Category Archives: Fraud

Sole Sourcing In Your Supply Chain: Oversight Or …

An indicator of fraud?

As per a number of Sourcing Innovation posts, and a recent post over on Procurement Leaders on “Procurement Fraud: A Shocking Wake-Up Call”, procurement is a ripe area for occupational fraud. Outside of Accounts Payable, Procurement generally controls or influences the most organizational spend.

And not only is “Procurement Related Fraud on the Rise” (Spend Matters UK), but it is taking place at 2 out of every 3 organizations — many of which are even unaware of its presence! Furthermore, every organization affected by fraud is likely losing 2% of its revenues to fraud. Forget overpayments, duplicate payments, and other recovery audit targets that, even when extremely successful, aren’t likely to recover more than 0.5% of your revenue in supplier credits — especially when most of these overpayments can be prevented with good invoice automation. Fraud is the bigger uncontrolled drain on the average organization’s coffers, and the issue that most needs to be attacked.

Fortunately, there are tell-tale signs of fraud, and if you regularly look for, investigate, and take precautions to prevent certain scenarios, the chances of fraud occurring in your organization will be significantly reduced. A number of these signs are succinctly summarized in Mr. Ashcroft’s post on Procurement Fraud: A Shocking Wake-Up Call, referenced above, but it’s the first four that really catch your attention.

  1. Single Source Decisions
  2. Insistence on Sole Contact With Suppliers
  3. Reluctance to Change Suppliers
  4. Refusal to Issue Invitations to Tender

All of these relate to sole-sourcing, which we all know to be a significant supply chain risk as a single disruption can wipe out an entire product line or category. Sole-sourcing should generally only be used when you are producing a new product which involves turning over a lot of proprietary knowledge to the manufacturer, proprietary knowledge upon which your competitiveness is dependent, or when the product requires a new type of technique that only one supplier can currently offer at an affordable price point. Otherwise, for supply assurance and risk mitigation, dual (or tri) supply should be used.

If something is being sole-sourced for which there is no good justification, then the sole-source arrangement should be carefully evaluated as the reason therefore could be fraudulent (or, if not fraudulent, unethical, as the buyer could be choosing that supplier simply because the supplier constantly gives the buyer free tickets to sporting events, free trips to industry conferences, etc.). And if any suggestions to change the supplier meet with unnecessary reluctance or insistence not too, that’s an even bigger indicator that something could be happening under the table.

In other words, when you get right down to it, sole-sourcing is generally not a good decision. When you combine the opportunities it presents for fraud and disruption, the risk is typically too great.

Are You Losing 2% of Your Revenue to Fraud? Are You Sure?

Between two thirds and three quarters of organizations experience fraud every year and the average organization affected by fraud loses 2.0% of revenue in the UK and EU and 1.7% in the US. This means that, even if your organization is not aware of fraud, there’s still a 66%, or more, chance that it is being defrauded. And it should know for sure, one way or the other. Because if fraud isn’t detected, dealt with, and discouraged quickly, you end up with headlines like this:

  • Alibaba.com CEO And COO out because of vendor fraud
    involving over 2,000 suppliers and 100 staff members
  • Former Vodafone employee facing fraud charges
    for the fraudulent requisition of €2.3 million of services
  • The great Sainsbury’s potato fraud:
    Jail for vegetable buyer who took £5 million in bribes

Which all have one thing in common — each of these frauds involved the payment of millions of dollars to fake suppliers. Not over billings, not duplicate billings, fake billings from fake suppliers. A situation that can easily be prevented with a good supplier information management or supplier visibility system that validated the accuracy of the supplier information and the legitimacy of the supplier. If the supplier information management and visibility system cannot validate the existence and legitimacy of the supplier, then AP knows that a detailed manual investigation should be undertaken before the supplier is authorized to submit invoices, and that such authorization should require at least two sign-offs by high-level personnel. This simple process, which is yet another example of the value of supply chain visibility, would prevent fraudulent invoices from non-legitimate suppliers from ever getting in the system and greatly decrease the organization’s exposure to fraud.

And this is only one example of the many types of savings opportunities that good Supply Chain Visibility can bring your organization. For a deeper insight into the other ways in which Supply Chain Visibility can bring your organization recurring year-over-year savings, download SI’s latest white-paper on The ROI of Supply Chain Resiliency: It’s More Than You Think, sponsored by Resilinc. You might be surprised at just how much hidden value you can extract from your Supply Management operations with good visibility and resiliency.

