Tuesday, 16 July 2019

UNDERSTANDING BUSINESS RISK - AN INTRODUCTION



In this introductory blog post, we will delve into the topic of business risks - a topic which perhaps not as close to the hearts of many business owners and directors/managers as it should be. Understanding Risk and, importantly risk management, should underlay the strategy, management ethos and daily business operations to ensure the highest likelihood of business success (and survival). 

This article aims to create awareness of risk management and the impact of risks on the business operations, finance, supply chain and procurement operations of a business.

Time to read: Approx 7 min

Introduction


Running a company or any type of business venture comes with different types of risks.  Anything that threatens a business or more specifically, impacts the ability of that business to reach its goals or targets or even threatens its continued existence, is in effect a risk to that business.  Business risks are associated with the operations of the business and how the internal or external environment might impact on the ability of the business to generate an acceptable (financial) return to its shareholders and investors.


What is Business Risk?



Investopedia defines Business Risk as "Business risk is the exposure a company or organization has to factor(s) that will lower its profits or lead it to fail", which is a very broad definition.


This definition will be further explained by way of examples in the following sections.

Types of Business Risk


Before merely jumping into a list of different business risk examples, it is important to understand the following:
  • Certain Business risks (such as macro-economic risks or strategic industry & competitive risks) can and do exist independently, whether your business exists or not. These risks are brought about by causal factors in the world economy, country economy and in the industry and can impact on all businesses operating in a specific country, industry or geography.
IT Risks
Fig1 - IT risks are on the increase due to higher dependency on technology supported business processes (Image by Pete Linforth from Pixabay )
  • Not all business risks are due to factors external to the business. Risks could originate:
    • Externally meaning from the outside of the business (e.g. inflation, legislation, natural disasters - i.e. these risks are affected or precipitated by external causes, which, in most cases cannot be controlled by management or staff and occasionally not even by the government),
    • Internally meaning from the inside - risks which could arguably fall within the ambit of management control e.g. 
      • process risk due to the type of processes used,
      • technology risk due to technologies used,
      • operational risk to the nature of business operations, 
      • inherent risk due to business type, 
      • theft by employees, 
      • the type of customers accepted, etc.
    • Both Externally and Internally: Sometimes an external risk can influence or lead to internal risks - e.g. higher than expected inflation could hypothetically lead to unpopular food price increases that could, in turn, result in labour unrest and strikes which in turn cause business interruptions and impacts on productivity.
  • Risk varies from one country to the next, between industries or business types and from one business to the next. Even when 2 or more businesses compete directly in the same industry and on the same market for the same product,  e.g.: 
    • A business that is fully funded by equity is not as exposed to the impact of changing interest rates as a business entity funded by local bank loans or off-shore bank loans (which could be impacted by both interest and foreign exchange riks),
    • Similarly, a business that manufactures its own stock with local raw materials will be less affected by shipping delays and strikes at the harbour compared to a company importing its stock or raw materials. 
  • Some businesses or industries are inherently riskier than others - The risk profile in industries with heavy equipment or industrial operations will be significantly different compared to risk profile in industries not mechanised. 
    • A cash-in-transit delivery company faces significant additional risks which are not applicable to most other delivery companies delivering more traditional products. 
    • A metal smelter or mine has a completely different risk profile compared to say an IT company providing cloud storage. In saying that, we are not implying that Cloud storage has no risk - the risk profile will be very different, comparatively speaking. However, the risk of e.g. staff death in a workplace accident should statistically be significantly lower in a Cloud storage environment than in heavy industry such as mining or a smelter. 

Some industries are inherently more risky than others
Fig 2  - Mining accident at a SA-based Coal mine. Source.


Operational risks
Fig 3 - The results of a workplace accident could be severe in some industries. Source.

