© 2018 Association of Certified Fraud Examiners, Inc.
Contract and Procurement Fraud
Vendor Management
© 2018 Association of Certified Fraud Examiners, Inc. 2 of 27
▪ Organizations must take steps to reduce vendor
fraud, including:
• Conducting vendor due diligence
• Managing vendor risks via contracts
• Ensuring vendors are legitimate (avoiding shell
company schemes)
Introduction
© 2018 Association of Certified Fraud Examiners, Inc. 3 of 27
▪ Controls for vendor master file management
▪ Vendor background checks
▪ Vendor questionnaires
▪ Vendor due diligence checklists
▪ Vendor monitoring
▪ Compliance committees to oversee the
retention of any vendors
▪ Watch lists
Vendor Due Diligence
© 2018 Association of Certified Fraud Examiners, Inc. 4 of 27
Controls for Vendor
Master File Management
▪ Set procedures for setting up new vendors and
changing vendor master file records.
▪ Separate responsibility for vendor master file
from approving invoices and signing checks.
▪ Establish clear vendor master file naming
conventions.
▪ Keep vendor records accurate and up-to-date.
▪ Monitor the application of the accounts payable
policies on vendor master files.
© 2018 Association of Certified Fraud Examiners, Inc. 5 of 27
Vendor Background Checks
▪ Review watch lists.
▪ Conduct a corporate registry search.
▪ Search politically exposed persons (PEP)
databases.
▪ Verify the vendor’s key individuals.
▪ Verify vendor’s insurance.
© 2018 Association of Certified Fraud Examiners, Inc. 6 of 27
Vendor Background Checks
▪ Verify any professional licenses.
▪ Confirm physical addresses.
▪ Perform site visits.
▪ Test the reputation of the vendor and its key
individuals.
▪ Conduct a media analysis.
© 2018 Association of Certified Fraud Examiners, Inc. 7 of 27
Vendor Background Checks
▪ Compare vendor addresses against employee
addresses.
▪ Conduct interviews.
▪ Review the vendor’s policies and procedures on
fraud, governance, and compliance.
▪ Review the vendor’s financial data.
▪ Review the vendor’s banking information.
© 2018 Association of Certified Fraud Examiners, Inc. 8 of 27
Vendor Questionnaires
▪ Management should
consider giving potential
vendors a questionnaire
requesting various types
of information.
▪ The questionnaires
should be written for
each company’s specific
needs.
© 2018 Association of Certified Fraud Examiners, Inc. 9 of 27
Vendor Due Diligence Checklist
▪ Develop and use a
vendor due diligence
checklist to help ensure
that the vendor due
diligence process is
conducted in a refined
fashion.
© 2018 Association of Certified Fraud Examiners, Inc. 10 of 27
Vendor Monitoring
▪ Use monitoring and
auditing systems to
detect criminal
conduct of vendors.
▪ Base monitoring
systems on the red
flags of vendor
schemes that pose
the greatest risk.
© 2018 Association of Certified Fraud Examiners, Inc. 11 of 27
Compliance Committee
▪ Establish a compliance
committee to review and
record actions and
contracts relating to the
retention of any vendors.
© 2018 Association of Certified Fraud Examiners, Inc. 12 of 27
Watch Lists
▪ World Bank debarred parties list
▪ Multilateral development banks’ sanctions lists
▪ Nonproliferation sanctions lists
▪ Cross debarment
▪ U.S. OFAC Specially Designated Nationals List
© 2018 Association of Certified Fraud Examiners, Inc. 13 of 27
▪ Considerations in vendor contracts:
• Compliance with the law
• Professional standards
• Indemnification clauses
• Insurance
• Limits on liability
• Conflicts of interest
• Contract default, termination, and renewal
Managing Vendor Risks Via Contracts
© 2018 Association of Certified Fraud Examiners, Inc. 14 of 27
▪ Right-to-audit considerations
• Require a reasonable accounting system.
• Include the right to determine how funds were used.
• Don’t limit the time for conducting an audit.
• Include subcontractors.
• Ensure that the right-to-audit clause is thorough and
specific.
Managing Vendor Risks Via Contracts
© 2018 Association of Certified Fraud Examiners, Inc. 15 of 27
Risk of Shell Companies
▪ Part of vendor management involves ensuring
that vendors are legitimate business
enterprises.
▪ A shell company is a company that has no
physical presence and generates little
independent economic value.
© 2018 Association of Certified Fraud Examiners, Inc. 16 of 27
Shell Company Schemes
▪ Involve the issuance of false invoices for
products and services never delivered or
rendered.
