involved date reconciliations to the scheduling of the people who changed
the posters on the billboards.
supplier audits, we
Another common finding in the area of media and marketing is inappropriate
find that more than markups and double-billing of external costs.
70 percent of the
third parties we Figure 8: Flushing out the ‘known unknowns’

review have made
errors in their self-
reporting, filed SUPPLIER
inappropriate
claims, charged
inappropriate prices
or all of the above.

TRANSACTIONS SUPPLIER’S
BETWEEN PARTIES INTERNAL DATA
(common data and (Visible to
understanding) supplier only)

CUSTOMER

CUSTOMER’S UNDETECTED
DATA AND ERRORS
PROCESSES (Visible to neither
(Visible to party without detailed
customer only) investigation)




Using supplier audits to flush out information
The size of the problem caused by ineffective control and management of
supplier contracts is significant. The Aberdeen Group estimates resultant losses
to businesses around the world at US$153 billion per annum.2

In Figure 8, there are two “buckets” of information visible to the customer — its
own data and the data that is provided to the company by the supplier. The supplier
can see both the data it has provided to the customer and its own internal data,
which is not visible to the customer (in the top right hand box). In the bottom
right-hand box are undetected errors, the unknown unknowns, which are not
available to either party. The supplier audit will expose for the customer what
is in both right-hand boxes.

In KPMG firms’ experience, when we conduct supplier audits, we find that more
than 70 percent of the third parties we review have made errors in their self-
reporting, filed inappropriate claims, charged inappropriate prices or all of the
above. It is clear that businesses that do not exercise their rights of audit, as was
the case with 36 percent of the webcast poll respondents (see Poll Question 6),
are not capitalizing on significant potential recoveries.

Poll Question 6: Auditing supplier contracts

To what extent does your organization exercise rights of audit in
supplier contracts?

Established program of supplier audits 13

Some audit activity in specific categories 44

Only for media/advertising spend 5

Not at all 36

0% 10% 20% 30% 40% 50%


2
Aberdeen Group, The Contract Management Benchmark Report, 2006


Conclusion

Procurement is where the money is and, therefore, an area ripe for fraud
and misconduct. The procurement process is growing in importance as many
organizations aim to improve the value they can create. There are several steps
organizations can take to tighten existing controls, many of which have been
described by the preferred leading practices outlined in this paper.

Proactive forensic data analysis can be used to detect fraud and misconduct
through a systematic analysis of the available data, which includes data that
is both internal and external to an organization.

Unless companies exercise their rights of audit, they cannot be sure their
suppliers are billing in line with the contract. While many companies may have
concerns about the impact of an audit on their relationships with suppliers, our
firms’ experience suggests audits can enhance relationships by creating a more
balanced relationship between the supplier and customer.

How KPMG firms can help
KPMG’s Risk and Compliance professionals are trusted advisers to some of the
world’s leading enterprises. Our network of forensic and contract compliance
professionals work in 28 accredited practices within KPMG member firms around
the world. This network brings a global approach, combined with a tailored local
focus, to sensitive and complicated local or cross-border engagements.

Forensic Services
Our Forensic services are aimed at helping our firms’ consumer markets clients:

• prevent instances of fraud and misconduct from occurring in the first place,
• detect instances when they do occur,
• respond appropriately, and
• take corrective action when instances arise.

Professionals in KPMG’s Forensic practice draw upon extensive experience in
forensic accounting, law enforcement, fraud and misconduct control assessments,
legal damage quantification and analysis, expert witness testimony, international
arbitration, asset tracing, computer forensics and forensic data analysis.



Contract Compliance Services
Our Contract Compliance Services (CCS) are aimed at helping our firms’ consumer
markets clients:
• identify significant cost recoveries or other improvement opportunities, and
• audit and enforce contracts with their suppliers.

KPMG’s CCS professionals are experienced in serving a variety of our firms’
consumer markets clients in areas such as royalties, licensing, distribution
agreements, advertising and more. As a result, we understand the complexities
and nuances of a range of business contracts, processes and procedures and
have been able to help companies identify and recover overpayments to suppliers,
while maintaining and improving relationships with them.