Business Risks include, but are not necessarily limited to:
  • Competitive Risk - the risk that other businesses competing against yours gain a competitive advantage. This could include:
    • New competitors entering the market,
    • Competitors finding more cost-effective suppliers, which would result in a cost-benefit, or
    • Sourcing more technologically advanced products which have more market appeal, or
    • Time-to-market risk when it takes a company too long to get a product ready for launch and as a result, it loses first-to-market competitive benefit it could have enjoyed, or competing products launch first.
  • Compliance Risk - the risk that the business might contravene laws or regulations or have to incur additional costs to comply with such new legal or updated requirements. Examples include:
    • Occupational Health & Safety compliance, 
    • Environmental Compliance and 
    • Protection of Personal Information Act (POPIA) Compliance requirements (which is broadly similar in nature to the EU General Data Protection Regulations (GDPR).
  • Country Risk - the risk of operating a business in a specific country, which is uniquely tied to that country. E.g. in Zimbabwe and Venezuela some or all of the following symptoms:
    • Currency fluctuations,
    • Hyper-inflation, 
    • Currency devaluations,
    • Currency shortages. 
Currency risk and Hyper-inflation
Fig 4 -  Currency Risk in real-life - 100 trillion Zimbabwe note from 2008

  • Demand Risk - changes in market/customer demand from one reporting period to the next can result in inventory fluctuations, cash flow issues and assorted logistical challenges (excess stock-keeping from one period to the next, finding additional warehouse space to build up reserves, etc). 
  • Economic Risk - the risk that changes to economic conditions could impact on the business e.g.:
    • Exchange Rate Risk - The risk that high degree of variability (also called volatility) impacts on the value of business transactions and assets.
    • Interest Rate Risk - the risk that interest rates can increase (or decrease) contrary to expectation and lead to higher costs or expenses.
  • Environmental Risk - the risk that the activities of the business negatively impact on the immediate surrounds or broader environment (such as toxic spills, air or water pollution).  
Environmental risk
Fig 5 ArcelorMittal charged for releasing chemicals into the air and contravening license conditions

  • Financial Risk - the risk that financial factors could impact on the business e.g.:
    • Credit Risk - the risk that debtors fail to pay or settle their accounts.
    • Liquidity Risk - the risk that a company is unable to settle obligations or to meet short term financial demands as these come due.

  • Health risks - such as bird flue, swine flue, ebola, work-place smoking etc.
  • Human Risk - the risk that employees or management:
    • disrupt business operations due to absenteeism, 
    • do not comply with requirements or legislation,
    • are not sufficiently trained or incompetent, 
    • abuse alcohol or drugs which impacts on operations, 
    • cause financial losses through fraud, theft, riots or protests,
    • cause reputational damage through their deliberate or accidental actions.

    • This could include directors and officers liability, where directors or officers cause damage or claims against the organisation (whether willful or not).

  • Innovation Risk - the risk that applies to the innovative areas of your business, resulting in the business not staying up to date with technological developments. 
  • Intellectual property risk - the risk that your intellectual property is infringed or blatantly stolen by competitors (industrial espionage) or not properly protected by means of copyrights, patents, and trademarks or that your business infringes on the intellectual property of another that owns the copyright or patents. 
  • Legal Risk - the risk that changes in legal requirements or lawsuits impact or disrupts the business or results in claims or losses. 
  • Market Risk - the risk that consumer preferences might change and that demand for products or service wane, 
  • Natural Disasters - the risk of storms, floods, earthquakes, climate change and other similar natural events (so-called Force Majeure / Acts of God) causing damage or business interruptions.

Force Majeure risk
Fig 6 Inside an Airport hangar destroyed by Cyclone Idai


Fig 7 Significant damage to assets and business operations in Beira, Mozambique due to Cyclone Idai in March 2019

  • Operational Risk - the risk that the internal business processes and day-to-day business operations negatively impact on the ability to service clients optimally.
    • Business Interruption Risk - the risk that events occur that interferes with a company’s ability to function.
    • Process Risk - the risk associated with business processes in use. This could include process inefficiencies such as operational bottlenecks, or the "collateral damage" as a result of the nature of the process - e.g. working with heavy equipment or in a metal smeltery could result in injury or death if anything goes wrong.
    • Utility risk - the risk that water, electricity, gas or other services provided by the state or external service providers should fail or be interrupted. South Africa has experienced a wave of electrical loadshedding that has had a severe impact on the economy.
Utilities risk
Fig 8  Astral forced to halve production because of water interruptions at the Lekwa municipality in Mpumalanga.

