Procurement Fraud Consumer Companies

7/25/2019 Procurement Fraud Consumer Companies

1/28

CONSUMER MARKETS

Procurement Fraud inConsumer CompaniesPreventing, Detecting and Taking Action

KPMG INTERNATIONAL


2/28

Willy Kruh

Global Chair

Consumer Markets

KPMG in Canada

II P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I NG A C T I O N

2010 KPMG International Cooperative (KPMG International), a Swiss entity. Member firms of the KPMG network of independent firms are

affiliated with KPMG International. KPMG International provides no client services. All rights reserved.

Message from Willy Kruh

We have found that procurement is an area that is highly susceptible to fraud and

misconduct in consumer markets companies. Further, increasingly complex and

global supply chains, coupled with a challenging economic environment, lend to

an even heightened incidence of this type of fraud. Since financial losses resulting

from procurement fraud directly affect a companys bottom line, minimizing the

opportunity for fraud within the procurement cycle can result in substantial gains

for consumer companies.

This paper shares the insight and experience of some of KPMG firms leading

forensic and contract compliance professionals who assist companies in the food,

drink, consumer goods (FDCG) and retail sectors with addressing procurement

fraud issues. In addition, the report summarizes and analyzes the results from a

poll of over 460 FDCG and retail sector procurement and other executives who

attended a KPMG Global Consumer Markets webcast on this topic earlier this

year. These poll results provide the first-hand perspectives of your industry peers

on how their own companies are affected by and dealing with procurement fraud.

I trust that the information herein, on the key procurement fraud risks, leading anti-

fraud procurement practices and cross-departmental approaches to procurement

fraud, supported by the feedback and insights shared by the KPMG webcast

participants, will provide you with relevant and useful guidance that you can

apply in your organization.


3/28

2 Introduction

3 Procurement fraud risks andways to reduce your exposure

12 Using technology to detectprocurement fraud

18 Making use of supplier auditsto counter fraud and loss

22 Conclusion

P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N 1




4/28

Historically, procurement fraud in consumer markets organizations has not been

as proactively or successfully managed as it can be today. Often regarded as an

issue not easily identified or prevented, many food, drink and consumer goods

(FDCG) and retail organizations were more likely to regard procurement fraud as

an unavoidable cost that (they hoped) had minimal impact on the bottom line.

However, according to a survey of 959 Certified Fraud Examiners on Occupational

Fraud & Abuse conducted by the Association of Certified Fraud Examiners (ACFE),

US organizations are losing nearly 7 percent of their annual revenues to fraud each

year.1If this is typical across industries and in other countries, then clearly it is an

issue that consumer businesses around the world cannot afford to ignore. In the

UK, procurement fraud is also a rising concern, where Amanda Aldridge, GlobalForensics Lead, Consumer Markets, KPMG in the UK, says that she has seen

more incidents of serious procurement fraud in each of the last two years than in

any of the previous eighteen.

In part, this apparent impact of, and rise in, fraud may be due to better detection, but

certainly as the issue moves up boardroom agendas, consumer markets companies

are beginning to ask themselves difficult questions about their approaches to

preventing, detecting and taking action against procurement fraud. They are

looking for help to find the answers.

Businesses face a number of key challenges. Have their buyers got the message

as to what is unacceptable behavior? Are they policing their gifts, entertainment

and conflict of interest policies? How effective is their due diligence in relation to

new or changing supplier relationships? Are they mobilizing the honest majority of

their employees and suppliers to report concerns? Are they using focused audits

to uncover overcharging or under-delivery? And have they tried to measure the

size and nature of the problem?

This paper looks at some of the risks associated with procurement fraud in the

consumer markets sectors and how these companies can reduce their exposure,

the use of technology to detect procurement fraud, and how to leverage supplier

audits to counter fraud and loss.

During a Global KPMG Consumer Markets webcast on Procurement Fraud held

earlier this year, participants were asked a series of questions to gather informationas to how consumer markets companies are preventing and detecting procurement

fraud in their organizations. Readers will find the results of these polls presented

and discussed throughout the paper.

1Association of Certified Fraud Examiners (ACFE) 2008 Report to the Nation on Occupational Fraud and Abuse

Introduction

I have seen moreincidents of seriousprocurement fraudin each of the lasttwo years than inany of the previouseighteen.

Amanda Aldridge

Global Forensic Lead, Consumer

Markets, KPMG in the UK




5/28

Referring again to the survey by the ACFE mentioned in the Introduction, the

most common fraud scheme (cited 27 percent of the time) was corruption,

including purchase schemes, invoice kickbacks and bid rigging. Schemes involving

fraudulent disbursements of cash were cited more than 50 percent of the time

with respect to asset misappropriations. Respondents cited a lack of adequate

internal controls as the biggest single contributing factor to occupational fraud.

One of the keys to reducing those losses therefore lies in managing the risks of

fraud and abuse and, clearly, in focusing on the procurement process.

