A Detroit middle school principal approved phony purchase orders so a vendor could bill the school system for materials that rarely made it to the classroom. “Most of the principals are doing this,” the vendor asserted. “I’ve been a vendor for 50 years and nobody has gotten caught.” For her complicity in this contract and procurement fraud, the principal received $194,000 in kickbacks.
That’s a pittance compared to some contract and procurement fraud cases we’ve seen in the news. What’s alarming about this case is how systemic the fraud was. It was condoned by some top education leaders, who either didn’t know or overlooked $50,000 in fraudulent overtime by school employees. One high-ranking administrator even set up a shell business with some retired employees and sold $1.27 million in fake tutoring services back to the school. It’s very scary when fraud becomes so pervasive that it is widely accepted.
Protect the Integrity of the Procurement Function
Trends and best practices in global procurement fraud
Purchasing is ripe for contract and procurement fraud
Whenever you have a vendor trying to win business and a procurement official who sees a chance for personal gain, fraud is possible. The complexities of the procurement function, the potential for fraud at all phases of the process, the involvement of many people, and the sheer number of transactions combine to make detection a multifaceted challenge. Contract and procurement fraud is usually discovered by auditors after the losses have occurred and the money is lost, if at all.
It doesn’t have to be that way. With fairly straightforward database searching and matching, you might be surprised what you find. My colleague Chris McAuley, Director of Fraud and Financial Crimes here at SAS, led a study looking at possible contract and procurement fraud in an organization with 75,000 employees and $16 billion in annual sales.
Looking first at supplier and employee master data records, the study found a lot of suspicious overlaps, such as 7,216 vendors with different names sharing an address, 4,745 vendors with different names sharing a bank account, and 788 employees who shared a bank account with a vendor.
These findings don’t necessarily indicate fraud or collusion. They could stem from data quality issues in source system data. But if the problem is not in the data, you have some red flags to look into.
Things really got interesting when McAuley and his team homed in on a year’s worth of transactions. They found:
- 45,803 cases of multiple intraday transactions (over 30 transactions a day) totaling $9.1 billion.
- 37,020 incidences of sequential invoices over $10,000 for nearly $4.2 billion in total value.
- 1,000 invoice outliers for the top 1,000 vendors, representing nearly $1.5 billion.
- 54,127 duplicate invoices for the same vendor and amount over $5,000, representing $4.35 billion.
- 8,379 duplicate invoices (same tracking number and amount, over $100) for different vendors, totaling $123 million.
Again, these figures are not de facto evidence of criminal activity, but they certainly show us where we might want to look more closely.
The basics for preventing contract and procurement fraud
For even the largest headline-making cases, having any sort of anti-fraud policies and practices would have deterred at least some of the fraud. Even if an organization can’t afford a sophisticated analytics system, it can stop a lot of contract and procurement fraud simply by applying good practices. Let’s talk about a few.
- Maintain and audit a valid master vendor list. This is the most fundamental control, but few organizations really have this step right. It’s common for organizations to award contracts to a lot of vendors who never appear on the master list.
- Perform due diligence during vendor evaluation. Make sure all vendors are vetted as eligible to receive contract awards. Have controls in place to ensure that no one can add unapproved (or fictitious) vendors to the vendor roll.
- Refer to published sources of debarments. Even if you’re not dealing with government contracts, those in the corporate sector might find government lists of ineligible vendors helpful guides.
- Determine if a vendor meets an appropriate profile. Peer grouping or clustering compares a vendor’s behavior to the norm for peers. For example, if you just awarded a $30 million contract to an individual who provides only a residential address and has no employees, you have to ask, “Does this business meet the profile of an entity that would provide this level of services?”
Similarly, good guy/bad guy profiling describes the typical attributes of legitimate vendors versus known fraudsters. When you see a pattern that was associated with past contract and procurement fraud, a worthy analytics system can recognize and flag it accordingly.
