Most organizations rely on vendors to succeed in their mission. These vendors could be providing a product or a service. When most people think of fraud they think of an employee stealing from the organization. Large frauds can and will occur between you and your vendor without the proper controls in place.
Similar red flags that we often refer to for employees can be applied to vendors. Red flags are an indication that a possible fraud could occur. One red flag, or numerous red flags, does not mean a fraud has occurred, just that a fraud is more likely in that environment. The more red flags the more an organization should look into the situation. Red flags for employees that could apply to vendors include, but are not limited to:
– Long term trusted relationship
– Little oversight over the relationship, lack of policies or procedures
– Unaware of the actual job function the employee or vendor does
– Employee or vendor living outside their means.
– Easily annoyed at reasonable questions
Obviously, we could apply many more red flags to both the employee and vendor relationship. Organizations that can see these occur can put controls in place to mitigate any potential vulnerabilities that would possibly prevent a fraud event from occurring.
Your relationship with your trusted vendor can often become very friendly and “loose.” One of the areas organizations cannot drop the ball on in a vendor relationship is the area of “trust, but verify.”
– Are you making sure the hours charged for the service seem reasonable and per your current service contract?
– Is your service contract current?
– Is your organization making sure products purchased are actually delivered?
– Are products purchased accounted for?
– Is there an organization employee that is responsible to maintain the vendor?
– Are you looking at alternative vendors annually to make sure your current vendor’s costs are reasonable?
Vendor’s help organizations successfully complete their mission, but can also harm their mission if controls are not in place and fraud occurs.
If your organization would like to continue a discussion on this topic, or other fraud related topics, please email David Hammarberg, Principal and leader of our firm’s Cybersecurity and Forensic Examination practices at firstname.lastname@example.org.