The procurement process

Procurement has two distinct elements: sourcing and purchasing. Sourcing is where

an organization can create value by identifying cost savings within its current spend

and it starts by identifying specific purchasing opportunities.

For example, by rationalizing the number of vendors and capitalizing on economies

of scale, it may be possible to drive down costs per unit. This process can be helped

by having a defined competitive bid process.

The sourcing process should culminate in negotiated contracts with approved

suppliers, delivering lower costs. Obviously, the potential savings can and will

vary depending on the following:

Current level of spend by category

Number of suppliers per category Distribution of spend across division or businesses

Contract availability

Maturity of process and previous efforts to improve various categories of spend.

Value can be realized in the procurement process by executing and completing the

purchasing cycle. The majority of purchases should be from the list of approved

vendors, and many companies will monitor and maintain their list in the form of

a supplier catalogue. This catalogue lists the various products (Stock-Keeping

Units, or SKUs) that the organization requires, as well as the approved vendors

with agreed pricing.

Procurementfraud risksand ways toreduce your

exposure




6/28

This is not a static process. There will likely be ongoing opportunities to reduce

cost. As businesses change (products, geography, etc.), consumer marketsorganizations will need to evaluate their vendors and related processes

continuously. Many companies establish specific metrics against which they

monitor and evaluate their vendors and spending. Again, this is a continuous

process and, to manage it, an organization should constantly assess its supplier

relationships and look for opportunities to create value.

Figure 1: The procurement value cycle

Receipt/

Pay

Performance

Management

Identify

Opportunities

Specification

Request

Proposals

Negotiate

ContractCatalogue

Requisition

Purchase

Order

Cash

Performance

Quality

Valu

eManagem

ent

Value

Cre

ation

Valu

e

Fu

lfi

llmen

t

Purch

as

ing S

ourcing

Source: KPMG International, 2010

Opportunities for fraud

It is not surprising that within the procurement value cycle (Figure 1), there are

several opportunities for fraud and abuse in consumer markets companies.

Depending on the nature of the business, and its controls and processes, an

organization may be susceptible to risks, including the following:

Phantom vendors where fictitious vendors are set up in the companys

vendor master file and payments are dispersed to them

Bid rigging where there is collusion between procurement personnel

and bidders, or among a number of bidders where they collaborate to drive

prices higher

4 P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I NG A N D T A K I N G A C T I O N




7/28

A grey market where companies can suffer losses through counterfeits and

knock-offs or where suppliers generate unauthorized production, putting acompanys real products at risk

Failure to meet contract specifications resulting in substandard products

and sometimes dangerous goods

Bribery and corruption especially in higher-risk geographies

Unauthorized disbursements.

The structure and nature of the business can also provide opportunities for fraud.

It is our firms experience that there is a higher risk of fraud in widely decentralized

operations, especially in some emerging economies. Procurement fraud tends to

occur where there is an opportunity, and these opportunities can emerge as a

company changes and grows. Keeping controls up to date with technology andthe growth cycle of the business is critically important.

How can companies protect themselves from such risks?

There are certain basic or core internal controls and practices that should be in

place to reduce a companys exposure. These include the following:

segregation of duties

standard, consolidated reporting

common policies and process standardization

a single supplier database and contracts register

a single payment address

risk management controls

procedures for forecasting the companys demand from suppliers.

For example, the segregation of duties is one of the most basic but effective

controls, since it separates the responsibility for supplier selection, the negotiation

of the contract and the purchase decision from the receiving function and from

the payment function.

It can be expected that many businesses will have these core requirements

covered. One of the key decisions facing companies in this area, however,

is where to allocate resources to make improvements to their procurement

processes. KPMG firms have identified several better or preferred practices

that can help improve consistency, promote more frequent use of approved

suppliers and drive value. These include the following:

an electronic procurement catalogue

the use of purchasing cards

commodity spend simplification

process automation and workflow management

integration of enterprise systems

real-time spend data visibility

management by exception.

This is a continuousprocess and, tomanage it, anorganization shouldconstantly assess itssupplier relationshipsand look foropportunities to

create value.





8/28

Figure 2 identifies some methods that a company might utilize to improve its

procurement processes. What drives each organizations choice of strategiesand when to implement them will depend on the following:

where the company is in terms of already making improvements

the relevance the industry leading practices have to its various systems

the balance of risk (often in terms of cost or disruption to existing systems) vs.

reward for making such changes.

Figure 2: Purchase to Pay Leading and Common Practices


Technology

enabled

procurement

Work flowcontrol

Shared

serviceseAuctions

Process

automation

& work flow

Management

by exceptionOutsourcing

Supplier

relationship

management

Strategic

sourcing

Common

processes

Future

Goodpractice

Core

Low Medium

Typical reward/risk profile

Wave 2 Wave 1

High

Electronic

procurement

catalogue

Purchasing

cards

Supplier

relationship

management

More integratedsystems can lead tobetter measurementof effectiveness andpromote the right

buying behavioramong procurementpersonnel.