Whatever tools and processes are in place now, there’s always the opportunity to evolve to a higher level for earlier and more accurate detection – for more high-value alerts and fewer false positives. Jen Dunham, CFE Principal Solutions Architect SAS
Analytics for earlier and more accurate detection
Business rules screen for obvious concerns, such as employees who share a bank account with a vendor. Anomaly detection identifies unusual activity, such as excessive transactions for an entity. These approaches enable discovery based on what you know from the past. Analytics takes you to a different realm, to know what you don’t know.
Text mining identifies patterns in text sources such as contracts, reports and social media. For example, analysis of company emails might show that a procurement officer who makes $65,000 a year has bought a 10,000-square-foot house and an 80-foot boat. That might be worth checking into.
With advanced analytics, you can build predictive models that identify attributes or patterns that are highly correlated with known contract and procurement fraud, even complex and emerging patterns of fraud. For example, does this pattern look like patterns of vendors known to be bid riggers or to deliver counterfeit or substandard parts? Does this series of invoices, stepping up and down in dollar value, indicate a vendor trying to find the threshold of scrutiny?
Analytical models are used to score incoming transactions to determine if they look valid or fraudulent. Those scores factor into the overall risk score associated with the vendor.
Machine learning is changing the game for detecting contract and procurement fraud. Unlike rules-based detection systems, which are fairly easy for fraudsters to test and circumvent, machine learning adapts to changing behaviors in a population through automated model building. With every iteration, the algorithms get smarter and more accurate, keeping pace with evolving fraud tactics.
Since contract and procurement fraud often involves collusion or organized fraud rings, link analysis can be very helpful. Link analysis identifies relationships among entities based on static attributes (such as phone numbers, addresses or bank accounts) or transactional attributes (such as business relationships and referrals). What might look innocuous at an entity or transaction level could be suspect when viewed at a network or fraud-ring level.
Get ahead of contract and procurement fraud
Whatever the scheme or scope of the fraud, any type of collusion among suppliers and vendors undermines open competition and skews the fair market value of goods and services. It doesn’t take a headline-making case to point to the urgent need to do more to protect the integrity of the procurement function.
Whatever tools and processes are in place now, there’s always the opportunity to evolve to a higher level for earlier and more accurate detection – for more high-value alerts and fewer false positives. Ultimately we want to aggregate various methods of controls and prioritize the most important things for auditors and investigators to review – to make the best use of their time for detection and prevention.
About the Author
As a solution architect within the SAS Security Intelligence Practice, Jen Dunham is focused on providing expertise and assistance to government teams around the world in addressing various security risks, focusing on insider threat targeting, analytics lead generation, cybercrime, all-source (fusion) analysis and similar applications. As a Certified Fraud Examiner (CFE), she also assists government teams with traditional fraud challenges, focusing on occupational fraud, procurement fraud, and prescription drug monitoring analytics. Dunham served as an all-source intelligence analyst in the US Army for seven years, and has experience with investigations, counterterrorism, counterespionage, counternarcotics, and all-source intelligence analysis.
- Article Are you covering who you think you’re covering? Payers often don't focus enough on healthcare beneficiary fraud in public and private healthcare plans. Before paying a claim, payers need to ensure beneficiaries are eligible. Advanced analytics applied to a broad range of data can help them accurately detect and prevent beneficiary fraud.
- Article Detect and prevent banking application fraudCredit fraud often starts with a falsified application. That’s why it’s important to use analytics starting at the entrance point. Learn how analytics and machine learning can detect fraud at the point of application by recognizing the biggest challenge – synthetic identities.
- Article Unemployment fraud meets analytics: Battle lines are clearly drawnMany fraudsters seized opportunities presented by the COVID-19 pandemic. During the crisis, unemployment fraud became a battleground between international criminal networks and government agencies. Learn how analytics can save billions – and deliver benefits to those truly in need.
- Article Applying technology to ensure voter integrity in electionsVoter integrity is becoming a serious concern for many elections. Recent disclosures of foreign influence campaigns using social media highlight the potential impact on the integrity of the democratic process. In monitoring your systems, technology can identify both legitimate and fraudulent activity; the balancing act is to minimize the impact on legitimate activity while preventing acts of cyber-criminals and fraudsters.