Your Supply Chain Is Only As Safe As the Most Insecure Point

Just like a chain is only as strong as the weakest link, your supply chain is only as safe as the most insecure point – and the surprising thing (to you) is that it’s probably not where you think it is (at least not if you do business the local way).

As per this recent article over on the Logistics Briefing Blog on Transport Intelligence, “2012 is a record breaking year for freight criminals”. It was bound to happen sooner or later. As the article points out, with an average electronics shipment valued between 3 Million and 30 Million, these shipments are worth a lot more than most shipments of drugs or even guns, and are more valuable to thieves in more ways than one.

  1. The margins are higher.
    The cost of an operation to steal one of these shipments is typically 10% of the value, or less. It truly is a steal.
  2. The risk are lower.
    Most law enforcement agencies haven’t realized just how attractive these shipments are to criminals.
  3. The downside is much lower.
    If you do get caught, and it’s a first offence, it’s unlikely that you’ll end up in jail (unless the theft was violent and someone got hurt). In comparison, if you’re running drugs, you’re going to jail. Even if it’s just a few ounces of marijuana. (Plus, the chances of being hunted down by a heavily armed SWAT team are miniscule in comparison.)

But what is really going to surprise you is where the crime is picking up. Many of the significant thefts are in the EU! A recent theft in Hungary involved about €3 Million worth of smart-phones. Theft in the Netherlands shot up when the U.K. launched “Operation Grafton” to reduce thefts in Heathrow. And freight crime in Belgium has increased 90%.

So for those of you worried about India and China, think again. (And, as mentioned in the first paragraph, if you’re willing to do business the traditional way in those countries, and grease a few palms, your cargo will be quite safe. SI is not endorsing this, especially if you’re in the U.S. or the U.K. where such actions might be seen as violating the FCPA or the Bribery Act, but just noting that, statistically these countries are safer to ship in than a number of countries in Europe and can be much safer than just about anywhere in the world with the right preparations. The point is that your first instinct is probably not the right one when it comes to judging safe shipping zones.)

Hiperos – It’s So Hip To Be Square with 3rd Party Management! Part II

Hiperos provides a SaaS platform that allows an organization to manage the entire 3rd party lifecycle, which consists of registration, data collection, segmentation, control automation, assessment, management, and collaborative issue resolution.

Hiperos includes your standard SIM (Supplier Information Management) functionality that allows for supplier self-service registration and profile maintenance and data integration from third party sources. On top of that it implements a user-configurable rules-based workflow that allows third-parties to be segmented into different buckets that represent the different programs that they need to be subjected too – be it FCPA, REACH, WEE, HIPPA, or some other type of compliance or monitoring program. Each bucket has its associated monitoring rules that notify the third party when more information is needed and that automatically alerts the user when a violation is detected or when information is not provided by the third party in a timely fashion. Assessments are automatically run every time new data becomes available and can be run by a user at any time. The fact that all relevant third party information is available at all times allows users to pro-actively manage third parties, and associated risks, and then either work with third parties to mitigate risks, if the potential infraction can be corrected, or cut them loose if the risk of association is too great (because they showed up on a denied party list or use child labour in their supply chain).

The application, which loads the default user-defined dashboard, allows a user to manage third parties, engagements, relationships, products, and programs and to define programs, vendor communities, reports, and analytics.

The dashboard is multi-tabbed and allows a user to define relevant views on each of the application areas defined above, as well as a default dashboard that allows the user to see the information most relevant to him or her. At the top of the dashboard is a link to current action items that allows a user to quickly see what needs to be done in third party management, engagements, programs, etc. The dashboards can be configured using hundreds of pre-defined (reporting) widgets or the user can define their own widgets by defining appropriate reports in the reporting module. And the user can bring in real-time news and data feeds from sites of interest.

The application can track any compliance, performance, sustainability, or risk data elements of interest and, like any good SIM platform, is preconfigured to track hundreds of relevant data items, depending upon the programs you define as relevant for a given compliance, performance, or risk program (which minimizes the amount of configuration required to track custom fields). And not only is all relevant data available from any view that is program or user defined, but it’s all interlinked so a user can click on a third party included in a program, see the relevant report(s), and then dive into the third party data management screen to examine the raw data elements, and then run a report on just a data subset.

