Posted on May 1st, 2013 No comments
Miami is known for many things –natural beauty, beautiful people, great weather and South Beach. That aside, it is also the fraud capital, not only in terms of Medicare and Medicaid, but in mortgage fraud, identity theft, and potentially in the area of vendor fraud.
Often I have found that fraud discussions and seminars seem to relate to the aforementioned. I have attended many seminars and no one focuses on what I believe is the most crucial potential for fraud that exists –approved vendors sitting in vendor master files. These are vendors you use every day, many who are legitimate and provide excellent and timely services. However, when I ask financial or supply chain managers about the number of active vendors they have or what they know about their vendors’ potential undisclosed relationships and related conflicts, I typically get the “deer in the headlights” stare or an off the cuff response.
Once a fraudulent vendor gets into the accounts payable system, it is like a Trojan horse or computer virus that upon release could cause havoc. Losses due to misappropriations may cost companies hundreds of thousands if not millions of dollars, not to mention loss of reputation and or career for those executives who allowed this to occur. Even worse, it often occurs in plain sight, no back alley deals or brown paper bag brush bys. Everyone knows the vendor and often uses them as the “ people who come to our aid at all hours of the day or night. They are the go to people that get the job done.”
While they may be a trustworthy loyal vendor, do you really know who they are? Do you know if they have relationships with your other vendors or employees? Do they have related companies? Have you even looked to see if the three bidders (in a three bid process you obtained to protect your company) are related and the bid is rigged? Proper and thorough up-front vetting can be used to detect and prevent these problems.
Accordingly, organizations need a robust, vendor on-boarding process which thoroughly and completely requires vendors to submit to an in-depth review in order to identify potential conflicts with existing employees and management of the organization with whom the vendor is trying to do business.
Pertinent data is entered by the vendor and then is sent out through various public databases; concurrently, information is obtained allowing management to make an intelligent decision regarding whether to engage the vendor.
Not only does this improve internal controls, but also identifies conflicts before a vendor is on-boarded while highlighting other anomaly data and improper relationship issues. In some systems, the vendor pays a fee to do business with the organization; in essence, it is a zero cost proposition to the entity choosing to use it!
Our experience shows what well intentioned and highly educated managers, in an effective if not excellent control environment, can often leave themselves and their organization vulnerable to fraudulent vendors if they don’t know what they don’t know. In this case what you don’t know can really hurt you and your organization!
Vendors beware! Companies know thy vendors…
A Certificate Of Destruction Does Not Relieve A Company From Its Obligation To Keep Information ConfidentialPosted on September 11th, 2008 No comments
Any company contracting an information destruction service should require that it provide them with a signed testimonial, documenting the date that the materials were destroyed. The >certificate of destruction<, as it is commonly referred, is an important legal record of compliance with a retention schedule. It does not, however, effectively transfer the responsibility to maintain the confidentiality of the materials to the contractor.
If private information surfaces after the vendor accepts it, the court is bound to question the process by which the particular contractor was selected. Any company not showing due diligence in their selection of a contractor that is capable of providing the necessary security could be found negligent. And, from a practical standpoint, if proprietary or private information is lost or leaked by the fraud or negligence of a vendor, the obligations of that vendor are irrelevant. The firm whose information falls into the wrong hands stands to lose the most, either from loss of business, prosecution or unfavorable publicity.
Since a business cannot transfer its responsibility to maintain confidentiality, it must be certain that it is dealing with a reputable company with superior security procedures. Unfortunately, there are those information destruction services that provide certificates of destruction while having no semblance of security and, in some cases, no destruction process available to them. Anyone interested in contracting a data destruction service is advised to thoroughly review their policies and procedures, conduct an initial site audit and conduct subsequent unannounced audits. On-site document destruction is also an option in most cities.