More on Compliance, Audit, and Supply Chain Fraud
Deloitte today published some fresh research confirming what many compliance officers probably already suspect: supply chain fraud continues to be a serious problem for many companies, and one that most organizations aren’t terribly adept at fighting.
The fundamental problem is how to fit modern anti-fraud procedures into global corporations’ convoluted payment approval process. We have more business processes outsourced to third parties sprinkled around the world; that means more invoices flitting around in the accounting systems of some very large businesses. By the time an invoice is found to be duplicate or bogus, payment has already been made and the fraudulent party may be long gone—especially if one of your own employees is part of the scam.
Mark Pearson, a principal with Deloitte Financial Advisory, described it as “trapped in a pay-and-chase model… invoices are paid first, then retribution is sought much later when fraud is found.” Well said, Pearson; I could not agree more.
Deloitte released a flock of statistics (taken from a survey of participants in a recent webcast on supply chain fraud) showing how thwarted procurement and compliance executives are. Better analytics of unpaid invoices would be one way to fight fraud, but too few companies do this: 27 percent said yes, their companies analyze unpaid invoices, but 24 percent said they did not and 49 percent didn’t know. When asked to describe their organization’s use of analytics to fight supply chain waste, 19.3 percent said it was absent, 13.7 percent said lacking, and only 8.6 percent described their analytics as “advanced.”
The good news is that your accounts payable employees are the least likely to commit supply chain fraud; only 10.3 percent of respondents cited A/P as their chief worry. Procurement employees were cited by 24.7 percent, project managers by 26 percent. (Another 26 percent didn’t know.)
If I had to guess, I suspect one part of the problem is that many companies have business software systems with at least some anti-fraud analytics—the companies simply don’t use those analytics to the fullest extent. To keep fighting this threat (and supply chain fraud will not go away any time soon, so get used to thinking about this problem), you need a multi-pronged approach: compliance helping the business units to vet suppliers, while internal audit and A/P work together on a more analytics-driven program of finding fraud.
I like Pearson’s pay-and-chase description of the problem a lot, actually, because it helps frame the compliance and audit roles here. Compliance helps to minimize the risk of supply chain fraud, while internal audit and the corporate controller work to uncover the fraud that happens anyway. Then, maybe, you can break the pay-and-chase cycle Pearson describes.