  • Physical Risk - the risk of damage to assets or property from fire, theft or other events such as burst or leaking water pipes.
  • Political Risk - the risk that political events or developments could impact on the business operations. This could include the risk of terrorism or war.
  • Reputational Risk - the risk of losses (either quantifiable in cash or less easily quantifiable in the case of reputational damage) as a result of events or incidents which lead customers and or the public at large to perceive this business as unethical, incompetent or dishonest. These events or incidents could either be:
    • accidental (e.g. where a new product is very similar to existing competing products) or
    • intentional (where a conscious management decision was made to copy the design or performance features of a competing product).  
    • Repeated occurrences (regardless of whether intentional or accidental) will definitely be damaging to the corporate reputation - e.g. Ford's clumsy bungling of the Kuga crisis when a number of its Kuga vehicles caught fire and burnt out.
Copying of competitive products could lead to reputation risk
Fig 9 - Woolworths, a large South African retailer, has repeatedly been in the news over the last couple of years for "similarities" in their new products when compared to competing products launched earlier.

  • Seasonal Risk - also referred to as seasonality, which is the risk where a business sells products or services for which the demand fluctuates from one season to the other (ice cream) or for which the ability to deliver such a product or service is tied to a specific season (ski resort).  
  • Security Risk - the risk of physical security of assets, resources or IP due to fraud, or theft.
  • Strategic Risk - the risk associated with following a particular business strategy in a specific industry at a specific time.
  • Supplier Risk also referred to as (Supplier) Performance risk - the risk that suppliers fail to perform to expected or contracted standard. Meaning suppliers are unable to deliver on their commitments to you (unable to perform on time, on budget or on required quality and quantity). This could negatively impact the entire supply chain and may necessitate the sourcing of alternative suppliers (which could mean more costs, further delays etc).
  • Tax Risk - the risk that new taxes or higher taxes can impact on the business.
  • Technology Risk - the risk that technology becomes obsolete, causes loss or corruption of data or causes a loss in productivity or time through systems and equipment not being in working order.  
  • Technology Security Risks - such as software and/or hardware failure, cyber-attacks and malware. Research by IBM in 2018 indicated that the average cost of a data breach in South Africa was R36.5 million (although this number could have been influenced the number of participants willing to disclose actual breaches and losses).

The risks listed above do not form a complete listing of all types of business risk. It should be noted that some risks may be clustered or classified as sub-categories of others - such as liquidity risk falling under financial risk. It is also important to understand that not all business risks are due to factors external to the business. Risks could impact the entity from the outside (inflation or legislation) as well as from inside (process risk, operational risk).


Potential Impact of Business Risks


The impact of business risks can be felt across a wide area:



  • External:
    • On the Customers of any given business entity,
    • On the Environment (in the event of spillage or environmental pollution),
    • On the Community (loss of job opportunities, forced relocation e.g. Chernobyl),
    • On the State (loss of taxes).
  • Internal:
    • On the business itself e.g. efficiency of business operations or operational procedures which have to be amended to adjust for compliance requirements, 
    • On the shareholders and investors (lower profits and higher risk),
    • On the management and employees (lower profitability, less bonus and smaller increases if any) 
    • On suppliers (slow payment or loss of market share).
Risk of Climate Change
Fig 10 - The risk of Climate Change will impact many businesses in years to come (Pic credit Matthew henry burst.shopify.com)

The impact may vary significantly from one risk to the next, but could include any or a combination of the following:
  • Loss of customers or business opportunities,
  • Organised boycotts, 
  • Reputational damages,
  • Financial damage - e.g. catastrophic losses of stock, business assets or infrastructure after a natural disaster or public protest,
  • Failure to grow and thrive - the business might not be able to achieve optimal growth,
  • Delays, Stock-outages resulting in lost sales, or 
  • Increases in working capital requirements because the business is now forced to incur more costs due to higher stock-keeping as result of unreliable delivery patterns,
  • Additional costs incurred to:
    • put additional security measures in place (such as video monitoring, vehicle tracking, incident response teams),
    • Increase insurance cover (to the extent that the risks are insurable),
    • employ additional or expert level staff e.g. Risk and Compliance Officer, IT security, Quality Control,
    • Occupational Health & Safety systems, signage, equipment, training,
    • Source substitute suppliers if original suppliers fail,
  • Financial losses,
  • Business closure, 
  • Business disruption, low(er) productivity and lost efficiencies,
  • Lawsuits, court cases and fines imposed by the Government or courts,
  • Loss of operating licenses or permits,


