Category Archives: Fraud

Fraud Permeates Your Supply Chain …

As per yesterday’s post, chances are that fraud is running rampant throughout your supply chain. It might not be all that significant in the grand scheme of things — a few points here, a few K there, a few items go missing from the stock room — and might be costing the organization less than an effort to stop the fraud would cost. Or, the organization might be losing 5% of its total revenue, which could be 5M annually if the organization does 100M annually, or 50M annually if the organization does 1B annually. And it’s very likely that you have no clue which end of the spectrum the fraud occupies.

You might be thinking that there’s no way we’re losing 50M a year — all of my categories over 5M are contracted, we monitor inventory and invoices, and all spend over 5K is tied to an invoice or a PO and the rest of the spend is so minuscule that the most we could be losing is 1M or 2M a year but, as we tried to point out yesterday, just because things look good, that doesn’t mean that they are.

For example, your buyer could be colluding with your primary supplier in your 100M category to inflate the quality and reliability metrics to the point that the overall weighting scheme chooses the supplier despite a 3% markup that is going 100% into the seller’s commission, with a 10% kickback to the less-than-honest buyer who inflated the scores. There’s 3M on one category. It’s a far cry from 50M, but let’s say that your organization also lost 20M this year from a “theft” on your main warehouse that was pinned on an organized crime ring. Was it an organized crime? Or an inside job where an employee cut the power on the way out for a big wad of cash and a local band of unorganized yahoos stole the goods? There’s 23M. Then you have carriers charging double fuel surcharges on 100M of freight and another 4M goes down the drain. Then you have the supplier of 20M worth of inventory that submits the same invoice twice with different invoice numbers 50% of the time, which the system doesn’t catch because it matches a PO and/or goods receipt and you overspend another 5M. There’s 28M. And then there’s the high-powered elite sales team that likes to charge “champagne” at the strip club for their “clients”; the marketing elite that thinks high-end dog kennels are “hotel” charges; and the C-Suite that only flies first class, against policy that flights under 4 hours must be business. And all of a sudden that’s another 2M of employee fraud that is slipping through the cracks and we’re at 30M. And we haven’t looked hard yet.

Get the point?

So why is your supply chain rampant with fraud? Simply put, because you don’t detect it.

Why not?

Platform iZombie.

Your platform blinds you to it. Your outdated, last decade platform that barely gets you through an average sourcing event that hasn’t kept up with the time, hasn’t made you smarter, and, in fact, takes you down the same old, beaten, dying path that you’ve been down before again and again.

So what do you do?

Get a better, more modern, platform.

What do you look for?

Stay tuned!

Does Trouble-Free Mean Fraud-Free?

Of course not!

Sourcing Innovation has been informing you for years about how fraud can permeate a seemingly trouble-free supply chain and how the following, seemingly mundane, situations can hide serious fraud.

  • Abnormal Vendor Selection
    especially if the vendor has poor quality ratings or significantly higher costs compared to peers
  • Payments Outside the Normal Accounting System
    when it should be easy to ACH or wire the supplier a payment
  • Unusual Payment Patterns
    when most suppliers in the category get paid monthly and one supplier is getting paid bi-weekly
  • Rates Out of Line with Your Company’s Standing in the Market
    when you typically pay 5% less than market average but instead you are paying 5% more
  • Unexplained Lifestyle Improvement in an Employee or Manager
    who used to drive a beaat-up 10-year old Chevy Aveo but now drives a shiny beamer
  • Complaints or Tips
    from whistle-blowers who notice unusual activity beyond the norm

But the following can also indicate fraud:

  • automatic order triggers in a VMI system
    a vendor can manipulate stock levels to indicate a re-order prematurely to increase their revenue
  • more purchase orders than usual
    although it looks like your team is doing a good job by getting more purchases through the system, this could represent collusion between your buyer and a seller to inflate either the sales person commission or the buyer’s bonus by submitting false orders that will just be cancelled or returned at a later date
  • an unusual number of returns
    your buyer could be colluding with an individual at a shipper’s facility to create orders for unwanted goods which will be filled incorrectly; the buyer will then demand a refund and the goods will get lost during the return process
  • more defective returns than usual
    your quality assurance personnel might be accepting inferior products for bribes

The reality is that the supply chain is ripe with opportunities for fraud. These include:

  • Fixed Asset Fraud
    Fixed assets might be used for purposes other than what they are designated for, or used more than they are supposed to be. This misuse can damage the asset or reduce its useful life-cycle.
  • Inventory Fraud
    Your employees help themselves to your inventory and falsify records so that you don’t notice the loss until weeks or months later. They might even falsify good receipts to indicate less was received than actually was.
  • Manufacturing Fraud
    Your supplier might send you a high quality product (from another supplier) during the evaluation process for testing, but then send you inferior products made from inferior materials after the contract is signed that look the exact same – and you don’t notice the problem until you get an extraordinary number of returns due to defects or inferior quality.
  • Picking and Return Frauds
    Your order pickers in your warehouse might be picking extra items during shipment preparation and pocketing them for private off-the-books sales.
  • Distribution Fraud
    One or more boxes of your shipment will not be loaded by the shipper who will falsify records and blame the third party carrier for the loss.