9/28

The delineation between Wave 1 and Wave 2 will be different for each organization.

Wave 1 strategies can often be considered as the lowest hanging fruit thosethat will result in the shortest-term gains on a cost-effective basis.

More integrated systems can lead to better measurement of effectiveness and

promote the right buying behavior among procurement personnel. In addition,

better scrutiny of spending and real-time reporting will lead to more timely

and more effective management by exception. This can be used to identify

unauthorized variances in pricing, purchases from non-approved vendors and

inappropriate/excessive quantities of purchases compared with inventory levels

or forecasted demand.

Many consumer markets companies seem to lack a strategic approach to

managing procurement. In a poll during the recent KPMG webcast onProcurement Fraud, only 19 percent of over 300 respondents from the FDCG

and retail sectors said their companies had a comprehensive strategic sourcing

initiative in place. Another 30 percent said that their processes needed

improvement (see Poll Question 1).

Poll Question 1: Extent of current processes

0% 10% 20% 30% 40%

Core requirements covered

Comprehensive strategic sourcing initiatives

Processes need improvement 30

24

26

19

Core requirements plus some leading practices

To what extent does your organization have defined processes to

manage procurement:






10/28




Where are consumer companies falling short?

In our work in this area, KPMG firms frequently find certain recurring system

failures. These include the following:

non-compliance or maverick buying

lack of segregation of duties

lack of an effective three-way matching process

failure to adopt proper purchasing procedures.

Maverick buying is where purchases are made from local non-approved vendors.

This is common practice when it is believed to be an easier or quicker way to get

the needed product. However, it is not always possible to control the costs of

such purchases centrally, and experience has shown that they are sometimes

inappropriate (i.e. from phantom vendors or where local purchasing agents are

receiving kickbacks). Maverick buying is something KPMG firms see in almost

every investigation of expenditures involving a geographically distant division or

subsidiary. It is important to note, however, that there isnt always fraud. We

often simply find people trying to work around the system of internal controls

to make their lives easier. Either way, it should not happen.

Surprisingly, KPMG professionals still see instances where consumer markets

companies make disbursements based on invoice alone, without comparing

them to approved purchase orders and related receiving documentation. In

these cases, it is not possible to know whether the product was actually

received or approved in the first instance. This basic requirement to match the

invoice, purchase order, and receiving document, so that an organization can

actually prove it received the goods, is essential. If segregation of duties is

inadequate in this area, it may be possible for payment to be made where no

goods or only some of the goods and/or services have actually been received.


11/28

Proper purchasing procedures require defined protocols around tendering and the

bidding process. However, in our firms experience, far too many organizationsdo not keep the results of the procurement process or what we would call

an audit trail to confirm that the process is working as it should. If there is

no requirement to keep these documents, there is a greater risk of abuse of the

system, making it that much harder to recognize exceptions and violations.

Another area where companies can fall short is in performing due diligence on

their suppliers to fully understand with whom they are doing business. Industry

leading practice suggests that there should be a defined process, with a process

owner and a system for archiving the results of the background reviews. This

reduces the risk of fictitious vendors being set up on the vendor master file and

can reveal situations where potentially inappropriate payments might be made by

a distant subsidiary.

Red flags

There are several red flags that should alert companies to potential fraud. Some

of the most common red flags seen by our firms professionals include:

Close socialization with government officials with gifts, expenses, etc., incurred

A losing bidder being hired by a winning bidder, suggesting collusion or that

the winning bidder really did not have the capability to deliver the product or

service

A losing bidder that is not listed in business directories, which might suggest

that the bidder was fictitious and was only put into the process to make it lookas if there was a competitive process

A low initial bid but many change orders, which may appear as collusion with

the buyer

Continued acceptance of high-priced, low-quality goods, which might reveal

problems with the Quality Assurance (QA) department and the existence of

kickbacks

A vendor whose address is a mail drop box, multiple purchase orders of small

amounts, unnecessary middlemen in the procurement process, or a losing bid

that cannot be located or where there is minimal documentation.

Consumer markets companies should be well-informed about their customers andvendors, and, in some countries, they should be especially wary in their dealings

with government officials. Having a robust process to evaluate potential suppliers

should reduce the risks associated with the red flags listed above. Common sense

dictates that if a supplier has gone to the trouble of having a post office box set

up as a street address, further investigation is warranted. Equally, continued failing

of quality standards by a supplier or a concentration of such suppliers linked to a

single buyer may be the warning signs of a buyer involved in procurement fraud.

If there are unnecessary middlemen in the process, then companies should also

investigate further. Our firms professionals have uncovered numerous instances

where entities have been set up solely for the purpose of paying commissions.

Consumer marketscompanies shouldbe well-informedabout their

customers andvendors, and insome countries theyshould be especiallywary in theirdealings withgovernment officials.





12/28

Risks in the New World

With procurement assuming an ever-increasing strategic role in many organizations,

it is important to not only know the potential benefits, but also the associated risks

of driving change within the procurement process.

