Procurement Fraud Consumer Companies

CONSUMER MARKETS
Procurement Fraud in
Consumer Companies
Preventing, Detecting and Taking Action
K P M G I NT E R N AT I O N A L
ii P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N
Message from Willy Kruh

We have found that procurement is an area that is highly susceptible to fraud and
misconduct in consumer markets companies. Further, increasingly complex and
global supply chains, coupled with a challenging economic environment, lend to
an even heightened incidence of this type of fraud. Since financial losses resulting
from procurement fraud directly affect a companys bottom line, minimizing the
opportunity for fraud within the procurement cycle can result in substantial gains
for consumer companies.
Willy Kruh
Global Chair
Consumer Markets
KPMG in Canada
This paper shares the insight and experience of some of KPMG firms leading
forensic and contract compliance professionals who assist companies in the food,
drink, consumer goods (FDCG) and retail sectors with addressing procurement
fraud issues. In addition, the report summarizes and analyzes the results from a
poll of over 460 FDCG and retail sector procurement and other executives who
attended a KPMG Global Consumer Markets webcast on this topic earlier this
year. These poll results provide the first-hand perspectives of your industry peers
on how their own companies are affected by and dealing with procurement fraud.
I trust that the information herein, on the key procurement fraud risks, leading antifraud procurement practices and cross-departmental approaches to procurement
fraud, supported by the feedback and insights shared by the KPMG webcast
participants, will provide you with relevant and useful guidance that you can
apply in your organization.
2010 KPMG International Cooperative (KPMG International), a Swiss entity. Member firms of the KPMG network of independent firms are
affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
PROCUREMENT FRAUD IN CONSUMER COMPANIES: PREVENTING, DETECTING AND TAKING ACTION 1
Contents
2 Introduction
3 Procurement fraud risks and
ways to reduce your exposure
12 Using technology to detect

procurement fraud
18 Making use of supplier audits

to counter fraud and loss
22 Conclusion
Introduction
I have seen more
incidents of serious
procurement fraud
in each of the last
two years than in
any of the previous
eighteen.
Amanda Aldridge
G
lobal Forensic Lead, Consumer
M
arkets, KPMG in the UK
Historically, procurement fraud in consumer markets organizations has not been

as proactively or successfully managed as it can be today. Often regarded as an
issue not easily identified or prevented, many food, drink and consumer goods
(FDCG) and retail organizations were more likely to regard procurement fraud as
an unavoidable cost that (they hoped) had minimal impact on the bottom line.
However, according to a survey of 959 Certified Fraud Examiners on Occupational
Fraud & Abuse conducted by the Association of Certified Fraud Examiners (ACFE),
US organizations are losing nearly 7 percent of their annual revenues to fraud each
year.1 If this is typical across industries and in other countries, then clearly it is an
issue that consumer businesses around the world cannot afford to ignore. In the
UK, procurement fraud is also a rising concern, where Amanda Aldridge, Global
Forensics Lead, Consumer Markets, KPMG in the UK, says that she has seen
more incidents of serious procurement fraud in each of the last two years than in
any of the previous eighteen.
In part, this apparent impact of, and rise in, fraud may be due to better detection, but
certainly as the issue moves up boardroom agendas, consumer markets companies
are beginning to ask themselves difficult questions about their approaches to
preventing, detecting and taking action against procurement fraud. They are
looking for help to find the answers.
Businesses face a number of key challenges. Have their buyers got the message
as to what is unacceptable behavior? Are they policing their gifts, entertainment
and conflict of interest policies? How effective is their due diligence in relation to
new or changing supplier relationships? Are they mobilizing the honest majority of
their employees and suppliers to report concerns? Are they using focused audits
to uncover overcharging or under-delivery? And have they tried to measure the
size and nature of the problem?
This paper looks at some of the risks associated with procurement fraud in the
consumer markets sectors and how these companies can reduce their exposure,
the use of technology to detect procurement fraud, and how to leverage supplier
audits to counter fraud and loss.
During a Global KPMG Consumer Markets webcast on Procurement Fraud held
earlier this year, participants were asked a series of questions to gather information
as to how consumer markets companies are preventing and detecting procurement
fraud in their organizations. Readers will find the results of these polls presented
and discussed throughout the paper.
1
Association of Certified Fraud Examiners (ACFE) 2008 Report to the Nation on Occupational Fraud and Abuse
Procurement
fraud risks
and ways to
reduce your
exposure
Referring again to the survey by the ACFE mentioned in the Introduction, the
most common fraud scheme (cited 27 percent of the time) was corruption,
including purchase schemes, invoice kickbacks and bid rigging. Schemes involving
fraudulent disbursements of cash were cited more than 50 percent of the time
with respect to asset misappropriations. Respondents cited a lack of adequate
internal controls as the biggest single contributing factor to occupational fraud.
One of the keys to reducing those losses therefore lies in managing the risks of
fraud and abuse and, clearly, in focusing on the procurement process.
The procurement process

