We recently published a piece on how it’s hard to find fraud in big spend stacks, and it is an important one. While fraud in most organizations might be relatively small, and might be mostly controllable by the right culture, processes, and systems (but that’s a subject for a future post), it’s still going to be there, and the most common form of fraud you are not going to detect is collusion fraud.
But this can be the most costly. Let’s say Bill and Ted both have invoice approval rights in the services procurement system and can singlehandedly approve services procurements up to 20K. Let’s say Bill’s buddy Bob has a services firm and let’s say Ted’s buddy Tim also has a services firm. Let’s also say that the organization also has a great need for temporary contingent labour to man the warehouse, clean the offices, and guard the assets of the company.
Let’s say that oversight of these services is left up to the approver for verification. Let’s say that Tim routinely sends two services guards when the general policy is to have three guards on duty and that Bob typically sends only two janitors to do the work that would typically be done by four by the old services provider. Who’s to say that Tim doesn’t send two guards but bill for three? And who’s to say that Bob doesn’t send two janitors and bill for four? And if these invoices are sent bi-weekly, they are going to fall well within approval limits.
Moreover, who’s to say that Ted doesn’t know about Tim’s over-billing and Bill doesn’t know about Bob’s over-billing? And who’s to say that Bill and Ted don’t have a deal to approve the over-billings for each other because their wives are getting an “efficiency consulting” fee from Tim and Bob’s companies?
Maybe this doesn’t happen in your company, but it happens more than one thinks, and just because you never detected this, how do you know it’s not happening? Invoices from real suppliers for real services at approved rates can still contain fraudulent over-billings for services not actually delivered, and those proceeds can still be partially kicked back through indirect channels to organizational employees.
But how do you detect this? Very sophisticated AI-based algorithms that detect unusually high approval patterns between two organizational employees, for amounts that should have been reduced with new contracts, that don’t match typical, anonymized, organizational patterns. And then human investigation to find the truth.
So why is this so important? Besides plugging the leaks? Because if you can’t find internal collusion, how will you ever detect potential cases of external collusion? And gather enough corroborating evidence to at least get an investigation going? If industries collude, and jack prices above market prices, the organization will lose considerably more than it will lose to Bill and Ted (from the evil, parallel, universe). And this happens more than you think too, it just doesn’t always get detected and investigated. Fortunately, sometimes it does, and sometimes, even if there is no certainty that fraud happens, regulators, presented with enough evidence still investigate — like they are doing now among the German automakers (which led to a surprise raid on BMW headquarters as recently reported in the New York Times) that are suspected of conspiring to hold down the prices of crucial technology (as initially reported in July). Regardless of the outcome, technology that can identify potential fraud and gather correlating evidence will keep everyone more honest, and that’s a good thing.