430 likes | 583 Views
Personality Risk Profiles your Procurement Integrity Systems need to Protect Against. Presented by Tom Caulfield . Introduction. M y work experience as it relates to procurement fraud detection, identification of fraudsters, and procurement integrity controls failures.
E N D
Personality Risk Profiles your Procurement Integrity Systems need to Protect Against Presented by Tom Caulfield
Introduction My work experience as it relates to procurement fraud detection, identification of fraudsters, and procurement integrity controls failures. This should allow you to better understand my perspective as to why I am presenting the material the way I am and how I have learned about the items I will be discussing.
Background I have never worked as an Auditor. I have never worked in a Procurement Division. I have never organized a contract folder or performed an acquisition audit.
Background Law enforcement and Criminal Investigations for over thirty-five years. Involved with white-collar crimes specifically PF. Losses to contract fraud of over 1.3 billion dollars. Department of Justice negotiating countless plea agreements.
Today’s Talk The Fundamentals of Procurement Fraud. The Six Personality Risk Profiles you need to protect against. The Five Key Components of effective Procurement Integrity Controls. Some of the Pitfalls with Risk Assessment Tools.
Procurement Integrity Controls Procurement Integrity Controls are those organizational processes and management systems that are designed to provide reasonable assurance regarding the prevention, detection, and prompt reporting of abuse, fraud or non-compliance within organizational procurements.
Procurement Integrity Controls Allow me to clarify, when I say “non-compliance” I am talking about instances when your employees are not following your published procurement policies, rules, or instructions. I am not talking about non-compliance by a vendor of goods or services that are being acquired by your organization.
Fundamentals of Procurement Fraud At its most basic level it is legally defined as “an intentional perversion of the truth for the purpose of inducing another in reliance upon it to part with some valuable thing or to surrender legal right”; or simply stated - a false representation of the truth, involving trickery and deception in order to illegally enrich the fraudster.
Fundamentals of Procurement Fraud The challenge when it comes to procurement integrity, which many people don't understand, is that the misrepresentation is fashioned by a fraudster(s) who has a deep operational knowledge of your processes and therefore many-times is connected to the contract.
Veil of Trust The degree of interaction between the fraudster and the employee reinforces this veil of trust, and therefore the fraudster is often considered to be a “trusted agent” by the same people whose trust has been violated. This “trusted agent” status highlights the peculiar dichotomy of procurement fraud; these crimes cannot succeed without trust, but neither can business.
Still Protected Against If fraud is defined as “an intentional perversion of truth for the purpose of inducing another in reliance upon it to part with some valuable thing or to surrender legal right”; than what is it if the person makes the false representation but is not personally enriched?
Still Protected Against For example what if an employee's action creates savings for the company by cutting out some of the quality control steps, or "steers" a contract to a friend or a sub-contractor they have worked with prior and simply enjoys working with them, but the employee does not get any financial compensation?
Personality Risk Profiles Situational Fraudster Deviant Fraudster Business Abuser Multi-Interest Abuser Well Intentioned Non-Compliance Employee Disengaged Non-Compliance Employee
Situational Fraudster The one most people will reference as the traditional “Fraudster”, whois the employee that seems to be frustrated at work; who has rationalized his/her right to an illegal enrichment; and simply perpetrates the fraud scheme when the right occasion occurs; normally because of a weak internal control.
Deviant Fraudster Of a serious concern as this person can cause the greatest damage to an organization. This type of person is proactive; possibly perceived as one of the company’s hardest workers or best contractors; is always on the alert for opportunities to corrupt the system; and carries what we call the "veil of trust" from others in the organization.
Situational vs. Deviant The situational fraudster is far more prevalent in any contract, but losses are far less. If the deviant fraudster can bribe an organizational official to allow fraudulent billing submissions with a promise of kickbacks, or a contractor implements a fraudulent cost accounting scheme, the losses can be in the millions.
Business Abuser This is the person who commits an inappropriate act that on its face, seems to only benefit the organization and not the abuser. However, in reality the inappropriate act is to increase his/her standing within the organization as someone who can continuously increase business and generate revenues.
Business Abuser The business procurement abuser will inappropriately shift cost between contracts to make his/her unit appear better managed then it really is; or will cause required quality control steps to be removed to ensure more timely or early deliverables.
Business Abuser Will justify their actions as enhancing the organization’s profit margin. However, in reality these people are costing organizations millions of dollars in civil liabilities and contract disputes as once their action/act is identified the organization many times becomes the focus of an external investigation for not having sufficient controls to prevent the actions of the business abuser.
Multi-Interest Abuser Manipulates the procurement process to advance his/her own interest and the interest of another person. This is done not to obtain any financial advantage for him/herself, but instead to help a friend in getting a contract, or to ensure the award goes to their desirable contractor, or even helping family members.
Multi-Interest Abuser This multi-interest abuser of the procurement process is the one who drafts contract specifications to a specific contractor; or embellishes the need for a "sole-source" justification to avoid a fully competitive process; or "slants" technical evaluations to a specific bidder.
