At the June 2019 ACFE conference I spoke about Fraud Data Analytics (FDA): How to Locate Complex Vendor Overbilling Fraud Risk Statements. My sessions were sold out, so for those unable to hear my presentation I am writing three blogs in which I will explain three fraud statements I covered:
- Price inflation scheme
- Hidden entity scheme
- Pass through scheme
For these blogs, complex vendor overbilling fraud risk statement is defined as:
Corruption of the procurement process before the application of internal competitive bidding controls. This traditionally occurs through the supply of undisclosed information to one vendor. The overbilling is an asset misappropriation scheme by the intentional increase of total revenue to the vendor, the intentional increase of the vendor’s profit margin, or a combination of both.
In my last series of blogs, I described the Fraud Auditing methodology for building a fraud data analytics plan. In this next series, I will discuss the practical application of that methodology. The starting point is the fraud risk statement:
- 1. A real supplier acting in collusion with a company employee overbills the company by increasing the unit prices on the invoice. The company employee causes the diversion of company funds by intentionally approving the increase using a management override based on a false pretense.
- a) A budget owner in collusion with a vendor corrupts the procurement process by intentionally purchasing a commodity a peak price time.
- b) A budget owner in collusion with a vendor corrupts the procurement process by avoiding the bidding process and incrementally increasing the unit price of line items.
- 2. A real supplier acting in collusion with a company employee overbills the company by increasing the cost of the invoice. The company employee intentionally approves the increase (management override) based on a false pretense causing the diversion of company funds.
- a) A budget owner in collusion with a vendor corrupt the procurement process by excluding add on charges from the competitive bidding process based on false pretenses.
It is important to note that FDA for vendor overbilling schemes rely on line item descriptions. As part of the planning process of “data availability & data reliability equals data usability” the fraud auditor must test the line items descriptions for usability.
Fraud Risk Statement 1.a.
The FDA is a simple process of summarizing by vendor number; by line item; and by unit price. Each line item should display the item; unit price; frequency of purchase; total quantity purchased at the unit price, and the total amount of the purchase.
The true challenge in this analysis is the filtering process because the report will be massive. I would start with two homogenous data files: lines items with a single unit price and lines items with multiple unit prices
I would further summarize the single unit price file by line item, by month, and maybe by month and by year. From this analysis, I would create two homogenous data files, one with line items all purchased in one month and the other with line items purchase in multiple months. If all items were purchased in one month, the FDA is complete. Now the auditor needs to determine through market analysis whether the item was purchased at peak time. If the line items are purchased through the year, then the audit process is completed for the fraud risk statement as written.
For the multiple unit prices file, I would focus on those line items when the quantity purchased at the highest unit prices:
- Exceeds the total quantity of all other line items by an arbitrary percentage.
- Exceeds the total quantity of the next unit price by an arbitrary percentage.
The testing phase would be the similar to the one unit price file, however in this analysis, the issue is whether management timed the purchase or whether the timing was based on production and inventory demands. While the analysis may raise operational issues, the focus of the risk statement is the search for intentional circumvention of the procurement process through the timing of purchases.
The eventual correlational analysis will be based on vendor and buyer.
Fraud Risk Statement 1.b.
The FDA makes use of the first record and last record matching. Identify the first unit price by vendor number, line item and vendor invoice date. Then identify the last unit price by vendor number, line item and vendor invoice date.
The report would be by vendor number and by line item. Each line would provide total number of records, aggregate dollars, and first & last unit price. The analysis would calculate the dollar change between the unit prices, a percentage of change increase or decrease between first and last unit price and aggregate dollar value of the change for the line item due to the change in unit price. The filtering process would be based on an arbitrary percentage increase in the unit price and a secondary selection on an arbitrary aggregate dollar value.
Fraud Risk Statement 2.a.
In this fraud risk statement, the first challenge will be to identify vendor invoices that have one or add on charge. The second challenge is how to correlate the charge to a person or cost center. Let’s first look at how to identify add on charges. A starting point is to identify line items with a quantity of one or zero. At first glance, the report will create a lot of false positives. However, the true purpose of the report is to identify the alpha strings in the line item associate with add-on-charges. Follow these steps:
- 1. Create a table of alpha strings to search for add-on-charges.
- 2. Determine if the add-on-charge matches to a purchase order.
- 3. Determine if the purchase order line match is an original purchase order (meaning the add-on-charge did not circumvent procurement). Remember, the FDA is searching for add on charges that circumvented the procurement process.
- 4. Determine if there is a frequency of the event occurring that correlates to a particular vendor, buyer or a contract.
The sample selection will most likely be judgmental. The audit process will need to determine how the add-on-charges impacted the selection of the vendor.
If you have a headache, I am not surprised. Defining the programming logic for each fraud risk statement is intense but critical. If you needed to read each one a few times and think about the logic that is normal and expected. Remember the FDA plan is a circular process rather than a linear process.