Investigations held by KPMG firms revealed that many instances of misconduct

do not occur at head office, but rather at remote locations where there are very

different cultures and ways of doing business. Notwithstanding these differences,

international companies will generally be held to the regulatory standards that

apply in the country where their head office is located. As regulators globallyincrease their efforts to stamp out bribery and corruption with ever-increasing

penalties, it becomes increasingly important for companies to be well-informed

of their business partners.

To drive cost and other efficiencies, many companies are entering into joint

ventures and partnering arrangements with local businesses. These arrangements

need very careful consideration as companies that enter into joint ventures are, to

some extent, putting their reputations and capital in the hands of others.

As a companys business dealings assume greater complexities and geographic

dispersion, so should its approach to managing the ever-evolving associated risks.

An example of an industry-leading practice in this area is to move procurement

personnel and buyers periodically between categories.

To drive cost andother efficiencies,many companiesare entering intojoint ventures

and partneringarrangements withlocal businesses.

Case study

A company had observed that when one of its buyers was moved to a different

category as part of a planned move, a number of the suppliers appeared

to move with him. This was peculiar and was raised as a red flag since the

categories of goods were very different. One would expect that if the category

of goods is very different, so too would be the appropriate suppliers. It was

ultimately discovered through investigation that some of the suppliers were

nothing more than middlemen sourcing product for the buyer. At a minimum,

the company incurred costs that it should not have incurred, and at worst,the company was defrauded. In this example, moving the buyer and effectively

monitoring the spend paid dividends.

10 P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G, D E T E C T I N G A N D T A K I N G A C T I O N




13/28

This example shows that there is an increasing role for internal auditors, who

better understand the challenges that lay before them and the specific risks that

procurement presents. Before conducting an internal audit for a particular location,

KPMG firms professionals see it as preferred practice to brainstorm the specific

risks that might be present in the market, as well as discussing and finalizing key

indicators for the internal audit team. If possible, we would also suggest having a

discussion with someone who is very experienced and knowledgeable about the

market, but is also independent. This would provide additional perspective on local

schemes and related risks making the audit more effective and efficient.

When asked who is primarily responsible for the management of fraud and

misconduct risk in their procurement process, 31 percent of the survey

respondents from consumer markets companies indicated that this was the

responsibility of internal audit and 33 percent said it was down to the function

itself. These are very interesting responses since in the first instance, the role

of internal audits is generally limited to monitoring and testing of controls, and in

the second, there may be an inherent conflict if the same function is responsible

for controlling itself (see Poll Question 2).

Poll Question 2: Primary responsibility for management

Who is primarily responsible for the management of fraud andmisconduct risk in your procurement processes:

0% 10% 20% 30% 40% 50%

Accounting

Internal audit

None of the above

Legal/compliance

9

14

10

33

31

Procurement






14/28

Forensic data analysis

One of the key technology tools for detecting procurement fraud and abuse is

forensic data analysis where the focus is on being proactive. Companies collect

vast amounts of data on a daily basis for the purposes of running their businesses.

But are they extracting additional value from this data that could help them identify

fraud or misconduct?

Proactive forensic data analysis is a powerful weapon against fraud and misconduct.

A holistic approach is necessary (Figure 3) and this includes the use of more

traditional methods of fraud control, such as the use of telephone hotlines and

fraud risk assessment programs.

Usingtechnologyto detect

procurementfraud

Companies oftenoverlook othervaluable sources ofinformation, such asitemized phone calllistings, accesscontrol logs for

offices and otherpublicly availabledatabases.

Figure 3: Forensic data analysis as part of a holistic approach

Prevention

DetectionResponse

Identify potential fraud,

misconduct and waste through

sophisticated analytics testing,

cross-matching and non-obvious

relationship identification




In support of this holistic approach, the focus of forensic data analysis is on

detection. By extracting and combining available electronic information, proactive

forensic data analysis seeks to identify potential fraud misconduct and waste

through sophisticated analysis testing, cross-matching and non-obvious

relationship identification.

Data analytics can be applied to detecting existing frauds hidden within a

companys data, it can inform fraud risk assessments and identify process andcontrol weaknesses, and it supports the detection of non-obvious frauds.


15/28

Other applications include performing analysis to assist an investigation prompted

by behavioral red flags traditionally associated with fraud or misconduct such asliving beyond ones means, an unusually close association with a customer and

the infrequent taking of holidays.

Before performing data analysis, however, it is important for companies to

understand the data landscape. All organizations are aware that they have a

valuable amount of information in their financial systems. But companies often

overlook other valuable sources of information, such as itemized phone call

listings, access control logs for offices and other publicly available databases.

These sources can be used to supplement the data a company already has and

allow it to extract additional value and should not be overlooked.

In our poll of procurement specialists, we learned that the majority were notusing data analytics nearly to the extent they could be 65 percent said they

used data analytics either not at all or to a very limited extent to detect and

prevent fraud (see Poll Question 3).

