Top Procurement Fraud Schemes and Actions Companies Can Take to Identify and Mitigate the Associated Risks, Part 1 of 2

Highly competitive environments, global supply chain shortages, economic recessions, financial distress, and geopolitical instability can be major contributors to the rise of procurement and vendor fraud. When companies are dealing with increased pressure to manage supply chain disruptions, lack of inventory, or increased prices for materials and components, they should be ready to manage a number of procurement fraud risks. For some companies this pressure can result in “turning a blind eye” to internal controls and compliance policies and procedures.

Even though the list of procurement fraud schemes is lengthy, we focus on a few examples of the most prevalent: change order abuse, conflicts of interest, bribes and kickbacks, bid rigging, fictitious vendors, sole sourcing, and split purchases. In the first of this two-part series, we lay out the schemes and, in part two, suggestions to mitigate the risks from each.

Procurement Fraud Schemes

Change Order Abuse

Change order abuse typically occurs within the context of large-scale projects; however, it also applies to other procurement arrangements contractually agreed on, such as those involving purchase orders. Change order abuse implies that the vendor can submit a lower bid to ensure winning the contract, and then increase the price by submitting change orders.

The red flags to detect change order abuse are: unclear and unspecific contract language, incomplete specifications followed by change orders, and a pattern of large numbers of change orders for the same vendor across different contracts.

There are four basic types of purchase orders, namely, standard purchase order (SPO)^[1], planned purchase order (PPO)^[2], standing or blanket purchase order (BPO)^[3], and contract purchase order (CPO)^[4].

SPOs typically involve sporadic or one-off purchases, SPOs include all necessary details of the arrangement (i.e., parties involved, items to purchase, quantities, prices, and delivery information), while PPOs don’t include delivery details (delivery schedule and related information are determined at a later time).

BPOs and CPOS have fewer details established at the onset compared to SPOs and PPOs. BPOs and CPOs allow for flexibility in various arrangement details (such as schedule), with the contracts (purchase orders) providing guidelines for the longer-term procurement relationships that are established. CPOs and BPOs are susceptible to abuse and fraud due to the flexibility in their terms.

Conflicts of Interest

There can be conflicts of interest between or among vendors and employees involved in the procurement process if the employees have undisclosed interests in a supplier or contractor. Common red flags of conflicts of interest are: unusual preferences given to a particular vendor, procurement employees conducting side businesses, or if they live beyond means.

Investigations of conflict of interest schemes can be more difficult than investigations in which the issues involve readily available tangible evidence. A conflict of interest generally involves collusion, and collusion often leaves little to no evidence.

However, in the context of procurement fraud, you can apply data analytics procedures to help identify indications of potential conflicts of interest between vendors and employees.

The mitigation procedures described in part 2 of this series are more effective within the context of a robust structure of internal controls and a solid corporate compliance program to manage conflicts of interest, including but not limited to having: clearly articulated policies, a corporate culture that fosters self-disclosing, and an efficient process to provide guidance when conflicts of interest are disclosed.

Bribes and Kickbacks

Bribes and kickbacks are improper, undisclosed payments made to obtain favorable treatment. Identifying indicators of bribes and kickbacks are often equivalent to finding a “needle in a haystack” within mountains of facts and data. Luckily, a combination of experience and modern technology can be leveraged to focus on relevant red flags. Examples of red flags associated with bribes and kickbacks include:

• The use of an unnecessary middleman (consultant, broker, etc.) as an intermediary party between the company and vendor for services which usually don’t require it or paying the intermediary party higher commissions than standard market fees;
• Lack of qualifications or resources on part of the vendor to perform the services offered;
• Whether the vendor has obtained a contract by direct adjudication or by a recommendation combined with bypassing vendor screening procedures;
• Characteristics of payments such as round dollar amounts, payments made during holidays or weekends, payments made to high risk jurisdictions (i.e., bank accounts with addresses in countries known for lax banking practices), or payments for vague or unclear work product;
• Commissions or prices above market prices for comparable services or products;
• High management fees, gifts and entertainment expenses;
• Excessive or frequent payments to charities;
• Indirect payment requested by vendors, for example directing a payment to a third party or to bank accounts not associated with the vendor;
• Lack of transparency in expenses or accounting records, for example payments classified as “miscellaneous,” “other,” “general fund,” “donation,” or “representation expenses.”

