Contract and Procurement Fraud · Contract and Procurement Fraud Vendor Management ... Establish clear vendor master file naming conventions. Keep vendor records accurate and up-to-date

© 2018 Association of Certified Fraud Examiners, Inc.

Contract and Procurement Fraud

Vendor Management

© 2018 Association of Certified Fraud Examiners, Inc. 2 of 27

▪ Organizations must take steps to reduce vendor

fraud, including:

• Conducting vendor due diligence

• Managing vendor risks via contracts

• Ensuring vendors are legitimate (avoiding shell

company schemes)

Introduction


▪ Controls for vendor master file management

▪ Vendor background checks

▪ Vendor questionnaires

▪ Vendor due diligence checklists

▪ Vendor monitoring

▪ Compliance committees to oversee the

retention of any vendors

▪ Watch lists

Vendor Due Diligence


Controls for Vendor

Master File Management

▪ Set procedures for setting up new vendors and

changing vendor master file records.

▪ Separate responsibility for vendor master file

from approving invoices and signing checks.

▪ Establish clear vendor master file naming

conventions.

▪ Keep vendor records accurate and up-to-date.

▪ Monitor the application of the accounts payable

policies on vendor master files.


Vendor Background Checks

▪ Review watch lists.

▪ Conduct a corporate registry search.

▪ Search politically exposed persons (PEP)

databases.

▪ Verify the vendor’s key individuals.

▪ Verify vendor’s insurance.



▪ Verify any professional licenses.

▪ Confirm physical addresses.

▪ Perform site visits.

▪ Test the reputation of the vendor and its key

individuals.

▪ Conduct a media analysis.



▪ Compare vendor addresses against employee

addresses.

▪ Conduct interviews.

▪ Review the vendor’s policies and procedures on

fraud, governance, and compliance.

▪ Review the vendor’s financial data.

▪ Review the vendor’s banking information.


Vendor Questionnaires

▪ Management should

consider giving potential

vendors a questionnaire

requesting various types

of information.

▪ The questionnaires

should be written for

each company’s specific

needs.


Vendor Due Diligence Checklist

▪ Develop and use a

vendor due diligence

checklist to help ensure

that the vendor due

diligence process is

conducted in a refined

fashion.


Vendor Monitoring

▪ Use monitoring and

auditing systems to

detect criminal

conduct of vendors.

▪ Base monitoring

systems on the red

flags of vendor

schemes that pose

the greatest risk.


Compliance Committee

▪ Establish a compliance

committee to review and

record actions and

contracts relating to the

retention of any vendors.


Watch Lists

▪ World Bank debarred parties list

▪ Multilateral development banks’ sanctions lists

▪ Nonproliferation sanctions lists

▪ Cross debarment

▪ U.S. OFAC Specially Designated Nationals List


▪ Considerations in vendor contracts:

• Compliance with the law

• Professional standards

• Indemnification clauses

• Insurance

• Limits on liability

• Conflicts of interest

• Contract default, termination, and renewal

Managing Vendor Risks Via Contracts


▪ Right-to-audit considerations

• Require a reasonable accounting system.

• Include the right to determine how funds were used.

• Don’t limit the time for conducting an audit.

• Include subcontractors.

• Ensure that the right-to-audit clause is thorough and

specific.

Managing Vendor Risks Via Contracts


Risk of Shell Companies

▪ Part of vendor management involves ensuring

that vendors are legitimate business

enterprises.

▪ A shell company is a company that has no

physical presence and generates little

independent economic value.


Shell Company Schemes

▪ Involve the issuance of false invoices for

products and services never delivered or

rendered.

▪ Typically perpetrated by employees who:

• Authorize purchases

• Review and approve vendor payments

▪ Three-part process:

• Setting up the shell company

• Submitting an invoice

• Obtaining payment approval for the fraudulent invoice


Shell Company Schemes


Preventing Shell Company Schemes

▪ Segregate the duties of:

• Authorizing purchases

• Confirming purchases

• Authorizing payment

▪ Require purchase orders for payment.

▪ Create an approved vendor list and prohibit

payment of invoices to any company not on

the list.



▪ Have prospective vendors fill out a vendor data

form.

▪ Verify the authenticity of contractors before

making payments.

▪ Segregate duties of approving payments and

adding or deleting names on the approved

vendor list.

▪ Periodically compare budgeted expenses with

actual expenses.



▪ Compare vendor addresses with employee

addresses.

▪ Track unusual invoicing patterns.

▪ Train personnel to watch for the red flags of

fraudulent invoices.

▪ Prohibit use of vendors that do not have a

physical address.


Red Flags of Shell Company Schemes

▪ Payments to contractors not on the approved

vendor list

▪ Vendors not located in business directories

▪ Vendor address that is:

• Not a street mailing address

• Residential

• Incorrect

• Multiple addresses



▪ Invoices for unspecified or poorly defined

services

▪ Unnumbered or sequentially numbered vendor

invoices

▪ Vendor using unfamiliar contractors

▪ Vendors with similar names

▪ Vendor and procurement employee with similar

or identical information



▪ Vendor who fails to submit an EIN

▪ Unexplained increase in volumes of purchases

▪ Boilerplate contracts that have no clear

definition of goods or services to be delivered

▪ Poor, illegible, or missing documentation

supporting a vendor payment



▪ Large billings broken into multiple smaller

invoices that fall just below a threshold limit

▪ An invoice with an even amount (round number)

that is unexpected or unreasonable

▪ A check for an out-of-town vendor cashed

locally

▪ Contracting employee who shows interest in

invoices submitted by a particular vendor


Detecting Shell Company Schemes

▪ Check vendor addresses against mail drop

address lists.

▪ Search for new vendors that have high activity.

▪ Research unusually large expenses,

unexplained variances in expenses between

years, or expenses that exceed budgeted

amounts.



▪ Compare all paid contractors to:

• Approved vendor lists

• Business directories

• Telephone reverse directories

• Dun & Bradstreet listings

• Government business filings

▪ Determine if invoiced goods or services were

received.



▪ Examine financial statements for variances in

expenses that should correlate with revenue.

▪ Examine work product from consultants.

▪ Examine documentation for payments to

contractors that provide difficult-to-verify

services or goods.



▪ Conduct a background check to identify:

• Ownership of contractor

• Contractors with undisclosed outside business

interests or front companies owned by the contracting

employee

• Contractor with family ties to a procurement

employee

• Procurement employees with an unexplained

increase in wealth or outside income



▪ Cross-check vendor contact information with

that of:

• Employees

• Employees’ outside businesses

• Employees’ relatives’ residences and businesses

▪ Compare shipping addresses to:

• Employee addresses

• Addresses of other vendors



▪ Compare vendor EIN to employees’:

• Government identification numbers

• Outside businesses’ EINs

• Relatives’ government identification numbers

• Relatives’ business EINs

▪ Conduct an on-site audit of the vendor.

Documents

Contract and Procurement Fraud · Contract and Procurement Fraud Vendor Management ... Establish clear vendor master file naming conventions. Keep vendor records accurate and up-to-date