Safeguarding the Procurement Process: Oversight, Controls, and Internal Audit’s Impact

As Seen in Providence Business News

Vendor management and procurement integrity are among the most critical and vulnerable functions within the accounting landscape, largely due to the sheer volume of purchasing activity across business units and the often decentralized structure of organizational operations. Coupled with the reality that many organizations have experienced significant turnover post pandemic, these workforce disruptions have increasingly led to inconsistencies in purchasing practices, particularly within more complex operating environments. As we continue to see an increase in the prices of everyday operational goods, the role of internal audit has never been more critical in ensuring that cost-efficient measures are being promoted and that procurement processes are in line with overall financial objectives and policies of the organization.

Common Issues in the Procurement Process and the Necessary Key Controls for a Strong Vendor Management Framework

Given the consistent volume and relatively small nature of transactions processed across many operational areas, it can be difficult to identify issues when proper operating procedures are not consistently followed. Some of the most common issues that an organization can encounter are:

• Unauthorized Purchases or Bypassed Approval: Employees can potentially make purchases outside of the normal purchasing channels, sidestepping the approval process or even exceeding their purchasing authority.
• Duplicate or Ghost Vendors: Fictitious vendors can be created to circumvent the normal approval channels, or even for employees to pay themselves a fraudulent payment
• Inflated or Split Invoices: False invoices can be created which intentionally misrepresent the purchase price, making it easier to obtain approval on items which might not have been if represented accurately.
• Inventory Discrepancies Tied to Procurement: Purchased quantities may not match inventory receipts, resulting in inaccurate stock counts or over/under ordering.
• Kickbacks, Favoritism, or Undisclosed Conflicts of Interest: Employees involved in purchasing decisions may select vendors based on personal gain or relationships rather than cost-effectiveness or merit, leading to higher costs and potential compliance risks.

This is by no means an all-encompassing list as individuals continue to get more creative in their approaches; however, they highlight just how easily risks can materialize when control processes are not clearly communicated and oversight is lacking.

There are several key controls that an organization can implement to increase their level of procedural compliance. Some examples include:

• Vendor Onboarding, Including Validation Processes: A robust vendor onboarding process goes a long way in ensuring that properties fully understand all aspects of their vendors, from their physical location and contact information down to the specifics of their banking information. A thorough validation process of this newly acquired information, however, is the key to preventing issues such as ghost vendors, duplicate vendors, and any conflicts of interest.
• Conflict of Interest Disclosures for Leadership: As department leadership often has influence in the purchasing decisions of the organization, it can be beneficial to understand any possible financial connections that they may have outside of their employment with the property. This should include annual or periodic disclosures of outside business interests, financial ties to vendors, and relationships with suppliers’ employees. While those vendors might be the best option at the end of the day, it is still important to understand all of the possible implications before engaging a vendor.
• Three-Way Match (PO -> Invoice -> Receipt): A three-way matching process ensures that the original quantities and prices from the purchase order match the amounts that the property is being invoiced for, and what they ultimately receive per the shipping documentation provided. All three of these documents should match before payments are made to detect any inflated or incorrect invoices, preventing overbilling.
• Enforced Approval Levels Based on Spending Thresholds: Whether the various departments and locations are utilizing an electronic purchasing platform or the historical paper-driven system, approval levels should be strictly enforced over all transactions. Having a structured approval hierarchy centered around dollar thresholds will ensure that every transaction has the appropriate level of overview based on its associated financial risk.

Internal Audit’s Role in Ensuring Integrity within the Procurement Process

Ensuring proper procurement controls and communicating them to all employees is critical for compliance, but it is only the first layer of protection. An effective internal audit function goes further by verifying that daily operations follow the controls and processes that leadership has established, providing owners and executives with deeper assurance than periodic reports or limited observation. The audit process promotes transparency, strengthens confidence in reported financial values, and helps ensure all departments and locations actively advance organizational objectives.

Citrin Cooperman’s audit and attest services are designed to not only satisfy your regulatory requirements, but also to help you identify and reduce those business risks, increase access to capital, and increase shareholder value. For more information, reach out to Kevin Pereira.