Conclusion

This post presented an introductory overview on the topic of business risks. Following posts will look at:
  • Measuring risks
  • Managing risks
  • International vs South African perspectives of Bussiness Risk
If you like this post, please Like, Share and Comment



For more information, visit our website on www.cogniplex.co.za

All original artworks remain the property of their respective owners. Banner Firefighters training simulation - original photo courtesy of www.needpix.com 



Thursday, 4 October 2018

HOW TO IDENTIFY A POTENTIAL PROCUREMENT SCAM


Procurement Scams - Red Flags and  Warning signs

HOW TO IDENTIFY A POTENTIAL PROCUREMENT SCAM

4 October 2018

ABSTRACT

Procurement fraud is a growing concern for businesses around the globe and is on the increase in South Africa. This article is aimed at increasing awareness of some common or less sophisticated procurement scams and is aimed at a wide audience ranging from Business executives, Suly Chain-, Procurement & Finance professionals, to Busine
ss Owners and SMEs / SMMEs. 

Estimated reading time: 15 min


Background photo credit: RawPixel on UnSplash.com

Introduction


The 2018 edition of PwC's Global Economic Crime and Fraud Survey found that economic crime continues to disrupt business globally, but specifically here in South Africa. The 2018 results showed an increase in reported economic crime, with 77% of South African organisations saying that they have experienced economic crime in the past two years - the highest rate in the world out of all countries participating in this survey. 

On the bright side (if there is one) it is worth noting that this figure is reported economic crime - which by implication should mean South African businesses are more pro-active in detecting and reporting crime.

Understanding Economic Crime - what it is?


The Global Economic Crime and Fraud Survey examines over 7,200 respondents from 123 countries, of which 282 were from South Africa.

PWC's research indicates that economic crime can broadly be broken down into the following categories:

Types of Economic Crime SA compared to World
Figure 1 - PWC 2018 Research - types of economic crime, South Africa compared to the World

The top 5 causes per the PWC research are as follows:

  • Asset misappropriation 
  • Consumer Fraud
  • Procurement Fraud
  • Bribery and Corruption
  • Business conduct/misconduct

Sitting at 77%, South Africa’s rate of reported economic crime remains significantly higher than the global average rate of 49%.


Shockingly, PwC reported that it is alarming to note that 6% of executives in South Africa (Africa 5% and Global 7%) simply did not know whether their respective organisations were being affected by economic crime or not. Chances are, they probably have been affected in some way or another.

Examples of common Procurement scams

It is nearly impossible to provide a full and comprehensive list of all of the possible ways in which procurement fraud can be conducted. The size and level of complexity/sophistication will vary - larger organisations are more likely to have financial and other controls in place to detect or prevent many of these. However, as technology progresses, so do the new methods or opportunities. For this reason, we invite you to comment below, or even contact us if you wish to share experiences at your company or organisation



Example 1



Some of the most common scams are likely to arrive on your desk via email, innocently disguised as a procurement opportunity. This could be one of those days that you and your team are furious paddling when things get so busy you don’t know what to pick up and what to drop. Deadlines, phones ringing, month-end. Things get hectic in Finance and Procurement. And lots and lots of paperwork. For smaller companies, one-man shows or SMMEs, the opposite can be true – depressingly quiet. Your business is listed all over the internet, but still, nobody buys anything.



One day an email arrives completely out of the blue (or a fax, if your company is still stuck in 1987) – it could be directed to a director, or an employee in Sales or anybody in the company, for that matter.


According to the email, the COE of the biggest Mining Company or the Minister of Finance hereby invites you to participate in a Tender or RFQ. “Finally!” your sales persons thinks, “Our hard works is paying off! / The Facebook ad campaign works! / The new marketing campaign works!”.


Example of a Request for Quotation
Figure 2 - Innocuous looking Request for Quote

Variation 1 


The RFQ / tender invite somehow looks a bit different, possibly slightly odd. 

The product requested is for a:
  •  “Bronze Cast Iron Sewage Pump B-7692-075 (Originals only)” or 
  •  “DTS42K CUTTING DISC” or 
  • “TXV 387 UNDERSEA TENSIONERS” or 
  • <INSERT DESCRIPTION HERE> - i.e. it could be anything. 

The turn-around time to meet the deadline is short. Very short.