And this is just the tip of the iceberg. So what do you do?

The implications of Crying Thief!

Today’s guest post is from Tony Bridger of Assymetrix Consulting. Got a spending, process, or change management problem? Tony has a solution.

There is an old Nigerian Proverb that runs a little like: “One cry of “Thief!” and the whole marketplace is on the lookout.

However, crying “thief” has serious implications for many business, particularly those public organisations with shareholders who would quickly perceive financial crime as a systemic business process failure.     It is easier for management teams to internally manage fraud than to prosecute. Detection of large fraud is also an admission that both controls and deterrence are failing.   In a recent article, It’s Hard to Find Fraud in Big Spend Stacks …   the advent of AI could provide that vital detection of internal fraud.   It’s a sophisticated solution.

Whilst we are on the subject of proverbs, a key element in fraud management is “prevention is better than cure”. Companies that detect fraud have clearly not created the cultural norms that others take for granted that deter staff from committing fraud.   There are many cultural and technological capabilities that can reduce the incidence of fraudulent activity that are well within the grasp of many businesses.   Deterrence – or risk of detection is a critical cultural message.

With some careful risk analysis, it is quite easy to map out where company fraud is likely to originate. Finance, Procurement and staff expenses are usually the key internal risk areas.   Culturally, one of the first steps is to ensure that there is adequate separation of duties.   In finance, this is simply ensuring that a finance staff member does not have the capacity to both create a supplier vendor master entry – and pay an invoice.   This is a system administration role setting. The creation of “dummy vendors” and subsequent payments is often down to this simple failure.   Making all data elements (Business Number, address, contact details) as mandatory data items also reinforces the message on data integrity.   Many mid to high end systems will also allow user audit trail analysis if required. This simply captures the user-id of the employee accessing the key finance system forms.

For smaller companies, separation of duties can be an issue – but keeping a register of new supplier entries and reviewing this regularly is a key move.   In the procurement space, the person who creates the contract and then manages the winning vendor should also not be one and the same person if possible.   Again, hard to mobilize with limited staff and expertise – but a very clear signal around why is a powerful deterrent.   The idea is not to create a draconian working environment – it is simply ensuring that employees understand that this is designed to protect them – as well as the company.

Where possible, organizations should also use the power of their accounting system to the full.   Many of the low-end accounting systems have decent quality automation for transactions like staff expenses.   From experience, there are some subtle employee mindset changes generated with increased automation.   Almost all of us realize that entering data in to a system creates a record.   Once submitted, unless a request is made to vary the claim – the electronic evidence exists.   Paper can be lost, shredded or misinterpreted.

Almost all staff will recognize that these transactions can be retrieved many years later.   A very good business practice is to engage a vendor that provides duplicate invoice analysis services periodically.   This service can also detect anomalies and “odd” transactions.   A multiple repeated “same value” claim by an employee will almost certainly be found and analyzed. As many of these services are contingent based, they are quite affordable.   Regular auditing can also send clear signals on fraud risk assurance.

However, the combination of separation of duties, increased electronic transaction processing and periodic data analysis should send very clear cultural signals about what is acceptable. Staff will work out the “why?” comparatively quickly.

Organizations cannot effectively function if trust is lacking.   The notion of the cry of thief! Is far more acceptable if good management controls are in place and any subsequent fraud is detected. In effect, it’s a best effort approach to fraud prevention.

Thanks, Tony.

Why You Have to Find that Fraud in Big Spend Stacks …

We recently published a piece on how it’s hard to find fraud in big spend stacks, and it is an important one. While fraud in most organizations might be relatively small, and might be mostly controllable by the right culture, processes, and systems (but that’s a subject for a future post), it’s still going to be there, and the most common form of fraud you are not going to detect is collusion fraud.

But this can be the most costly. Let’s say Bill and Ted both have invoice approval rights in the services procurement system and can singlehandedly approve services procurements up to 20K. Let’s say Bill’s buddy Bob has a services firm and let’s say Ted’s buddy Tim also has a services firm. Let’s also say that the organization also has a great need for temporary contingent labour to man the warehouse, clean the offices, and guard the assets of the company.

Let’s say that oversight of these services is left up to the approver for verification. Let’s say that Tim routinely sends two services guards when the general policy is to have three guards on duty and that Bob typically sends only two janitors to do the work that would typically be done by four by the old services provider. Who’s to say that Tim doesn’t send two guards but bill for three? And who’s to say that Bob doesn’t send two janitors and bill for four? And if these invoices are sent bi-weekly, they are going to fall well within approval limits.

Moreover, who’s to say that Ted doesn’t know about Tim’s over-billing and Bill doesn’t know about Bob’s over-billing? And who’s to say that Bill and Ted don’t have a deal to approve the over-billings for each other because their wives are getting an “efficiency consulting” fee from Tim and Bob’s companies?

Maybe this doesn’t happen in your company, but it happens more than one thinks, and just because you never detected this, how do you know it’s not happening? Invoices from real suppliers for real services at approved rates can still contain fraudulent over-billings for services not actually delivered, and those proceeds can still be partially kicked back through indirect channels to organizational employees.

