Reducing Vendor Fraud Risk

All organizations can use the free U.S. federal Excluded Parties List System during their procurement processes to find questionable vendors and reduce the risk of fraud. CFEs and auditors should use this little-known Internet database in fraud examinations.

Jodi Rock, the manager of Tindermark Corporation’s purchasing department, received a call from the company’s manufacturing plant complaining about some of its raw materials. According to Sam, the plant manager, the materials were causing all sorts of headaches because they were not within the specifications required by the engineering department. Tindermark’s internal audit department investigated the problem. They found some interesting information about the vendor in question. Two years earlier, the U.S. federal government had brought a successful suit against the same vendor for supplying substandard materials to the Army.

USING THE EPLS TO PREVENT VENDOR PROCUREMENT FRAUD

This fictional illustration presents a potentially costly example of vendor procurement fraud. To fight this type of fraud, CFEs and auditors can use a little-known U.S. federal database, the Excluded Parties List System (EPLS). The EPLS was created by a Presidential Executive Order in 1986 as a central file of all individuals and organizations excluded from participation in federal programs. It’s now a comprehensive, publicly available Internet database that is updated in real time by all federal agencies.

In our fictitious example, if Tindermark’s policies had specified that all potential vendors had to be vetted through the EPLS, management would have found that the vendor in question was excluded from doing business with the federal government for a procurement violation entered by the Army with the cause code “A” (a willful failure to perform in accordance with a government contract). With that knowledge, Tindermark would not have done business with this vendor. The corporation would have avoided problems ranging from production delays, overbilling, costs to replace materials, reworking of products, to even possible litigation because of the poor quality of Tindermark’s products.

HOW IS VENDOR FRAUD PERPETRATED AND HOW EXTENSIVE IS IT?

Problem vendors can defraud their customers in many ways. The National Procurement Fraud Task Force, created by the U.S. Department of Justice (DOJ) in 2006, noted that procurement fraud includes bid rigging, bribery, embezzlement, false claims and money laundering. 

PricewaterhouseCoopers found that legitimate vendors perpetrate fraud against their customers by inflating prices, delivering and/or billing for incorrect quantities and providing unnecessary services. In addition to outright fraud, companies can perform poorly when vendors are unable or unwilling to provide satisfactory products in an acceptable time frame.

These various schemes are perpetrated quite frequently, according to the ACFE’s 2010 “Report to the Nations.” Although the report does not treat vendor fraud as a separate category, it does segregate billing fraud, which includes issuing payment for inflated invoices or fictitious goods or services. The report’s survey showed that billing fraud was the most frequent type of fraud for small firms and the second most frequent type for large firms.

Across all reporting countries, corruption-type fraud, which includes bid-rigging and bribery, was the most frequent type of fraud for large firms and second most frequent for small firms. According to the report, billing fraud and corruption were the two most frequent types of fraud in the U.S., Asia, Europe, Africa, Canada, and Central and South America.

Procurement fraud can be costly for both large and small private businesses. In 2002, the National Association of Convenience Stores estimated that vendor fraud caused between 15 percent and 20 percent of inventory shrinkage. The “Report to the Nations” indicated that, on average, billing frauds caused a median loss of $128,000 per incident, and corruption frauds cost $175,000 per incident.

Governments also pay the price for procurement fraud. For example, DOJ statistics show that the U.S. secured $2.4 billion in settlements and judgments in cases involving fraud against the government in the fiscal year ending Sept. 30, 2009. Procurement fraud against the government accounted for a quarter of fiscal year 2009 recoveries, with $608.4 million in settlements. 

AN OVERVIEW OF THE EPLS

The EPLS is a free, publicly available, online database containing about 76,000 excluded parties. Parties are listed under the names of relevant individuals, firm names and possible alternate names. The excluded vendors might be individuals or businesses in the U.S. or anywhere in the world.

All federal government agencies are required to provide real-time updates to the EPLS that describe their problems with businesses, individuals and other entities. This requirement is meant to protect the government from entering business relations with dishonest, unethical or otherwise irresponsible parties. All federal contracting officers are required to review the EPLS prior to awarding a government contract to a vendor.

Vendors that are excluded or suspended by any government agency are then ineligible for federal contracts. Since 1995, they also have been ineligible for most federal financial and non-financial benefits and loan programs. EPLS vendor exclusions might be related to poor performance or fraud or other violations. The exclusions also might be based on the Federal Acquisition Regulations, the Nonprocurement Suspension and Debarment Common Rule, specific agency regulations or other statutory authority. The agency that initiates the exclusion action enters the data into the EPLS, which also includes other names that the individual or firm might use so they can be easily cross-referenced.

The agency also enters the cause and treatment (CT) code. The EPLS system accepts about 80 different CT codes. Causes for exclusion include Medicare/Medicaid fraud; felony fraud, bribery or embezzlement convictions; terrorism connections; immigration issues; willful violation of the terms of a government contract; narcotics trafficking; arms trafficking; and antitrust violations. For each cause there is a related “treatment,” which is noted with the cause in the CT code tables. Typically the treatment is to exclude the party from all federal contracts and benefits programs. The exclusion time frame might be permanent, for a pre-determined period or until the vendor satisfies certain conditions.

