Professional Documents
Culture Documents
B
by Leonard W. Vona
Copyright © 2011 John Wiley & Sons, Inc.
APPENDIX
RED FLAGS
1. Shell corporation
a. Invoice general information
i. Trigger red flags
(a) Invoice numbers are illogical given the amount of business the
vendor provides. For even a small business that works with
other customers, it would be considered normal that the
invoices received by the organization would have gaps in
invoice numbers where the invoice numbers were used for
other customers. It would not be considered logical for the
organization to receive sequential invoice numbers.
(b) The product or service description on the invoice is nonexistent
or vague as to specification on the products or services pro-
vided. It would be considered normal for a service provider to
provide a description with details on what tasks were com-
pleted and include hour work, even the people working on the
311
10.1002/9781118387047.app2, Downloaded from https://onlinelibrary.wiley.com/doi/10.1002/9781118387047.app2 by Cochrane Germany, Wiley Online Library on [25/12/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
312 & Appendix B
iii. The fee exceeds original contract pricing. Although goods or services
at time do exceed the original pricing for reason, many organizations
will adjust the contract or create an amendment to the contract
with the appropriate approval for the additional amount.
b. Awareness red flags
i. Overbilling on price
(a) The unit pricing exceeds original contract pricing. Although
unit pricing can change, especially if there is a time delay
between the original contract and the purchase of the units,
many organizations will adjust the contract or create an
amendment to the contract with the appropriate approval
for the additional amount.
(b) The invoice includes add-on charges not part of original
purchase order or contract. It would be considered illogical
for a vendor to put additional items on the invoice not dis-
cussed in the contract or purchase order agreement process.
ii. Overbilling on quantity
(a) The invoice is unclear as to the quantity of the goods received
or the amount of services provided. It would be considered
normal for a vendor to detail the hours worked for a consulting
project per person. It would be considered illogical for a vendor
to only put ‘‘for services provided’’ with a total amount on the
invoice.
(b) The items are received directly by the employee that either
ordered the item or uses the item. This employee has an
opportunity to manipulate the process at these control points.
iii. Overbilling on quality.
(a) The invoice contains a vague or unclear description of types of
goods received or services provided. It would be considered
normal for a service provider to provide a description with
detail on what tasks were completed and include hour work,
even the people working on the tasks. It would not be
considered logical for a service provider to provide a descrip-
tion of ‘‘for services performed’’ without any additional detail.
(b) The quality of specifications of item(s) exceeds apparent needs
of the location. For example: It would be illogical for an
employee in the accounting department to require an Apple
computer with programs for art and design which would be
better suited for an employee in the marketing department.
10.1002/9781118387047.app2, Downloaded from https://onlinelibrary.wiley.com/doi/10.1002/9781118387047.app2 by Cochrane Germany, Wiley Online Library on [25/12/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
Appendix B & 319
6. Disguised purchases
a. Trigger red flags
i. The nature of goods or services procured has no logical connection
to department for which the goods or services are being procured.
For example, the accounting department is purchasing sweatshirts
and jackets.
ii. The goods procured are reportedly stored offsite when usually or
customarily stored on site. For example, a purchase of laptops is
shipped to an offsite location when normally they are sent to the IT
department.
b. Awareness red flags
i. The goods or services that are procured are of a nature that would
be of personal benefit to an individual directly or allow for ease of
personal conversion. Common goods that fit this category are gift
cards (used by the organization as employee awards) and computer
supplies. Common services that fit this category are lawn care and
cleaning services.
ii. There was an excess amount of goods or services supplied. It would
be common at the beginning of a project to purchase a large
amount of goods or services, but at the end of a project we would
not expect large purchases.
iii. A manager is defensive when the auditor inquires about goods or
services that were procured. This manager may have an opportu-
nity to manipulate the process at key control points.
7. Conflict of interest
a. Trigger red flags
i. The auditor receives a tip or learns of rumor concerning a manag-
er’s close relationship with a vendor. It is important to note a
distinction between a good working relationship and excessive
contact or relationship.
ii. The name of an employee is found on documents related to the
vendor showing an interest in the vendor. An employee’s name
may show on documentation as a contact at the organization, but
should not show with any interest in the vendor unless the interest
has been disclosed.
b. Awareness red flags
i. A manager insists on the organization’s use of a specific vendor. If
the manager is unable to give reasoning as to why the specific
vendor should be used, the indicator is heightened.
10.1002/9781118387047.app2, Downloaded from https://onlinelibrary.wiley.com/doi/10.1002/9781118387047.app2 by Cochrane Germany, Wiley Online Library on [25/12/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
320 & Appendix B
ii. The same red flags apply to a conflict of interest as with a front
company. Many times there is a conflict of interest when a front
company scheme exists.
1. Shell corporation
a. Verify legal formation/existence
i. Review registrations and/or incorporation documents
(a) Compare the registration/incorporation date to the first date
the vendor had provided goods or services to the organization
and determine if the length of time is reasonable.
(1) Generally, this period would be greater than 90 days. A
lesser activity period would indicate formation for the sole
purpose of perpetrating a false billing or pass-through
billing scheme.
(b) Domestic companies—use the LexisNexis search engine to
identify whether the vendor is registered with the appropriate
government entity (is legally incorporated)
(1) Determine if the vendor has any other logical government
recordings, e.g.,
(I) Secured debt through a UCC filing.
(II) Tax registrations.
(III) Fictitious business names (dba).
(IV) Judgments and liens.
(V) Motor vehicle registrations.
(VI) Assessment records.
The presence of these records lends to the legitimacy of
the business.
(c) Canadian companies—use the specific territories registry office
to identify whether the vendor is registered with the appropri-
ate government entity (is legally incorporated).
(d) Other international companies—each country varies in its
registration process. Some countries’ files may not be acces-
sible. If this is the case, review other sources to identify the
existence.
10.1002/9781118387047.app2, Downloaded from https://onlinelibrary.wiley.com/doi/10.1002/9781118387047.app2 by Cochrane Germany, Wiley Online Library on [25/12/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
Appendix B & 321
(b) If the nature of the item does not allow for physical inspection,
use an outside expert to validate the quality of the item.
(c) Interview users of the item, independent of the requestor or
asset manager, to determine if the product performs at the
required level or meets the anticipated specifications.
v. Determine the frequency, percentage, and amount of the potential
overbilling in the scope period.
3. Disguised procurement
a. Determine if the goods or services were received at an organization
facility and used at that facility
i. This verification procedure should be independent of discussions
with the staff member primarily responsible for the approval or the
primary user of the goods or services.
b. Determine if the goods or services were not needed by the organization.
4. Conflict of interest
a. Registration
i. Based on the government registration information, determine if any
names on government documents for the vendor match organiza-
tion employee names or other known family relationships
(a) Family member names may be found through beneficiary
information.
b. Tax returns
i. If the vendor entity is a limited liability company, request and inspect
copies of the tax returns for the company. Look for names that
match organization employee names or other known family
members.
c. Shareholders
i. If the vendor entity is a corporation, request and inspect stock
records (for review of shareholders) of the corporation. Look for
names that match organization employee names or other known
family members.
ii. Request that counsel for the vendor provides confirmation of the
entity’s owners/shareholders. Look for names that match organi-
zation employee names or other known family members.