Using a range of technology tools, KPMG member firms’ professionals help
organizations address the risks and costs involved with evidence and discovery
management and as well as the acquisition, management and analysis of large
data sets. Our professionals work alongside consumer markets clients to handle
information from its creation to its preservation, collection, analysis and presentation
in discovery. We also apply computer forensic and data analysis techniques to
assist with detecting fraud and misconduct.

Whether your needs call for a fraud and misconduct risk assessment, the
design of a global compliance program or better use of technology to enable
continuous transaction monitoring — our Fraud Risk Management and Contract
Compliance services are designed to be targeted, scalable and tailored to your
specific requirements.

About KPMG and the Global Consumer Markets Practice
KPMG is a global network of professional firms providing Audit, Tax and Advisory
services. We have 140,000 outstanding professionals working together to deliver
value in 146 countries worldwide.

KPMG is organized by industry sectors across our member firms. The Consumer
Markets practice, which focuses on the Food, Drink and Consumer Goods and
Retail sectors, comprises an international network of professionals throughout
the Americas, Europe, the Middle East, Africa and Asia-Pacific.

This industry-focused network enables KPMG member firm professionals,
with deep experience in the consumer markets sectors, to provide consistent
services and thought leadership to our clients globally, while maintaining a
strong knowledge of local issues and markets.



Contact us
For more information about the detection and prevention of procurement fraud in
your company, please contact any of the following KPMG professionals:

Willy Kruh
Global Chair, Consumer Markets
KPMG in Canada
+1 416 777 8710
wkruh@kpmg.ca

Amanda Aldridge
Global Forensic Lead, Consumer Markets
KPMG in the UK
+44 20 7311 8073
amanda.aldridge@kpmg.co.uk

Grant Jamieson
KPMG in China
+852 2140 2804
grant.jamieson@kpmg.com.hk

Graham Murphy
KPMG in the US
+1 312 665 1840
grahammurphy@kpmg.com

Kajen Subramoney
KPMG in the UAE
+971 (4) 424 8900
kajen@kpmg.com



About the Authors
Amanda Aldridge is the Global Forensic Lead for Consumer Markets in KPMG in
the UK. She has experience in dispute advisory including loss of profits, forensic
transaction services (completion accounts disputes and expert determinations)
and rights of minority shareholders as well as Intellectual Property Contract
Governance including supplier audits, royalty and licensed product audits and
media distribution audits.

Kajen Subramoney is the Head of Forensic Technology for Consumer Markets
in the UAE. He joined KPMG’s South African firm after completing his studies
in Computer Engineering. Kajen has had broad experience in Forensic
Technology work including digital evidence recovery, e-discovery and forensic
data analysis.

Graham Murphy is the US Forensic Lead for Consumer Markets in KPMG in the
US. Graham specializes in investigations, fraud risk management, arbitrations and
dispute advisory. He has conducted numerous financial investigations, including
procurement fraud, alleged earnings management, contract compliance, theft and
misappropriation of assets and conflict of interest issues.


kpmg.com

The information contained herein is of a general nature and is not intended to address the © 2010 KPMG International Cooperative (“KPMG International”),
a Swiss entity. Member firms of the KPMG network of
circumstances of any particular individual or entity. Although we endeavour to provide accurate and independent firms are affiliated with KPMG International. KPMG
timely information, there can be no guarantee that such information is accurate as of the date it is International provides no client services. No member firm has
received or that it will continue to be accurate in the future. No one should act on such information any authority to obligate or bind KPMG International or any other
member firm vis-à-vis third parties, nor does KPMG International
without appropriate professional advice after a thorough examination of the particular situation. have any such authority to obligate or bind any member firm. All
rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG
International Cooperative (“KPMG International”), a Swiss entity.
Designed by Evalueserve.
Publication name: rocurement Fraud in Consumer
P
Companies: Preventing, Detecting
and Taking Action
Publication number: 100704
Publication date: August 2010

Procurement fraud

More Related Content

What's hot

Viewers also liked

Similar to Procurement fraud

More from Tessa Smits

Recently uploaded

Procurement fraud