Procurement has two distinct elements: sourcing and purchasing. Sourcing is where
an organization can create value by identifying cost savings within its current spend
and it starts by identifying specific purchasing opportunities.
For example, by rationalizing the number of vendors and capitalizing on economies
of scale, it may be possible to drive down costs per unit. This process can be helped
by having a defined competitive bid process.
The sourcing process should culminate in negotiated contracts with approved
suppliers, delivering lower costs. Obviously, the potential savings can and will
vary depending on the following:
Current level of spend by category
Number of suppliers per category
Distribution of spend across division or businesses
Contract availability
Maturity of process and previous efforts to improve various categories of spend.
Value can be realized in the procurement process by executing and completing the
purchasing cycle. The majority of purchases should be from the list of approved
vendors, and many companies will monitor and maintain their list in the form of
a supplier catalogue. This catalogue lists the various products (Stock-Keeping
Units, or SKUs) that the organization requires, as well as the approved vendors
with agreed pricing.
4 P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N
This is not a static process. There will likely be ongoing opportunities to reduce
cost. As businesses change (products, geography, etc.), consumer markets
organizations will need to evaluate their vendors and related processes
continuously. Many companies establish specific metrics against which they
monitor and evaluate their vendors and spending. Again, this is a continuous
process and, to manage it, an organization should constantly assess its supplier
relationships and look for opportunities to create value.
Figure 1: The procurement value cycle
Performance
Management
n
tio
ment
lfill
Fu
Cash
Performance
Quality
Va
lu
e
Requisition
Request
Proposals
Sou r c i ng
Purchase
Order
Specification
Manageme
lue
nt
Va
Value
Cr
ea
Pur c has i ng
Receipt/
Pay
Identify
Opportunities
Negotiate
Catalogue
Contract
Source: KPMG International, 2010
Opportunities for fraud

It is not surprising that within the procurement value cycle (Figure 1), there are
several opportunities for fraud and abuse in consumer markets companies.
Depending on the nature of the business, and its controls and processes, an
organization may be susceptible to risks, including the following:
Phantom vendors where fictitious vendors are set up in the companys
vendor master file and payments are dispersed to them
Bid rigging where there is collusion between procurement personnel
and bidders, or among a number of bidders where they collaborate to drive
prices higher
This is a continuous
process and, to
manage it, an
organization should
constantly assess its
supplier relationships
and look for
opportunities to
create value.
A grey market where companies can suffer losses through counterfeits and
knock-offs or where suppliers generate unauthorized production, putting a
companys real products at risk
Failure to meet contract specifications resulting in substandard products
and sometimes dangerous goods
Bribery and corruption especially in higher-risk geographies
Unauthorized disbursements.
The structure and nature of the business can also provide opportunities for fraud.
It is our firms experience that there is a higher risk of fraud in widely decentralized
operations, especially in some emerging economies. Procurement fraud tends to
occur where there is an opportunity, and these opportunities can emerge as a
company changes and grows. Keeping controls up to date with technology and
the growth cycle of the business is critically important.
How can companies protect themselves from such risks?

There are certain basic or core internal controls and practices that should be in
place to reduce a companys exposure. These include the following:
segregation of duties
standard, consolidated reporting
common policies and process standardization
a single supplier database and contracts register
a single payment address
risk management controls
procedures for forecasting the companys demand from suppliers.
For example, the segregation of duties is one of the most basic but effective
controls, since it separates the responsibility for supplier selection, the negotiation
of the contract and the purchase decision from the receiving function and from
the payment function.
It can be expected that many businesses will have these core requirements
covered. One of the key decisions facing companies in this area, however,
is where to allocate resources to make improvements to their procurement
processes. KPMG firms have identified several better or preferred practices
that can help improve consistency, promote more frequent use of approved
suppliers and drive value. These include the following:
an electronic procurement catalogue
the use of purchasing cards
commodity spend simplification
process automation and workflow management
integration of enterprise systems
real-time spend data visibility
management by exception.
Figure 2 identifies some methods that a company might utilize to improve its
procurement processes. What drives each organizations choice of strategies
and when to implement them will depend on the following:
where the company is in terms of already making improvements
the relevance the industry leading practices have to its various systems
the balance of risk (often in terms of cost or disruption to existing systems) vs.
reward for making such changes.
Figure 2: Purchase to Pay Leading and Common Practices
Wave 2
Core
Supplier
relationship
management
Good practice
Electronic
procurement
catalogue
Purchasing
cards
Supplier
relationship
management
Work flow
control
Shared
services
Future
Strategic
sourcing
Common
processes
Technology
enabled
procurement
More integrated
systems can lead to
better measurement
of effectiveness and
promote the right
buying behavior
among procurement
personnel.
Wave 1
eAuctions
Management
by exception
Outsourcing
Low
Process
automation
& work flow
Medium
High
Typical reward/risk profile

The delineation between Wave 1 and Wave 2 will be different for each organization.
Wave 1 strategies can often be considered as the lowest hanging fruit those
that will result in the shortest-term gains on a cost-effective basis.
More integrated systems can lead to better measurement of effectiveness and
promote the right buying behavior among procurement personnel. In addition,
better scrutiny of spending and real-time reporting will lead to more timely
and more effective management by exception. This can be used to identify
unauthorized variances in pricing, purchases from non-approved vendors and
inappropriate/excessive quantities of purchases compared with inventory levels
or forecasted demand.
Many consumer markets companies seem to lack a strategic approach to
managing procurement. In a poll during the recent KPMG webcast on
Procurement Fraud, only 19 percent of over 300 respondents from the FDCG
and retail sectors said their companies had a comprehensive strategic sourcing
initiative in place. Another 30 percent said that their processes needed
improvement (see Poll Question 1).
Poll Question 1: Extent of current processes
To what extent does your organization have defined processes to

manage procurement:
Comprehensive strategic sourcing initiatives
19
Core requirements plus some leading practices
26
Core requirements covered
24
Processes need improvement
30
0%
10%
20%
30%
40%
Where are consumer companies falling short?

