Procurement cards: Is simplifying purchasing making fraud easier

Procurement cards are a valuable tool in creating efficiency within low value purchases that can reduce bureaucracy particularly where an organisation has high volume procurement. However, can this simplicity make insider fraud easier to commit and hide?

Repeated patterns become facts, and when you're in touch with the facts you can predict the future

When an organisation has a high volume of purchasing, in instances where procurement cards are used and if there is limited compliance oversight and asset management, there is an increased likelihood that procurement fraud may occur. To understand the risk your organisation may face you must first look at the common fraud methods.

Personal purchase

When procuring items online it is normal practice when going through the eCommerce process to be asked for the purchasers address and the delivery address, it is at this point that a purchaser can illicitly divert items to an address of their choice. This becomes more relevant where purchasing and delivery information is missing when conducting compliance checks.

Theft of assets

Although purchases aren't always tangible such as online training courses, where purchases aren't linked to an asset register there is a greater opportunity for theft or individuals stealing to order either at the time of the order or on delivery of the item.

Breach of procurement policy

Purchasing of items for an individuals personal use or as part of a fraud scheme can be made easier where an organisation doesn't have a strong procurement card policy or compliance program.

Duplicate purchases

Duplicate purchases or more commonly known as double dipping where individuals use the card for payment of expenses and then claim for the expense separately on the organisation expense system.

Online threats

The online fraud threat from criminals and criminal groups can be seen in many forms from the sale of counterfeit or inferior goods to the sale of materials where, on purchase, no goods are provided. Interpol as part of operation Pangea in 2020 closed down more than 2,500 web links, including websites, social media pages, online marketplaces and online adverts for illicit pharmaceuticals with a similar number in the process of being closed down.

Provision of services

Limiting the types of purchasing that can be carried out and using trusted ecommerce websites may reduce the fraud risk, however where your organisation allows the purchase of services through the procurement card then an increased risk can be created where you are unable to verify whether a service has been provided.

Data analysis

As highlighted within previous articles analysis of purchasing data and compliance with procurement policy and procedures is integral in the detection of fraud risk and also a key part in communicating your anti-fraud culture. Areas of common analysis to identify fraud risk might include:

• Missing purchase and goods receipt paperwork

• 5 way match including requisition, purchase order, invoice, goods receipt and asset register information

• High spend employees or high spend vendors including links between both

• Duplication or fabrication of receipts for other alleged purchases

• Use of non prime or unapproved vendors

• Round sum or split transactions to increase the financial threshold of purchase

• Purchases out of normal working hours

• Ability to verify if services were performed

Prevention and control measures

Introducing and communicating a clear policy for procurement cards and what can be purchased is the first step in introducing strong compliance procedures. Simple control measures can include:

• Renewal of a procurement card where a cardholder leaves or moves within an organisation

• In addition to an audit program, ensure there is an internal management system to monitor purchases and authorisation process

• Where practicable, reduce the number of procurement cards in use to ensure that a compliance program in manageable

• To ensure that your organisation has effective procurement card and compliance procedures, documenting the limitations of the card and the types of procurement available is necessary to ensure that compliance checks can quickly identify irregularity and non compliance with procurement policy.

What action do you need to take, are you happy with the level of risk mitigation your organisation has in place for the use of procurement cards or do you see an opportunity and likelihood of significant financial loss?