With supply chains offering a persistent source of fraud risk, a growing number of organizations are turning to analytics to understand and mitigate their exposures.
As volatility increases in some industries and companies of all sizes pursue global sourcing strategies, supply chain fraud, waste and abuse remain a consistent challenge for financial executives. FEI Daily spoke with Larry Kivett, Deloitte Advisory partner, about a survey the firm conducted about the issue and the growing use of analytics to identify supply chain risk.
FEI Daily: What did the survey tell you about supply chain fraud risk?
Larry Kivett: This is the third year we’ve done the supply chain risk survey, and one of the consistent findings in 2016 relative to prior years was the percentage of respondents whose companies had experienced fraud, waste or abuse in their supply chain during the past 12 months. That stayed pretty consistently at around the 30 percent level in the last several years, and this year there was a slight uptick to 31 percent of respondents that experienced some type of fraud, waste or abuse.
While this year’s results are consistent with prior years, we believe that the percentages of organizations reporting that they had experienced fraud, waste or abuse could potentially be understated because obviously it’s dependent on the respondent’s knowledge of whether or not a fraud occurred. There could have been other instances of fraud or investigations, so respondent percentages may be lower than the actual results for the given population.
While the overall results were consistent, we did see an uptick this year within a couple of industries, primarily in life sciences and health care, and also energy and resources.
FEI Daily: Do you have any thoughts why those industries might have gone up?
Larry Kivett: Speaking specifically to energy and resources, which is where I spend the bulk of my time, I think there are a couple of factors for that. One, we’ve had significant volatility within the oil and gas sector, specifically. Business volatility obviously puts a strain on an organization and can result in a variety of activities including headcount reductions, mergers and acquisitions, reorganizations, and corporate restructurings due to bankruptcy.
All of those factors can jeopardize the effectiveness of an internal control environment and influence the fraud schemes that can be perpetrated. In particular, headcount reductions have a large impact on potential instances of fraud as it often lessens management oversight and reduces segregation of duties.
When you have volatility within an industry, people who have improper motives will find a way to take advantage of that situation.
FEI Daily: Was the consistency with the previous years surprising?
Larry Kivett: For the issues that I work with my clients on, I wasn’t surprised to see that the results had been consistent over time. I think there are a couple of factors that play into that. Anytime you’re dealing with a third party, there are risks associated, including fraud risk. Fraud has been a part of supply chains going back since the start of businesses, and particularly in global businesses.
It’s always just going to be inherently there, and you’re never going to drive the instances of fraud down to zero. But I believe organizations are getting better at fraud identification. That tends to bring numbers up because they are catching instances of fraud that maybe in the past would not have been discovered.
FEI Daily: Have you seen any evolution in the types of risk people are uncovering?
Larry Kivett: Putting on an industry lens, in energy and resources you end up dealing with a lot of risks associated with bid-rigging involving collusion between a third party and an employee, or bribes and kickbacks for large capital projects. Anywhere you’re dealing with a large capital build-out and construction projects, the collusion and bribery risks can be greater.
There are differences within each industry related to the particular types of schemes we see. We do see fraudsters getting more sophisticated in how they’re trying to obtain information or work through their particular schemes. That’s where companies need to up their games and use some analytical tools to look more broadly than some of the standard tests they would have run in the past.
FEI Daily: Can technology help with detection and prevention?
Larry Kivett: Technology definitely can play a strong part in identifying and deterring fraud. From a broad perspective, analytics are getting to be much more robust. In the past, a fairly straightforward test looking for items like duplicate invoices, or duplicate invoice numbers or amounts — while still important — only provided a small slice of information related to the risk.
We’re seeing analytics employed earlier, giving an understanding of the risk profile of third parties in a supply chain. What do we want that risk profile to look like in the future? Are we at greater risk organizationally because we have a high degree of concentration in a particular geography where we know corruption is prevalent? Do we have a high degree of concentrated risk in a particular supply base? Could a part or raw material utilized in the manufacturing process put us at greater risk of fraud or corruption because of issues like bid rigging?
Leading companies are getting much better at using analytical tools and identifying the types of information available. They’re trying to evaluate what they have in electronic form to identify particular patterns and types of questions to address their overall risk components or risk factors.
FEI Daily: As more companies adopt analytics, does that change the type of skills that they need to have in-house?
Larry Kivett: It certainly can. Within a compliance organization or an internal audit organization tasked with testing for, or helping with, the prevention of fraud and corruption risk—those teams need to understand the types of information and data that are available.
Then, of course, IT is closest to the data with good analytical skill sets and capabilities. How is IT partnering internally with their internal customer base to deliver analytics that are informative to the particular end user? If the end user is somebody within internal audit or within the compliance organization, all groups involved need to help bridge the gap to ensure efforts are really focused on the unique issues and risks related to fraud and corruption.
FEI Daily: Beyond fraud and corruption, can that type of analysis help with opportunities for operational improvement?
Larry Kivett: If an organization is looking at data for compliance-related purposes, that same data set should be able to support a variety of different business needs. You want to be able to feed information from an anti-corruption or anti-fraud review, as an example, to the business so they can be smarter about their processes going forward.
FEI Daily: As companies start looking at these tools, are there common challenges or obstacles they need to be aware of?
Larry Kivett: I think the most common challenge is really just getting your arms around what data is available, what form is it in, basic blocking and tackling of analytics overall. You want to leverage information that’s readily at hand so that there’s less data triage to go through to cleanse the data and analyze it for your specific purposes.
FEI Daily: Beyond technology, how important is culture to preventing supply chain fraud?
It can be critical for the CFO to provide and reinforce the message to the organization as it relates to fraud risk. There’s a need for executives to keep fraud front and center. Complacency within an organization can set in fairly easily, along with a mindset of, “It won’t happen here, ” or, “It couldn’t happen here.”
Yet, we still see one-third of our respondents saying some form of fraud occurred within the organization and the supply chain in the last 12 months. That speaks to the need for CFO and chief compliance officer to get the message out as it relates to the risk associated with fraud or corruption-related issues.
In the survey, we asked about the confidence level that an organization’s employees would report supply chain fraud, waste or abuse if they saw it, and just 20 percent of the respondents said that they were highly confident their employees would report an issue if it was identified.
That was surprising, and frankly, a disappointing result. With as much as is being invested in cultural tone messages and ethics hotlines and other training, it suggests that relying on employees to come in and report something is only going to give you a part of the story. Taking advantage of other tools and information within your business may help mitigate the risk that you’re dealing with in your third party supply chain.
Larry Kivett will be among the speakers at the Houston FEI Chapter’s day-long CFO University professional development conference on Tuesday, June 7. Click here to learn more and register.