Maybe it is just the time of year (I write this in mid-December) but I have been thinking a lot about procurement. The South Korean nuclear regulator has shut down Yonggwang 5&6 nuclear power plant because of the discovery of forged quality certificates for some 5000 components such as fuses and switches. That may be a drop in the ocean for an NPP, but it is still a lot of components; how could it happen?
Fraud, it appears, is not just an Asian problem; the nuclear industry procures globally. There was an interesting presentation about protecting NPPs from falsified products at Moscow's 2011 Atomeks conference. Typical bogus component supply actions, according to Rosenergoatom speaker M. Yu. Ruslyakov, include product origin forgery, use of front firms, bidding without authorisation, and forgery of trademark and other documents.
The safety of nuclear power plants is the sum of its parts. Defence-in-depth, the theme of one of our articles this month relies on components to do their job. Unscrupulous suppliers of equipment with forged certificates will not bother to perform stringent tests on their goods. Although these components were not used in safety-critical areas, nuclear plants are complex and their failure could create safety risks.
Procurement fraud and corruption will never be completely eliminated, argues Paul Guile, global procurement fraud advisor for the UK's Chartered Institute of Purchasing and Supply. He says that the goal is reduce the opportunities for procurement fraud to occur and increase the possibility of catching fraudsters.
When customers are visited by a potential supplier at their offices, they may take what is said on face value, without checking it out. How do buyers know a salesperson represents the company he or she says? How do they know that this company is actually capable of delivering the product they claim? How do they know that the product they receive was made by it?
In simple terms, Guile advises buyers to check out the supply organization, the product supplied, and the documentation.
Guile recommends actual visits to suppliers, even if that sounds old-fashioned. When carrying out supplier visits, customers should check quality control systems. Supporting documents for quality standards -- no matter how convincing -- should be double-checked. Buyers should confirm that the quality controls that have been carried out have been externally verified by someone who does not have a vested interest in the approval being given. Quality assurances could be completely counterfeit.
A 'dip test' of samples of products actually received will make sure that the 150 50kg bags of aggregate ordered actually weigh 50kg and not 45kg; the discrepancy soon adds up.
Buyers should also check out testimonials and previous work packages carried out
with previous customers.
The amount of attention given to purchases should be keyed to their strategic importance. It may be standard practice to link the corporate risk posed by the product to its cost, but in the case of low-value but business-critical items, that classification misses the point.
Good practice starts with customer's own approach to procurement. First, it should employ trained procurement staff; after all, these people make sure that the company is investing its money properly. Second, there should be standard procurement and anti-fraud controls in place (and they should be followed). Recognised controls such as segregation of duties in ordering are often in place, but what about a procurement breach process? This is exception reporting of anyone who fails to follow procedure.
Organisations should install anti-fraud procurement controls and advertise them internally and externally; for example, Guile has developed a 'procurement fraud burglar alarm' logo to help broadcast the message to the supply chain.
The potential for fraud in procurement, which I suspect is seriously underappreciated, makes an already tricky business really rather risky. And I thought that Christmas was complicated.