Many articles have been published about procurement fraud recently, for example through banking account number modification or fake purchases. It has become essential to set-up solutions to mitigate this risk. This article will provide you with 6 propositions to help you prevent procurement fraud.
1. Split and define job responsabilities
such as finance, buyer, AP clerk… The segregations of Duties (SOD) is one way of ensuring that an employee doesn’t have full control of the procurement process. Auditors like to focus an SOD.
2. Build workflows for each procurement scenario
(from the purchasing request to the invoice reconciliation) so there is always an approver different from the requester. Approval workflows enables to track transactions and to prevent frauds. During IT projects, we have often this tendency to determine a general workflow and to manage some exceptions with secondary approvals. These processes will be used by fraudsters. Indeed, pay attention to exception management process, where fraudsters generally find breaches (for example, if there is a procedure for exceptional purchases that bypass the controls.
3. Put banking information modification under maximum supervision.
The best way to do this is to set up a centralized vendor data management tool, where only specific users would have read/write access to this sensitive data and a specific workflow before publication in the financial ERP.
4. Authorize payments only to suppliers that are validated
through an activation process. It is key not to allow the supplier « ad hoc » creation directly in the ERP.
5. Set up a « 3-way match » reconciliation
for each invoice, to secure matching between ordered, received and invoiced (paid) amount.
6. Set up a strong Spend Analysis tool
with specific alerts, such as invoices without PO or budget consumption, in order to control any unusual spend behaviour.
These 6 simple steps have helped many large to medium size companies to minimize procurement fraud.
Indeed, we strongly recommend you to review your procurement processes at least once per year in order to ensure that actions are planned to mitigate the risk.