Big business should walk away at this point. For smaller firms and SMMEs, it might still be tempting, specifically if there is money to be made. Even if this invite is not even remotely similar (ie. different to) to the line of products and services of the business.

But don’t worry, they even suggested a supplier. “Man, these guys think about everything,” the sales rep thinks. So he/she copies and pastes the product code into Google. It takes them straight to the only company in the country that carries that exact item. The cost price is not exactly cheap. And this tender is for XXX units.

Fortunately, the RFQ also indicated a suggested selling price range which could be as in the thousands or even hundreds of thousands.  After some head scratching the budget is re-prioritized to find money… somebody sells a kidney … takes a 3rd mortgage on the house… 

The sole supplier is very helpful and confirms that they happen to have XXX units in stock, but you need to hurry as they are selling out, fast. Only 50% deposit required (% may vary).  You compile and submit the tender or quote in record time. 

Within 2 or 3 days you are formally informed that you won the tender or your quote was selected. You receive an order number via email - Bob’s your uncle! Now to pay the deposit, and the supplier generously offers to deliver straight to the buyer’s warehouse.

Days and weeks go by with no contact and payment from the buyer. You phone, leave messages, but the procurement official’s cell phone stays dead. No replies on your emails either.  

Eventually, you google and phone the buyer’s Head Office:
  • No, They never heard of <Name goes here>. 
  • Your call is transferred you to Finance department – no, they did not get your invoice. Never heard of your company either. 
  • Transfer you to Procurement - No, they did not receive your consignment of Bronze Cast Iron Sewage Pumps. Didn’t order it either. 
The supplier’s phone lines coincidentally also went dead at the same time.

Variation 2 



The goods being procured via the fake tender process are high in value and could range from common consumer electronics such as laptops or parts to more specialised types of equipment. Or it could be lower value commodities. 

You are again acting as middleman for whatever excuse they have given to justify it. The supplier is legit and the goods procured are legit (i.e. actual existing items).



When you deliver, however:

  • The delivery location is either not an official site of the “client”, or
  • The “client’s staff” or “officials” receive your consignment and take delivery of the goods outside the gates (i.e. not on the premises) of the real company or organisation’s official warehouse or depot.

And you never see your goods or your money again.


Variation 3


Very similar to Variation 2, but the order is actually for something your company supplies in the ordinary course of business:
  • High-value stock, something readily trade-able or convertible to cash, such as luxury items or laptops,
  • Everyday consumer products  

Variation 4



You are asked to make non-refundable deposits or transfer money:

  • Prior to getting access to the tender document,
  • As a security deposit,
  • Prior to being registered on the supplier database,
  • To help secure / facilitate “lucrative government contracts”

Where you are asked to pay a deposit or make a payment, the account holder details provided is different from the company name – e.g. into a personal account.

Variation 5



You have delivered the goods and everything checks out. The “procurement official” or somebody from “Finance department” at the “client” contacts you telephonically to inform you that they paid by EFT. However, there is a problem - They overpaid you by a couple of thousand. Silly clerical mistake.



You check your bank account and it reflects payment as promised. The payment received exceeds the invoice value by the exact number they mentioned. They kindly ask if you could please refund the difference as soon as possible, this is urgent. It was a mistake and somebody will get fired. Please Pay via EFT into the account details they provide.



Being the good corporate citizen you are, you immediately process the EFT refund. You do not take extra precautions to validate the bank account first. A day or 3 later your bank account balance is suddenly lower again – the payment you received has disappeared. Turns out you were paid with a stolen cheque that bounced.



Net effect: “the overpayment” which you so kindly refunded, was paid from your own funds.



20 procurement red flags to look out for
Fig 3 - Be on the lookout for these warning signs

WATCH OUT FOR THESE 20 POTENTIAL RED FLAGS WHEN RECEIVING TENDER OR QUOTE EMAILS IN YOUR INBOX


Before jumping at the opportunity waiting in your inbox, spare a minute or 5 to look at and think about the following:

1. Was this tender actually advertised in the newspapers?


Visit the official government or company website, search the newspapers and tender bulletins to confirm this is legitimate tender. If you find it, then confirm the details between your invite and the actual advertisement:
  •          Is the tender number exactly the same?
  •          Is the tender details exactly the same?
  •          Is the closing date exactly the same?


