The Fraud Examiner

You Can’t Outsource Risk: Managing Fraud in Outside Vendors

Bobbie Dani
Research Specialist, Association of Certified Fraud Examiners                                 

Division of labor has naturally integrated into every part of our society over time. Individuals pursue education and careers according to their strengths and passions. On a higher level, even organizations find success by focusing resources on what they do best and outsourcing what they don’t; hence, the rise of business process outsourcing (BPO) vendors.

While they have been around for a while, BPO vendors became more mainstream in the early 21st century. The global BPO market grew from $45.6 billion in 2000 to $140 billion in 2016, with an anticipated revenue of $163 billion by 2021. Initially, businesses sought out BPO vendors to reduce expenses related to back-office tasks, such as accounting and administrative functions. For such services, BPO vendors can often provide a higher level of service at a much lower price. However, outsourcing front-office tasks quickly followed.

The types of services commonly offered by BPO vendors include customer relationship management, finance and accounting, legal processes, procurement and more. BPO vendors are typically able to provide expertise at a fraction of the cost of hiring in-house professionals. The flexibility offered by most BPO vendors frees up company resources to accomplish more focused goals.

Potential Risk Areas

Despite all the benefits, BPO vendors can also expose clients to substantial risk. Like any organization, a BPO vendor is subject to security risks such as information system susceptibility and proprietary data vulnerability. Outsourcing also carries the risk of hidden costs and overdependence, subjecting the client organization to a weaker stance when it comes to contract renewal negotiations. One often overlooked risk lies in the possibility of fraud occurring at a BPO vendor. When a BPO vendor is defrauded, not only is the vendor a victim but so are the vendor’s clients.

While an organization can monitor and reduce the risk of internal fraud, how does it monitor and reduce the exposure it has when processes are outsourced? The client organization should be able to rely on the BPO vendor to follow professional standards and design internal controls to limit their customers’ fraud exposure. Most organizations use standard contracts when hiring BPO vendors and some contracts include clauses requiring the vendor to have such controls in place. But even with a contract, how can clients verify the controls in a remote setting?

What if the BPO vendor itself outsources a portion of its services? What if there is collusion between a vendor employee and one of the client organization’s employees? What if the BPO vendor’s executive management is less than ethical? Additionally, if the BPO vendor handles secure information on behalf of the client organization, the opportunity, as well as the consequences, for fraud to occur increases.

Sign In

Not a member? Click here to Join Now and access the full page.