The world may be flat, as Thomas Friedman posits in his book, but this complex and interconnected planet of commerce can be one scary and risky place to conduct business. Enterprises have discovered that their businesses are ripe for fraud and theft as they rely more and more on global outsourcing relationships, complex networks of suppliers and vast computer networks to conduct business.
MORE ON CIO.com
A recent report from Kroll, a risk consulting company that provides investigative, security and technology services, outlines the risks companies face with their global supply chains and the amount of fraud, product tampering and theft taking place today. And while IT can help detect and prevent fraud and supply chain nightmares, the report suggests that it can also be a huge threat to a company's operations, reputation and future business prospects.
"At every step along the supply chain," notes the Kroll report, "businesses are vulnerable to an array of frauds ranging from simple theft, through disguising the poor quality of materials, to the misrepresentation of inventory assets."
The scale of supply chain fraud is difficult to measure and "too broad to estimate meaningfully," the Kroll report states. However, two pieces of Kroll survey data from its 2007/2008 "Global Fraud Report," which surveyed 892 global executives, show just how large an issue it can be: 42 percent of companies worldwide had suffered from at least one incident of supplier fraud or the theft of physical assets. And while those are just two of the many ways to abuse supply chains, 9 percent of companies had suffered both types.
So, can infosecurity systems and software come to the rescue? Not so fast, say Kroll's senior managers. "IT is part of the problem and is part of the solution," notes Stefano Demichelis, a senior director at Kroll, in the report.
"The enhancement of IT has increased a thousandfold the likelihood of fraud because of the increase in the sheer number of records," Demichelis points out. "There is a risk of having so much information that it can't be managed for proper fraud detection."
However, the seriousness and scope of the problem as outlined in the Kroll report doesn't mean that all hope is lost. "Companies can do much to mitigate the growing risk of supply chain fraud," the report states, "but only if they take fraud prevention seriously."
Why the Supply Chain Is So Vulnerable
Supply chain success and, conversely, the prevalence of fraud, have to do with control, or, in this case, 21st century enterprises' lack of control due to the expansive and complicated nature of global supplier networks and volatile ebbs and flows in demand.
"Cross-border investment, wider information networks, more focused marketplace strategies and tighter vendor relationships have all changed management's hold on business, by reshaping supply chains and logistical processes," notes the Kroll report. "The benefits, in terms of greater flexibility and efficiency in sales and production, have been great. But the costs, in terms of fraud, theft and other losses, are also sizeable."
In other words, the more complexity in the supply chain, the greater the risks. "Fraud thrives on complexity," notes the report. "Modern complexities make companies vulnerable to frauds committed many links back in the chain and beyond the scope of most internal controls."
As an example, the Kroll report notes the famous 2006 case when two Chinese companies added toxic melamine to their pet food material. "After purchase and sale by legitimate brokers and manufacturers," states the report, "the feed poisoned animals across North America, forcing the recall of hundreds of pet food brands."
The result of situations such as that one can range from PR headache to corporate catastrophe. "All of the sudden, they're pulling that off the shelves, and nobody's buying your product," says Mark Sullivan, head of loss prevention and managing director in Kroll's Chicago office. "You have a huge business interruption problem, a product problem, and you now have a brand problem." (See "Supply Chain Lessons from ConAgra's Recalls" for best practices on using supply chain data during product recalls.)
In addition, because supply chains are global, those nefarious individuals seeking to commit fraud can operate in locales where they feel safest. "Even with well-disposed local authorities," the report notes, "legal action in unfamiliar jurisdiction can be difficult."
For example, the Kroll report addresses the increased intellectual property theft risks inherent with supply chain operations that are based in China. Those risks include increased information and physical security costs to prevent Chinese suppliers from "going to school" on your technology or products, and using that knowledge to create competing products and services.
Where IT Can Help Your Supply Chain
Sullivan says it's essential that companies know exactly who their suppliers are; he refers to it as the "vendor integrity" issue. "You have to hold them to the same standards and internal controls that you hold your own company to," Sullivan says. In addition, he says, it's critical that companies make their best effort to continue to vet their vendors after the partnership begins, "to hold them to a standard, make them certify those standards and then audit those standards."
According to the Kroll report, one area in supplier relations where IT can help discover fraud is in analyzing billing and payment processes. Sullivan notes that software applications, which mine a company's databases and create exception reports, can detect unusual payment patterns. "When controls around payment matching and approvals are weak, service providers will learn that a company does not notice when they over bill, double bill, ghost bill, or bill for the wrong service," Sullivan notes in the report. "Falsified invoices, however, rarely follow the same patterns as those from honest suppliers."
Sullivan lists four red flags as possible indicators of fraudulent activity: one, a dramatic increase in payments to one vendor; two, a high number of transactions under audit thresholds; three, consecutive invoice numbers or multiple invoices on the same day; and four, payments highlighted by exceptions to what's referred to as Benford's law (which holds that numbers that occur naturally in business typically follow some basic patterns.) "Perpetrators of fraud rarely have the knowledge or capability to fake these," he notes.
Due to the complexity of a company's logistics needs, there is also a need to use software packages to detect adverse behavior, notes Eduardo Gomide, a managing director in Kroll's financial advisory services, in the report. Gomide defines logistics as the procurement, movement and storage of materials, parts and finished inventory throughout a company and its market channels.
"The vulnerabilities are considerable in part because of the field's complexity, involving as it does different parties and a huge flow of information that can be difficult to analyze, predict, or even measure," Gomide notes.
One approach to minimize companies' exposure to logistics fraud is to mine their own databases using commercially available statistical software that can present critical graphical and numerical analyses.
"The identification of patterns, outliers and other anomalous activities can then generate and trigger alerts, as well as identify leads for investigation and audit," Gomide states. "The approach sounds complex, but...in essence, this simply involves the application of common sense to large volumes of existing data from accounting, stock control or ERP systems."
In the end, "whether red flags are present or not, well-designed internal controls and functional information systems make these frauds difficult to perpetrate," Sullivan says in the report. "We have yet to see fraud seep into a logistics department where strong controls and processes are present."