In our work in this area, KPMG firms frequently find certain recurring system
failures. These include the following:
non-compliance or maverick buying
lack of segregation of duties
lack of an effective three-way matching process
failure to adopt proper purchasing procedures.
Maverick buying is where purchases are made from local non-approved vendors.
This is common practice when it is believed to be an easier or quicker way to get
the needed product. However, it is not always possible to control the costs of
such purchases centrally, and experience has shown that they are sometimes
inappropriate (i.e. from phantom vendors or where local purchasing agents are
receiving kickbacks). Maverick buying is something KPMG firms see in almost
every investigation of expenditures involving a geographically distant division or
subsidiary. It is important to note, however, that there isnt always fraud. We
often simply find people trying to work around the system of internal controls
to make their lives easier. Either way, it should not happen.
Surprisingly, KPMG professionals still see instances where consumer markets
companies make disbursements based on invoice alone, without comparing
them to approved purchase orders and related receiving documentation. In
these cases, it is not possible to know whether the product was actually
received or approved in the first instance. This basic requirement to match the
invoice, purchase order, and receiving document, so that an organization can
actually prove it received the goods, is essential. If segregation of duties is
inadequate in this area, it may be possible for payment to be made where no
goods or only some of the goods and/or services have actually been received.
Proper purchasing procedures require defined protocols around tendering and the
bidding process. However, in our firms experience, far too many organizations
do not keep the results of the procurement process or what we would call
an audit trail to confirm that the process is working as it should. If there is
no requirement to keep these documents, there is a greater risk of abuse of the
system, making it that much harder to recognize exceptions and violations.
Another area where companies can fall short is in performing due diligence on
their suppliers to fully understand with whom they are doing business. Industry
leading practice suggests that there should be a defined process, with a process
owner and a system for archiving the results of the background reviews. This
reduces the risk of fictitious vendors being set up on the vendor master file and
can reveal situations where potentially inappropriate payments might be made by
a distant subsidiary.
Red flags
There are several red flags that should alert companies to potential fraud. Some
of the most common red flags seen by our firms professionals include:
Close socialization with government officials with gifts, expenses, etc., incurred
A losing bidder being hired by a winning bidder, suggesting collusion or that
the winning bidder really did not have the capability to deliver the product or
service
A losing bidder that is not listed in business directories, which might suggest
that the bidder was fictitious and was only put into the process to make it look
as if there was a competitive process
A low initial bid but many change orders, which may appear as collusion with
the buyer
Consumer markets
companies should
be well-informed
about their
customers and
vendors, and in
some countries they
should be especially
wary in their
dealings with
government officials.
Continued acceptance of high-priced, low-quality goods, which might reveal

problems with the Quality Assurance (QA) department and the existence of
kickbacks
A vendor whose address is a mail drop box, multiple purchase orders of small
amounts, unnecessary middlemen in the procurement process, or a losing bid
that cannot be located or where there is minimal documentation.
Consumer markets companies should be well-informed about their customers and
vendors, and, in some countries, they should be especially wary in their dealings
with government officials. Having a robust process to evaluate potential suppliers
should reduce the risks associated with the red flags listed above. Common sense
dictates that if a supplier has gone to the trouble of having a post office box set
up as a street address, further investigation is warranted. Equally, continued failing
of quality standards by a supplier or a concentration of such suppliers linked to a
single buyer may be the warning signs of a buyer involved in procurement fraud.
If there are unnecessary middlemen in the process, then companies should also
investigate further. Our firms professionals have uncovered numerous instances
where entities have been set up solely for the purpose of paying commissions.
Risks in the New World
To drive cost and

other efficiencies,
many companies
are entering into
joint ventures
and partnering
arrangements with
local businesses.
With procurement assuming an ever-increasing strategic role in many organizations,