Multi-Interest Abuser Again, this multi-interest abuser is not motivated by any direct financial compensation, but still raises significant risk to an organization. Clearly if the inappropriate actions of this person was motivated for personal financial gain then this person would be categorized as a procurement Fraudster and not an Abuser.
Personality Risk Profiles Well Intentioned Non-Compliance Employee Disengaged Non-Compliance Employee The next two personality risk profiles are rarely talked about during courses, but present a risk to the organization that is probably harder to identify then the Fraudster or Abuser. These last two risk profiles fall into the category of the Procurement Non-Compliance Employees.
Well Intentioned Non-Compliance Employee Believes his/her deviation from the procurement processes does not harm the organization and further believe they are helping the organization in obtaining greater efficiency or obtaining better services. This self-described well intentioned non-compliance employee is an employee who has been with the organization for years and has a good working knowledge of procurement processes.
Well Intentioned Non-Compliance Employee This employee will not identify the true scope of a requirement to ensure the contract remains under a particular dollar threshold thereby allowing the award to be expedited. This is also the employee who knows what key descriptions in an organizational purchasing document to use or not use to avoid a required procurement process.
Well Intentioned Non-Compliance Employee This employee is normally found in organizations that allow low dollar purchases or "micro-purchases" without approval from a separate/independent department or the purchasing department.
Disengaged Non-Compliance Employee This is the employee who puts little or minimal effort into a specific procurement step. This person will not check a contractor's bond, or not examine a contractor's past performance record, or not confirm a contractor's deliverable prior to approving payment.
Non-Compliance Employees The non-compliance employees create unnecessary exposure for your organization to fraud, litigation and may also waste company resources and lost funds. Most concerning is that these employees open the door and create opportunities for the Fraudsters.
Procurement Integrity Controls Procurement Integrity Controls are those organizational processes and management systems that are designed to provide reasonable assurance regarding the prevention, detection, and prompt reporting of abuse, fraud or non-compliance within organizational procurements.
Procurement Integrity Controls Consist of five interrelated components which, if designed and implemented correctly, can react to changing circumstances, conditions and risks. Effective systems facilitate achieving organizational objectives by serving as checks and balance against undesirable events and include a series of on-going activities that permeate throughout an organization at every level.
COSO To a large degree the five components of Procurement Integrity Systems parallel the criteria presented in the Committee of Sponsoring Organizations of the Treadway Commission’s “Internal Control-Integrated Framework” and draws from concepts in COSO’s “Enterprise Risk Management”.
Procurement Integrity Controls Commitment to Procurement Integrity Tailored Vulnerability Assessment Focused Protections within Policy Targeted Information Sharing Identification of Deficiencies
Commitment to Procurement Integrity • 1. Demonstrated commitment to procurement integrity within an ethical culture • This sometimes becomes difficult to achieve when the organization has an absolute success at all cost mindset, or the purchasing division is viewed exclusively as a service provider to the mission side of the organization.
Tailored Vulnerability Assessment 2. Focused and tailored assessment of your organization’s greatest risks to the traditional procurement fraud and abuses in today’s contracting schemes, along with non-compliance to procurement processes Question – do I know the top two vulnerabilities within your organization for each of the personalities risk profiles mentioned earlier?
Focused Protections within Policy 3. Sound protections built into your policies, procedures, and practices tailored to the organization’s unique vulnerabilities When I say "protections built into" I am talking about items like separation of duties, independent validation of need, appropriate approval thresholds
Targeted Information Sharing 4. Targeted training and information sharing in the areas of fraud, abuse and impact in procurement policy non-compliance, to all appropriate levels within the organization Sharing of information and training on the various types of procurement threats and equally important, the impact to the organization of those threats. This is the area that seems to be missed most frequently.
Identification of Deficiencies 5. Robust quality assurance processes which identifies internal and external deficiencies in your procurement integrity controls Many companies seem to depend on a checklist approach, or assume the organizational auditors will check, others work from a concept of trust in their employees’ willingness to comply.
Victimized Organizations Typically lacked some or most of these components. Many of the organizations did have a commitment to organizational ethics with very formal ethics programs, but their programs seemed to fall short when reaching into the purchasing division. Each of the organizations became a victim because of unscrupulous actions of perpetrators and ineffective or missing Procurement Integrity Systems.
Focused and Tailored Risk Assessment Procurement Integrity Controls not only has to be integrated, but it must also be deployed in a fashion that is focused on the organization's high risk procurement vulnerabilities, which can in turn be used to develop tailored protection systems.
Procurement Integrity There is no greater tool in the detection and prevention of procurement fraud, abuse or non-compliance than knowledgeable employees and sound protection built from the organization’s most likely vulnerabilities.
2 Fraud Indicators (Weak Internal Controls) X (Motivation) = Fraud In closing, remember the only difference between a mistake and a fraud is the “intent”.