NAVIGATING THE EPLS DATABASE

The EPLS database allows simple and advanced searches. It also supports some basic reporting with charts and graphs. Users are not required to sign in or log on with any identifying information. They can access, among other features, frequently asked questions, a user manual and a help desk.

Users can perform full or partial name searches to check on firms and individuals. In the full search for individuals, the user enters first and last name, middle name or initial, and prefix and suffix. In the partial search, the user enters only an individual’s last name and first name. If the user is not sure of proper spelling or an exact name, the system offers possible partial matches for the user-entered data.

Although searches of firms by Data Universal Numbering System (DUNS) numbers are also possible, the system does not guarantee that DUNS searches will be fully accurate. DUNS provides unique nine-digit sequences for 100 million worldwide businesses and is recognized as the universal identifying standard.

Further refinement can limit name searches to a specific state or country, a certain date range, cause code or federal agency code. Other options allow for exact name and Social Security number (SSN) searches or for multiple name searches. The latter allows the user to enter up to six names at once. The search results will show any records with all of those names. The EPLS includes the current active database as well as an archive database that maintains records for expired exclusions. Either database is searchable in essentially the same manner.

Also, a user can search for records in the EPLS that fit various criteria, such as specific cause codes, certain states or countries, or a given time frame or agency. A user can enter several limiting criteria at once, such as records entered by the Department of Defense in 2009 with entities located in the state of Massachusetts.

Once the user enters criteria, the system executes the search and displays the relevant records. Each record shows the individual or firm name, any alternate names, the cause/treatment code, the code for the agency that initiated the exclusion, the dates of the action and the length of the debarment, and the entity’s location, including current and alternate addresses anywhere in the world.

Although street addresses are not displayed for individuals, a user can enter a known address, and the EPLS will verify against this data.

Similarly, a SSN or taxpayer identification number is not displayed but can be verified.

Users are able to download and save search results into various formats including Excel or XML. With a feature called “My EPLS,” users can save search criteria for future use. The EPLS also allows for some standard reports and statistics. For example, a user can view a pie chart that shows the number of active versus archived exclusions in the entire database or a bar chart that illustrates the number of exclusions by month for a year compared with a previous year. A user can refine reports and charts to see the number of exclusions in the database by cause code or by agency.

USING THE EPLS TO REDUCE VENDOR RISK

The EPLS has applications for businesses and not-for-profit entities worldwide. Government agencies internationally can choose to use the system in much the same way the U.S. federal government does to exclude vendors from receiving contracts. At the very least, the knowledge that a vendor is in the EPLS will alert an agency to negotiate and oversee the contract carefully.

Data from the National Procurement Fraud Task Force shows that vendor risk stems from vulnerabilities in corporate controls. Just as U. S. federal regulations require checks for debarments for all vendors, any business can reduce its procurement risk by incorporating the EPLS into its internal control system. CFEs can work with their procurement departments and internal auditors to develop a process that uses the EPLS as a screening tool in background checks of current and potential vendors.

Management needs to decide whether to use only the current EPLS or to include the archived list. Management also needs to define policies to be used when a potential vendor is found in the EPLS. Certain CT codes might automatically remove the vendor from any chance of doing business with the company. Companies might view other CT codes as presenting less risk but requiring the need for more in-depth review before doing business with those individuals or organizations.

Though the EPLS database specifically pertains to problem vendors, businesses — such as CPA firms, can use it when accepting clients. Also, businesses can use the EPLS data in their procurement plans and sourcing choices. They can mine it for any combination of criteria to proactively reduce vendor risk in decisions such as locating a manufacturing plant or a warehouse, buying directly from a vendor at the source or through a wholesaler that assumes the vendor risk to facilitate seamless supply, and setting the terms of delivery and payment.

CFEs and auditors can use the EPLS to investigate fraud. For example, in the investigation of a suspected embezzler, a check of the EPLS might reveal alternate names used by the suspect, businesses related to the suspect and other individuals involved as co-owners or officers in the related businesses. This information could uncover a shell company, find aliases used by the suspect to hide the embezzlement or identify other individuals to interview for additional leads.

OVERLOOKED TOOL

Though the EPLS does not provide a list of vendors that have committed fraud against non-government entities, it is a valuable, free Internet tool for screening vendors or customers, proactively mitigating fraud risk, and conducting internal audits and fraud examinations of vendors. Anyone can easily use this extensive database to find problem vendors around the world and to combat procurement fraud.

Martha A. Howe, Ph.D., CFE, a senior lecturer at Bentley University in Waltham, Mass., teaches primarily in the fraud examination and forensic accounting areas.

Priscilla A. Burnaby, Ph.D., CPA, a professor of accounting at Bentley University, teaches internal auditing and risk management.

Brigitte W. Muehlmann, Ph.D., CPA/CFF, CMA, CFM, CVA, an associate professor in the Sawyer Business School at Suffolk University, teaches taxation and tax policy.

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.