2. Is this request or invitation received out of the blue?



Think – Is there any prior history with the organization / business inviting you to quote?
  • Have you ever contacted this business or have they contacted you before?
  • Have you done any previous business with this company or government department?
  • Are you registered on their supplier database?
  • Are they even in your Town or Province?

3. Is the request broadly line with the nature of your business?


If e.g. your company specialises in detergent manufacturing, long-distance cargo carrying, or you have a beauty salon or dentist’s office, or you supply office stationery, you have to think twice when receiving a request that is not in line with the ordinary course of business.

Why would anybody invite you to supply:
  • Bronze Cast Iron Sewage Pump B-7692-075?
  • DTS42k cutting discs?
  • TXV 387 undersea tensioners?
  • Bullet-proof helmets for Riot police?

If the tender or quote request is for a product that actually is within the range of products you sell, proceed with all the other steps.


4. Is this a known scam or a legit tender?


Do 3 separate Google searches - Copy and paste:

  • the email heading e.g. “Bronze Cast Iron Sewage Pump B-7692-075 SUPPLY TENDER INVITE!!!   
  • product name or model serial number / 
  • tender reference number 

into Google (respectively), followed by “scam”. For example, if the tender invite is to provide “TXV 387 undersea tensioners”, copy and paste that into Google followed by the word “Scam”. The full search query now shows “TXV 387 undersea tensioners Scam”.




Illustrative Google search results
Figure 3 - Google Search Results



  

If this scam was previously reported on a bulletin board somewhere, it should appear in the Google results. You may have to scroll through the first couple of search results though. On the other hand, if this request is not a scam you might be able to pick up discussions from other people on the same topic.


If it is a legit tender reference number then look up the tender documentation. Confirm the submission deadline and whether or not there is a compulsory tender briefing to ensure you were not given a legitimate but outdated tender after the deadline had closed.


5. Is the tender or RFQ document professionally designed and complete?


The fake invitation to tender or RFQ is usually rather short – frequently only one page. There may or may not be “technical specifications” on a second page.


  • The RFQ / Tender document could be based on a legitimate letterhead, but the form section of the document frequently looks like it was designed using Microsoft Word. On face value, the document does not appear as refined or professionally designed as pre-printed official stationery would be.
  • It might come pre-populated with your company details, or might be a completely blank form that has to be filled in.
  • The form may also reflect an organisation logo/Government coat of arms as a slightly blurry watermark to make it more official looking.
  • The forms frequently request a “company stamp here”, or is stamped with a stamp to make it look official.
  • Scam Forms often contain technical looking serial numbers, approval numbers, codes, treasury or other financial reference or approval numbers in an attempt to make it look legit. Writing could be ALL CAPS

Fake Order Document
Figure 4 - Fake Order document

6. Look at the legal terms 

  •   For legitimate tenders specifically, there will be multiple pages of legal terms and conditions, forms to complete and draft contracts. For legitimate RFQs the legalese is often at least a couple of paragraphs. 
  • Legitimate Tenders are typically advertised in national newspapers, whereas RFQs are more likely to be an invitation basis.



With fake procurement documents, expected legal terminology is notably absent, or limited to a basic sentence or two – e.g. “This quote does not constitute an order”.


7. Is the grammar correct and writing style appropriate?


Legitimate tenders and any tender invites will tend to be slightly formal in style, grammar and language use. Spelling and grammar errors will be very limited if any. Companies will generally not send out documents with:

  • Obviously Spelling mistakes e.g. Coca-Colla 
  • Grammatical errors

The wording and writing style on scam invites and documents is often more informal: e.g. “Bronze Cast Iron Sewage Pump B-7692-075 SUPPLY TENDER INVITE!!!


8. Is the time period unusually short?


Time pressure - The deadline to submit might be significantly shorter than industry standard, even as short as 2-3 days. Note that a longer time period does not automatically make this a legit transaction. 


Similarly, if you are informed of that you submitted the winning tender within only a day or 2 after submitting, something could be amiss. Specifically, Public sector tenders can take weeks to months to finalise, as they may have to go through various rounds of internal approval leading up to award stage. More often than not, there will be negotiations and contracts to be signed. Therefore any request to perform services or deliver goods within a day or 2 after submitting the tender or quotation is potentially highly suspect.


