Who owns the commitment to procurement integrity?
March 2018 | SPECIAL REPORT: MANAGING RISK
Financier Worldwide Magazine
March 2018 Issue
EY’s 2016 Global Fraud Survey reported that of the 2825 global executives surveyed, nearly half (42 percent) were willing to justify unethical behaviour when under pressure to meet financial targets. The survey further reported that 10 percent would make a cash payment – in other words, a bribe – to win or retain business in an economic downturn, and 7 percent would be prepared to backdate contracts that would falsely show revenue.
Typically, research and regulations place the entire responsibility of ensuring that an organisation is committed to honest, fair, impartial and legal contracting practices (such as procurement integrity) at the feet of the company’s executives. However, is this fair or even realistic and should it stop there? What about the workforce? Within every organisation, employees have an individual responsibility to adhere to the organisation’s established policies, procedures and processes, which are designed to provide reasonable assurance toward maintaining fair, honest and legal contracting. Therefore, should they not also be responsible for ensuring their own organisation is committed to procurement integrity? Each week, various news articles remind us that unethical behaviour is not limited to those executives in the boardrooms running the company; it can also be found at all levels, from line managers to supply chain workers.
Regardless of whether it is a senior executive, the head of the procurement department or the employee responsible for drafting the contracting requirements, an individual’s ethical behaviour is influenced, to a large degree, by the moral character of that person and the environment in which they work and live. It is the responsibility of the organisation’s leadership and management, regardless of its size, to invest reasonable resources and time in ensuring an ongoing culture of ethics and integrity for employees to learn from, support and work within.
It is said that most procurement fraud occurs during the pre-award phase, where vendors can operate in collusion with unethical employees in various ways that compromise the fairness of the bidding process and potentially result in higher contract costs. For example, a contractor can give something of value (a bribe) to an unethical organisational employee, in return for selecting their company for the contract and later allowing that same contractor to submit unnecessary new contract requirements (change order scheme). Another example is where a member of the proposal evaluation team allows a contractor to submit outdated pricing data to win the business (defective pricing scheme) then after winning (during the delivery phase) the contractor can submit the actual cost, thereby causing project cost overruns. An additional example is where procurement officials could reveal details of the bidding process or negotiations to give a vendor an unfair advantage (bid leaking). The owner of the company can direct their factory-floor workers to utilise lower quality parts (defective manufacturing scheme) which increases the company’s profits.
To detect and deter fraud and promote procurement integrity, the workforce needs to be aware of behaviours that indicate something is not right and know how to promptly report any apparent ethical violations. For example, is there someone who has authority over a contract, such as a programme manager, contracting officer (procuring or administrative), quality assurance specialist or engineer that appears to always favour a particular contractor’s position rather than the organisation’s? Does this person participate in meetings concerning specific contractors and does he or she tend to irrationally defend or dismiss the contractor’s actions or inactions? Does this person’s opinion vary depending on the contractor involved? Does this person suddenly appear to have more money to spend? Is this person travelling more frequently? Is the person frequently meeting away from the office? Is a person of influence trying to steer an award a particular way or working exclusively with a particular contractor and not treating others equitably? These are all questions that should be highlighted in an organisation’s procurement integrity training to the workforce – a critical element of an effective procurement fraud mitigation initiative.
Regardless of whether the organisation is in the corporate or public sector, no single element has more influence on the workplace’s ethical behaviour than a demonstrated commitment to fair, honest, impartial and legal contracting. That means procurement executives reinforce and periodically articulate the organisation’s code of conduct and expectations of ethical behaviour and procurement integrity in all phases of contracting activity. To ensure the organisational culture’s ethical tone, it does not stop there. The requirement for procurement integrity needs to be included in employee performance evaluations, in clearly written procurement policies and procedures, in providing for specific requirements and authority for oversight of contracting activity and in encouraging the workforce to communicate and reinforce procurement integrity among their peers.