Bid Rigging

Some organizations choose vendors for large-spend purchases through a competitive contract bidding process. Bid rigging occurs when two or more vendors secretly agree to submit complementary high bids to allow one of the vendors to win the contract; these vendors may rotate who is to win the next bid, or divide contracts by territory or work type. Though not common, it is possible for someone within a victim organization to be part of the collusion through a kickback or illegal gratuity scheme; however, the drivers of this type of fraud predominantly revolve around conspiring vendors.

Public sector contracts, especially large-scale projects, are often mandated to go out to bid due to the involvement of public funds, to ensure that transactions are at arm’s length and to provide a fair and equal playing field for competitors. This process prevents public funds from being squandered through favoritism or other corrupt dealings.

The most common forms of bid-rigging schemes are:

1. Bid-suppression scheme. A bidder is designated by the parties of the collusion to win. This result is achieved by the other bidders withdrawing their bids or by not bidding altogether.
2. Complementary-bidding scheme. An appearance of competition among multiple bidders is created; however, one of the bidders is pre-determined to win through other conspiring parties’ submissions of token bids, which are destined to fail with respect to the requisite criteria.
3. Bid-rotation scheme. An appearance of competition is created; however, the mechanism of the scheme revolves around the cycling of the lowest bid among the conspiring parties.
4. Customer- or market-allocation scheme. The conspiring parties collude to allocate customers or divide geographical areas, respectively, amongst themselves. This type of scheme involves the suppression of bids or the submission of token bids by the parties not assigned to a customer or the area, ensuring the designated bidder wins the bid for that customer or area.

The red flags to watch are: losing bidders hired as subcontractors, rotation of winning vendors by work type or territory, unusual bid patterns, or inflated bids compared to market average.

Fictitious Vendors

Whereas conflicts of interest and bribes involve coordination with individuals of entities that provide goods or services to a company, the fictitious vendor scheme involves a type of procurement fraud in which a vendor exists only on paper. Procurement employees or other employees with access to a vendor master file or accounts payable can create fictitious vendors.

The fraudster-employee typically controls the address associated with a fictitious vendor, but it is also possible for the employee to collude with someone to hide the trail of payments made to the fictitious vendor. Furthermore, though a company insider is often necessary to perpetrate this type of fraud, it is also possible for an unwitting, or otherwise careless employee, to be induced into entering fictitious vendors into the accounting system by someone outside of the procurement department or by someone external to the company altogether.

Examples of red flags for this scheme are: vendors not included in the vendor master file, duplicate vendor numbers or names in the vendor master file, vendors with missing or incomplete information.

Sole-Sourced Vendors

Sole-sourced vendor scheme involves the unjustified repeated use of a particular merchant for low-spend purchases, or the unjustified repeated awarding of medium-spend purchases or large-spend contracts to a specific vendor or contractor. This scheme also results from improper relationships or conflicts of interests between procurement personnel and their organization’s suppliers or vendors.

A sole-sourced vendor scheme, by nature, is a collusive relationship over a long period of time that is often sustained through kickbacks, illegal gratuities, or other clandestine payment methods through which vendors could transfer funds or something of value to corrupted procurement personnel.

Split Purchases

A split purchases scheme includes dividing what should be a single contract or purchase into two or more components or transactions. The aim of this scheme is to avoid a competitive bidding requirement, additional level of approval by the company, or to facilitate other fraud schemes. Split purchases can include unjustified contract separation into individual contracts to avoid competitive bidding thresholds.

Some examples include: separation of labor and materials, two or more related purchases from the same vendor, each in amounts just under the approval limit, or purchases under the pre-established limit established by purchasing policies.

In the next issue of this two-part series, we will provide suggestions to mitigate the risks from each of the abovementioned fraud schemes.

Authored by Victor Padilla, CFE, Sasha Gartman, CFE, CAMS, and Anthony Pabillano, CFE.

©2023

^[1] A standard purchase order (SPO) involves a one-off transaction for fulfilling a short-term demand. Given this definition, the SPO contract details are completely specified.

^[2] A planned purchase order (PPO) fulfills a demand in the short-term; however, the exact date and time are not known, and therefore not specified in the contract. The PPO readies and earmarks products that an organization will purchase, releasing delivery whenever the need arises.

^[3] A standing, or blanket, purchase order (BPO) involves recurring purchases of the same products over a specified period of time. Additionally, delivery of the products may or may not be predetermined, thus, BPO contracts offer flexibility with delivery schedule.

^[4] A contract purchase order (CPO) simply provides the legal guidelines of future purchases, with specific product or delivery terms not strictly specified. Thus, a CPO offers the greatest level of flexibility in the purchase arrangement, as terms are not explicitly determined, merely establishing a long-term procurement relationship.