Continuous monitoring: Stop procurement fraud, waste and abuse now
By: Ellen Roberson, CFE, Fraud and Security Intelligence, SAS
A quick search of news articles could uncover multiple cases of corruption, bribery or scams that started or ended with a surprising culprit – procurement. Estimates show that businesses lose around 5% of spend per year to procurement fraud, waste and abuse, with annual losses from $10,000 to $150,000. Yet many are blind to the danger. One proven method for modernizing the procurement monitoring process is continuous monitoring.
The technique of continuous monitoring relies on automated analytics to rapidly identify risks and errors in data. Using predefined fraud scenarios – combined with data management; proven models and rules – continuous monitoring can uncover unusual employee or supplier behavior, duplicate invoices, contract discrepancies and more.
To learn about organizations’ opinions and experiences with procurement fraud, waste and abuse, SAS surveyed more than 2,000 global business leaders across 38 countries. The research examined the extent of the problem, how well organizations understand it, and how they’re fighting back. While it presents current strategies for countering fraud, waste and abuse, the study also makes the case for adopting an analytical, technology-enabled approach.
What causes procurement fraud, waste and abuse – and who is behind it?
According to the Fraud Triangle developed by Donald R. Cressey, the three key elements surrounding fraud are opportunity, pressure and rationalization. Of the three elements, opportunity is hardest to spot – and it’s typically managed via operational controls like user access restrictions and approval thresholds. Unfortunately, newer “best practice” techniques – such as data modeling, outlier analysis and related surveillance techniques that systematically identify control weakness – are typically not adopted.
Procurement fraud, waste and abuse is often committed by internal employees acting in collusion with outsiders. According to the research, almost a quarter of organizations have experienced collusion between employees and suppliers (24%) and among suppliers (23%). Sometimes the guilty party is an executive. That’s bad news, because the more senior the perpetrator, the more damaging the results. Executives who engage in occupational fraud cost their business in excess of 10 times more than lower-level employees.
Our research shows that invoicing practices are the most popular target for fraudsters. Contract bid rigging is the second most common type of fraud, waste and abuse globally.
What lies beneath? Procurement fraud in global business.
What are the most common types of fraud? How much money is lost? Who is responsible? Read the results of a global survey SAS conducted with more than 2,000 business leaders from around the world.
Attacking the problem
Organizations need clear leadership and accountability to avoid the financial losses and reputation damage that results from the lack of risk-based decisions. That includes oversight of internal employees as well as external suppliers and vendors who are an integral part of procurement and supply chain processes. Yet the process of procuring goods and services can be somewhat esoteric, making outdated methods increasingly less effective. To protect against errors and abuse with invoice, purchase and contact discrepancies, organizations must put the proper controls in place. That effort, the study shows, is most effective when there’s a continuous monitoring program in place.
Who’s responsible: finance, internal audit, HR, legal and compliance
The finance function is most likely to be held accountable for losses, but 19% of businesses either have no assigned personnel or can’t say specifically who has ownership. As a result, the “sheriff” role of proactively preventing errors, fraud and abuse most often falls on the shoulders of internal audit – when that function is in place. Internal auditors take charge of providing an objective assurance and consulting function to improve operations and the effectiveness of risk management, security controls and governance processes.
Other groups share responsibility, too. The human resources department can be a key contributor in proactive risk reduction efforts. And legal and compliance get involved because they want to make sure the organization has done its due diligence with both the onboarding and periodic review of suppliers. For example, many survey respondents confirmed the desire to strengthen how they determine a “compliance risk profile” of potential or existing suppliers. This would help keep them in line with sanctions legislation, anti-money laundering regulations and GDPR compliance requirements. It’s particularly important for those with a global presence, as different regulations apply to different jurisdictions.
Know your employees, know your suppliers – with analytics and continuous monitoring
The process of hiring customers and choosing suppliers can be compared to a concept banks describe as “know your customer” – which they use to safely and securely onboard new customers. Through continuous monitoring, you can ensure that information collected about potential employees and suppliers is comprehensive enough for you to know your suppliers and employees well. Continuous monitoring can help you hire the best and most trusted employees and reduce the risk of using bad or sanctioned suppliers.
Beyond hiring, auditing and procurement practices, detection technologies used on a regular basis make the biggest impact in defending against fraud, waste and abuse. Yet detection is often considered a low or unnecessary priority for procurement. According to the research, nearly one-tenth of organizations (7%) don’t monitor their procurement processes at all.
Globally, many organizations do invest in detection methods for procurement fraud, waste and abuse – but they’re often let down by their tools and techniques. For those that actively monitor procurement, the majority are over-reliant on manual processes (50%). Thinking back to the FWA Triangle, manual controls introduce human bias and error – or worse, opportunity.
A continuous monitoring strategy helps ensure integrity of the procure-to-pay life cycle by placing rigorous, ongoing monitoring and controls throughout the process to look for signs of errors, waste and fraud. Analytics techniques sift through mountains of data in real time to find anomalies human investigators could easily overlook. And because automated data analytics drastically boosts the speed and success rate of detection, it’s a highly cost-effective mechanism of defense.
A real-life example
Consider this story. Lack of controls cost a large government institution more than $300 million in procurement fraud over several years. When SAS consultants analyzed procurement data, one of the issues uncovered was employee collusion with a large supplier that had been paid more than $300 million. Forensic analysis uncovered multiple and split invoicing activities that could have been prevented by continuous monitoring – and would have saved more than $16 million.
More work to be done
Virtually all organizations want to run their businesses with integrity. But this demands modernized technology and adoption of an integrated, data-driven analytics approach. Without automated technology to quickly and cost-effectively bring potential risk to the forefront, millions will be lost to procurement fraud, waste and abuse. Analytics can catch people trying to dodge controls and procedures. By incorporating advanced analytics and artificial intelligence solutions in a continuous monitoring cycle, you can detect anomalies and patterns quickly – and act before it’s too late.
Procurement fraud – A quick look at the issues
Most organizations lose between $10,000 and $150,000 annually to procurement fraud. Yet many are blind to the danger. To learn more about this hidden crime, SAS surveyed more than 2,000 global business leaders across 38 countries seeking their opinions of and experiences with procurement fraud. Click on the image to open the full infographic and take a closer look at the numbers.
A continuous monitoring strategy helps ensure integrity of the procure-to-pay life cycle by placing rigorous, ongoing monitoring and controls throughout the process to look for signs of errors, waste and fraud. Ellen Roberson
Recommended reading
- What is a data lake & why does it matter?As containers for multiple collections of data in one convenient location, data lakes allow for self-service access, exploration and visualization. In turn, businesses can see and respond to new information faster.
- IFRS 9 and CECL: The challenges of loss accounting standardsThe loss accounting standards, CECL and IFRS 9, change how credit losses are recognized and reported by financial institutions. Although there are key differences in the standards for CECL (US) and IFRS 9 (international), both require a more forward-looking approach to credit loss estimation.
- CECL: Are US banks and credit unions ready?CECL, current expected credit loss, is an accounting standard that requires US banking institutions and credit unions to estimate life-of-loan losses at origination or purchase.