Vendor and Procurement Fraud Should Keep Mid-Stream Oil and Gas Companies on the Alert

For mid-stream oil and gas companies, vendor and procurement fraud is all too common and can lead to substantial harm. According to the 2020 Global Study on Fraud and Abuse by Association of Certified Fraud Examiners, the energy sector was the fifth most affected by fraud in the previous 12 months. The energy sector also was the second highest industry under the survey’s listing of median loss from fraud.

In an industry so susceptible to rapid market swings and overall ups and downs, implementing controls to prevent vendor fraud could prove especially helpful during the down times.

Vendor and procurement fraud can involve improper payments to real or fictitious vendors or other third parties. This type of fraud is usually committed by company employees or an external vendor, or collusion between an employee and external vendors. Fraud perpetrators generally leverage their influence and close relationships with vendors or employees to manipulate a company’s procurement and accounts payable system for their personal gain.

The primary victims of this type of fraud are small and medium sized private companies, but large companies are not immune. Cost constraints typically lead smaller companies to implement overly simplistic internal controls, making them easier targets for fraudulent activities. As technology evolves, fraud perpetrators have become more sophisticated and more creative in thwarting even the most sophisticated fraud prevention controls. That is why larger companies need to be on the alert, too.

Our fraud investigations for mid-stream oil and gas companies have uncovered the following types of fraud, which unfortunately are pervasive in the industry:

Invoice skimming. Vendors misrepresent invoice amounts by overstating the quantity of goods provided or hours worked, applying billing rates inconsistent with the original contract, or billing twice for the same services or goods.

Examples: In a pipeline or chemical plant construction project, a subcontractor may bill its employee’s labor hours to different projects simultaneously and may bill either one or multiple customers for the same work. A vendor may also submit time for hours the worker did not spend onsite. These overbillings can sometimes amount to more than 24 hours in one day.

Change order abuse. After submitting a low bid to win a project, a contractor submits multiple unjustified change order requests to increase profits. In the mid-stream oil and gas industry, this is especially common in large construction projects, such as chemical plants, pipelines, or oil refineries. Because these large projects incur substantial losses for each day they are not up and running, the rush to finish projects on time often means quick approvals of change orders without thorough consideration—a situation ripe for change order abuse.

Watch for these warning signs of change order abuse: a vague description of the scope of work in the original contract, incomplete specifications from the engineering group, or weak internal controls on the change order request review. These offer opportunities to “double dip” by submitting change order requests to cover a scope of work that should have been part of the original contract.

Conflict of interest. Unusual favors from an employee with an undisclosed interest in a vendor may include disclosing a competitor’s bidding information, making unnecessary purchases or setting a fictitious range of market prices by price fixing among multiple vendors. Sometimes, employees may even use their authority within the company to approve a contract with the vendor outside the normal process. Employees may also approve a contract even though billing rates are substantially higher than the going market rates or approve a vendor without performing standard bidding procedures.

Cyberattacks. These are an emerging risk for mid-stream oil and gas companies. One well-publicized example of ransomware occurred when a cyberattack on Colonial Pipeline Co.’s billing system caused the company to halt its entire pipeline operation and pay over $4 million in ransom.

Exploiting a company’s IT vulnerabilities and internal control weakness in the accounts payable system is another cybersecurity risk. By slightly inflating the payment amount for approved invoices and directing the incremental payment to a bank account that they control, an attacker can successfully manipulate a company’s accounts payable system. Since the inflated amounts are typically immaterial, this type of fraud can go undetected for a long time.

If your company suspects fraud, a forensic professional can help detect the fraud scheme and assess the harm. Forensic professionals review relevant financial records, like invoices, purchase orders, payment registers and related general ledgers, and non-financial records, including contracts, change orders, correspondence, and HR information. Using data analytics tools, we identify abnormal transaction patterns and red flags for potential fraud schemes.

For more information about how forensics professionals can assist mid-stream oil and gas companies in detecting vendor and procurement fraud, contact us. We’re here to help.

© 2021