Conducting a Contract Fraud and Abuse Risk Examination
/Contract and procurement fraud can be tricky to prevent when the integrity of an organization is compromised. Take, for example, an employee who is tasked with hiring an office cleaning crew. They know of one cleaning crew that’s fantastic and want to make things easier by giving them the bid. However, they know the crew doesn’t work in the mornings — they’ll only come in the afternoon or evening. In an effort to “win them the contract,” the employee withholds the full scope of the job requirements.
According to Sheryl Steckler, CIG, CIGI, and Tom Caulfield, CFE, CIG, CIGI, so many times it’s well-intentioned employees like this that try to cut corners, which leads to misconduct. And abuse like this makes a company more vulnerable.
Steckler, President of Procurement Integrity Consulting Services, LLC, used “sole source” as another example. “What if you found that perfect software?” she asked. “You go back to the office and say, ‘we’re going to do a sole source.’ You do this to avoid competition, not to conceal or advance fraud.” According to Steckler, employees do this because they believe they already know who the most qualified bidder is. It’s not criminal, but it’s abusive.
However, prevention doesn’t have to be difficult. Understanding the motivations of fraudsters, reading contracts thoroughly, and implementing and maintaining a sound Fraud Risk Management Program can help preserve organizational integrity.
“I’ve come to appreciate that realistically there are only four things a fraudster needs to accomplish in order to perpetrate contract fraud,” said Caulfield, COO of Procurement Integrity Consulting Services, LLC. The success of these malicious acts are driven by:
- The motivation of the perpetrator
- The scheme the fraudster is deploying
- The ability to influence a decision point within the procurement process: “The fraudster has to actually have the ability to influence a decision,” explained Caulfield.
- The effectiveness of the entity’s procurement integrity controls: “Internal controls aren’t in place to help you process a claim faster and that might slow the process down,” said Caulfield. “But they are there to add integrity.”
According to Steckler, while a fraudster might employ one or more of these to commit their act, anti-fraud professionals stand a better chance if they read contracts thoroughly. “So many times contracts are poorly written,” she said. “They’re not always written to protect the organization.” She explained that the legal team sometimes is only making sure it’s legally sufficient. Auditors and investigators believe they have clear evidence of theft only to discover that the money was taken in compliance with a provision of the contract that they failed to study and understand. Steckler advised to thoroughly read the contract, or if you suspect a fraud scheme has been committed, historically go back and look at that same contract.
Another prevention tool, as mentioned earlier, is the Fraud Risk Management Program. “How do you know your mitigating risk in your organization?” asked Caulfield. “You’ve got to run this program.”
Steckler and Caulfield then shared three of these programs:
- GAO – Fraud Risk Management Framework
- COSO/ACFE – Fraud Risk Management Guide
- PICS – Procurement Integrity Control System
While all three programs can be tailored for any organization, Steckler and Caulfield created the third program to focus on the procurement aspect of risk management. It includes the following five elements:
- Commitment to Procurement Integrity – This means honest, fair and legal procurement. If you want a true commitment that starts at the top and flushes down, you have to put it in writing. “See what kind of tone is being set within your organization,” said Steckler.
- Tailored Vulnerability Assessment – An assessment of the organization’s greatest risks to the traditional procurement fraud and abuse schemes.
- Protections Within Policy – “Once you know your risk, then you can write your protections with policy,” explained Steckler.
- Targeted Information Sharing – For example, if your company has an internal newsletter, include a “President’s Corner” where the ethical tone of integrity is communicated.
- Identification of Deficiencies – Don’t hide mistakes when they happen. Communicate when things go wrong and how you fixed it.
Heeding the advice from Steckler and Caulfield, as well as researching the resources mentioned above, will only decrease your organization's vulnerability to fraud and increase the prevalence of sound decisions being made with integrity.