Poll Question 3: Use of data analytics

To what extent does your organization use data analytics to

prevent or detect procurement fraud?

0% 10% 20% 30% 40% 50%

Periodic retrospective testing

Not at all

Entrenched continuous monitoring 7

26

47

18

Very limited


Rules-based analysisThere are many different approaches to proactive forensic data analysis. All

approaches are based on a basic set of principles and knowledge.

The first level of analysis combines knowledge of known fraud schemes and

indicators, with a knowledge of business systems and principles. Figure 4 on

the next page depicts a procurement scenario where the skilled analyst uses

knowledge of how a business process should be conducted to develop and

implement tests which help to identify deviations from the norm.

Tests can be developed to determine whether invoices were received after

payment had been made, and even if orders appear to have been split, to

defeat the limits on delegation.





16/28

Case study

In one investigation carried out by a KPMG member firm, knowledge of the

format used to create VAT numbers helped to identify fictitious vendors.

These vendors had been added to the vendor master file to facilitate payment

to an employee whose bank details were loaded as the vendors bank details.

Combining andscoring allowsidentificationof potentiallyanomalousbehaviors, andreduces the numberof potential falsepositives reducing the

investigative burden.

PO Receipt Invoice PaymentRequisition

Master data maintenance

Test VAT

number validity

PO splitting PO after

receipt

Payment for

un-cleared PO

Suspicious

keywords

Break-point

analysis

Payment

before invoice




Figure 4: Rules-based analysis


In addition to testing conformity to business rules, rules-based analytics can

consider externally enforced or regulated factors. For example, most jurisdictions

have well-defined formats for certain sets of data, such as Value Added Tax (VAT)

numbers. Thus, if the format or mechanism used to create VAT numbers by the

respective tax authorities is understood, our firms professionals can very easily

implement a test to determine whether a VAT number stored in the companys

vendor master file is valid or not.

False positives

An important factor to consider is that with this approach there is a risk of a

large number of false positives a large number of exceptions or irregularities

identified are not really problems, but justified business peculiarities that can be

explained easily. Therefore, the approach needs to be enhanced, ensuring that

the exceptions identified are meaningful and warrant further investigation.

Combining and scoring

This approach still relies on knowledge of fraud schemes, but introduces scoring

as a mechanism to prioritize, or highlight, areas of most concern. Combining red

flag indicators, such as divorce or instability in life circumstances, unusually close

association with a customer or complaining about inadequate pay, can provide


17/28

additional layers of protection. Combining and scoring then allows identification

of potentially anomalous behaviors, and reduces the number of potential falsepositives reducing the investigative burden.

Figure 5 shows the various tests on the population of invoices for an organization.

The table lists the different tests carried out in the left hand column and the next

two columns show the results of the tests against two specific invoices 12345A

and 98765S. The checkmark against a test for a specific invoice indicates that the

invoice generated an exception on that specific test.

Figure 5: Example of scoring method for two invoices

Invoice 12345A 98765S

Round sum amount

Processed at night

Paid within a week

Segregation of Duty breach

Unauthorized approval

Similar to previous invoice

Score 1 4


If we look at each test in isolation, we can expect to find that the number of

exceptions for each test is generally large and, for example, if we take the test of

paid within a week, it may not be practical to investigate all invoices paid within

a week. But when the results are combined in a scoring matrix, the problem

invoices quickly come to the fore. The second invoice, 98765S, has a score of

four and clearly merits further investigation. By scoring and selecting invoices in

this way, we can reduce the number of false positives requiring investigation

allowing for better allocation of limited resources.

Supplementing data and more advanced analysis

The next step is to enhance the analysis by supplementing the original source

data with information from other systems or from external sources.

During the normal course of business, organizations often perform a review of

payments to vendors. The organization would then examine spend per cost

center, providing a good indication of its expenditure.

If a company were to supplement its vendor master file with publicly available

information on the sectors that the vendors in the vendor master file operate in,

it might reveal anomalies that bear further investigation. Figure 6 on the following

page shows an example where supplementary data identified an organization

that was classified as an automotive vendor, with an expenditure marked against

the catering cost center. This spend, which was previously considered normal,

now merits further investigation.





18/28

Figure 6: Data enhancement


If the company were then to combine this information with the employee master file

information and itemized telephone listings, it could identify a potentially suspicious

relationship between a vendor and an employee in a position of influence.

Similarly, collecting publicly available information on company directorships and

combining it with data on the vendor master file might help to identify possible

conflicts of interests. Taking this approach even further, companies could add

geographical data and visualization to examine a population of data for trends or

groupings which appear unusual.

When investigating these unusual transactions it is important to be able to trace

the entire life cycle of the transaction. One needs to identify the persons initiating,

capturing and approving the transactions. In our poll of procurement specialists,

17 percent of the respondents did not know which employees were processing

transactions on their systems. Eighty-two percent of the respondents reported to

have audit trails and well-defined control policies in place (Poll Question 4). The

next step for these respondents would be to determine whether the audit logs

are actively monitored for red flags.

