It really is not a difficult decision to make

Introduction

According to PwC’s biennial Global Economic Crime and fraud Survey 2020 South Africa[1], 77% of South African businesses and organisations have experienced economic crime – a staggering figure.  Of the crimes, asset misappropriation has been experienced by 49% of respondents, “fraud committed by the consumer” – a new category, by 44%, and 39% have experienced procurement fraud.  The entire supply chain in South Africa is therefore fraught with criminality. Some respondents suffered losses of more than R1.2 billion. In some cases, costs to address the issue through investigations and other interventions exceeded as much as ten times the value of the initial loss.

In short, the decision has been made for business leaders as to whether they start implementing the appropriate technologies and advanced analytics necessary to prevent and monitor fraud.  They have no choice. Accountability for fraud and economic crime is moving into the executive suite. Yet only 37% of respondents to the survey had conducted an anti-bribery/anti-risk assessment. Business leaders ought to reassess, especially those whose organizations currently use a manual process or who make use of third parties.  In the case of the former, the processes are time consuming, while in the case of the latter, outsourcing introduces a new dimension to the fraud landscape. Any chinks in the armour of these business partners become your risks and can lead to the unravelling of the most sophisticated fraud prevention strategies, if not formally and comprehensively addressed. [2]

Procurement systems 101

The fundamental function of all procurement systems is to mitigate the risk of a business/organization in not complying with local and global legislation, regulations and correct internal policies.  Procurement systems must therefore implement rigorous vetting processes and supplier management controls to meet compliance, forensic and audit requirements.  Ideally the entire process should be guided by technologies which allow for automated and ongoing data analysis. Only then will the high risks associated with conflicts of interest involving suppliers and employees be avoided.

Aspects of the systems should therefore address the following issues:

1. Initial supplier vetting and approval

   Extensive datasets are necessary to verify and to vet information upfront, allowing for conflicts of interest to be identified and risk levels to be associated with new vendors.

2. Supplier onboarding

   Incorrectly captured information (such as company details, Vat and company status) needs to be flagged by the system during the verification process; corrected; and monitored automatically.

3. Ongoing maintenance and monitoring of vendors and suppliers

   The entire process of assessing and monitoring very many vendors and employees has to be efficient. Various and numerous datasets need to be accessed as mentioned above, and the risks relating to for example, property ownerships, company directorships and BEE legislation requirements have to be assessed. Within a couple of hours.

   Other extensive databases include information relating to bank account and credit checks with the results being saved automatically. National Treasury’s database of restricted suppliers is necessary for verification purposes. Relationships with government and government employees need to be monitored against CIPC and PERSAL.

   The software should allow organizations to create their own internal restricted lists of employees and vendors.

   A risk matrix must allow users to immediately ascertain an associated, measured risk value for each vendor on the database, and to flag potential threats.

4. Ongoing maintenance and monitoring of employees

   Identifying conflicts of interest within a company with regards employees, their careful screening, governmental relationships (by using for example PERSAL), and internal management as with vendors and suppliers, is a given.

5. Process management

   Procurement software should allow companies and organizations to control both the level of risk they wish to assign to conflicts; and to identify and to manage how they want to deal with the risk associated with large databases. Escalation policies, defined user roles and an approval hierarchy are therefore necessary.

6. Reporting

High level risk rating reporting, using for instance summary tables, must allow ease of interpreting and analyzing data, giving risk rankings directly to the user.

And the end result of implementing a procurement system?

Peace of mind in knowing that your business risks can be identified, quantified and acted upon promptly with greater insight than before, thereby preventing:

• Financial losses caused by corruption and fraud.
• Reputational damage to your business resulting from associating with unscrupulous vendors and third parties.
• Non-compliance with antibribery and corruption legislation, BEE, King IV, AML and other procurement legislation.

[1] https://www.corruptionwatch.org.za/wp-content/uploads/2020/06/global-economic-crime-survey-20201.pdf

[1] At p. 14.