Who would immediately spot the likeness between a Sony Vice President and an NHS learning & technology manager. Yet, apart from both making the news today, both carried out simple procurement frauds.
The Sony VP submitted false invoices and pocketed the dosh, while the NHS manager was slightly more creative in that he set up his own company and supplied the Trust at inflated prices.
These types of procurement fraud are straight out of the introductory pages of Procurement Fraud for Dummies and could have been easily avoided. Three-way matching is the traditional protection: the person responsible for the Purchase Order, the person confirming delivery and the person authorising the invoice payment need to be different people. An effective eP2P system is another solution - when you're dealing with £1m fraud the business justification easily stacks up, but the system needs to be properly implemented with the right protections.
Slightly more protection is needed to protect against the likes of the NHS fraudster, yet still fairly basic. He was able to invoice for services received from his own company at inflated rates, for example, invoicing £10,750 for a service which cost £1,500. Why on earth did the organisation not require a 'ballpark' estimate of the price compared against the invoice price? Although I am not a great fan of low thresholds for RFPs, it would be interesting to know what the Trust's thresholds were and whether those internal rules were policed. Then again, how was it so easy for an employee to sell to his employer - it may not have stopped the fraud but signing an annual declaration of interests may have helped.