In our poll ofprocurementspecialists, welearned that17 percent didnot know whichemployees wereprocessing

transactions ontheir systems.

Invoice ID Amount Vendor CostCentre

G67689 140,317 Gamma Plc Catering

D678D 66,340 Delta SA Catering

T7852H 4,272 Theta & Sons Maintenance

AA4567 3,105 Alpha Ltd Catering

B45632 4,828 Beta Ltd Catering

G78512 4,272 Gamma Plc Catering

O3214 48,282 Omega Co Maintenance

D254K 42,724 Delta SA Catering

E0987

Z12369

T7852H

B87765

L36985

O3693

S87654

U7536

K09870

U3567

AA1234

G46523

Invoice ID Amount Vendor CostCentre Industry Lookup

AA1234 16,947 Alpha Ltd Catering Food Suppliers

B87765 3,234 Beta Ltd Catering Food Suppliers

G67689 140,317 Gamma Plc Catering Food Suppliers

D678D 66,340 Delta SA Catering Food SuppliersK09870 265,491 Kappa Co Catering Food Suppliers

AA4567 3,105 Alpha Ltd Catering Food Suppliers

B45632 4,828 Beta Ltd Catering Food Suppliers



D254K 42,724 Delta SA Catering Food Suppliers

E0987 48,282 Epsilon Partners Catering Automotive

Z12369 4,828 Zeta Inc Maintenance Building Materials

T7852H 4,272 Theta & Sons Maintenance Building Materials

T7852H 48,282 Theta & Sons Maintenance Building Materials

O3693 42,724 Omega Co Maintenance Building Materials

L36985 3,105 Lambda Ltd Maintenance Building Materials

U3567 4,828 Upsilon Ltd Maintenance Building Materials

S87654 4,272 Sigma BV Maintenance Building Materials

O3214 48,282 Omega Co Maintenance Building Materials

U7536 42,724 Upsilon Ltd Maintenance Building Materials





19/28

Poll Question 4: Audit trail of transactions

0% 20% 40% 60% 80% 100%

No

Do you know which employees are processing transactions on

your systems?

82

17

Yes, we have enabled audit trails and implemented

a well-defined system access control policy


This proactive data analysis requires a systematic approach once all available

knowledge has been gathered. The first step of the approach, as illustrated in

Figure 7, is to identify specific risks through knowledge of the business environment.

Figure 7: Systematic approach


The next step is to define potential schemes through good industry knowledge.

A good understanding of the industry is essential, which will then determine

event indicators and alert the organization to problem areas.

Finally, by using this library of knowledge it is then possible to determine specific

routines, with the assistance of scoring and data enhancement, as part of the

holistic approach in preventing and detecting procurement fraud, in conjunction

with a documented response plan.

Case study

In a recent investigation, KPMG firms performed data analysis on the

procurement data at one regional cluster of a global organization. The results

of the test were used to help the company set a benchmark for comparison.We then developed automation, to run the same sets of analysis routines on

the procurement data, at each of the organizations other regional clusters.

This allowed for comparisons against the benchmark and for the prioritization

of precious internal audit resources improving the fraud risk environment.

The organization now has the ability to re-run the same analysis every month

to track the effectiveness of its corrective measures and identify the regional

clusters with the biggest problems. In this way, proactive data analysis not only

highlighted indicators of fraud, but also helped the organization to manage its

resources and realign its approach.

Identify specific

risks

Define potential

schemes

Determine event

indicators

Determine

routines





20/28

Making useof supplieraudits to

counter fraudand loss

The credit crunch,the increasein regulationsurrounding anti-bribery andcorruption, and dataprivacy and security,

have all added tothe burden ofmanaging andmonitoringsuppliers.



There are a lot of supplier relationships in which consumer markets companies

rely on their suppliers to bill the correct amount. These types of supplier contracts

generally give the customer organization audit rights, where they can go into a

suppliers site and check their records to ensure they are billing the correct

amount.

When audit rights are exercised, the type of data analyzed can range from

reviewing time sheets, through to the invoices from the suppliers own suppliers,

to examining costs to ensure they are being passed on without inappropriate

markups.

Another big area of focus for supplier audits is rebates and discounts. The audit

will look for any rebates and discounts received by the supplier from its own

suppliers and ensure that the rebates are being passed on, if that is what the

contract requires.

Who owns supplier audits?

In some organizations, supplier audits are owned by internal audit and in other

organizations, they are owned by procurement or operational management. In

the KPMG poll of procurement specialists from the consumer markets industry,

internal audit was most frequently identified (40 percent) as the department that

was primarily responsible (see Poll Question 5 on the opposite page). These

business units internal audit and procurement are under a lot of pressure

to demonstrate that they are adding value, and dealing with the increased levels

of complexity and risk only adds to the challenge. The credit crunch, the increase

in regulation surrounding anti-bribery and corruption, and data privacy and secu-

rity, have all added to the burden of managing and monitoring suppliers.