But how do you detect this? Very sophisticated AI-based algorithms that detect unusually high approval patterns between two organizational employees, for amounts that should have been reduced with new contracts, that don’t match typical, anonymized, organizational patterns. And then human investigation to find the truth.

So why is this so important? Besides plugging the leaks? Because if you can’t find internal collusion, how will you ever detect potential cases of external collusion? And gather enough corroborating evidence to at least get an investigation going? If industries collude, and jack prices above market prices, the organization will lose considerably more than it will lose to Bill and Ted (from the evil, parallel, universe). And this happens more than you think too, it just doesn’t always get detected and investigated. Fortunately, sometimes it does, and sometimes, even if there is no certainty that fraud happens, regulators, presented with enough evidence still investigate — like they are doing now among the German automakers (which led to a surprise raid on BMW headquarters as recently reported in the New York Times) that are suspected of conspiring to hold down the prices of crucial technology (as initially reported in July). Regardless of the outcome, technology that can identify potential fraud and gather correlating evidence will keep everyone more honest, and that’s a good thing.

Oversight for more than just your Travel & Expense budget management

Oversight is an Atlanta-based software (as a service) company founded back in 2003 to help organizations monitor spending in an effort to identify errors, waste, misuse, and fraud in the grey area of enterprise spend. As every recovery firm will tell you, the average organization will overspend by 1% to 3% as a result of over billings, duplicate billings, unnecessary spend on superfluous demand, maverick spend, and even fraud. (And they make their living recovering a portion of that, typically a third, and then charging you 33% of the recovery as their fee. Sounds small, but 1/3 of 1/3 of 3% of spend is 0.33% of spend, and if the organization spends 100 Million, they get 330,000 for an effort that can be largely automated and, even worse, be avoided with proper up-front spend monitoring.)

For example, if all invoices are compared to invoices and goods receipts before payments are authorized, this can prevent overpayments. Duplicate billings can be identified in the same way (and duplicate payments prevented). Potential fraud can be identified by forcing all invoices from unknown suppliers, for unknown products, or for unexpected amounts to be manually reviewed. (This can’t prevent in-house fraud, where a buyer pays a fake invoice to a fake company controlled by a relative, or a co-conspirator, but it can prevent external fraud.) Unnecessary spend on superfluous demand will require up front requisition control, as will maverick spend, but at least there will be no overspend or duplicate spend that can be unrecoverable once the contract with the supplier expires.

Oversight is unique in that it is not so much a software platform but an insights platform. Employing a team of data scientists focussed on identifying new algorithms and techniques for fraud detection, Oversight uses their in-depth knowledge of fraud to build solutions that will help the clients identify potential cases of fraud that they could never hope to identify on their own. The best most companies can do is sample based audits and spot checks which are unlikely to identify much fraud as these will generally only be on a few percentage of invoices or transactions, and most employees who have been getting away with fraud for a while will not be doing anything obvious, and the fraud will not be detected without correlations across documents and systems. That’s where Oversight comes in.

The Oversight solution is a web-based software solution for automatic spend analysis and identification of high-risk or potentially fraudulent transactions that comprehensively analyzes T&E, purchase card, and accounts payable spend using a suite of statistical, clustering, data mining, break point, rule-based, evidentiary reasoning, and machine learning algorithms that look for discrepancies, suspicious patterns, known fraud, and risk indicators to identify those transactions that need to be manually reviewed. The dashboard-driven, or work-bench driven, interface allows an analyst to drill into suspicious transactions by country, organizational unit, risk level, or exception type and can be configured to show the analyst only those exceptions assigned to her, or her team, or every unresolved exception in the system.

When a user drills in by exception type, she sees an overview of the overall risks by country and can drill into suppliers to see the specific exceptions. When a user drills in by country, she can see the overall risk by supplier and then by exception. In other words, she can drill into at-risk transactions using country, organizational unit, supplier, and at-risk type in any manner they please.

Or, they can look for exceptions by process. Right now, Oversight supports the identification of at-risk transactions in the travel & expense, procure to pay, and purchase card processes and has recently added support for FCPA, Anti-Bribery, and Corruption Risk — including the identification of known politically exposed parties.

Plus, the platform not only integrates with all of the big supplier and financial data providers — such as Dunn & Bradstreet, Bureau van Dijk, and CreditSafe — but also integrates with providers of risk indicator data such as Ecovadis and Sedex Global. Plus, they maintain their own databases of known politically connected parties, gentlemen’s clubs, denied parties, and other parties that an organization typically should not be allocating funds to. This last capability is quite important … just ask American Express which once received a 241K strip club bill authorized by the CEO. (Source)

Since fraud attempts differ by country, and collusion is hard to detect with a standard m-way match invoice processing platform, Oversight brings a powerful offering to the expense management space. It’s a platform worth checking out. For a deeper dive into the platform, check out the recent coverage by the doctor and the prophet over on Spend Matters Pro [membership required]. (Part I is up with Parts II and III coming within a week.)