Personality Risk Profiles your Procurement Integrity Systems need to Protect Against

1
Personality Risk Profiles your Procurement
Integrity Systems need to Protect Against
Presented by Tom Caulfield
2
Introduction
My work experience as it relates to procurement
fraud detection, identification of fraudsters,
and procurement integrity controls failures.
This should allow you to better understand my
perspective as to why I am presenting the
material the way I am and how I have learned
about the items I will be discussing.
3
Background
I have never worked as an Auditor. I have never
worked in a Procurement Division. I have never
organized a contract folder or performed an
acquisition audit.
4
Background
Law enforcement and Criminal Investigations for
over thirty-five years. Involved with
white-collar crimes specifically PF. Losses to
contract fraud of over 1.3 billion dollars.
Department of Justice negotiating countless
plea agreements.
5
Todays Talk

•  
• The Fundamentals of Procurement Fraud.
• The Six Personality Risk Profiles you need to
  protect against.
• The Five Key Components of effective Procurement
  Integrity Controls.
• Some of the Pitfalls with Risk Assessment Tools.

6
Procurement Integrity Controls
  Procurement Integrity Controls are those
organizational processes and management systems
that are designed to provide reasonable assurance
regarding the prevention, detection, and prompt
reporting of abuse, fraud or non-compliance
within organizational procurements.
7
Procurement Integrity Controls
  Allow me to clarify, when I say
non-compliance I am talking about instances
when your employees are not following your
published procurement policies, rules, or
instructions. I am not talking about
non-compliance by a vendor of goods or services
that are being acquired by your organization.
8
Are You Ready?
9
Fundamentals of Procurement Fraud
At its most basic level it is legally defined as
an intentional perversion of the truth for the
purpose of inducing another in reliance upon it
to part with some valuable thing or to surrender
legal right or simply stated - a false
representation of the truth, involving trickery
and deception in order to illegally enrich the
fraudster.
10
Fundamentals of Procurement Fraud
The challenge when it comes to procurement
integrity, which many people don't understand, is
that the misrepresentation is fashioned by a
fraudster(s) who has a deep operational knowledge
of your processes and therefore many-times is
connected to the contract.
11
Veil of Trust
The degree of interaction between the fraudster
and the employee reinforces this veil of trust,
and therefore the fraudster is often considered
to be a trusted agent by the same people whose
trust has been violated. This trusted agent
status highlights the peculiar dichotomy of
procurement fraud these crimes cannot succeed
without trust, but neither can business.
12
Still Protected Against
If fraud is defined as an intentional
perversion of truth for the purpose of inducing
another in reliance upon it to part with some
valuable thing or to surrender legal right than
what is it if the person makes the false
representation but is not personally enriched?
13
Still Protected Against
For example what if an employee's action creates
savings for the company by cutting out some of
the quality control steps, or "steers" a contract
to a friend or a sub-contractor they have worked
with prior and simply enjoys working with them,
but the employee does not get any financial
compensation?
14
Personality Risk Profiles

•  
• Situational Fraudster
• Deviant Fraudster
• Business Abuser
• Multi-Interest Abuser
• Well Intentioned Non-Compliance Employee
• Disengaged Non-Compliance Employee

15
Situational Fraudster
  The one most people will reference as the
traditional Fraudster, who is the employee that
seems to be frustrated at work who has
rationalized his/her right to an illegal
enrichment and simply perpetrates the fraud
scheme when the right occasion occurs normally
because of a weak internal control.
16
Deviant Fraudster
Of a serious concern as this person can cause
the greatest damage to an organization. This type
of person is proactive possibly perceived as one
of the companys hardest workers or best
contractors is always on the alert for
opportunities to corrupt the system and carries
what we call the "veil of trust" from others in
the organization.
17
Situational vs. Deviant
The situational fraudster is far more prevalent
in any contract, but losses are far less. If
the deviant fraudster can bribe an organizational
official to allow fraudulent billing submissions
with a promise of kickbacks, or a contractor
implements a fraudulent cost accounting scheme,
the losses can be in the millions.
18
Business Abuser
This is the person who commits an inappropriate
act that on its face, seems to only benefit the
organization and not the abuser. However, in
reality the inappropriate act is to increase
his/her standing within the organization as
someone who can continuously increase business
and generate revenues.
19
Business Abuser
The business procurement abuser will
inappropriately shift cost between contracts to
make his/her unit appear better managed then it
really is or will cause required quality control
steps to be removed to ensure more timely or
early deliverables.
20
Business Abuser
Will justify their actions as enhancing the
organizations profit margin. However, in
reality these people are costing organizations
millions of dollars in civil liabilities and
contract disputes as once their action/act is
identified the organization many times becomes
the focus of an external investigation for not
having sufficient controls to prevent the actions
of the business abuser.
21
Multi-Interest Abuser
Manipulates the procurement process to advance
his/her own interest and the interest of another
person. This is done not to obtain any financial
advantage for him/herself, but instead to help a
friend in getting a contract, or to ensure the
award goes to their desirable contractor, or even
helping family members.
22
Multi-Interest Abuser
This multi-interest abuser of the procurement
process is the one who drafts contract
specifications to a specific contractor or
embellishes the need for a "sole-source"
justification to avoid a fully competitive
process or "slants" technical evaluations to a
specific bidder.
23
Multi-Interest Abuser
Again, this multi-interest abuser is not
motivated by any direct financial compensation,
but still raises significant risk to an
organization. Clearly if the inappropriate
actions of this person was motivated for personal
financial gain then this person would be
categorized as a procurement Fraudster and not an
Abuser.
24
Personality Risk Profiles

