Procurement integrity: a big problem that’s worse than most organisations think

Photo by iAmMrRob via Pixabay

Errors, fraud and abuse in procurement cost governments and organisations millions of dollars every year. Ellen Roberson, a certified fraud examiner at SAS, explains just how big the problem is – and how to tackle it

A quick search of news articles uncover multiple cases of corruption, bribery, or scams that started or ended with a surprising culprit – procurement. Estimates show that organisations lose around 5% of spend per year to procurement errors, fraud, and abuse. Yet many are blind to the danger. One proven method for modernising the procurement monitoring process is ‘continuous monitoring’.

The technique of continuous monitoring relies on automated analytics to rapidly identify risks and errors in data. Using predefined fraud scenarios – combined with data management, proven models, and rules – continuous monitoring can uncover unusual employee or supplier behaviour, duplicate invoices, contract discrepancies, and more.

To learn about organisations’ experiences with procurement errors, fraud, and abuse, we surveyed more than 2,000 global business leaders across 38 countries. The research examined the extent of the problem, how well organisations understand it, and how they’re fighting back. While it presents current strategies for countering errors, fraud, and abuse, the study also makes the case for adopting an analytical, technology-enabled approach. 

What causes procurement errors, fraud, and abuse – and who is behind it? 

According to the Fraud Triangle developed by Donald R. Cressey, the three key elements surrounding fraud are opportunity, pressure, and rationalisation. Of the three elements, opportunity is hardest to spot – and it’s typically managed via operational controls like user access restrictions and approval thresholds. Unfortunately, newer ‘best practice’ techniques – such as data modelling, outlier analysis, and related surveillance techniques that systematically identify control weakness – are typically not adopted.

Procurement errors, fraud, and abuse is often committed by internal employees acting in collusion with outsiders. According to the research, almost a quarter of organisations have experienced collusion between employees and suppliers (24%) and among suppliers (23%).

Our research shows that invoicing practices are the most popular target for fraudsters. Contract bid rigging is the second most common type of fraud  globally. 

Attacking the problem

Organisations need clear leadership and accountability to avoid the financial losses and reputation damage that results from the lack of risk-based decisions. This includes oversight of internal employees as well as external suppliers and vendors who are an integral part of procurement and supply chain processes. Yet the process of procuring goods and services can be somewhat esoteric, making outdated methods increasingly less effective. To protect against errors and abuse with invoice, purchase, and contact discrepancies, organisations must put the proper controls in place. That effort, our study shows, is most effective when there is a continuous monitoring programme in place.

Who’s responsible: finance, internal audit, HR, legal and compliance 

The finance function is most likely to be held accountable for losses, but 19% of organisations either have no assigned personnel or can’t say specifically who has ownership. As a result, the ‘sheriff’ role of proactively preventing errors, fraud, and abuse most often falls on the shoulders of internal audit – when that function is in place. Internal auditors take charge of providing an objective assurance and consulting function to improve operations and the effectiveness of risk management, security controls, and governance processes.

Other groups share responsibility, too. The human resources department can be a key contributor in proactive risk reduction efforts. And legal and compliance get involved because they want to make sure the organisation has done its due diligence with both the onboarding and periodic review of suppliers. For example, many survey respondents confirmed the desire to strengthen how they determine a ‘compliance risk profile’ of potential or existing suppliers. This would help keep them in line with sanctions legislation, anti-money laundering regulations, and GDPR compliance requirements.

Know your employees, know your suppliers – with analytics and continuous monitoring

The process of hiring employees and choosing suppliers can be compared to a concept that banks describe as ‘know your customer’ – which they use to safely and securely onboard new customers. Through continuous monitoring, you can ensure that information collected about potential employees and suppliers is comprehensive enough for you to know your employees and suppliers well. Continuous monitoring can help you hire the best and most trusted employees and reduce the risk of using bad or sanctioned suppliers.

Beyond hiring, auditing and procurement practices, detection technologies used on a regular basis make the biggest impact in defending against errors, fraud, and abuse. Yet detection is often considered a low or unnecessary priority for procurement. According to the research, nearly one-tenth of organisations (7%) don’t monitor their procurement processes at all.

Globally, many organisations do invest in detection methods for procurement errors, fraud, and abuse – but they’re often let down by their tools and techniques. For those that actively monitor procurement, the majority are over-reliant on manual processes (50%). Thinking back to the Fraud Triangle, manual controls introduce human bias and error – or worse, opportunity.

A continuous monitoring strategy helps ensure integrity of the procure-to-pay lifecycle by placing rigorous, ongoing monitoring and controls throughout the process to look for signs of errors, fraud, and abuse. Analytics techniques sift through mountains of data in real time to find anomalies human investigators could easily overlook. And because automated data analytics drastically boosts the speed and success rate of detection, it’s a highly cost-effective mechanism of defense.

A real-life example

Consider this story. Lack of controls cost a large government institution more than US$300m in procurement fraud over several years. When SAS consultants analysed procurement data, one of the issues uncovered was employee collusion with a large supplier that had been paid more than US$300m. Forensic analysis uncovered multiple and split invoicing activities that could have been prevented by continuous monitoring – and would have saved the government millions. 

More work to be done

Virtually all organisations want to operate with integrity. But this demands modern technology and adoption of an integrated, data-driven analytics approach. Without automated technology to quickly and cost-effectively bring potential risk to the forefront, millions will be lost to procurement errors, fraud, and abuse. Analytics can catch people trying to dodge controls and procedures. By incorporating advanced analytics and artificial intelligence solutions in a continuous monitoring cycle, you can detect anomalies and patterns quickly – and act before it’s too late.

What lies beneath? Procurement fraud in global business

What are the most common types of fraud? How much money is lost? Who is responsible? Read the results of a global survey SAS conducted with more than 2,000 business leaders from around the world.

Download the report now

About the author

Ellen Roberson is a certified fraud examiner (CFE) at SAS, helping clients capitalise on the power of data and analytics to combat fraud and keep the public safe. This includes bringing greater awareness of how to apply machine learning and AI to detect evolving fraud tactics, while realising ROI in technology investments.