9. Is there a suggested selling price in the RFQ or tender?



If this is not an existing client that previously bought the exact same item from you and therefore knows the selling price, it would be very unusual. And it makes no sense either - the very purpose of procurement is to achieve cost savings by obtaining the best pricing under competitive conditions. What prices would they have recommended to other "bidders"? 



It usually not in the best interest of the buyer to disclose budget or affordability. Very few government procurement transactions publish any degree of affordability. 



10. Is there a suggested Supplier in the RFQ or tender?



Why invite somebody to act as a middleman that simply pushes up the price and adds no other value to the product or procurement process? The buyer can simply go straight to the source and buy the exact same item directly from them for cheaper. 



11. Is there a sole supplier situation?



While searching on Google for the product and potential suppliers, make sure to confirm how many suppliers exist for the product requested - specifically for technical type products. Commodity type products can usually be procured from various sources. Bona fide sole supplier situations for non-technical / commodity type products are scarce. Even technical products might have substitute products. 



If the tender or RFQ indicated a sole supplier or specified a specific supplier without substantiation, approach with caution. Inquire about substitutes. Even for OEM suppliers, some products could be generic and procured from other suppliers - e.g. different brake manufacturers produce vehicle brakes which comply with Toyota specifications for any specific Toyota model. 



Again, why invite somebody to act as middleman in a procurement process? The buyer could have simply gone straight to the source and bought the exact same item directly from them.


12. Did you get phone calls?


With legitimate tender processes, there is typically very limited personal contact between buyers and sellers. If it is a closed tender / by invitation only, they would have obtained your details from the supplier database and do not need to phone you to confirm it. Therefore, receiving phone calls to confirm your company contact details is unusual, but not impossible.

You might also receive a follow-up phone call from an authoritative sounding “procurement official” to: 

  • emphasise the urgency, or 
  • tell you something along the lines of “With your excellent credentials, there is a pretty good chance you could get the contract", or 
  • to inform you that your company is the only 1 in the running, 
  • to berate you for missing the deadline, or 
  • to ask if you need an extension.

Legitimate buyers usually approach various companies for pricing at the same time, not just one. They typically won't chase after any specific supplier or agree to special arrangements or extensions for one supplier only. 

13. Were you asked to pay money in order to qualify for this opportunity?



Companies and specifically government won’t ask money to register you on their supplier database. 



Official tenders for very large projects might occasionally require the purchase of procurement documents, but in such a case the tender is likely to be advertised publicly in national or regional newspapers and on official tender bulletins. The banking details would be printed on the tender advert, and it would be a corporate account. 



Procurement Fraud / Scam Tender
Figure 4 - Example of request for money


Where the tender invite is for a closed tender or quotation, then you should have knowledge of already having registered your company on the buyer's supplier database. 


Where tenders require financial guarantees to be provided at tender submission or at the appointment stage, the requirements for these are usually contained in the publicized advert as well as in the tender documents. Actual cash payments or EFT deposits to the Buyer are NOT the way things are done in such cases.

14. What do you have to submit exactly?



Tenders and sometimes even large or complex quotes are often not evaluated on price alone. Any large value tender or quotation in your inbox which solely requires you to submit price and no type of "technical proposal" or other sections usually associated with tenders or quotations, requires further investigation.

This is not suspect by default, but very unusual. Secifically in case where your company is not listed on the supplier database already.

15. Name, surname & job title of the sender


Scam Tender invites either use:
  • typical everyday names, or 
  • names of famous people, big business executives or politicians, or 
  • important job titles or in the name of name of a high ranking company position such as the name of a board member, Chief Executive, Chief Financial Officer, Chief Procurement Officer or even the Company Secretary to give legitimacy to the invite. 

These names are a reasonable cultural fit in your area. The name might even sound familiar and legit to confuse people – a CEO of a listed company or a Government Minister is a name you might have heard over the radio or read about in the newspaper. Remember:

  • CEOs or Gov Ministers will not be working in a Procurement department, 
  • They are equally unlikely to extend personal invitations to participate in tenders,   
  • Furthermore, it’s extremely unlikely that they would be listing themselves as the contact person with their own actual contact details.



16. Check the sender’s email address



Companies generally use the same email format for all email addresses. 

Occasionally firms do use a generic tender email such as Procurement@ or RFP@ . You can use Google or Linked to confirm the format of the email address for that organisation on their official website. If it is an official and legitimate email address you should be able to confirm it. 