it is important to not only know the potential benefits, but also the associated risks
of driving change within the procurement process.
Investigations held by KPMG firms revealed that many instances of misconduct
do not occur at head office, but rather at remote locations where there are very
different cultures and ways of doing business. Notwithstanding these differences,
international companies will generally be held to the regulatory standards that
apply in the country where their head office is located. As regulators globally
increase their efforts to stamp out bribery and corruption with ever-increasing
penalties, it becomes increasingly important for companies to be well-informed
of their business partners.
To drive cost and other efficiencies, many companies are entering into joint
ventures and partnering arrangements with local businesses. These arrangements
need very careful consideration as companies that enter into joint ventures are, to
some extent, putting their reputations and capital in the hands of others.
As a companys business dealings assume greater complexities and geographic
dispersion, so should its approach to managing the ever-evolving associated risks.
An example of an industry-leading practice in this area is to move procurement
personnel and buyers periodically between categories.
Case study
A company had observed that when one of its buyers was moved to a different
category as part of a planned move, a number of the suppliers appeared
to move with him. This was peculiar and was raised as a red flag since the
categories of goods were very different. One would expect that if the category
of goods is very different, so too would be the appropriate suppliers. It was
ultimately discovered through investigation that some of the suppliers were
nothing more than middlemen sourcing product for the buyer. At a minimum,
the company incurred costs that it should not have incurred, and at worst,
the company was defrauded. In this example, moving the buyer and effectively
monitoring the spend paid dividends.
P R O C U R E M E N T F R A U D I N C O N S U M E R C O M P A N I E S : P R E V E N T I N G , D E T E C T I N G A N D T A K I N G A C T I O N 11
This example shows that there is an increasing role for internal auditors, who
better understand the challenges that lay before them and the specific risks that
procurement presents. Before conducting an internal audit for a particular location,
KPMG firms professionals see it as preferred practice to brainstorm the specific
risks that might be present in the market, as well as discussing and finalizing key
indicators for the internal audit team. If possible, we would also suggest having a
discussion with someone who is very experienced and knowledgeable about the
market, but is also independent. This would provide additional perspective on local
schemes and related risks making the audit more effective and efficient.
When asked who is primarily responsible for the management of fraud and
misconduct risk in their procurement process, 31 percent of the survey
respondents from consumer markets companies indicated that this was the
responsibility of internal audit and 33 percent said it was down to the function
itself. These are very interesting responses since in the first instance, the role
of internal audits is generally limited to monitoring and testing of controls, and in
the second, there may be an inherent conflict if the same function is responsible
for controlling itself (see Poll Question 2).
Poll Question 2: Primary responsibility for management
Who is primarily responsible for the management of fraud and

misconduct risk in your procurement processes:
Internal audit
31
Procurement
33
Accounting
14
Legal/compliance
10
None of the above
0%
10%
20%
30%
40%
50%
Using
technology
to detect
procurement
fraud
Forensic data analysis
Companies often
overlook other
valuable sources of
information, such as
itemized phone call
listings, access
control logs for
offices and other
publicly available
databases.
One of the key technology tools for detecting procurement fraud and abuse is
forensic data analysis where the focus is on being proactive. Companies collect
vast amounts of data on a daily basis for the purposes of running their businesses.
But are they extracting additional value from this data that could help them identify
fraud or misconduct?
Proactive forensic data analysis is a powerful weapon against fraud and misconduct.
A holistic approach is necessary (Figure 3) and this includes the use of more
traditional methods of fraud control, such as the use of telephone hotlines and
fraud risk assessment programs.
Figure 3: Forensic data analysis as part of a holistic approach
Prevention
Response
Detection
Identify potential fraud,

misconduct and waste through
sophisticated analytics testing,
cross-matching and non-obvious
relationship identification
In support of this holistic approach, the focus of forensic data analysis is on

detection. By extracting and combining available electronic information, proactive
forensic data analysis seeks to identify potential fraud misconduct and waste
through sophisticated analysis testing, cross-matching and non-obvious
relationship identification.
Data analytics can be applied to detecting existing frauds hidden within a
companys data, it can inform fraud risk assessments and identify process and
control weaknesses, and it supports the detection of non-obvious frauds.
Other applications include performing analysis to assist an investigation prompted

by behavioral red flags traditionally associated with fraud or misconduct such as
living beyond ones means, an unusually close association with a customer and
the infrequent taking of holidays.
Before performing data analysis, however, it is important for companies to
understand the data landscape. All organizations are aware that they have a
valuable amount of information in their financial systems. But companies often
overlook other valuable sources of information, such as itemized phone call
listings, access control logs for offices and other publicly available databases.
These sources can be used to supplement the data a company already has and
allow it to extract additional value and should not be overlooked.
In our poll of procurement specialists, we learned that the majority were not
using data analytics nearly to the extent they could be 65 percent said they
used data analytics either not at all or to a very limited extent to detect and
prevent fraud (see Poll Question 3).
Poll Question 3: Use of data analytics
To what extent does your organization use data analytics to

prevent or detect procurement fraud?
Not at all
18
Very limited
47
Periodic retrospective testing
26
Entrenched continuous monitoring
0%
10%
20%
30%
40%
50%
Rules-based analysis
There are many different approaches to proactive forensic data analysis. All
approaches are based on a basic set of principles and knowledge.
The first level of analysis combines knowledge of known fraud schemes and
indicators, with a knowledge of business systems and principles. Figure 4 on
the next page depicts a procurement scenario where the skilled analyst uses
knowledge of how a business process should be conducted to develop and
implement tests which help to identify deviations from the norm.
Tests can be developed to determine whether invoices were received after
payment had been made, and even if orders appear to have been split, to
defeat the limits on delegation.
Figure 4: Rules-based analysis
PO splitting
Requisition
PO
PO after
receipt
Receipt
Payment
before invoice
Invoice
Break-point
analysis
Payment
Master data maintenance
Test VAT
number validity
Payment for
un-cleared PO
Suspicious
keywords
Combining and
scoring allows
identification
of potentially
anomalous
behaviors, and
reduces the number
of potential false
positives
reducing the
investigative burden.
In addition to testing conformity to business rules, rules-based analytics can

consider externally enforced or regulated factors. For example, most jurisdictions
have well-defined formats for certain sets of data, such as Value Added Tax (VAT)
numbers. Thus, if the format or mechanism used to create VAT numbers by the
respective tax authorities is understood, our firms professionals can very easily
implement a test to determine whether a VAT number stored in the companys
vendor master file is valid or not.
Case study
In one investigation carried out by a KPMG member firm, knowledge of the
format used to create VAT numbers helped to identify fictitious vendors.
These vendors had been added to the vendor master file to facilitate payment
to an employee whose bank details were loaded as the vendors bank details.
False positives
An important factor to consider is that with this approach there is a risk of a
large number of false positives a large number of exceptions or irregularities
identified are not really problems, but justified business peculiarities that can be
explained easily. Therefore, the approach needs to be enhanced, ensuring that
the exceptions identified are meaningful and warrant further investigation.
Combining and scoring

