Refresher Course: Five Best Practices to Root Out Supply Chain Fraud

The Association of Certified Fraud Examiners (ACFE) estimates that a typical organization loses 5% of revenue a year because of fraud. Yet, more than 44% of company fraud cases are discovered only through a tip or by accident.

So, finance professionals need to understand what supply chain fraud is, where it is happening, and what can be done about it.

“It could be the case that if things look too good to be true, then maybe they are too good”

“Supply chain fraud can mean a lot of different things to a lot of different organizations,” said Vito Giovingo, CPA, CGMA, formerly a risk advisory consultant, and now director of enterprise risk management at McDonald’s Corporation. “It can cover everything from the purchase of raw materials, to delivery and logistics, and also marketing activities,” he said.

Giovingo, who along with Katie Hausfeld, J.D., a senior litigation associate at global law firm DLA Piper, gave a presentation on supply chain fraud at the 2017 AICPA Global Manufacturing Conference, said it “runs the gamut” of frauds, from false expenses claims from employees, to high-level corruption involving government officials and partners.

Know who to trust

Because fraud can happen anywhere in the supply chain, it can be difficult to know who to trust.

“Where I’ve seen a lot of my clients get heartburn — in terms of reducing or mitigating risk of fraud in their supply chain — is really knowing your suppliers and knowing the individuals within your supply chain,” Hausfeld said.

“Due diligence is key both from the time you bring in a party into the supply chain all the way through the relationship and constantly refreshing the due diligence,” she added.

So, is it a case of trust nobody?

“No,” Giovingo said. “It is a case of not trusting blindly, but you also don’t want to presume everyone is a bad actor.”

Assess risk

With some organizations having hundreds or even thousands of partners in their supply chain, it may not be possible to do checks on everybody in the supply chain, but Giovingo and Hausfeld believe you don’t have to.

“It isn’t possible or practical to bring risk down to zero, but if you understand your supply chain and what people do for you, you can start to focus on who is more important to your organization and poses the biggest risk,” Giovingo said.

“It’s looking at your total pool of third-party relationships and doing a risk assessment of those relationships, determining which are higher or lower risk based on the type of work that they provide, the service they provide, the spend, their location, and then implementing the appropriate due diligence for that level of risk,” Hausfeld explained.

Follow the money

As any detective in a TV cop show might say, if you want to find the perpetrator of a crime, you should follow the money, and when it comes to supply chain fraud, this turns out to be sage advice.

With more than 80% of fraud cases surveyed by the ACFE featuring asset misappropriation, keeping an eye on where money changes hands is the perfect place to start.

“Of course, fraud can occur where money changes hands,” Hausfeld said.

She outlined some red flags: “Missing or incomplete invoices, lack of underlying support for those invoices; in things like bid collusion you can see bids that are priced either too far apart, or they are too high or they are too low and the lowest bidder wins,” she said.

“It could be the case that if things look too good to be true, then maybe they are too good.”

“There has to be a culture of compliance within the organization, and it has to be pervasive throughout the company”

Put in controls

Spotting supply chain fraud after it has happened is one thing, but how do you stop it from happening in the first place?

“What are the controls and processes for all cash and assets leaving the company?” asked Giovingo. “Look at accounts payable. Look at petty cash and ask, do our monitoring and control activities give us sufficient visibility to fully understand what we are buying?”

“Internal controls are key,” Hausfeld said. “You need checks and balances in the system. Before any payment goes out, you need checks to ensure it is a valid payment, or that all expenses are legitimate.”

Automated controls and systems are harder for individuals to undermine. Manual processes are more prone to errors and fraud.

Build a compliance culture

Of course, all this means people need to be trained, but it may also mean a shift of culture within an organization.

“You can’t just train everyone and say that’s that. There has to be a culture of compliance within the organization, and it has to be pervasive throughout the company,” Hausfeld said.

While it may be tempting to turn a blind eye to certain internal practices or ignore fraud from key partners that are bringing in money, that is no way to look at it, Hausfeld said.

“Compliance has to be enforced from the top down. It is understandable that a company will want to push its business to grow, but you have to do it ethically and in the right way,” she said.

About the Author

Richard N. Williams is a UK-based freelance writer. This article first appeared in FM Financial Management, which is published by the Association of International Certified Professional Accountants. The AICPA combines the strengths of the American Institute of CPAs (AICPA) and the Chartered Institute of Management Accountants (CIMA).

©Copyright 2018 FM Financial Management. All rights reserved

Read more on