BS 10501-2014 Guide to implementing procurement fraud controls《采购欺诈控制实施指南》.pdf

1、BSI Standards PublicationBS 10501:2014Guide to implementingprocurement fraud controlsPublishing and copyright informationThe BSI copyright notice displayed in this document indicates when the documentwas last issued. The British Standards Institution 2014Published by BSI Standards Limited 2014ISBN 9

2、78 0 580 82874 4ICS 03.100.10; 13.310The following BSI references relate to the work on this document:Committee reference G/2Draft for comment 13/30282472 DCPublication historyFirst published March 2014Amendments issued since publicationDate Text affectedBSI acknowledges the contribution of CIPS in

3、the initiation and development ofthis standard.The Chartered Institute of Purchasing CIPSNewsBS 10501:2014 BRITISH STANDARDContentsForeword iiIntroduction 11 Scope 12 Terms and definitions 23 Planning 44 Procurement fraud controls 55 Monitor and review 15AnnexesAnnex A (informative) Types of procure

4、ment fraud 17Annex B (informative) Guidance on procurement methods and controls 19Annex C (informative) Asset register 22Bibliography 23Summary of pagesThis document comprises a front cover, an inside front cover, pages i to ii,pages 1 to 24, an inside back cover and a back cover.BRITISH STANDARD BS

5、 10501:2014 The British Standards Institution 2014 iForewordPublishing informationThis British Standard is published by BSI Standards Limited, under licence fromThe British Standards Institution, and came into effect on 31 March 2014. It wasprepared by Technical Committee G/2, Anti procurement fraud

6、. A list oforganizations represented on this committee can be obtained on request to itssecretary.Use of this documentAs a guide, this British Standard takes the form of guidance andrecommendations. It should not be quoted as if it were a specification or a codeof practice and claims of compliance c

7、annot be made to it.Presentational conventionsThe guidance in this standard is presented in roman (i.e. upright) type. Anyrecommendations are expressed in sentences in which the principal auxiliaryverb is “should”.Commentary, explanation and general informative material is presented insmaller italic

8、 type, and does not constitute a normative element.Contractual and legal considerationsThis publication does not purport to include all the necessary provisions of acontract. Users are responsible for its correct application.Compliance with a British Standard cannot confer immunity from legalobligat

9、ions.BRITISH STANDARDBS 10501:2014ii The British Standards Institution 2014IntroductionProcurement is defined by this British Standard as the process of acquiringgoods, works and/or services, covering both the acquisition from third partiesand in-house providers, and spanning the whole life cycle fr

10、om identification ofneeds through to the end of a services contract or the end of the useful life ofan asset.This definition is important as it is where the process of identifying the risk ofprocurement fraud begins. The possibility of procurement fraud needs to beconsidered from the very beginning

11、of the procurement activity. This includesthe method by which the goods, works or services are going to be procured,such as written quotations, single/sole sourced or through a competitive tender.It is best practice to design out the possibility of procurement fraud at theearliest opportunity and th

12、is British Standard provides guidance on mitigating arange of fraud risks.1 Scope1.1 This British Standard gives guidance on mitigating and actively managing thefollowing procurement fraud risks:a) procurement fraud committed against the organization by its personnel orothers acting on its behalf or

13、 for its benefit;b) procurement fraud committed against the organization by anotherorganization or individuals with the assistance of its personnel or othersacting on its behalf or for its benefit;c) procurement fraud committed against the organization by anotherorganization or their personnel;d) pr

14、ocurement fraud committed against the organization by otherorganizations or their personnel acting on their behalf, e.g. fraudconspiracy, bid rigging, anti-competitive activity.1.2 This British Standard is applicable only to procurement fraud, specificallyfraud offences committed in the procurement

15、life cycle. It is not applicable toother criminal offences, such as anti-trust/competition and money launderingoffences, although an organization may choose to extend the scope of itsprocurement fraud controls to include these other offences.NOTE Many countries laws do not define procurement fraud o

16、r define fraud indifferent ways. This standard does not provide its own definition of fraud, butidentifies the following specific fraud types where it is committed: falserepresentation, failing to disclose information when there is a legal duty and/orcontractual obligation to do so and abuse of posi