• Well Intentioned Non-Compliance Employee
• Disengaged Non-Compliance Employee

The next two personality risk profiles are
rarely talked about during courses, but present a
risk to the organization that is probably harder
to identify then the Fraudster or Abuser. These
last two risk profiles fall into the category of
the Procurement Non-Compliance Employees.
25
Well Intentioned Non-Compliance Employee
Believes his/her deviation from the procurement
processes does not harm the organization and
further believe they are helping the organization
in obtaining greater efficiency or obtaining
better services. This self-described well
intentioned non-compliance employee is an
employee who has been with the organization for
years and has a good working knowledge of
procurement processes.
26
Well Intentioned Non-Compliance Employee
This employee will not identify the true scope
of a requirement to ensure the contract remains
under a particular dollar threshold thereby
allowing the award to be expedited. This is
also the employee who knows what key descriptions
in an organizational purchasing document to use
or not use to avoid a required procurement
process.
27
Well Intentioned Non-Compliance Employee
This employee is normally found in organizations
that allow low dollar purchases or
"micro-purchases" without approval from a
separate/independent department or the purchasing
department.
28
Disengaged Non-Compliance Employee
This is the employee who puts little or minimal
effort into a specific procurement step. This
person will not check a contractor's bond, or not
examine a contractor's past performance record,
or not confirm a contractor's deliverable prior
to approving payment.
29
Non-Compliance Employees
The non-compliance employees create unnecessary
exposure for your organization to fraud,
litigation and may also waste company resources
and lost funds. Most concerning is that these
employees open the door and create opportunities
for the Fraudsters.
30
Procurement Integrity Controls
31
Procurement Integrity Controls
  Procurement Integrity Controls are those
organizational processes and management systems
that are designed to provide reasonable assurance
regarding the prevention, detection, and prompt
reporting of abuse, fraud or non-compliance
within organizational procurements.
32
Procurement Integrity Controls
  Consist of five interrelated components
which, if designed and implemented correctly, can
react to changing circumstances, conditions and
risks. Effective systems facilitate
achieving organizational objectives by serving as
checks and balance against undesirable events and
include a series of on-going activities that
permeate throughout an organization at every
level.
33
COSO
  To a large degree the five components of
Procurement Integrity Systems parallel the
criteria presented in the Committee of Sponsoring
Organizations of the Treadway Commissions
Internal Control-Integrated Framework and draws
from concepts in COSOs Enterprise Risk
Management.
34
Procurement Integrity Controls

•  
• Commitment to Procurement Integrity
• Tailored Vulnerability Assessment
• Focused Protections within Policy
• Targeted Information Sharing
• Identification of Deficiencies

35
Commitment to Procurement Integrity
  1. Demonstrated commitment to procurement
integrity within an ethical culture   This
sometimes becomes difficult to achieve when the
organization has an absolute success at all cost
mindset, or the purchasing division is viewed
exclusively as a service provider to the mission
side of the organization.
36
Tailored Vulnerability Assessment
2. Focused and tailored assessment of your
organizations greatest risks to the traditional
procurement fraud and abuses in todays
contracting schemes, along with non-compliance to
procurement processes   Question do I know
the top two vulnerabilities within your
organization for each of the personalities risk
profiles mentioned earlier?
37
Focused Protections within Policy
3. Sound protections built into your policies,
procedures, and practices tailored to the
organizations unique vulnerabilities   When I
say "protections built into" I am talking about
items like separation of duties, independent
validation of need, appropriate approval
thresholds
38
Targeted Information Sharing
4. Targeted training and information sharing in
the areas of fraud, abuse and impact in
procurement policy non-compliance, to all
appropriate levels within the organization
  Sharing of information and training on the
various types of procurement threats and equally
important, the impact to the organization of
those threats. This is the area that seems to be
missed most frequently.
39
Identification of Deficiencies
5. Robust quality assurance processes which
identifies internal and external deficiencies in
your procurement integrity controls   Many
companies seem to depend on a checklist approach,
or assume the organizational auditors will check,
others work from a concept of trust in their
employees willingness to comply.
40
Victimized Organizations
  Typically lacked some or most of these
components. Many of the organizations did have a
commitment to organizational ethics with very
formal ethics programs, but their programs seemed
to fall short when reaching into the purchasing
division. Each of the organizations became a
victim because of unscrupulous actions of
perpetrators and ineffective or missing
Procurement Integrity Systems.
41
Focused and Tailored Risk Assessment
  Procurement Integrity Controls not only has to
be integrated, but it must also be deployed in a
fashion that is focused on the organization's
high risk procurement vulnerabilities, which can
in turn be used to develop tailored protection
systems.  
42
Procurement Integrity
There is no greater tool in the detection and
prevention of procurement fraud, abuse or
non-compliance than knowledgeable employees and
sound protection built from the organizations
most likely vulnerabilities.
43
2
Fraud Indicators (Weak
Internal Controls) X (Motivation)

Fraud
In closing, remember the only difference between
a mistake and a fraud is the intent.