Are Your Suppliers Real?

“Our suppliers are real:  true or… false?”  

There are many taboos in the supply chain business world.   These are taboos that are often critical financial components in the resilience of many large, complex businesses.

It is a comparatively simple taboo – vendor fraud.

Why taboo?

For a large, diverse and complex organisation, to fall victim to fraud is often perceived as a major internal failure of control, embroils the finance team in accusations of incompetence and leaves the entire supply chain with a question mark over its integrity.    The question remains - how prevalent is it?

The Kroll Fraud[1] report (2015/16), suggests that around 17% of companies are affected by this type of fraud annually – whilst 49% of companies feel vulnerable to this type of crime.  Statistically, it means that one in five readers of this paper have been a victim – and one in two are worried about the possibility of being defrauded.   Annually, there are many cases of vendor fraud that often fail to result in prosecution.   There are some comparatively simple reasons for this.

Firstly, shareholders and investors do not see the complexity involved in the prevention of fraud and therefore interpret prosecutions as a public admission of failed internal financial controls.   Secondly, prosecution of internal staff for fraud is even more acutely embarrassing.   Publicity of any type in this domain is poor public relations and as most convictions result in little or no recovery of stolen funds, obtaining a successful prosecution has little or no material value.   However, the effect of any type vendor fraud can have serious repercussions on organisational resilience and financial performance.    It may be hypothesised that positive economic cycles often induce companies in to lowering their guard.   Once the economy tightens, vendor fraud can be devastating financially.   In effect, creating a sound control framework is a business as usual activity.   However, it needs some design.   Tim Whitehill, Director of Project Five Consulting suggests that:

“there is little point in conducting any form of supplier analysis or organisational resilience strategy unless the vendor base is clean, accurate and validated.   Leaving any doubt over vendor master integrity is a poor start”.

So, what is vendor fraud?  Definition has been deliberately left until this stage of the discussion as almost everyone will have a different impression of the problem.   For many, vendor fraud conjures up images of contract non-compliance, delivery losses, pricing and stock management misconduct.    All cases of vendor fraud in a real sense.

However, the vast majority of fraud is based on suppliers that simply do not exist.  They are vendors created by criminals who have worked out company fallibilities regarding invoices and payment – or have internal staff as part of the conspiracy.   The latter is often the most difficult to detect and identify.

However, the advent of the use of Supplier Relationship Management tools combined with improved internal controls should go some way in alleviating the risks.   So how does non-existent vendor fraud work?

This scheme involves simply creating an invoice, sending it in to a company recipient - and getting paid.   It is as simple as that.    This type of fraud can be successfully perpetrated over many years and lie completely undetected.   The simple heuristic of this type of fraud is that if nothing changes within the organisation – then the loss continues unabated.

In any change of supplier management processes, the first key step is to work on the vendor master file.   This file contains all of the details of vendors registered on the accounting or ERP system.   Fraudulent vendors, if they exist are in this dataset. 

One of the key issues in vendor master data are duplicated vendor entries.   One of the key fraud techniques is to create a name that looks like a vendor name.   For example, many companies deal with IBM.   A false vendor and associated invoice may use IBBM Ltd.    The name is close enough for payables to set this vendor up on receipt of an invoice.   IBM often has many subsidiaries in the countries that they service – so yet (another) name is not unexpected (or suspected).   The first stage of Supplier Relationship Management drives to resolve multiple vendor master entries.   Tim Whitehill picks up the discussion:

“…..by deploying the supplier registry component of the Glooberry SRM we were able to ensure that our clients were confident that all vendors were bona-fide, duplicate entries removed and vendors had updated their core details.”

The first real benefit of SRM is once this is complete, that many redundant vendor master entries can be closed down on the accounting system.   Deductively, this means that if the vendor master has 3500 vendor entries, the number of active vendor entries could be reduced by 30-40%.   How big is the problem?   Spend analysts also see this cleansing as a key first step.   It is not unusual to see the same vendor 7-8 times in badly managed vendor master environments.   The risk is obvious.

[1] https://www.iia.org.uk/media/1688762/3-supply-chain-fraud-m-weitz.pdf