17、tion.1.3 This British Standard is applicable to all types and sizes of organizations(including small and medium enterprises) in all sectors (including the public andprivate sectors, and the charity and voluntary sectors).BRITISH STANDARD BS 10501:2014 The British Standards Institution 2014 12 Terms

18、and definitionsFor the purposes of this British Standard, the following terms and definitionsapply.2.1 compliance managerperson responsible for ensuring that the organizations systems of control areoperating adequately, including the effective management of procurementfraud riskNOTE The role of the

19、compliance manager might be full-time or might beperformed by a member of staff in addition to their regular role.2.2 conflict of interestsituation where outside business, family or personal connections could interferewith the judgement of personnel in carrying out their duties for theorganizationSO

20、URCE: BS 10500:2011, modified2.3 framework agreementagreement with suppliers that sets out the terms and conditions governingcontracts that can be awarded during the life of the agreement and that mightrelate to price, quality and quantity under which individual contracts can bemade2.4 information s

21、ecuritypreservation of confidentiality, integrity and availability of information,including the protection of information and information systems againstunauthorized access or modification of information, whether in storage,processing or transit, and against denial of service to authorized usersNOTE

22、 Information security includes those measures necessary to detect, document,and counter such threats. Information security is composed of computer security andcommunications security.2.5 internal auditsystematic, independent and documented process for obtaining evidence andevaluating it objectively

23、in order to determine the extent to which procurementfraud requirements are fulfilled2.6 organizationcorporation, company, firm, partnership, enterprise, authority or institution, orpart or combination thereof, whether incorporated or not, public, private orvoluntarySOURCE: BS 10500:2011, modified2.

24、7 personnelorganizations directors, officers, employees, agents and temporary andoutsourced staff or workers, paid and unpaidSOURCE: BS 10500:2011, modified2.8 procure-to-payprocess of acquiring and managing goods, works and/or services needed formanufacturing a product or providing a service, invol

25、ving the transactional flowof data that are sent to a supplier and the data concerning the fulfilment of theorder and payment for the goods, works and/or servicesBRITISH STANDARDBS 10501:20142 The British Standards Institution 20142.9 procurementprocess of acquiring goods, works and/or services, cov

26、ering both the acquisitionfrom third parties and in-house providers and spanning the whole life cycle fromidentification of needs through to the end of a services contract or the end ofthe useful life of an asset2.10 procurement fraudfraudulent act committed against an organizations procurement proc

27、ess thatmight involve fraud by false representation, failure to disclose information whenthere is a legal duty and/or contractual obligation to do so, abuse of position, orassociated offencesNOTE A list of the various forms of procurement fraud is given in Annex A.2.11 procurement fraud controlmeasu

28、re intended to help the organization:a) identify the risk of procurement fraud;b) mitigate procurement fraud;c) detect, report and respond to an allegation or suspicion of procurementfraud; andd) monitor, review and implement control measuresNOTE Such a measure might be independent or be part of the

29、 overall fraudmanagement controls.2.12 procurement life cyclephases of the procurement process, from identification of needs through to theend of a services contract or the end of the useful life of an assetNOTE The procurement process involves options appraisal and the critical “make orbuy” decisio

30、n.2.13 procurement fraud policydocument that:a) prohibits procurement fraud; andb) requires reasonable and proportionate measures to be taken to:1) mitigate procurement fraud;2) detect, investigate, report and respond to (e.g. initiate procurementfraud response plan) any procurement fraud that occur

31、s2.14 purchasingprocess of buying materials and services of the required quality, in the correctquantity, delivered to the right place at the right time, from a legitimate source,at an appropriate price2.15 supplierorganization that provides materials, components, goods, works or services foranother

32、 organization2.16 supply chainmovement of materials (or services) as they flow from their source or supplier tothe end customerNOTE 1 A supply chain is made up of the people, activities, information andresources involved in moving a product (or service) from suppliers to customers.Understanding who

33、and what is involved in the supply chain process (which mightinclude a number of tiers) is an essential part of the procurement process.BRITISH STANDARD BS 10501:2014 The British Standards Institution 2014 3NOTE 2 An international supply chain organization may be involved in variousprocesses, includ

