With their distinctive characteristics and cultural nuances—not to mention business etiquette standards that vary from country to country—markets in South and Southeast Asia can pose unexpected challenges for companies that rely on fraud mitigation and investigation practices applicable to developed markets. Quite simply, these practices do not work in Asia. In fact, some common Asian business practices make companies more vulnerable to fraud, especially procurement fraud, and at the same time make it harder for investigations to be carried out.
However, we are now seeing an increasing number of companies in Asia proactively investigating vendors and employees for suspect relationships and activities. While a stronger emphasis on good corporate governance is driving part of this new focus, we also attribute it to the greater awareness among companies of the losses due to procurement-related fraud coupled with operating in a difficult economic environment that makes it imperative to look for ways to improve the bottom line.
Challenges to Investigating Procurement Fraud
Suspicions Without Proof
A number of investigations where Kroll has been involved in Asia started as whistle-blower complaints or informal water-cooler discussions about procurement practices that led managers to suspect certain vendors and employees. A major challenge of investigating fraud when there is no evidence against any target is that often managers do not know which vendors and employees to investigate first.
Accusations Without Details
A related challenge is that whistle-blowers rarely come forward to share details such as names of employees who are involved, the scale of the fraud, and how the fraud is perpetrated. Employee loyalty often lies with the local CEOs rather than with the parent company based abroad.
Internal Audit “Preparation”
Internal audits should not be relied on to root out fraud. The scope and schedule of internal audits are often communicated well in advance to minimize business disruptions; however, this increases the risk of “window dressing.”
Unreliable Vendor Data
Poor quality of vendor data is also a key concern when conducting procurement-related investigations in Asia, even when Enterprise Resource Planning (ERP) systems are in place. In one of Kroll’s investigations, the client had entered a large volume of data into SAP when it was first installed in 2006. We determined that the data was poorly entered at the time, with little quality control. This posed a difficult challenge when the client wanted to review the data a few years later to identify suspicious vendors.
Who Is Connected, Who Is Not
In many of our Asia investigations, relatives of politicians, police and bureaucrats are linked to employees or vendors. This is a key issue in several Asian countries where ownership records of companies are not as easily accessible to the public, making it harder to identify conflicts of interest. Companies can face regulatory problems if vendors are linked to government officials or blacklisted companies, rendering the tender process ineffective as applicants may be part of the same parent company.
Best Practices for Responding to Suspected Fraud
Kroll has helped several companies investigate vendors and employees when procurement fraud is suspected and targets are known. Since there is no “one size fits all” strategy for this region, the most effective approach incorporates both best practices and client-specific considerations. Taking into account a country’s legal framework in which an entity operates, the steps can include:
Overt Vs. Covert
There are pros and cons for each option—for example, an overt investigation may lead to the identification of key witnesses but can also result in data loss if a perpetrator catches wind of the investigation and starts destroying critical evidence.
Consider placing the suspect employee on Garden Leave so that he or she remains on the company’s payroll and is obliged to talk to investigators when summoned.
Breach and Clear
Secure the evidence (i.e., PCs, data and email servers, smartphones and mass storage devices), maintain chain of custody and restrict access to the aforementioned hardware.
Secure documents and contents of the target’s desk or office.
Block All Access
Remove access to the server and the premises.
Examine Data Files
Forensically extract data from IT equipment. Also, analyze the data using dedicated text-mining tools. Keywords should be specific to limit false positives.
Conduct data analytics on suppliers’ master-file, sub-ledger, cash books, expense claims, phone records, general ledger entries, approved contracts and invoices, budget vs. actuals, etc.
External and Internal Leads
Interview internal process owners and second tier employees. Coordinate external source inquiries to provide additional investigative leads and keywords.
What Happens When You Suspect Fraud but Are Not Sure Who Are the Perpetrators?
In the event of a suspected fraud when targets are unknown, Kroll works to isolate the source of the problem by:
- Analyzing internal data files on vendors and employees in an efficient way to shortlist targets.
- Gathering external evidence from vendors, former employees, competitors and customers about the company’s practices that may constitute fraud.
- Establishing strong, well-organized internal control systems to reduce clients’ vulnerability to procurement fraud:
- Building secure environments that reduce the risk of access control systems’ being compromised
- Conducting due diligence on new employees and vendors
- Instituting anonymous and independent whistle-blowing systems that encourage local employees and vendors to report unethical behavior while protecting them from direct and indirect punitive actions
Learn more about fraud statistics and trends in Kroll’s annual Global Fraud Report.