This approach still relies on knowledge of fraud schemes, but introduces scoring
as a mechanism to prioritize, or highlight, areas of most concern. Combining red
flag indicators, such as divorce or instability in life circumstances, unusually close
association with a customer or complaining about inadequate pay, can provide
additional layers of protection. Combining and scoring then allows identification

of potentially anomalous behaviors, and reduces the number of potential false
positives reducing the investigative burden.
Figure 5 shows the various tests on the population of invoices for an organization.
The table lists the different tests carried out in the left hand column and the next
two columns show the results of the tests against two specific invoices 12345A
and 98765S. The checkmark against a test for a specific invoice indicates that the
invoice generated an exception on that specific test.
Figure 5: Example of scoring method for two invoices
Invoice
12345A
98765S
Round sum amount
Processed at night
Paid within a week
Segregation of Duty breach
Unauthorized approval
Similar to previous invoice
Score
If we look at each test in isolation, we can expect to find that the number of
exceptions for each test is generally large and, for example, if we take the test of
paid within a week, it may not be practical to investigate all invoices paid within
a week. But when the results are combined in a scoring matrix, the problem
invoices quickly come to the fore. The second invoice, 98765S, has a score of
four and clearly merits further investigation. By scoring and selecting invoices in
this way, we can reduce the number of false positives requiring investigation
allowing for better allocation of limited resources.
Supplementing data and more advanced analysis

The next step is to enhance the analysis by supplementing the original source
data with information from other systems or from external sources.
During the normal course of business, organizations often perform a review of
payments to vendors. The organization would then examine spend per cost
center, providing a good indication of its expenditure.
If a company were to supplement its vendor master file with publicly available
information on the sectors that the vendors in the vendor master file operate in,
it might reveal anomalies that bear further investigation. Figure 6 on the following
page shows an example where supplementary data identified an organization
that was classified as an automotive vendor, with an expenditure marked against
the catering cost center. This spend, which was previously considered normal,
now merits further investigation.
Figure 6: Data enhancement
In our poll of
procurement
specialists, we
learned that
17 percent did
not know which
employees were
processing
transactions on
their systems.
Invoice ID Amount
G67689
D678D
T7852H
AA4567
B45632
G78512
O3214
D254K
E0987
Z12369
T7852H
B87765
L36985
O3693
S87654
U7536
K09870
U3567
AA1234
G46523
140,317
66,340
4,272
3,105
4,828
4,272
48,282
42,724
Vendor
CostCentre
Gamma Plc
Delta SA
Theta & Sons
Alpha Ltd
Beta Ltd
Gamma Plc
Omega Co
Delta SA
Catering
Catering
Maintenance
Catering
Catering
Catering
Maintenance
Catering
Invoice ID Amount
AA1234
B87765
G67689
D678D
K09870
AA4567
B45632
G78512
G46523
D254K
E0987
Z12369
T7852H
T7852H
O3693
L36985
U3567
S87654
O3214
U7536
Vendor CostCentre Industry Lookup
16,947
Alpha Ltd
Catering
3,234
Beta Ltd
Catering
140,317
Gamma Plc
Catering
66,340
Delta SA
Catering
265,491
Kappa Co
Catering
3,105
Alpha Ltd
Catering
4,828
Beta Ltd
Catering
4,272
Gamma Plc
Catering
3,105
Gamma Plc
Catering
42,724
Delta SA
Catering
48,282 Epsilon Partners
Catering
4,828
Zeta Inc Maintenance
4,272
Theta & Sons Maintenance
48,282
Theta & Sons Maintenance
42,724
Omega Co Maintenance
3,105
Lambda Ltd Maintenance
4,828
Upsilon Ltd Maintenance
4,272
Sigma BV Maintenance
48,282
Omega Co Maintenance
42,724
Upsilon Ltd Maintenance
Food Suppliers
Food Suppliers
Food Suppliers
Food Suppliers
Food Suppliers
Food Suppliers
Food Suppliers
Food Suppliers
Food Suppliers
Food Suppliers
Automotive
Building Materials
Building Materials
Building Materials
Building Materials
Building Materials
Building Materials
Building Materials
Building Materials
Building Materials
If the company were then to combine this information with the employee master file
information and itemized telephone listings, it could identify a potentially suspicious
relationship between a vendor and an employee in a position of influence.
Similarly, collecting publicly available information on company directorships and
combining it with data on the vendor master file might help to identify possible
conflicts of interests. Taking this approach even further, companies could add
geographical data and visualization to examine a population of data for trends or
groupings which appear unusual.
When investigating these unusual transactions it is important to be able to trace
the entire life cycle of the transaction. One needs to identify the persons initiating,
capturing and approving the transactions. In our poll of procurement specialists,
17 percent of the respondents did not know which employees were processing
transactions on their systems. Eighty-two percent of the respondents reported to
have audit trails and well-defined control policies in place (Poll Question 4). The
next step for these respondents would be to determine whether the audit logs
are actively monitored for red flags.
Poll Question 4: Audit trail of transactions
Do you know which employees are processing transactions on