Example - Any variation in the domain name should be treated with suspicion. 


  • If somebody legitimately works for a big international company or organisation, they are very unlikely to use a name@yahoo.com, name@webmail.co.za or similar type email address for business correspondence where the email address does not contain the exact same official domain. 
  • Email addresses could also look legit on face value, but actually be something completely different. In Microsoft Outlook, hover your mouse cursor over the address to see if the display name is the same as the actual address.
Confirm the contact person name on LinkedIn or search by posting the email address in Google or Linkedin. Look for spelling mistakes in the company name or the format of the email address. If LinkedIn shows only 1 Joe.Soap@CocaColla.biz then chances are pretty good that it is not the real thing (see what I did there? )

Examples of fake email addresses used in previous scams include:

  • name@angloamericanplatinium.com <- note spelling of Platinum
  • @eskomholdingssupplychain.co.za, @eskomfinance.co.za, @eskomprocurement.co.za, @eskomgroup.co.za , @eskomsa.co.za, @eskomenterprise.co.za, @eskomdistribution.co.za, @eskomrotek.co.za
  • tenders@doh.za.org, doh@treasury-gov.org.zaghd@gautenghealth-gov.org.za, health@mphumalang-gov.org.za, NDOH@nationalhealthgov.org, @heaths-gov.org.za, @dh.gov.co.za 
  • supplychain@barloworldlimited.com, info@barloworldlimited.com, procurement@barloworldlimited.com, finance@barloworldlimited.com 
  • @transnetsa.net, @transnetfreightrails.net, @transnet-jhb.net, 
  • @yahoo.com, @aol.com, @gmail.com, @webmail.co.za or any other internet domain than the company’s official domain


17.  Check the sender’s contact details 

Always ensure that you have full contact details of an actual person, specifically once you are notified the tender or RFQ has been awarded to you and before procuring or paying for anything.Insist on a real office extension, a land-line number which has to be the same prefix as the main land-line switchboard number.

    18.  Confirm that the Company's Billing details are correct?


Compare the contact details contained in the email you received and per the correspondence to this entity’s official contact details – use Google and visit the official website.

Are the company contact details (telephone, street address) the same or completely different to the contact details on the official site? If in doubt, phone the official switchboard number as per the official website, and ask if sender works there and to confirm the department and contact details. 



19.  Confirm that the Company's Delivery details are correct?



Confirm that the delivery address is an actual currently used company site. 


Instruct drivers to not deliver anywhere that is not inside the actual official company premises – i.e. deliveries strictly inside the actual warehouse or depot yard or premises. That means no delivery just outside the gate, or somewhere along the route, or last-minute changes to delivery details.


20. Have you met the Contact person from the Buyer in person?


Due to procurement procedures for quotations, it is seldom possible to meet the person responsible for the administration of the transaction before the award of the tender. For tenders where a briefing session takes place, this briefing is typically held at the premises of the buyer and serves to confirm the validity of the transaction.

On award of the transaction, however, this is likely to change. For tenders specifically, there could be tender negotiations and contract signature before the service provider is actually appointed or expected to perform.

Unless you are 100% certain of who you are dealing with, try to meet the buyer. Specifically in cases where there are no prior relationships with this buyer/organisation, or supplier, and you have not yet formally met the contact person inside at their premises. 

Take precautionary steps prior to any handing over goods or making any payments in the case of an order.




Conclusion

As mentioned at the outset, it is near impossible to make a comprehensive list of all procurement fraud possibilities. There are simply too many permutations. Furthermore, changes in technology sometimes have unintended consequences, which then require new or additional controls to be developed and monitored

If you liked this blog post, please share or tweet or repost this article to others who may also be interested in these topics.

If you wish to discuss your busines or procurement challenges in confidence with us, please feel free to contact us at your soonest convenience. Where you have personally experienced other examples of procurement fraud, please leave a comment below.




Also why not subscribe? Simply scroll up and enter your email on the top right for notifications. We publish approx 1-2 posts per month on business-related topics. 




© Cogniplex (Pty) Ltd - 2018  - Visit us on www.cogniplex.co.za


UNDERSTANDING BUSINESS RISK - AN INTRODUCTION

In this introductory blog post, we will delve into the topic of business risks - a topic which perhaps not as close to the hearts of m...