▪ Typically perpetrated by employees who:
• Authorize purchases
• Review and approve vendor payments
▪ Three-part process:
• Setting up the shell company
• Submitting an invoice
• Obtaining payment approval for the fraudulent invoice
© 2018 Association of Certified Fraud Examiners, Inc. 17 of 27
Shell Company Schemes
© 2018 Association of Certified Fraud Examiners, Inc. 18 of 27
Preventing Shell Company Schemes
▪ Segregate the duties of:
• Authorizing purchases
• Confirming purchases
• Authorizing payment
▪ Require purchase orders for payment.
▪ Create an approved vendor list and prohibit
payment of invoices to any company not on
the list.
© 2018 Association of Certified Fraud Examiners, Inc. 19 of 27
Preventing Shell Company Schemes
▪ Have prospective vendors fill out a vendor data
form.
▪ Verify the authenticity of contractors before
making payments.
▪ Segregate duties of approving payments and
adding or deleting names on the approved
vendor list.
▪ Periodically compare budgeted expenses with
actual expenses.
© 2018 Association of Certified Fraud Examiners, Inc. 20 of 27
Preventing Shell Company Schemes
▪ Compare vendor addresses with employee
addresses.
▪ Track unusual invoicing patterns.
▪ Train personnel to watch for the red flags of
fraudulent invoices.
▪ Prohibit use of vendors that do not have a
physical address.
© 2018 Association of Certified Fraud Examiners, Inc. 21 of 27
Red Flags of Shell Company Schemes
▪ Payments to contractors not on the approved
vendor list
▪ Vendors not located in business directories
▪ Vendor address that is:
• Not a street mailing address
• Residential
• Incorrect
• Multiple addresses
© 2018 Association of Certified Fraud Examiners, Inc. 22 of 27
Red Flags of Shell Company Schemes
▪ Invoices for unspecified or poorly defined
services
▪ Unnumbered or sequentially numbered vendor
invoices
▪ Vendor using unfamiliar contractors
▪ Vendors with similar names
▪ Vendor and procurement employee with similar
or identical information
© 2018 Association of Certified Fraud Examiners, Inc. 23 of 27
Red Flags of Shell Company Schemes
▪ Vendor who fails to submit an EIN
▪ Unexplained increase in volumes of purchases
▪ Boilerplate contracts that have no clear
definition of goods or services to be delivered
▪ Poor, illegible, or missing documentation
supporting a vendor payment
© 2018 Association of Certified Fraud Examiners, Inc. 24 of 27
Red Flags of Shell Company Schemes
▪ Large billings broken into multiple smaller
invoices that fall just below a threshold limit
▪ An invoice with an even amount (round number)
that is unexpected or unreasonable
▪ A check for an out-of-town vendor cashed
locally
▪ Contracting employee who shows interest in
invoices submitted by a particular vendor
© 2018 Association of Certified Fraud Examiners, Inc. 25 of 27
Detecting Shell Company Schemes
▪ Check vendor addresses against mail drop
address lists.
▪ Search for new vendors that have high activity.
▪ Research unusually large expenses,
unexplained variances in expenses between
years, or expenses that exceed budgeted
amounts.
© 2018 Association of Certified Fraud Examiners, Inc. 26 of 27
Detecting Shell Company Schemes
▪ Compare all paid contractors to:
• Approved vendor lists
• Business directories
• Telephone reverse directories
• Dun & Bradstreet listings
• Government business filings
▪ Determine if invoiced goods or services were
received.
© 2018 Association of Certified Fraud Examiners, Inc. 27 of 27
Detecting Shell Company Schemes
▪ Examine financial statements for variances in
expenses that should correlate with revenue.
▪ Examine work product from consultants.
▪ Examine documentation for payments to
contractors that provide difficult-to-verify
services or goods.
© 2018 Association of Certified Fraud Examiners, Inc. 28 of 27
Detecting Shell Company Schemes
▪ Conduct a background check to identify:
• Ownership of contractor
• Contractors with undisclosed outside business
interests or front companies owned by the contracting
employee
• Contractor with family ties to a procurement
employee
• Procurement employees with an unexplained
increase in wealth or outside income
© 2018 Association of Certified Fraud Examiners, Inc. 29 of 27
Detecting Shell Company Schemes
▪ Cross-check vendor contact information with
that of:
• Employees
• Employees’ outside businesses
• Employees’ relatives’ residences and businesses
▪ Compare shipping addresses to:
• Employee addresses
• Addresses of other vendors
© 2018 Association of Certified Fraud Examiners, Inc. 30 of 27
Detecting Shell Company Schemes
▪ Compare vendor EIN to employees’:
• Government identification numbers
• Outside businesses’ EINs
• Relatives’ government identification numbers
• Relatives’ business EINs
▪ Conduct an on-site audit of the vendor.
Top Related