Why Clean Documentation Does Not Always Mean Clean
Transactions
Every organization relies on its purchase cycle to procure
raw materials, services, and assets. Since procurement often represents one of
the largest areas of expenditure, it is also one of the most vulnerable to
fraud. Despite detailed audit procedures, maker-checker controls, and ERP
systems, procurement fraud continues to be a recurring issue across businesses.
Traditional audits primarily verify the existence of
documents such as Purchase Orders, Goods Receipt Notes (GRNs), invoices and
payment approvals. However, fraudsters often manipulate the process itself,
making every supporting document appear genuine.
Why Traditional Audits Miss Procurement Frauds
·
Approval of Purchase Orders (POs)
·
Three-way matching (PO, GRN and Invoice)
·
Authorization of payments
·
Accounting accuracy
·
Vendor confirmations
1. Purchase Orders Raised Without Genuine Business Need
A Purchase Order may be raised even though there is no
actual requirement from production or operations. The transaction is fully
documented, yet the purchase itself is unnecessary and may be intended to
favour a vendor or siphon company funds.
Red Flags:
·
Purchase Orders without Material Requisition
Notes (MRNs)
·
Frequent emergency purchases
·
Excess inventory with no increase in production
·
Slow-moving or non-moving inventory
Auditor's Approach:
Verify the commercial necessity by reviewing MRNs, comparing
purchases with production plans and consumption trends, analysing inventory
ageing and checking whether the ERP allows Purchase Orders without approved
requisitions.
2. Vendor Collusion and Inflated Pricing
Employees may collude with vendors to procure genuine goods
at inflated prices. Since the goods are received and documentation is complete,
the fraud often escapes routine audit procedures.
Red Flags:
·
Prices consistently above market rates
·
Repeated purchases from the same vendor
·
Similar quotations from different vendors
·
Common addresses, directors or contact details
among vendors
Auditor's Approach:
Benchmark purchase prices, analyse vendor master data,
review vendor selection and investigate unusual pricing trends.
3. ERP Control Bypass
Poorly configured ERP systems may allow Purchase Orders
without requisitions, price changes after approval, backdated entries, workflow
overrides and unauthorised vendor master changes.
Auditor's Approach:
Test ERP configurations and identify whether critical
controls can be bypassed.
4. Split Purchase Orders to Avoid Approval Limits
Large procurements are sometimes split into multiple smaller
Purchase Orders to avoid higher approval authority.
Auditor's Approach:
Review multiple Purchase Orders raised for the same vendor,
date and purpose.
5. Related Party Procurement Disguised as Independent Vendors
Vendors connected with employees or management may be
presented as independent suppliers.
Red Flags:
·
Common directors
·
Shared addresses
·
Common bank details
·
Common GST registrations or contact details
Auditor's Approach:
Perform vendor master analytics and background verification
where appropriate.
6. Goods Received Only on Paper
Documentation may indicate receipt of goods that never
physically arrived.
Auditor's Approach:
Correlate GRNs with gate entry records, inventory movement,
production consumption and physical verification.
Moving Beyond Compliance-Based Audits
·
Data analytics for duplicate vendors and
abnormal pricing
·
Trend analysis of procurement behaviour
·
ERP exception reporting
·
Vendor master review
·
Benford's Law
·
Approval workflow override testing
·
Correlation of procurement with production and
inventory
Rather than asking 'Is the documentation complete?',
auditors should ask 'Does this transaction make commercial sense?'
Conclusion
Procurement fraud rarely occurs because documentation is
missing. It occurs because documentation has been carefully designed to appear
legitimate. A risk-based and data-driven audit approach is therefore essential
to identify transactions that appear genuine but conceal significant business
risks.
About the Author
This article has been prepared to provide practical insights
into procurement risks from an audit and internal control perspective. The
views expressed are general in nature and should not be construed as
professional advice for any specific transaction or organization.