your systems?
No
17
Yes, we have enabled audit trails and implemented

a well-defined system access control policy
82
0%
20%
40%
60%
80%
100%
This proactive data analysis requires a systematic approach once all available
knowledge has been gathered. The first step of the approach, as illustrated in
Figure 7, is to identify specific risks through knowledge of the business environment.
Figure 7: Systematic approach
Identify specific
risks
Define potential
schemes
Determine event
indicators
Determine
routines
The next step is to define potential schemes through good industry knowledge.
A good understanding of the industry is essential, which will then determine
event indicators and alert the organization to problem areas.
Finally, by using this library of knowledge it is then possible to determine specific
routines, with the assistance of scoring and data enhancement, as part of the
holistic approach in preventing and detecting procurement fraud, in conjunction
with a documented response plan.
Case study
In a recent investigation, KPMG firms performed data analysis on the
procurement data at one regional cluster of a global organization. The results
of the test were used to help the company set a benchmark for comparison.
We then developed automation, to run the same sets of analysis routines on
the procurement data, at each of the organizations other regional clusters.
This allowed for comparisons against the benchmark and for the prioritization
of precious internal audit resources improving the fraud risk environment.
The organization now has the ability to re-run the same analysis every month
to track the effectiveness of its corrective measures and identify the regional
clusters with the biggest problems. In this way, proactive data analysis not only
highlighted indicators of fraud, but also helped the organization to manage its
resources and realign its approach.
Making use
of supplier
audits to
counter fraud
and loss
The credit crunch,
the increase
in regulation
surrounding antibribery and
corruption, and data
privacy and security,
have all added to
the burden of
managing and
monitoring
suppliers.
There are a lot of supplier relationships in which consumer markets companies

rely on their suppliers to bill the correct amount. These types of supplier contracts
generally give the customer organization audit rights, where they can go into a
suppliers site and check their records to ensure they are billing the correct
amount.
When audit rights are exercised, the type of data analyzed can range from
reviewing time sheets, through to the invoices from the suppliers own suppliers,
to examining costs to ensure they are being passed on without inappropriate
markups.
Another big area of focus for supplier audits is rebates and discounts. The audit
will look for any rebates and discounts received by the supplier from its own
suppliers and ensure that the rebates are being passed on, if that is what the
contract requires.
Who owns supplier audits?

In some organizations, supplier audits are owned by internal audit and in other
organizations, they are owned by procurement or operational management. In
the KPMG poll of procurement specialists from the consumer markets industry,
internal audit was most frequently identified (40 percent) as the department that
was primarily responsible (see Poll Question 5 on the opposite page). These
business units internal audit and procurement are under a lot of pressure
to demonstrate that they are adding value, and dealing with the increased levels
of complexity and risk only adds to the challenge. The credit crunch, the increase
in regulation surrounding anti-bribery and corruption, and data privacy and security, have all added to the burden of managing and monitoring suppliers.
Poll Question 5: Responsibility for supplier contract audits
Who is primarily responsible for exercising the right to supplier

contract audits?
Internal audit
40
Procurement
27
Operational management
20
None of the above
11
0%
10%
20%
30%
40%
50%
The purpose of a supplier audit is to give an organization comfort that its suppliers
are only billing it for what it has received and that it is paying the right price as
agreed in the contract. Supplier audits are not about putting the squeeze on
suppliers; they are more about keeping suppliers honest.
Potential benefits of supplier audits

Do supplier audits help organizations differentiate between fraud and contractual
non-compliance? In KPMG firms experience, finding evidence of clear intent to
defraud is rare. Where there are suspicions of fraud within a supplier, it is more
usual for the organization to hand over the investigation to the supplier itself.
Suppliers will frequently claim that system inadequacies, incompetence of junior
staff, or human error are the reason for overbillings uncovered by exercising audit
rights. More often than not, where factual evidence is presented to them, they
will admit to their mistakes and reimburse the customer company.
This begs the question of how often suppliers voluntarily send overpayments
back to their customers. In the normal course of business, this is rare. But once
an intention to audit has been notified, it is not uncommon to find suppliers
confessing to any over-billing and putting into place measures to reimburse
the customer.
Repayments of over-billed amounts can be significant, as described in the
following case study.
Case study
In 2005, a global marketing and advertising group had to refund around GBP250
million to consumer markets and other clients around the world, of which three
million was given to a single supermarket chain. The money had been built-up in
the marketing and advertising groups balance sheet, from credits and rebates
from media owners that were not passed back to its clients.
In KPMG firms
experience, when
we conduct
supplier audits, we
find that more than
70 percent of the
third parties we
review have made
errors in their selfreporting, filed
inappropriate
claims, charged
inappropriate prices
or all of the above.
KPMG firms have recently uncovered instances of overpayments in outdoor