21/28

Poll Question 5: Responsibility for supplier contract audits

Who is primarily responsible for exercising the right to supplier

contract audits?

0% 10% 20% 30% 40% 50%

Operational management

Internal audit

None of the above 11

20

27

40

Procurement


The purpose of a supplier audit is to give an organization comfort that its suppliers

are only billing it for what it has received and that it is paying the right price as

agreed in the contract. Supplier audits are not about putting the squeeze on

suppliers; they are more about keeping suppliers honest.

Potential benefits of supplier audits

Do supplier audits help organizations differentiate between fraud and contractualnon-compliance? In KPMG firms experience, finding evidence of clear intent to

defraud is rare. Where there are suspicions of fraud within a supplier, it is more

usual for the organization to hand over the investigation to the supplier itself.

Suppliers will frequently claim that system inadequacies, incompetence of junior

staff, or human error are the reason for overbillings uncovered by exercising audit

rights. More often than not, where factual evidence is presented to them, they

will admit to their mistakes and reimburse the customer company.

This begs the question of how often suppliers voluntarily send overpayments

back to their customers. In the normal course of business, this is rare. But once

an intention to audit has been notified, it is not uncommon to find suppliers

confessing to any over-billing and putting into place measures to reimbursethe customer.

Repayments of over-billed amounts can be significant, as described in the

following case study.

Case study

In 2005, a global marketing and advertising group had to refund around GBP250

million to consumer markets and other clients around the world, of which three

million was given to a single supermarket chain. The money had been built-up in

the marketing and advertising groups balance sheet, from credits and rebates

from media owners that were not passed back to its clients.





22/28

KPMG firms have recently uncovered instances of overpayments in outdoor

advertising because the time on display was not honored. The audit revealedthat customers were being charged for a month, but the material on display

was being changed after two weeks. This disparity was revealed by our audit

and involved date reconciliations to the scheduling of the people who changed

the posters on the billboards.

Another common finding in the area of media and marketing is inappropriate

markups and double-billing of external costs.

Figure 8: Flushing out the known unknowns


In KPMG firmsexperience, whenwe conductsupplier audits, wefind that more than70 percent of thethird parties wereview have made

errors in their self-reporting, filedinappropriateclaims, chargedinappropriate pricesor all of the above.

TRANSACTIONS

BETWEEN PARTIES(common data and

understanding)

SUPPLIERS

INTERNAL DATA(Visible to

supplier only)

CUSTOMERS

DATA ANDPROCESSES

(Visible tocustomer only)

UNDETECTEDERRORS

(Visible to neither

party without detailedinvestigation)

SUPPLIER

CUSTOMER





23/28

Using supplier audits to flush out information

The size of the problem caused by ineffective control and management of

supplier contracts is significant. The Aberdeen Group estimates resultant losses

to businesses around the world at US$153 billion per annum.2

In Figure 8, there are two buckets of information visible to the customer its

own data and the data that is provided to the company by the supplier. The supplier

can see both the data it has provided to the customer and its own internal data,

which is not visible to the customer (in the top right hand box). In the bottom

right-hand box are undetected errors, the unknown unknowns, which are not

available to either party. The supplier audit will expose for the customer what

is in both right-hand boxes.

In KPMG firms experience, when we conduct supplier audits, we find that morethan 70 percent of the third parties we review have made errors in their self-

reporting, filed inappropriate claims, charged inappropriate prices or all of the

above. It is clear that businesses that do not exercise their rights of audit, as was

the case with 36 percent of the webcast poll respondents (see Poll Question 6),

are not capitalizing on significant potential recoveries.

Poll Question 6: Auditing supplier contracts


2Aberdeen Group, The Contract Management Benchmark Report, 2006

To what extent does your organization exercise rights of audit in

supplier contracts?

0% 10% 20% 30% 40% 50%

Only for media/advertising spend

Established program of supplier audits

Not at all 36

5

44

13

Some audit activity in specific categories





24/28

Procurement is where the money is and, therefore, an area ripe for fraud

and misconduct. The procurement process is growing in importance as many

organizations aim to improve the value they can create. There are several steps

organizations can take to tighten existing controls, many of which have been

described by the preferred leading practices outlined in this paper.

Proactive forensic data analysis can be used to detect fraud and misconduct

through a systematic analysis of the available data, which includes data that

is both internal and external to an organization.

Unless companies exercise their rights of audit, they cannot be sure their

suppliers are billing in line with the contract. While many companies may have

concerns about the impact of an audit on their relationships with suppliers, our

firms experience suggests audits can enhance relationships by creating a more

balanced relationship between the supplier and customer.

How KPMG firms can helpKPMGs Risk and Compliance professionals are trusted advisers to some of the

worlds leading enterprises. Our network of forensic and contract compliance

professionals work in 28 accredited practices within KPMG member firms around

the world. This network brings a global approach, combined with a tailored local

focus, to sensitive and complicated local or cross-border engagements.

