Everyday supply-chain transactions pose some of the biggest fraud, waste, and abuse risks companies face. But few companies are equipped to monitor the risks or detect breaches with the help of analytics, according to a global survey conducted by Deloitte.
Of the 3,600 executives and managers polled, 47% did not know whether their company had experienced fraud, waste, or abuse in its supply chain during the past 12 months. Meanwhile, 50% said they did not know how often their company monitored its third-party suppliers, shippers, and vendors.
About 40% said their companies have detection and prevention programmes in place.
The portion of respondents who didn’t know about supply-chain fraud, waste, and abuse incidents surprised Mark Pearson, a principal with Deloitte Financial Advisory Services and fraud investigator. Survey participants were in positions where they should have known, he said. He also said it is likely that some of the respondents who answered “don’t know” experienced fraud, waste, or abuse in the supply chain in the past 12 months.
Further, he said, programmes that were in place to detect breaches could be improved. “A robust programme is going to be a balance of solid control framework and a continuous or somewhat periodic monitoring programme,” he added.
Use of analytics
The use of analytics to mitigate fraud, waste, and abuse risks in the supply chain was in an advanced stage at only 7.5% of companies, according to the survey. Another 18% of the companies were in the process of building such analytics programmes. Thirteen per cent lacked the ability to fully use them, and 22% used no analytics at all to manage financial risks in the supply chain. The remaining 40% said they did not know whether their companies used such programmes.
Considering that for a vast majority of companies the supply chain represents the largest source of cash outflows, Pearson suggested that companies ask seven questions to help reduce the corporate risk of fraud, waste, and abuse in the supply chain:
- Have all related parties been identified and factored into the risk-ranking of items to test?
- How co-operative and responsive is the vendor?
- Does the support provided validate the transaction?
- Does the support provided in its entirety provide the ability to evaluate the “weight of the evidence” underlying the transaction?
- Is there sufficient detail describing the item to justify its being invoiced?
- Are there any notations (handwritten or otherwise) that may provide useful information about the transaction?
- If the items invoiced do not have an associated pre-approved rate, is there precedent for the rate change?
Related CGMA Magazine content:
“UK Companies Lax on Supply-Chain Risk”: An EY survey last year found that half of UK companies were failing to investigate the potential legal and reputational risks posed by their supply chain.
“Five Ways to More Effectively Manage Supply-Chain Risk”: Most companies consider managing supply-chain risks important, but that doesn’t mean they’re good at it. Here are five ways to boost your company’s supply-chain risk management.
—Sabine Vollmer (email@example.com) is a CGMA Magazine senior editor.