advertising because the time on display was not honored. The audit revealed
that customers were being charged for a month, but the material on display
was being changed after two weeks. This disparity was revealed by our audit
and involved date reconciliations to the scheduling of the people who changed
the posters on the billboards.
Another common finding in the area of media and marketing is inappropriate
markups and double-billing of external costs.
Figure 8: Flushing out the known unknowns
SUPPLIER
TRANSACTIONS
BETWEEN PARTIES
(common data and
understanding)
SUPPLIERS
INTERNAL DATA
(Visible to
supplier only)
CUSTOMERS
DATA AND
PROCESSES
(Visible to
customer only)
UNDETECTED
ERRORS
(Visible to neither
party without detailed
investigation)
CUSTOMER
Using supplier audits to flush out information

The size of the problem caused by ineffective control and management of
supplier contracts is significant. The Aberdeen Group estimates resultant losses
to businesses around the world at US$153 billion per annum.2
In Figure 8, there are two buckets of information visible to the customer its
own data and the data that is provided to the company by the supplier. The supplier
can see both the data it has provided to the customer and its own internal data,
which is not visible to the customer (in the top right hand box). In the bottom
right-hand box are undetected errors, the unknown unknowns, which are not
available to either party. The supplier audit will expose for the customer what
is in both right-hand boxes.
In KPMG firms experience, when we conduct supplier audits, we find that more
than 70 percent of the third parties we review have made errors in their selfreporting, filed inappropriate claims, charged inappropriate prices or all of the
above. It is clear that businesses that do not exercise their rights of audit, as was
the case with 36 percent of the webcast poll respondents (see Poll Question 6),
are not capitalizing on significant potential recoveries.
Poll Question 6: Auditing supplier contracts
To what extent does your organization exercise rights of audit in

supplier contracts?
Established program of supplier audits
13
Some audit activity in specific categories
44
Only for media/advertising spend
Not at all
36
0%
10%
20%
30%
40%
50%
Aberdeen Group, The Contract Management Benchmark Report, 2006
Conclusion
Procurement is where the money is and, therefore, an area ripe for fraud
and misconduct. The procurement process is growing in importance as many
organizations aim to improve the value they can create. There are several steps
organizations can take to tighten existing controls, many of which have been
described by the preferred leading practices outlined in this paper.
Proactive forensic data analysis can be used to detect fraud and misconduct
through a systematic analysis of the available data, which includes data that
is both internal and external to an organization.
Unless companies exercise their rights of audit, they cannot be sure their
suppliers are billing in line with the contract. While many companies may have
concerns about the impact of an audit on their relationships with suppliers, our
firms experience suggests audits can enhance relationships by creating a more
balanced relationship between the supplier and customer.
How KPMG firms can help

KPMGs Risk and Compliance professionals are trusted advisers to some of the
worlds leading enterprises. Our network of forensic and contract compliance
professionals work in 28 accredited practices within KPMG member firms around
the world. This network brings a global approach, combined with a tailored local
focus, to sensitive and complicated local or cross-border engagements.
Forensic Services
Our Forensic services are aimed at helping our firms consumer markets clients:
prevent instances of fraud and misconduct from occurring in the first place,
detect instances when they do occur,
respond appropriately, and
take corrective action when instances arise.
Professionals in KPMGs Forensic practice draw upon extensive experience in
forensic accounting, law enforcement, fraud and misconduct control assessments,
legal damage quantification and analysis, expert witness testimony, international
arbitration, asset tracing, computer forensics and forensic data analysis.
Contract Compliance Services

Our Contract Compliance Services (CCS) are aimed at helping our firms consumer
markets clients:
identify significant cost recoveries or other improvement opportunities, and
audit and enforce contracts with their suppliers.
KPMGs CCS professionals are experienced in serving a variety of our firms
consumer markets clients in areas such as royalties, licensing, distribution
agreements, advertising and more. As a result, we understand the complexities
and nuances of a range of business contracts, processes and procedures and
have been able to help companies identify and recover overpayments to suppliers,
while maintaining and improving relationships with them.
Using a range of technology tools, KPMG member firms professionals help
organizations address the risks and costs involved with evidence and discovery
management and as well as the acquisition, management and analysis of large
data sets. Our professionals work alongside consumer markets clients to handle
information from its creation to its preservation, collection, analysis and presentation
in discovery. We also apply computer forensic and data analysis techniques to
assist with detecting fraud and misconduct.
Whether your needs call for a fraud and misconduct risk assessment, the
design of a global compliance program or better use of technology to enable
continuous transaction monitoring our Fraud Risk Management and Contract
Compliance services are designed to be targeted, scalable and tailored to your
specific requirements.
About KPMG and the Global Consumer Markets Practice