34、ing manufacturing, processing, loading/unloading, transportation(across international borders), customer service, demand planning, supply planningand supply chain management.2.17 top managementperson or group of people who directs and controls an organization at thehighest levelSOURCE: BS EN ISO 900

35、0:20053 Planning3.1 GeneralThe organization should plan for the adoption of a procurement fraud policyand the implementation of procurement fraud controls by ensuring that thefollowing steps are taken:a) allocating responsibility for planning to personnel of appropriate seniority;b) appointing appro

36、priately qualified personnel to conduct a risk assessment toidentify what activities or other aspects of the organizations business haveprocurement fraud risks;c) assessing in what manner and to what extent the procurement fraudcontrols should be implemented by the organization, taking into accountt

37、he factors in 4.1;d) writing the procurement fraud policy;e) designing or modifying the necessary policies, procedures and controls, andensuring that they are reviewed at agreed intervals;f) determining the necessary resources (including funding, personnel,equipment and materials) needed to implemen

38、t the procurement fraudcontrols;g) preparing an implementation timetable with clearly identifiedresponsibilities.3.2 Assessment of risk3.2.1 The organization should implement procedures to enable it to assess:a) the risk of procurement fraud in relation to its existing and proposedprocurement and su

39、pply chain activities;b) whether its policies, procedures and controls are adequate to mitigate thoserisks in line with the organizations risk appetite.3.2.2 The timing and frequency of risk assessments should be defined by theorganization.3.2.3 As part of its risk assessment process, the organizati

40、on should conduct duediligence on business suppliers in accordance with 4.12.3.2.4 In considering the controls necessary to mitigate risk, there should beadequate review of risk areas within the purchasing process, including:a) business requirement, i.e. identification of needs;b) product and/or ser

41、vices specification;c) assessment of pre-qualification and tender submissions and selection;d) tender selection and contract award;BRITISH STANDARDBS 10501:20144 The British Standards Institution 2014e) review of the make or buy decision;f) ongoing supplier relationship management;g) asset protectio

42、n.3.2.5 When carrying out fraud checks within the procure-to-pay process, thefollowing should be considered.a) Does the requisition match the purchase order?b) Is it the same person authorizing both activities? Would segregation ofduties be appropriate?c) Does the purchase order match the requiremen

43、t in the contract?d) Does the purchase order match the delivery note?e) Is there a delivery note to evidence the delivery of the goods, works orservices?f) Are all signatures on the delivery note clearly visible and identifiable to aparticular person?g) Is there signed evidence to demonstrate the se

44、rvices have been completed?3.2.6 Performance bonuses, performance targets and other incentivizingelements of remuneration should be reviewed to ensure that there arereasonable safeguards to prevent these from encouraging bribery.3.2.7 Procurement fraud risks should be documented in the risk register

45、 andreported to the audit committee. An overview of controls in place and theireffectiveness, including near misses for fraudulent activity, should be reported tothe audit committee on a predetermined basis.4 Procurement fraud controls4.1 Scope of the controlsThe controls to be implemented by the or

46、ganization should be reasonable andproportionate, taking into consideration the nature and extent of theprocurement fraud risks that the organization faces and the:a) size of the organization;b) countries and sectors in which the organization operates;c) nature, scale and complexity of the organizat

47、ions commercial activities andsupply chain;d) organizations existing suppliers.4.2 Controls4.2.1 Procurement controlsThe organization should implement procurement and other controls to ensurethat it can purchase materials and services of the required quality, in the correctquantity, delivered to the

48、 right place at the right time, from a legitimate source,at an appropriate price.4.2.2 Procurement fraud controlsThe organization should implement procurement fraud controls that mitigatethe risk of the organization, its personnel or others acting on its behalfcommitting, or being the victim of, pro

49、curement fraud.BRITISH STANDARD BS 10501:2014 The British Standards Institution 2014 54.2.3 Bribery controlsBribery can be part of a procurement fraud conspiracy or facilitate the act offraud. The organization should implement procurement and other controlswhich mitigate the risk of the organization, its personnel or others acting on itsbehalf committing bribery.NOTE BS 10500 specifies requirements for an anti-bribery management system.Attention is drawn to the corporate liability issues that apply to UK associatedbusiness under Section 7 of the Brib