This is a guest post by my twin brother Charles. He is a CPA and a Certified Fraud Examiner. He is a partner in the firm McNair, McLemore, and Middlebrooks & Co. Charles lives in Macon, Georgia, with his wife Kelley. He is the author of The Why and How of Auditing, Audit Risk Assessment Made Easy, and The Little Book of Local Government Fraud Prevention. He blogs at cpahalltalk.com.
A bribe is seen as a charm by the one who gives it; they think success will come at every turn. Proverbs 17:8
Last week, Harry and I were running, and Harry was talking about project procurement risks. Since I am a fraud prevention guy, we began discussing the risk of vendor financial kickbacks to those with the power to purchase.
I have seen vendors provide free liquor, women, trips, cars, boats, and cash--all to guarantee their bid acceptance. One such case provided "hundreds of competitively-bid contracts to favored vendors in exchange for gratuities" including "hot tub parties with strippers."
If vendors know your employees' weaknesses, they can exploit them. And if they do, significant harm lies before you. The Association of Certified Fraud Examiners’ 2022 fraud survey showed that 50% of the cases were corruption-related with a median loss of $150,000.
The Power to Purchase
So, who has the power to purchase? Anyone that can make or cause payments to be made. This includes:
- Persons with the ability to issue purchase orders
- Purchasing directors
- Department heads that have purchasing authority
The power to purchase appears in myriad forms. In some businesses, department heads can, for example, authorize purchases up $75,000. In other entities, only the purchasing director has this ability. So, it's important for you to understand who can approve contracts or payments.
Vendors (not all, but some) go after the employees with the power to purchase. Why? Because that's how they get their money. Free Vegas vacations aren't given to employees that can't put money into the pockets of a vendor.
The Lure of Kickbacks
What makes kickbacks attractive?
Well, the person receiving the bribe may not understand the mechanics of the theft. When Acme, Inc.'s purchasing director receives a free boat from Sleeze Aircraft, he might think, "Wow, a new toy--and it's free!" But he may not understand how the gift affects his company.
So, how does a kickback affect the business? The purchasing director has a $50,000 vessel, and Acme Inc. didn't pay for it--or could it be that it has? Make no mistake: Acme Inc. will pay for the boat--just indirectly.
Sleeze Aircraft pays $50,000 for the boat but recoups the money by increasing its contract price by $150,000. Nice return. Pay $50,000: Get $150,000 and new business. Later, Sleeze sends inflated invoices directly to Acme's purchasing manager, and he gladly approves them.
Another reason bribes are a common form of fraud is they are extremely difficult to detect.
Unlike monies stolen directly from a business (for example, the taking of cash), the evidence of this theft is hidden. Where? In the inflated invoices which are approved in accordance with company policy.
It's much easier to detect fraudulent payments made to the finance director, for example. Auditors can see the check to the CFO which is not supported by an invoice.
By contrast, kickbacks are hidden in approved payments to a legitimate vendor. If an auditor reviews the transaction, he sees an approved purchase order, a properly signed check, and a proper posting to the general ledger. No red flags.
Given this risk, what can be done?
Lessening the Threat of Kickbacks
Here are a few ideas to lessen the risk of kickbacks:
- Require that sealed bids be opened in the presence of multiple people
- Create a gratuities policy
- Audit purchases over a certain dollar amount
Companies can require sealed bids for purchases over a certain dollar amount (e.g., $100,000). Then make sure those bids are opened in the presence of at least two or three people. I would include a person outside the purchasing department (e.g., comptroller or CFO). Why? A purchasing director could apply pressure to subordinates to keep quiet about improprieties.
The surest means of ensuring a clean procurement process is to create written protocols that require transparency. The procurement policy should include guidance such as:
- At what dollar amount are sealed bids required (e.g., more than $100,000)
- Who will open the bids and who will be present
- How to document the presence of those witnessing the opening of bids
- How to input the accepted bid in the accounting system
- Who will track compliance with the contract
- Bid procedures for amounts less than the sealed bid amount (e.g., less than $100,000)
- How the smaller bids will be obtained and documented
- Who can approve new contracts or purchases and at what dollar level
In addition to the procurement policy, create one for gratuities as well.
2. Gratuities Policy
A written gratuities policy serves notice that the company does not allow employees to receive gifts over a certain amount. You might allow presents up to $50 (the Christmas ham, for example). But employees need to know that the receipt of excessive gifts will result in written reprimands or possible dismissal.
The policy creates clear boundaries as to what is (and what is not) allowable. Then, should you have to terminate a staff member, you have grounds for doing so.
Additionally, administer the policy without regard to the position. Your junior-level employees will take their queues from their superiors. If the CEO takes gifts (and everyone knows it), then forget the gratuity policy--it becomes just a piece of paper.
3. Audit Large Purchases
Audit all purchases over a certain dollar amount (e.g., $250,000), or at least audit a sample of those items. The key is to let all employees know that these purchases are subject to potential audit. The mere possibility of discovery is a powerful deterrent.
Moreover, your auditors--whether internal or external--should report their findings directly to those charged with governance of the company. By this, I mean the report should not be vetted by the CEO or CFO prior to board submission. So how often should this report be provided to the board? Once a year and once a quarter, depending on the size of your company.
Auditing for Kickbacks
How does one audit for kickbacks? First, the auditor should review the bid documents and ask questions such as:
- Were multiple bids received?
- Were they documented?
- Who approved the bid?
- Did those present at the opening of the sealed bids document their presence?
Second, the auditor can contact the losing bidders to confirm that they actually provided a bid. Fictitious bids in a sealed envelope can appear appropriate. But maybe the winning bidder and the purchasing director are acting in collusion, and they created fictitious bid documents.
Third, the auditor can contact other third-party companies that provide similar services and products. Ask questions such as, "Does this price appear reasonable?" or "Can you direct me to a website that has similar product costs?"
Fourth, generate a "payment by vendor" report from your accounting software; then inspect the summary of payments. Look for any outliers or for a pattern of payments that don't make sense.
Finally, no policies or vetting can prevent all fraud, but these suggestions will move you in the right direction.
If your company makes significant vendor payments, consider using IDEA or ACL to data mine your information. You'll need trained staff or consultants to go this route since these software packages are complex. But, if used appropriately, these packages allow you to dig even deeper into vendor payments.
I hope you've found this article useful. I provide more fraud prevention information on my blog at cpahalltalk.com.
Project Risk Coach Tips
Sign up for project risk management tips and receive the Project Management Plan Checklist. This will allow you to deliver projects with fewer problems and greater value.
"Intelligent leadership, creative communication and depth of technical skill all describe Harry Hall." –John Bartuska, Director of HR–ONUG Communications