We hope you have enjoyed our procurement fraud prevention series series and we hope we have successfully made the case that procurement fraud prevention is something that needs to be part of every Chief Procurement Officer’s 2011 strategic plan. We conclude the series today with a discussion of two final strategies – one from an accounting and controls expert; the second is an idea that ties back into one of our major themes at CPO Rising this year (and we predict, this decade).
Our first strategy is from an expert with an impressive background in accounting and forensic accounting who must remain anonymous due to the media policies of his employer (Sidebar: There can be many reasons for anonymity for our contributors – employment policy, personal preference, article timing, etc. In every instance of an anonymous contribution to a CPO Rising Article, please be certain that we have personally vetted the contributor and that we trust the context and experience behind the contribution. Finally, by publishing it, we believe that anonymity does not detract from the idea or strategy being espoused.) We have talked about internal audits earlier in the series, but this discussion delves a little more deeply into the mechanics of the audit structure and process. For those of you who aren’t close to the accounting function in your enterprise, we should discern internal audits from external audits for a two reasons. The first is that external audits are performed by third-party accounting firms and are focused on validating the accuracy of an enterprise’s financial statements. The second is that external auditors are not focused on fraud detection; that is a primary role of internal audits. Confusion, as to the role of the auditors, may be a contributing factor to what the Association of Certified Fraud Examiners’ in its 2010 Report to the Nations on Occupational Fraud and Abuse described as an “over-reliance” by enterprises on external audits to identify fraud. What confuses the issue even more is that it is not uncommon for the staff from the external accounting firms to perform internal audits. Clear? as mud, I fear – when you have a chance, ask your controller to explain.
No matter who performs the internal audit function, our expert believes that the threat of an audit is one of the most effective mechanisms enterprises have to prevent fraud. Audits should focus on the design of the process controls and check to see how the controls are monitored. A gap analysis of the controls in place across the entire source-to-settle process should be conducted and an emphasis should be placed on the vendor selection/approval and payment processes. Testing transactions (as Matt Rogers also discussed) is the other main part to an internal audit. Our expert suggests conducting random audits of transactions, supplier communications, and procurement processes to keep people on their toes.
Two other strategies recommended by this expert are (1) Price Benchmarking which would (A) analyze internal prices paid for categories across the entire supply base and (B) compare prices paid to ‘market’ prices and (2) Make staff take vacations on a regular basis and establish co-workers who will serve as an official back-up during the vacation since co-worker proximity and visibility can serve as a good fraud deterrent.
eSourcing 2.0: Every negotiation that results in an executed contract should use an eSourcing solution.
As we have discussed previously, the simple justification for eSourcing 2.0 is that there should be an enterprise-level system of record that captures the key elements of the discussion with suppliers that result in the final (or agreed upon) business requirements and associated terms. This justification is one of compliance, one of visibility, one of knowledge capture and the development of best practices. Who would argue against these points? – particularly in the context of procurement fraud prevention….
Let eSourcing 2.0 take a bite out of [procurement] crime.