Procurement is by far the greatest fraud risk in the public sector according to a new public sector fraud survey, with vendor contracting and maintenance being where most Australian public agency procurement fraud occurs.

The PwC Fighting Fraud in the Public Sector report found procurement fraud is now one of the “Big 5” economic crimes, with 33% of Australian respondents experiencing this type of fraud in the past 24 months. This rises to 46% for global government organisations surveyed. The report is the third in a series looking at public sector fraud in Australia and around the globe.

The procurement fraud life cycle

The procurement life cycle is a hotspot for fraudsters, because it is one of the primary areas of expenditure for government organisations. The cycle may be illustrated as follows:

Procurement fraud is often complex to investigate because it can occur at any stage of the procurement life cycle. Globally, fraud occurred most often during the payments process stage, followed closely by the vendor selection and invitation of quotes/bids stages. Overall, for Australian respondents, vendor contracting and maintenance was the stage at which most procurement fraud occurred. But for the government sector, the payments process was the most common point of attack, followed closely by vendor vetting and selection.

Where did procurement fraud occur?

Globally, alongside government/state-owned enterprises (46%), the industries reporting the most procurement fraud included energy, utilities and mining (43%), engineering and construction (42%) and transportation and logistics (39%).

Interestingly, these are all sectors where significant elements of their operations depend on close collaboration with governments, government entities and prime contractors likely to follow tendering processes.

How procurement fraud occurs

• Failure to follow organisation’s procurement policy and guidelines in awarding contracts to suppliers (eg. bypassing thresholds by awarding contracts without a market tender process)
• Inappropriate or poor contracting, including inappropriate terms and conditions favourable to the supplier
• Collusion by an employee with an external vendor to defraud the employer (eg. inflated contract prices, approving invoices for incomplete or substandard work). Employees may receive kick-backs, bribes or other incentives, or even be involved with the vendor in some capacity (eg as a consultant, director or shareholder)
• Establishment of a ‘ghost’ supplier or shell company to defraud through contracts, invoices and other payments
• Contract variations and increases to contract value made after contract commencement, and without market testing
• Inappropriate charges under cost-plus contracts, including cost/labour mischarging, defective parts and product substitution
• Falsification of documents, including fraudulent invoices.

Strategies to consider

In our experience, most incidents of procurement fraud can be prevented or detected early, if the organisation possesses a complete understanding of:

• the procurement framework (policies and procedures)
• the risks involved in the procurement life cycle
• how controls and review mechanisms will actually reduce risks.

Invitation of quotes and bids process/Vendor vetting and selection

• Procurement decision making is centralised and standardised or there is centralised management and supervision of procurement decisions
• The procurement policy reflects the scale and risk of procurement, for example how to make a decision to go to tender, the number of quotes required for each purchase or whether a sole provider is appropriate
• The procurement process is clearly mapped to identify the key controls and risks in the process
• The tender and selection policy is communicated to all relevant staff
• There are review mechanisms to ensure that approved vendors are used and government procurement rules are followed
• Evaluation criteria are confirmed before starting the tender process
• The evaluation criteria allow a like-for-like comparison
• An independent panel assesses the tenders: the project manager may advise the panel but should not vote on the decision
• Staff involved in procurement and who have procurement and payment delegations have appropriate and regular training on procurement policies and procedures
• Vendor due diligence is conducted for major suppliers, including financial (credit position, financial capacity, insurance) and qualitative considerations (reputation, associated entities)
• Vendors must provide declarations of ethical conduct and/or compliance with code of conduct guidelines
• An independent officer, in consultation with the project manager, is involved in any direct negotiations with the vendor
• There are controls in place to ensure that the value of the proposed contract is not split or reduced to circumvent any thresholds regarding going to tender.

Vendor contracting and maintenance

• Order prices are compared to tender documents, vendor contracts, purchase orders or agreed price lists. This comparison covers both material pricing and hourly pricing
• Contract variations as to delivery, service and pricing are reviewed and the need to retender is considered
• Approved vendors are established and goods can only be ordered from these suppliers
• The duties of individuals ordering goods and those receipting goods are clearly segregated
• There is an established process for emergency procurement, and any purchases made through this channel are reviewed by senior management to ensure that minimal purchases are made in this manner and adequate records have been maintained.

Quality review

• Training is conducted regularly to ensure staff are aware of procurement fraud risks and the red flags to look out for. This may be a combination of code of conduct training for all staff and tailored procurement fraud training for procurement staff
• A gifts and entertainment register is maintained to monitor potential supplier influence
• Annual conflict of interest declarations, particularly for procurement staff, are required under the company’s code of conduct
• Staff are required to declare secondary employment
• Managers conduct random monitoring
• Reviews and testing of procurement are included in the internal audit plan
• Problems relating to quality are documented and followed through with heightened monitoring: often quality issues are only discussed informally and let go until randomly identified in the future.

Payments process

• Delegations of authority are established and monitored for compliance
• Invoices are matched to authorised purchase orders
• Proof of delivery has been confirmed
• Vendor invoices are reviewed against internal supporting documentation for correct:

• Labour – hours (against timesheets or contract estimates), skills and costs (including margins, allowances and per diems)
• Materials – costs (on-costs and GST), delivery (confirming receipt), quality (inspection of goods to meet contact specifications)
• Overhead – calculations (as per vendor contracts).

Procurement is by far the greatest fraud risk in the public sector. We encourage government entities to actively review and challenge their processes and controls, undertake risk assessment, and review and update their detection mechanisms.

PwC recently released the results of its Seventh Global Economic Crime Survey 2014 — An Australian snapshot. Another key area covered includes cybercrime, with detail on fraud in information and system security. PwC found 41 per cent of government organisations had experienced at least one instance of economic crime in the past 24 months. The paper can help agencies identity areas where fraud could possibly occur. The full report can be accessed here.

More at The Mandarin: The enemy within: five strategies to stop cyber breaches