Norman Katz’ Detecting and Reducing Supply Chain Fraud encourages readers to engage in broader thinking about what constitutes the supply chain, and also highlights those inherent areas of weakness that accentuate fraud risk. Particular focus is drawn to the consequences of fraud for companies with global supply chains featuring outsourced production, as such arrangements may have the effect of removing individuals from close proximity to the consequences of their decisions, creating organisational blind spots. That fraud may be perpetrated at a remote supplier location makes it no less serious an issue for the procuring organisation than if it occurs within the bounds of its own perimeter fence, with possible financial, reputational and legal consequences. A recent example from the United States cited by Katz was the outsourcing of the mortgage foreclosure process to agents who were found to have fraudulently prepared the documentation on which these foreclosures were based. The recent scandals involving horsemeat-as-beef and tainted dairy products are further, sensational examples of failure in the integrity of the supply chain.
Mr. Katz brings hands-on experience gained as a private investigator, IT specialist and Certified Fraud Examiner (CFE) to bear on this title, which is written from the perspective of, and for practical application by, audit professionals.
The book highlights the value of integrated Enterprise Resource Planning (ERP) applications in identifying discrepancies in procurement and order fulfilment processes, and identifies the implementation of such applications as a key step in implementing supply chain fraud risk control. Indeed, the complex task of implementation itself forces rigorous thinking about the definition of business processes and data standards. However, he also underscores the fact that many instances of fraud are sophisticated and multi-layered and corporations are frequently exploited by those who know the weak points of existing technologies, processes and personnel controls, often colluding with others in doing so. An example given is the HealthSouth Corporation fraud in the United States in which approximately 20 individuals were involved in fraudulent activity that overstated the company’s earnings and assets. Extending the ERP to incorporate electronic business-to-business communications between customers and suppliers helps to close this gap, but does not eliminate it.
The critical factor in managing fraud risk is that individuals throughout the organisation exercise sound judgement and act with honesty and integrity. When something does not look right, they must have the support and protection of the organisation in reporting it so that investigative and remedial steps can be taken. Executive management must lead by example in setting high standards of corporate and individual integrity, and embed these standards in the corporate culture through their daily actions. The required standards must be clearly laid out in policies and procedures and reinforced by appropriate staff training. The importance of the “tone at the top” in reinforcing expected standards and building awareness is highlighted in statistics cited by the Association of Certified Fraud Examiners (ACFE). In its 2010 Report to the Nation, the ACFE stated that by a significant margin, reports by employees, customers and suppliers were the most common source of fraud detection, accounting for 40.2% of cases detected in 2010.
While the book states that services (including financial services) industries provide good subjects for supply chain fraud risk analysis, it would have been useful for Mr. Katz to have given more examples and guidance on detection and prevention of services-related supply chain fraud. In the first chapter, Mr. Katz’ description of Bernard Madoff’s Ponzi scheme as an (extreme) example of value chain fraud warrants further exploration. From what we now know of that case, Mr. Madoff certainly seems to have fit the profile of the fraudster as described in Mr. Katz’ book, as he had full control over certain business functions in what appeared to be opaque processes which were off-limits to all but a very small number of subordinates.
Similarly, a chapter on trends on ethics and integrity tells us that the “Millennial” generation (those born between 1980 and 1995) are focused on the short-term and instant gratification, but the research cited is predominantly related to the United States. It would be helpful to know more about the trends that are taking shape in other countries and cultures, and the implications of these trends for those organisations with global supply chains.
Mr. Katz’ useful chapter on supply chain information integrity highlights his assessment that information security may not be receiving the attention it deserves, in particular with regard to security vulnerabilities within the organisation itself. This is still an evolving field and one we can expect to be the focus of additional attention and resources as more and more industries shift to electronic commerce platforms, because the consequences of data theft for organisations are now so much more serious. In addition, “outside-the-application” audits are needed to mitigate the risk of fraud in transactions conducted over the internet. This is an area I expect we will read a great deal more about, because the business models are still so new. While the “data exhaust” generated by technology-driven business models provides a rich audit trail, custodians of data have great power, and with that, great responsibility.
Detecting and Reducing Supply Chain Fraud is a useful overview of the field, which will be of interest both to general managers charged with implementing a fraud risk management policy, as well as to audit practitioners seeking guidance from real world case studies. Mr. Katz reminds us that identifying supply chain fraud “means we have to look for it even when we not faced with any evidence of wrongdoing”. The “absences” (of formalised process, checks and balances) may be as significant for the organisation as any present findings. Mr Katz’ book is a useful guide to visualising these critical absences, and provides some practical advice on how to integrate this thinking into an effective fraud risk management programme.
Detecting and Reducing Supply Chain Fraud can be purchased from Gower Publishing with a special discount for AFN newsletter readers. Click here and, once you have made your choice, go to the online checkout and enter G8ATZ30 into the field marked Leaflet Code. Your order will be processed with a 30% discount.