Forensic Services

Our Forensic services are aimed at helping our firms consumer markets clients:

prevent instances of fraud and misconduct from occurring in the first place,

detect instances when they do occur,

respond appropriately, and

take corrective action when instances arise.

Professionals in KPMGs Forensic practice draw upon extensive experience in

forensic accounting, law enforcement, fraud and misconduct control assessments,

legal damage quantification and analysis, expert witness testimony, international

arbitration, asset tracing, computer forensics and forensic data analysis.

Conclusion




25/28

Contract Compliance Services

Our Contract Compliance Services (CCS) are aimed at helping our firms consumer

markets clients:

identify significant cost recoveries or other improvement opportunities, and

audit and enforce contracts with their suppliers.

KPMGs CCS professionals are experienced in serving a variety of our firms

consumer markets clients in areas such as royalties, licensing, distribution

agreements, advertising and more. As a result, we understand the complexities

and nuances of a range of business contracts, processes and procedures and

have been able to help companies identify and recover overpayments to suppliers,

while maintaining and improving relationships with them.

Using a range of technology tools, KPMG member firms professionals help

organizations address the risks and costs involved with evidence and discovery

management and as well as the acquisition, management and analysis of large

data sets. Our professionals work alongside consumer markets clients to handle

information from its creation to its preservation, collection, analysis and presentation

in discovery. We also apply computer forensic and data analysis techniques to

assist with detecting fraud and misconduct.

Whether your needs call for a fraud and misconduct risk assessment, the

design of a global compliance program or better use of technology to enable

continuous transaction monitoring our Fraud Risk Management and Contract

Compliance services are designed to be targeted, scalable and tailored to yourspecific requirements.

About KPMG and the Global Consumer Markets Practice

KPMG is a global network of professional firms providing Audit, Tax and Advisory

services. We have 140,000 outstanding professionals working together to deliver

value in 146 countries worldwide.

KPMG is organized by industry sectors across our member firms. The Consumer

Markets practice, which focuses on the Food, Drink and Consumer Goods and

Retail sectors, comprises an international network of professionals throughout

the Americas, Europe, the Middle East, Africa and Asia-Pacific.

This industry-focused network enables KPMG member firm professionals,

with deep experience in the consumer markets sectors, to provide consistent

services and thought leadership to our clients globally, while maintaining a

strong knowledge of local issues and markets.





26/28

Contact usFor more information about the detection and prevention of procurement fraud in

your company, please contact any of the following KPMG professionals:

Willy Kruh

Global Chair, Consumer Markets

KPMG in Canada

+1 416 777 8710

[email protected]

Amanda Aldridge

Global Forensic Lead, Consumer Markets

KPMG in the UK

+44 20 7311 8073

[email protected]

Grant Jamieson

KPMG in China

+852 2140 2804

[email protected]

Graham Murphy

KPMG in the US

+1 312 665 1840

[email protected]

Kajen Subramoney

KPMG in the UAE

+971 (4) 424 8900

[email protected]



mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


27/28

About the AuthorsAmanda Aldridge is the Global Forensic Lead for Consumer Markets in KPMG in

the UK. She has experience in dispute advisory including loss of profits, forensic

transaction services (completion accounts disputes and expert determinations)

and rights of minority shareholders as well as Intellectual Property & Contract

Governance including supplier audits, royalty and licensed product audits and

media distribution audits.

Kajen Subramoney is the Head of Forensic Technology for Consumer Markets

in the UAE. He joined KPMGs South African firm after completing his studies

in Computer Engineering. Kajen has had broad experience in Forensic

Technology work including digital evidence recovery, e-discovery and forensic

data analysis.

Graham Murphy is the US Forensic Lead for Consumer Markets in KPMG in the

US. Graham specializes in investigations, fraud risk management, arbitrations and

dispute advisory. He has conducted numerous financial investigations, including

procurement fraud, alleged earnings management, contract compliance, theft and

misappropriation of assets and conflict of interest issues.





28/28

The information contained herein is of a general nature and is not intended to address thecircumstances of any particular individual or entity. Although we endeavour to provide accurate andtimely information, there can be no guarantee that such information is accurate as of the date it isreceived or that it will continue to be accurate in the future. No one should act on such informationwithout appropriate professional advice after a thorough examination of the particular situation.

2010 KPMG International Cooperative (KPMG International),

a Swiss entity. Member firms of the KPMG network of

independent firms are affiliated with KPMG International. KPMG

International provides no client services. No member firm has

any authority to obligate or bind KPMG International or any other

member firm vis--vis third parties, nor does KPMG International

have any such authority to obligate or bind any member firm. All

rights reserved.

KPMG and the KPMG logo are registered trademarks of KPMG

International Cooperative (KPMG International), a Swiss entity.

Designed by Evalueserve.

Publication name: Procurement Fraud in Consumer

kpmg.com
http://www.kpmg.com/http://www.kpmg.com/

Procurement Fraud Consumer Companies

Documents

Transcript of Procurement Fraud Consumer Companies