detecting fraud through vendor audits•where is the vendor located? •who are the owners, what...
TRANSCRIPT
© 2019 Association of Certified Fraud Examiners, Inc.
Detecting Fraud Through
Vendor Audits
Preparing for a Vendor Audit
© 2019 Association of Certified Fraud Examiners, Inc. 2 of 27
Determining the Purpose of the Audit
Process Compliance
Audit
Financial Compliance
Audit
Regulatory Compliance
Audit
Fraud Examination
© 2019 Association of Certified Fraud Examiners, Inc. 3 of 27
Process Compliance Audit
▪ Designed to determine whether the vendor is
doing what it was hired to do
▪ Typically involves:
• Field visits
• Walk downs
• Process and procedure reviews
• Vendor surveillance
• Interviews with vendor employees and subcontractors
© 2019 Association of Certified Fraud Examiners, Inc. 4 of 27
Financial Compliance Audit
▪ Designed to determine whether the vendor is
billing appropriately (i.e., billing for the agreed-
upon work at the agreed-upon rates)
▪ Typically involves:
• Similar procedures as process compliance audit
• Detailed analysis of financial records and supporting
documentation
• Either full transactional review or sampling methods
© 2019 Association of Certified Fraud Examiners, Inc. 5 of 27
Regulatory Compliance Audit
▪ Designed to determine whether vendors are
following the laws and regulations that are
relevant to the goods and services they provide
▪ Typically involves:
• Comparing both process and financial compliance to
the applicable regulatory laws
• Detailed analysis of laws, regulations, statutes, and
standards and comparison to the goods and services
provided
© 2019 Association of Certified Fraud Examiners, Inc. 6 of 27
Fraud Examination
▪ Encompasses some or all of the elements of
process, financial, and regulatory compliance
audits, with a primary focus on the financial
aspects and implications
▪ May be specifically undertaken, or may evolve
from any of the other types of vendor audits
▪ Goal is to determine whether the vendor
intentionally undertook any actions to defraud
the contracting organization
© 2019 Association of Certified Fraud Examiners, Inc. 7 of 27
Developing Pre-Audit Support
▪ One of the most important
parts of preparing for a
vendor audit involves
obtaining management’s
buy-in and support for the
engagement.
▪ The audit team must also
explore and understand
fully the influence of the
vendor on the company.
© 2019 Association of Certified Fraud Examiners, Inc. 8 of 27
Obtaining Support of Potential Stakeholders
▪ Operations management
▪ Legal services
▪ Procurement/supply
chain personnel
▪ Quality control and
assurance team
▪ Health, safety, and
environmental experts
▪ Regulatory affairs
© 2019 Association of Certified Fraud Examiners, Inc. 9 of 27
Determining Audit Resources
▪ Depth and expertise of the internal staff
▪ Understanding of the infrastructure, operations,
and business records
▪ Potential benefits of hiring outside experts who
specialize in vendor audits
▪ Contract requirements
▪ Potential conflicts of interests
▪ Confidentiality concerns
▪ Defined scope of the audit
© 2019 Association of Certified Fraud Examiners, Inc. 10 of 27
Collecting Pre-Audit
Background Information
▪ Much groundwork can be done before setting
foot on the vendor’s property.
▪ Research and analyze the backgrounds of the
relevant parties, relationships, processes, and
products/services.
▪ Information related to these factors can be
found in the audit team’s own organization or
through public records and Internet sources.
© 2019 Association of Certified Fraud Examiners, Inc. 11 of 27
Understanding the Process and the Data
▪ Is the good or service easy to verify?
▪ How is it delivered?
▪ How are time, expense, and costs recorded?
▪ How do review, approval, and verification
occur?
▪ How are change orders obtained?
▪ Where are the documents and records housed?
© 2019 Association of Certified Fraud Examiners, Inc. 12 of 27
Understanding the Players
Public Records and
Secretary of State
Information
• Where is the vendor
located?
• Who are the owners,
what other businesses
do they own, and are
they vendors as well?
• Does the vendor
operate under a DBA
or alias?
• How long has the
vendor been in
business?
• Does the vendor have
a history of OSHA
fines?
Court Case History
• Has the vendor been
sued civilly?
• Have the owners been
prosecuted criminally?
• Have there been
allegations of fraud or
contract disputes?
• Does the vendor have
a history of suing
others?
Online Searches
• Are there negative
news stories on the
vendor?
• Is the vendor
mentioned favorably or
negatively on blogs
and social media?
• Is the vendor closely
aligned with employees
within the
organization?
• Does the vendor have
a poor BBB rating?
• Is the vendor listed on
the Excluded Parties
Listing System?
© 2019 Association of Certified Fraud Examiners, Inc. 13 of 27
Understanding the Players
▪ Employees at both the vendor and customer
organizations involved in the contracting or
purchasing process
▪ Other individuals involved
▪ Key sources of audit evidence
© 2019 Association of Certified Fraud Examiners, Inc. 14 of 27
Understanding the Players
▪ Potential ethics or
operational issues to
consider during the audit
▪ Use of public records:
• Court case history
• Secretary of state or other
business records
• Online searches
© 2019 Association of Certified Fraud Examiners, Inc. 15 of 27
Warning Signs of Conflicts of Interest
▪ Internal parties who:
• Vouch for the vendor’s products and services,
downplaying the need for an audit
• Are overly inquisitive about the underlying reason for
the audit.
• Are overly inquisitive regarding what the auditors will
be looking for
• Sound as if they work for the vendor and not the
company
• Create audit roadblocks
© 2019 Association of Certified Fraud Examiners, Inc. 16 of 27
Assessing the Risk of Fraud
▪ Operating environment
▪ Goods or services involved
▪ Relationships between parties
▪ Backgrounds of the parties
▪ Specific contract terms and conditions
▪ Past fraud or misconduct
▪ Tips or complaints regarding the vendor
© 2019 Association of Certified Fraud Examiners, Inc. 17 of 27
Assessing the Risk of Fraud
▪ Gaps or red flags in the
controls
▪ Incentives or pressures
that might lead individuals
to commit fraud
▪ Opportunities for collusion
▪ Methods of concealing
fraudulent activity
© 2019 Association of Certified Fraud Examiners, Inc. 18 of 27
Notifying the Vendor
▪ Notification timing
▪ Notification method
▪ Who should send the notification?
• Procurement personnel
• Audit team
• Operations personnel
• Legal department
© 2019 Association of Certified Fraud Examiners, Inc. 19 of 27
Notifying the Vendor—Red Flags
▪ Denial of the audit
▪ Sudden and unforeseen
catastrophes
▪ Hostility to mentions of
the audit
▪ Slow response to audit-
related requests
▪ Influence or leverage of
internal supporters
© 2019 Association of Certified Fraud Examiners, Inc. 20 of 27
Requesting and Gathering Documents
Internal
audit
Accounting
and finance
Unrelated
or
supporting
parties
Procurement Operations Vendor
Order of document collection
© 2019 Association of Certified Fraud Examiners, Inc. 21 of 27
Requesting Access to
Vendor Documentation
All
supporting
documents
available
while on-site
Specific
information
pulled and
available
while on-site
Vendor
forwards all
information
prior to audit
Vendor
forwards
specific
information
prior to audit
© 2019 Association of Certified Fraud Examiners, Inc. 22 of 27
Requesting and Gathering Documents
▪ Internal or third-party gathering:
• When possible, gather data and records directly from
the system, file room, or location in which the data
resides.
▪ Requesting data in parallel:
• Identify trusted and unrelated points of contact who
can supply copies or secondary sets of data to be
used for comparison.