Program definition is flexible and allows for any type of compliance, risk, sustainability, or performance program you can think of. In addition, the fact that Hiperos also supports contract meta-data and third-party data feeds allows financial impact reports to be generated. That way, a user always knows what the impact of a third-party falling out of compliance is to the organization. Knowing that a tier-one supplier might be buying from a tier-two supplier that might be using child labour is one thing, but knowing that the organization is spending 20 Million across 5 categories on that tier-one supplier is something else. In the first case, the supplier is put on the “investigate” list and someone gets around to it when they get around to it. In the second case, the user knows that it is a high priority and an investigation has to be started immediately as the public backlash will be extremely damaging to the organization if it gets out that 20 Million is being spent on products and/or services that were partially produced by child labour.

Hiperos has also included extensive color-coded geo-mapping capabilities so that you can quickly see, for any program, where the highest risk areas are globally and dive in. While Hiperos is not the first company to do this, they have latched on to the fact that the visual representation of risk or non-compliance by region allows one to quickly see what regions have to be monitored. This allows resources to be properly applied, especially since proper monitoring will typically require subscriptions to appropriate data feeds for those regions.

The Market Intelligence capabilites are quite extensive too, and they have pre-configured watch-lists, diversity monitoring, parent-subsidiary monitoring, subcontractor monitoring, REACH/WEE monitoring, and dozens of other feeds of interest which can be enabled as required by the client.

And the analytics piece supports the full suite of slice-and-dice capabilities found in most sourcing products today, so that you can dive into the data and find out which suppliers, categories, or programs represent the highest risk to your organization.

There’s quite a bit of data, and the application can be quite busy at times, but Hiperos has one thing right, where compliance is concerned, it’s Hip to be Square.

Hiperos – It’s So Hip To Be Square with 3rd Party Management! Part I

When we last checked in with Hiperos, they had evolved from a Risk Management platform to an “Extended Enterprise Management” platform that integrated Contract Management, Compliance Management, Performance Management, and Sustainability Management into a 360° solution platform for an organization that wanted to get these various facets of risk under control.

However, as they have continued to roll-out their platform and work with clients in different verticals (beyond finance, which was their initial core strength and where they appear to be dominating the market), they have found that as enterprises get their internal(ly controlled) risks under control, their clients realize that typically the biggest risks they face are from their suppliers and vendors who provide then with all sorts of direct and indirect product and services. As a result, 3rd Party Management (3PM) has become critical to their operational success. How critical?

Consider these statistics. Forty-four percent of data breaches involve third parties, and the most expensive data breach has cost 35.3 Million dollars to resolve. And while this is atypically high, a data breach will cost an organization millions to resolve (as even the cheapest data breach cost $780,000). And if there turn out to be traces of blood money or drug money in your supply chain, it could cost you as much as $160 Million to settle the resulting probe. In short, 3rd Party Risk, if not properly managed, is likely to end up costing your organization millions. The only question is when.

And if you believe that preventative spending to manage risks that might not happen is unwise in this economy, consider this. Organizations that implemented Hiperos 3rd Party Management saw a 75% reduction in customer impact incidents due to sole sourcing. One organization was able to eliminate a seven-figure spend of 4 Million in annual subscription fees that it was paying just to insure that it wasn’t using blacklisted or banned suppliers (and that it wasn’t working with suppliers who were known to bribe and/or be involved in anti-corruption investigations) as the Hiperos 3rd Party Management solution contained all the functionality they needed. And, overall, Hiperos’ clients saw a 300% increase in the assessment of 3rd parties with a high-breach potential — allowing them to be vetted or eliminated before a costly incident occurred.

And this is jus a short-list of costly compliance and reputational risk facing an average organization that operates globally and has to deal with ISO, SAS 70, Anti-Bribery, Anti-Money Laundering, FCPA, SOX, OCC, CFPB, REACH, WEEE, OSHA, HIPPA, and W9 security and reporting obligations, just to name a few. A third party management solution tracks all of this, and more.

So what does Hiperos do to help you with your 3rd Party Management? Stay Tuned for Part II.