It is important for management to implement a continuous, self-auditing programme to measure the performance of its procurement activities. Today, organisations can use technologies to obtain insight into the effectiveness of internal controls, and these tools can help companies detect red flags and aid a company’s management in its efforts to monitor and improve its internal controls, respond proactively to risks, and prioritise its compliance efforts.
Continuous monitoring uses data analytics on a continuous basis, thereby allowing management to identify and report fraudulent activity more rapidly. That is, data collected from continuous monitoring can help monitor procurement fraud threats and vulnerabilities, detect red flags of procurement fraud, improve the effectiveness of anti-corruption controls, and, based on key risk indicators and high-risk areas, be used to prioritise and focus management’s compliance efforts.
Vendor Due Diligence
All organisations rely on outside vendors to assist them in their business; therefore, organisations should exercise due diligence in seeking to prevent and detect criminal conduct by its vendors.
Organisations must conduct adequate due diligence to identify and select a competent and qualified vendors, such as reviewing the business reputation, financial soundness, and experience of the vendor.
Vendor management requires that procuring entities implement controls for vendor master file management.
The vendor master file is a database that contains a record of all vendors with whom a company conducts business. The vendor master file will contain valuable records, including records for purchasing functions (e.g., vendor name and address, contact information, and purchasing terms) and accounts payable functions (e.g., the purchasing terms, remittance address, and general ledger account number). Also, the vendor master file will contain records regarding suppliers, for both purchasing and accounts payable functions.
Mainly, the vendor’s name and address, contact, and terms are needed when placing purchase orders, and the terms, remittance address, and general ledger account number are needed for tracking accounts payable invoices.
In most organisations, members of the purchasing department approve new vendors, and accounts payable personnel set up new vendors in the entity’s accounting system.
To manage vendors, a procuring entity must establish clear procedures for setting up new vendors and changing vendor master file records. For example, procuring entities should require accounts payable personnel to verify new vendors (i.e., ensure that the vendors are qualified) by conducting a vendor background check before entering them into the vendor master file.
Also, the person responsible for the vendor master file should not be authorised to approve invoices for payment or to sign cheques.
Additionally, procurement entities must maintain accurate and up-to-date vendor master file records. Inaccurate or incomplete records can result in greater risks of duplicate payments, unfavourable payment terms, and non-compliance with regulations.
Thus, vendor master file records should be reviewed on a regular basis for inaccurate or incomplete records.
Moreover, purchasing entities should monitor the application of the accounts payable policies on vendor master files.
Vendor Monitoring
Procuring entities must also use monitoring and auditing systems reasonably designed to detect criminal conduct by its vendors. The procedures used to monitor vendors will be similar to those used to evaluate vendors, and they should be based on red flags of vendor schemes that pose the greatest risk.