detecting fraud through vendor audits•where is the vendor located? •who are the owners, what...

© 2019 Association of Certified Fraud Examiners, Inc.

Detecting Fraud Through

Vendor Audits

Preparing for a Vendor Audit

© 2019 Association of Certified Fraud Examiners, Inc. 2 of 27

Determining the Purpose of the Audit

Process Compliance

Audit

Financial Compliance

Audit

Regulatory Compliance

Audit

Fraud Examination

© 2019 Association of Certified Fraud Examiners, Inc. 3 of 27

Process Compliance Audit

▪ Designed to determine whether the vendor is

doing what it was hired to do

▪ Typically involves:

• Field visits

• Walk downs

• Process and procedure reviews

• Vendor surveillance

• Interviews with vendor employees and subcontractors

© 2019 Association of Certified Fraud Examiners, Inc. 4 of 27

Financial Compliance Audit

▪ Designed to determine whether the vendor is

billing appropriately (i.e., billing for the agreed-

upon work at the agreed-upon rates)

▪ Typically involves:

• Similar procedures as process compliance audit

• Detailed analysis of financial records and supporting

documentation

• Either full transactional review or sampling methods

© 2019 Association of Certified Fraud Examiners, Inc. 5 of 27

Regulatory Compliance Audit

▪ Designed to determine whether vendors are

following the laws and regulations that are

relevant to the goods and services they provide

▪ Typically involves:

• Comparing both process and financial compliance to

the applicable regulatory laws

• Detailed analysis of laws, regulations, statutes, and

standards and comparison to the goods and services

provided

© 2019 Association of Certified Fraud Examiners, Inc. 6 of 27

Fraud Examination

▪ Encompasses some or all of the elements of

process, financial, and regulatory compliance

audits, with a primary focus on the financial

aspects and implications

▪ May be specifically undertaken, or may evolve

from any of the other types of vendor audits

▪ Goal is to determine whether the vendor

intentionally undertook any actions to defraud

the contracting organization

© 2019 Association of Certified Fraud Examiners, Inc. 7 of 27

Developing Pre-Audit Support

▪ One of the most important

parts of preparing for a

vendor audit involves

obtaining management’s

buy-in and support for the

engagement.

▪ The audit team must also

explore and understand

fully the influence of the

vendor on the company.

© 2019 Association of Certified Fraud Examiners, Inc. 8 of 27

Obtaining Support of Potential Stakeholders

▪ Operations management

▪ Legal services

▪ Procurement/supply

chain personnel

▪ Quality control and

assurance team

▪ Health, safety, and

environmental experts

▪ Regulatory affairs

© 2019 Association of Certified Fraud Examiners, Inc. 9 of 27

Determining Audit Resources

▪ Depth and expertise of the internal staff

▪ Understanding of the infrastructure, operations,

and business records

▪ Potential benefits of hiring outside experts who

specialize in vendor audits

▪ Contract requirements

▪ Potential conflicts of interests

▪ Confidentiality concerns

▪ Defined scope of the audit

© 2019 Association of Certified Fraud Examiners, Inc. 10 of 27

Collecting Pre-Audit

Background Information

▪ Much groundwork can be done before setting

foot on the vendor’s property.

▪ Research and analyze the backgrounds of the

relevant parties, relationships, processes, and

products/services.

▪ Information related to these factors can be

found in the audit team’s own organization or

through public records and Internet sources.

© 2019 Association of Certified Fraud Examiners, Inc. 11 of 27

Understanding the Process and the Data

▪ Is the good or service easy to verify?

▪ How is it delivered?

▪ How are time, expense, and costs recorded?

▪ How do review, approval, and verification

occur?

▪ How are change orders obtained?

▪ Where are the documents and records housed?

© 2019 Association of Certified Fraud Examiners, Inc. 12 of 27

Understanding the Players

Public Records and

Secretary of State

Information

• Where is the vendor

located?

• Who are the owners,

what other businesses

do they own, and are

they vendors as well?

• Does the vendor

operate under a DBA

or alias?

• How long has the

vendor been in

business?

• Does the vendor have

a history of OSHA

fines?

Court Case History

• Has the vendor been

sued civilly?

• Have the owners been

prosecuted criminally?

• Have there been

allegations of fraud or

contract disputes?

• Does the vendor have

a history of suing

others?

Online Searches

• Are there negative

news stories on the

vendor?

• Is the vendor

mentioned favorably or

negatively on blogs

and social media?

• Is the vendor closely

aligned with employees

within the

organization?

• Does the vendor have

a poor BBB rating?

• Is the vendor listed on

the Excluded Parties

Listing System?

© 2019 Association of Certified Fraud Examiners, Inc. 13 of 27

Understanding the Players

▪ Employees at both the vendor and customer

organizations involved in the contracting or

purchasing process

▪ Other individuals involved

▪ Key sources of audit evidence

© 2019 Association of Certified Fraud Examiners, Inc. 14 of 27

Understanding the Players

▪ Potential ethics or

operational issues to

consider during the audit

▪ Use of public records:

• Court case history

• Secretary of state or other

business records

• Online searches

© 2019 Association of Certified Fraud Examiners, Inc. 15 of 27

Warning Signs of Conflicts of Interest

▪ Internal parties who:

• Vouch for the vendor’s products and services,

downplaying the need for an audit

• Are overly inquisitive about the underlying reason for

the audit.

• Are overly inquisitive regarding what the auditors will

be looking for

• Sound as if they work for the vendor and not the

company

• Create audit roadblocks

© 2019 Association of Certified Fraud Examiners, Inc. 16 of 27

Assessing the Risk of Fraud

▪ Operating environment

▪ Goods or services involved

▪ Relationships between parties

▪ Backgrounds of the parties

▪ Specific contract terms and conditions

▪ Past fraud or misconduct

▪ Tips or complaints regarding the vendor

© 2019 Association of Certified Fraud Examiners, Inc. 17 of 27

Assessing the Risk of Fraud

▪ Gaps or red flags in the

controls

▪ Incentives or pressures

that might lead individuals

to commit fraud

▪ Opportunities for collusion

▪ Methods of concealing

fraudulent activity

© 2019 Association of Certified Fraud Examiners, Inc. 18 of 27

Notifying the Vendor

▪ Notification timing

▪ Notification method

▪ Who should send the notification?

• Procurement personnel

• Audit team

• Operations personnel

• Legal department

© 2019 Association of Certified Fraud Examiners, Inc. 19 of 27

Notifying the Vendor—Red Flags

▪ Denial of the audit

▪ Sudden and unforeseen

catastrophes

▪ Hostility to mentions of

the audit

▪ Slow response to audit-

related requests

▪ Influence or leverage of

internal supporters

© 2019 Association of Certified Fraud Examiners, Inc. 20 of 27

Requesting and Gathering Documents

Internal

audit

Accounting

and finance

Unrelated

or

supporting

parties

Procurement Operations Vendor

Order of document collection

© 2019 Association of Certified Fraud Examiners, Inc. 21 of 27

Requesting Access to

Vendor Documentation

All

supporting

documents

available

while on-site

Specific

information

pulled and

available

while on-site

Vendor

forwards all

information

prior to audit

Vendor

forwards

specific

information

prior to audit

© 2019 Association of Certified Fraud Examiners, Inc. 22 of 27

Requesting and Gathering Documents

▪ Internal or third-party gathering:

• When possible, gather data and records directly from

the system, file room, or location in which the data

resides.

▪ Requesting data in parallel:

• Identify trusted and unrelated points of contact who

can supply copies or secondary sets of data to be

used for comparison.