KPMG is a global network of professional firms providing Audit, Tax and Advisory
services. We have 140,000 outstanding professionals working together to deliver
value in 146 countries worldwide.
KPMG is organized by industry sectors across our member firms. The Consumer
Markets practice, which focuses on the Food, Drink and Consumer Goods and
Retail sectors, comprises an international network of professionals throughout
the Americas, Europe, the Middle East, Africa and Asia-Pacific.
This industry-focused network enables KPMG member firm professionals,
with deep experience in the consumer markets sectors, to provide consistent
services and thought leadership to our clients globally, while maintaining a
strong knowledge of local issues and markets.
Contact us
For more information about the detection and prevention of procurement fraud in
your company, please contact any of the following KPMG professionals:
Willy Kruh
Global Chair, Consumer Markets
KPMG in Canada
+1 416 777 8710
wkruh@kpmg.ca
Amanda Aldridge
Global Forensic Lead, Consumer Markets
KPMG in the UK
+44 20 7311 8073
amanda.aldridge@kpmg.co.uk
Grant Jamieson
KPMG in China
+852 2140 2804
grant.jamieson@kpmg.com.hk
Graham Murphy
KPMG in the US
+1 312 665 1840
grahammurphy@kpmg.com
Kajen Subramoney
KPMG in the UAE
+971 (4) 424 8900
kajen@kpmg.com
About the Authors

Amanda Aldridge is the Global Forensic Lead for Consumer Markets in KPMG in
the UK. She has experience in dispute advisory including loss of profits, forensic
transaction services (completion accounts disputes and expert determinations)
and rights of minority shareholders as well as Intellectual Property & Contract
Governance including supplier audits, royalty and licensed product audits and
media distribution audits.
Kajen Subramoney is the Head of Forensic Technology for Consumer Markets
in the UAE. He joined KPMGs South African firm after completing his studies
in Computer Engineering. Kajen has had broad experience in Forensic
Technology work including digital evidence recovery, e-discovery and forensic
data analysis.
Graham Murphy is the US Forensic Lead for Consumer Markets in KPMG in the
US. Graham specializes in investigations, fraud risk management, arbitrations and
dispute advisory. He has conducted numerous financial investigations, including
procurement fraud, alleged earnings management, contract compliance, theft and
misappropriation of assets and conflict of interest issues.
kpmg.com
The information contained herein is of a general nature and is not intended to address the
circumstances of any particular individual or entity. Although we endeavour to provide accurate and
timely information, there can be no guarantee that such information is accurate as of the date it is
received or that it will continue to be accurate in the future. No one should act on such information
without appropriate professional advice after a thorough examination of the particular situation.
2010 KPMG International Cooperative (KPMG International),

a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG
International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other
member firm vis--vis third parties, nor does KPMG International
have any such authority to obligate or bind any member firm. All
rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG
International Cooperative (KPMG International), a Swiss entity.
Designed by Evalueserve.
Publication name: Procurement Fraud in Consumer
Companies: Preventing, Detecting
and Taking Action
Publication number: 100704
Publication date: August 2010

Procurement Fraud Consumer Companies

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Procurement Fraud Consumer Companies

Caricato da

Copyright:

Formati disponibili

CONSUMER MARKETS

Message from Willy Kruh

PROCUREMENT FRAUD IN CONSUMER COMPANIES: PREVENTING, DETECTING AND TAKING ACTION 1

ways to reduce your exposure

12 Using technology to detect

18 Making use of supplier audits

Historically, procurement fraud in consumer markets organizations has not been

The procurement process

Source: KPMG International, 2010

Opportunities for fraud

PROCUREMENT FRAUD IN CONSUMER COMPANIES: PREVENTING, DETECTING AND TAKING ACTION 5

How can companies protect themselves from such risks?

Typical reward/risk profile

PROCUREMENT FRAUD IN CONSUMER COMPANIES: PREVENTING, DETECTING AND TAKING ACTION 7

To what extent does your organization have defined processes to

Comprehensive strategic sourcing initiatives

Core requirements plus some leading practices

Core requirements covered

Processes need improvement

Source: KPMG International, 2010

Where are consumer companies falling short?

PROCUREMENT FRAUD IN CONSUMER COMPANIES: PREVENTING, DETECTING AND TAKING ACTION 9

Continued acceptance of high-priced, low-quality goods, which might reveal

Risks in the New World

To drive cost and

With procurement assuming an ever-increasing strategic role in many organizations,

Who is primarily responsible for the management of fraud and

None of the above

Source: KPMG International, 2010

Identify potential fraud,

Source: KPMG International, 2010

In support of this holistic approach, the focus of forensic data analysis is on

Other applications include performing analysis to assist an investigation prompted

To what extent does your organization use data analytics to

Periodic retrospective testing

Entrenched continuous monitoring

Source: KPMG International, 2010

Figure 4: Rules-based analysis

Master data maintenance

Source: KPMG International, 2010

In addition to testing conformity to business rules, rules-based analytics can

Combining and scoring

additional layers of protection. Combining and scoring then allows identification

Round sum amount

Paid within a week

Segregation of Duty breach

Similar to previous invoice

Source: KPMG International, 2010

Supplementing data and more advanced analysis

Figure 6: Data enhancement

Vendor CostCentre Industry Lookup

Source: KPMG International, 2010

Poll Question 4: Audit trail of transactions

Do you know which employees are processing transactions on

Yes, we have enabled audit trails and implemented

Source: KPMG International, 2010

Source: KPMG International, 2010

There are a lot of supplier relationships in which consumer markets companies

Who owns supplier audits?

Poll Question 5: Responsibility for supplier contract audits

Who is primarily responsible for exercising the right to supplier

None of the above

Source: KPMG International, 2010

Potential benefits of supplier audits