In this third and final article of our series on procurement fraud, we look at what key steps organisations in the public sector should be taking in order to prevent procurement fraud in the first place and mitigate the risks associated with procurement fraud if despite best efforts, it occurs.
In the first part of our series, we looked at what procurement fraud is and why it poses such a big risk to the public sector. In the second part, we looked at the red flags associated with procurement fraud in relation to the procurement cycle – essentially, what you should be looking out for in order to identify procurement fraud in your organisation.
Procurement fraud is a pervasive issue that can cause significant financial losses and damage to an organisation's reputation. It occurs when employees or external actors manipulate the procurement process for personal gain. In order to safeguard your organisation, you need to implement proactive measures to prevent procurement fraud as set out in this article.
It is important to remember that the measures discussed below are not exhaustive. Public procurement is a dynamic environment and the sources and nature of risks change all the time (particularly with the new opportunities that cyber fraud creates).
Policies and procedures
The best way to mitigate against procurement fraud risk is to have well-defined governance controls and principles in place.
Start by establishing clear and comprehensive procurement policies and procedures. These documents should outline the procurement process, approval hierarchies, and the roles and responsibilities of employees involved. Make sure that these policies are communicated effectively and regularly updated to adapt to changing circumstances.
It is also important for top management to approve and implement a suite of financial crime policies addressing, for example, what your organisation is doing to prevent fraud and corruption, how it responds to fraud and corruption and how employees and others can report such incidents through the organisation's whistleblowing policy.
Your organisation's fraud policies should also clearly document the approach taken by your organisation to investigate a suspected procurement fraud. Make sure that the approach adopted is robust and effective in order to compliment the prevention and deterrence work undertaken. It is also important that you maintain an ongoing evaluation of your organisation's fraud risk management process to ensure that risks are communicated throughout. This is to encourage prevention, deterrence and investigation, while also helping to identify, assess and manage the risks.
Financial controls
Your organisation should have clear and robust financial controls in place, for example, setting authorisation limits and adopting a policy of "no purchase order, no payment".
Anti-fraud culture
Promote an ethical and transparent organisational culture where honesty and integrity are valued. Leadership should set a positive example by adhering to ethical standards, and employees should be encouraged to speak up about any concerns they may have.
The fight against fraud begins with getting the 'culture' of an organisation right (including demonstrating a zero tolerance of fraud and corruption and support for whistleblowing). The organisation's leadership must set the tone to establish and communicate good fraud risk management by demonstrating the expectations of everyone.
Staff training
Invest in counter-fraud awareness training programmes to educate employees about the importance of ethical procurement practices and the potential consequences of fraud. Make sure employees understand your organisation's policies and procedures, and provide ongoing training to keep them informed about new fraud risks.
Effective due diligence
Before engaging with any suppliers, conduct thorough due diligence to verify their legitimacy. You need confidence in a supplier's ability to deliver the goods and services required and to work in an ethical and legal manner. Such due diligence includes checking their financial stability, reputation, and compliance with legal and ethical standards. Implement a supplier onboarding process that includes background checks and periodic reviews.
You should also ensure that your organisation does not engage with suppliers before checking their sub-contractors and also internal checks – for example, are there any relationships between your staff and the supplier?
Conducting internal due diligence can also be very useful. Do you ask yourselves the same questions that you ask your suppliers? What does due diligence look like in your organisation?
Segregation of duties
It is imperative to divide procurement responsibilities among different employees to create a system of checks and balances. No single individual should have complete control over the entire procurement process. Additionally, implement robust internal controls to monitor procurement activities, such as regular audits and reviews.
Technology and data analytics
Leverage procurement management software and automation tools to streamline and monitor the procurement process. These tools can help reduce manual intervention, minimise human errors, and provide real-time visibility into procurement activities, making it easier to detect anomalies.
Regularly analyse procurement data to identify patterns and anomalies that may indicate fraud. Use data analytics and reporting tools to uncover irregularities, such as unusual spending patterns, duplicate invoices, or supplier collusion.
Authorisation
Implement a hierarchical system for authorising procurement transactions. High-value purchases should require multiple layers of approval, and individuals with procurement authority should be periodically reviewed and re-authorised based on their performance and adherence to policies.
Reporting
Establish a confidential reporting system that allows employees to report suspicious activities without fear of retaliation. Ensure that all reports are thoroughly investigated and, when necessary, involve law enforcement agencies.
Audits
Schedule routine internal and external audits to assess the effectiveness of your anti-fraud measures. Independent audits can uncover fraud that may not be apparent through regular monitoring and analysis. Surprise audits can be particularly effective as well to test controls in place and identify areas for improvement.
Identifying risks
Following a standard risk management process, procurement fraud risks should be identified and assessed and appropriate strategies for their management should be implemented and kept under review. This involves estimating the probability, impact and proximity of each risk by conducting risk assessments and incorporating this into your current preventative measures. The risks should be recorded in a risk register, together with an allocated risk owner and how the risk to is responded to i.e. what further controls should be implemented to manage continuing risks.
Documents
In order to prevent procurement fraud, you should ensure that there is mandatory use of standard procurement documents and all vendors are required to complete pre-qualification/selection questionnaires. Also ensure that standard terms and conditions of contract are used and comprise a non-collusion clause.
All organisations should also have the following registers in place:
- Register of gifts and hospitality
- Risk register (as mentioned above)
- Contracts register
Conclusion
Preventing procurement fraud is an ongoing process that requires vigilance, commitment and a proactive approach. By implementing the steps outlined in this article, organisations in the public sector can significantly reduce their vulnerability to fraud and protect their financial assets and reputation.
It is crucial to stay updated on emerging fraud risks and continuously refine your anti-fraud measures to adapt to changing circumstances. Preventing procurement fraud is not just a cost-saving measure but an essential element of responsible and ethical business conduct.