To build a commitment to procurement integrity and develop an effective fraud mitigation initiative, a procurement fraud and abuse risk assessment must be a part of the ongoing process of identifying the organisation’s unique degree of risk to procurement fraud and abuse. This type of risk assessment should be conducted periodically and used to form the basis for determining how to manage the identified risks. The procurement fraud and abuse risk assessment should be focused on the unique business operations of the organisation, tailored to management’s risk tolerance and include the most common procurement schemes to which the organisation could be vulnerable to fraud. Because much of this type of assessment involves anticipating the behaviour of a potential perpetrator, the assessment team must, collectively, have specialised backgrounds in the prevention and detection of procurement fraud and abuse, including experience in assessing mitigation controls, fraud risk, procurements and organisational culture.
One-size does not fit all organisations.
A procurement fraud and abuse risk assessment differs somewhat from the more conventional risk assessment methods, in that it must be procurement schemes and scenarios based. Once the assessment has identified the high-risk areas, the results will allow the organisation to identify and design effective mitigation steps, consistent with the organisational management’s contracting risk tolerance.
To help guide the building of a culture of procurement integrity, there are certain common best practices identified in various procurement regulations. Experience has shown that many small and midsize companies are not aware of these various best practices or regulations, which include having an effective contractor code of business ethics and conduct.
One such regulation is within US federal procurements, Federal Acquisition Regulation (FAR) 3.10, Contractor Code of Business Ethics and Conduct, which establishes a clear requirement for all contractors to conduct themselves with the highest degree of integrity and honesty. For those US federal contractors with a contract value expected to exceed $5.5m and with a performance over 120 days, the FAR lays out a set of requirements assisting executives in creating an ethical workplace environment, including publishing a clear code of conduct and ensuring all employees receive a copy, exercising due diligence to prevent and detect misconduct, possessing an internal control system that will facilitate timely discovery of improper conduct and ensuring corrective actions are promptly instituted and carried out.
Those companies that are aware of these various regulatory requirements (including larger firms), often have paper-only programmes, and therefore have limited their effectiveness. The absence of a well-communicated and periodically tested ethical workforce environment, including the commitment to procurement integrity, not only places contractors at risk of contract non-compliance and litigation, but escalates the possibility of fraudulent activity within the workforce.
The US FAR requirement is just one example of an available resource. Similar help can be found on the Open Compliance and Ethics Group (OCEG) website. The OCEG ‘Red Book’ and ‘Burgundy Book’ are two resources that enable businesses to improve their compliance programmes. The ‘Red Book’ is the OCEG governance, risk management and compliance (GRC) capability model – the centerpiece of the OCEG framework. According to the OCEG, the GRC capability model provides a comprehensive process model for anyone implementing and managing some aspect of a governance, risk management and compliance system, including those involved in compliance, training, hotlines and investigations. The ‘Burgundy Book’ is a set of tools that help organisations evaluate the design and operation of governance, risk management and compliance processes.
The commitment to procurement integrity is everyone’s responsibility. It takes an entire workforce’s commitment to a culture of ethics and integrity. It must be woven into day-to-day activities, reinforced through education and be regarded as the cornerstone of the organisation’s business environment and culture.
Sheryl Steckler is president and Tom Caulfield is chief operating officer at Procurement Integrity Consulting Services LLC. Ms Steckler can be contacted on +1 (850) 443 0807 or by email: sheryl@procurement-integrity.net. Mr Caulfield can be contacted on +1 (540) 907 8654 or by email: tom@procurement-integrity.net.
© Financier Worldwide
BY
Sheryl Steckler and Tom Caulfield
Procurement Integrity Consulting Services LLC
FORUM: Managing financial crime risk and AML processes with technology
Risk management – impact of increased regulatory risk
The need for curated data for asset managers and institutional investors
The innovation of compliance insurance covering costly corporate investigations
Good risk management matters as much as brand building
Cyber attack – incident response communication
Supply chain risk strategies every organisation must know
Managing the convergence of changing sanctions and the human rights and anti-corruption movements
Who owns the commitment to procurement integrity?
AI in corporate foreign exchange hedging
To serve your community or sit in jail: is there any reward to this banking risk?