IT procurement prone to high fraud risk

Tech market can be especially vulnerable, partly because projects usually of high value, comprise many phases, and involve intangible services and specialized knowledge, say market watchers, following incidents of fraud in Singapore's IT industry.
Written by Ryan Huang, Contributor

There is potentially more room for abuse in tenders for IT-related products and services, underscoring a need to pay closer attention and take certain steps to minimize the risk. With an economic downturn looming, there is also a higher tendency for fraud to occur, according to industry observers.

IT procurement processes in Singapore's public sector was cast under the spotlight recently following a scandal last month allegedly involving a female IT sales executive and two top civil servants, both of whom were the chiefs of Central Narcotics Bureau and the Singapore Civil Defence Force.

The incident came barely a year after a previous scandal emerged involving the Singapore Land Authority, implicating two of its senior staff in a S$12 million fraud case. The incident involved contracts being awarded to fictitious companies for services that were never rendered.

"In IT procurement, as the value of the projects is usually larger and involves more phases including design and implementation or intangible services, there could be more room for abuse," said Neo Sing Hwee, partner of advisory services at Ernst & Young Advisory.

Bob Yap, head of forensic at KPMG, added that tenders may also be more challenging because of the technical nature of the subject matter.

"For example, it can be difficult for non-IT procurement staff to identify whether a genuine need for procurement exists, whether the tenders received are truly comparable, or whether the goods invoiced are actually those delivered.

"For these issues, reliance tends to be on the IT department requesting the purchase," Yap explained. "There are also multiple smaller resellers which can be more difficult to background-check, but which can offer good value through lower overheads."

According to a Singapore-based IT sales executive who declined to be named, with the high value of IT contracts, the commission sales executives stand to gain can also be significantly higher than other market segments.

She noted that this might tempt some executives to pull out all the stops to win the contract, including offering kickbacks.

Ways to minimize risk
While KPMG's Yap declined to comment directly on what was lacking in public sector procurement processes, he stressed that policies must be regularly reviewed for them to remain effective.

"Policies and procedures that worked five years ago might not work as well today. So it is not only a question of tightening, but of adapting to changing business environments and threats," he noted.

Additionally, the effectiveness of anti-fraud controls depends on the people carrying them out, he said. The most restrictive controls will be of little use if employees do not adopt them in practice.

This applies to the public sector as much as the private sector, Yap said. "However, the public sector is generally held to a higher standard than the private sector because they deal with taxpayers' money," he added.

Looking for red flags
Kobus Beukes, director of forensic services at Deloitte Singapore and Southeast Asia, companies should also be proactive in watching out for warning signs. "This includes implementing a fraud risk management strategy and having fraud prevention measures in place," Beukes said, pointing to employees who do not take days off from work as an example of a red flag.

"In some cases of fraud that I've seen, the people did not take leave at all because they might have been worried if someone else covered their duties, he would uncover evidence and [their actions would] be exposed," he said.

Other common signs to look out for include invoices being split to bypass authorization limits, and deviations in communications between suppliers and staff such as through phonecalls or text messaging to mobile phones.

Yap noted: "Procurement fraud is very hard to detect when there is collusion between employees and third parties." However, he said there were still ways to combat it, such as having key procurement staff undergo job rotation. This would help prevent staff from being too close to suppliers or having time to find loopholes in the system, he added.

It would also be prudent for companies to conduct due diligence on their vendors, noted Lawrance Lai, partner of fraud investigations and dispute services, Ernst & Young Advisory.

"There were cases where the vendors were 'phantom vendors' or collusive bidders, or may even lack the competency to deliver the service," Lai said.

Yap suggested that data analytics could also be used as a tool to monitor and identify trends and patterns. "Organizations generate vast amounts of data as part of their business. Such data is often inaccessible through the accounting system front-end or is backed up and never examined.

"This data has huge value in enabling organizations to identify red flags and anomalies, and even control weaknesses and failures. For example, manual journal entries are made on Sundays and public holidays but rarely ever during the week," he said.

Yap also noted that in procurement, business units would be the first line of defense for the company.

This view was echoed by Ernst & Young's Neo, who added: "A whistle-blowing hotline and job rotation can also help to minimize fraud risk."

Editorial standards