ICAC warns agencies to crack down on fraudulent tech contracts amid spate of procurement corruption cases


The NSW Independent Commission Against Corruption (ICAC) has warned state agencies to tackle procurement fraud against a backdrop of overcharging, poorly defined supplier relationships, and unmonitored contracts.

An investigation by ICAC, which culminated in the Commission’s recently released Supplier Due Diligence: A Guide for NSW Public Sector Agencies reportfound “poor due diligence” had contributed to instances of corrupt conduct in the procurement process across NSW Government agencies.

Each year, NSW public sector agencies spend billions in taxpayer money to procure goods and services, the report noted – estimates by AusTender put this figure at $15 billion.

“To put that public money to its best use, it helps to have some reliable information about the people and organisations that supply those goods and services,” the report said.

An effective due diligence process, it stressed, was key to minimising the risk of engaging in fraudulent conduct with suppliers or being deceived by false information in a tender.

The Commission shared a number of ‘red flags’ to identify corrupt conduct, ensuring tendered products and services deliver value for money and, moreover, that public confidence is maintained in the procurement process.

The report highlighted several noteworthy cases of ICT-specific procurement fraud within NSW’s public service, among these included engagements with fictitious software suppliers “without… due diligence” checks, gross over-charging for a local council project, and overt instances of theft.

One notable case of “serious corrupt conduct” identified just last year involved a former ICT project manager creating a sophisticated ruse to funnel money from a procurement contact into their own shell company.

“The project manager created a false business case arguing for the direct appointment of a new supplier called ‘Petite Software Systems’ to carry out the project. The business case was successful,” the report revealed.

ICAC found the agency involved had failed to perform adequate due diligence checks on the supplier; the contracted supplier, ‘Petite Solutions’, was later found to have never traded and had no employees on its books.

“The project manager corruptly caused the agency to pay Petite Solutions – a different but similarly named firm – which he controlled, and effectively ‘hijacked’ the identity of Petite Software Systems to obtain a personal benefit.”

Coinciding with the release of the ICAC report, three former APS staff were last week charged with conspiracy to defraud the Australian Government, with the Australian Federal Police alleging the individuals directed information technology contracts through preferred suppliers, receiving kickbacks from these contracts.

A risk-based approach

As a primary deterrent to fraud, ICAC sensibly recommended the adoption of “a risk-based approach” to procurement. This involved closer scrutiny of an agency’s relationship with a supplier, assessing financial risk, investigating past corruption or other abuses, and reviewing the risk profile of a supplier.

This ‘three-tiered approach’ involved baseline, intermediate, and advanced checks.

Due diligence checks through this process would inevitably generate various red flags with varying degrees of seriousness, ICAC said.

“Some red flags will be deal-breaking (for example, a supplier does not hold mandatory licences and authorities, or has been recently convicted of serious fraud); some will require the agency to implement detailed risk mitigation measures and others might simply warrant a watching brief.”

ICAC recommends that “any potentially deal-breaking red flags” be identified before a supplier is awarded a tender or has signed a contract, especially if a competitive process was used.

“It may be difficult to reject a supplier that has won a tender assessment process but is subsequently found to have a serious red flag.”

How a supplier engages with agencies during the due diligence process could also raise red flags.

“If a supplier is unreasonably uncooperative, repeatedly fails to provide information, or is evasive or belligerent in its communication, the agency is entitled to be suspicious.”

Eyes on the ball

Due diligence was standard issue during the sourcing stages, the Commission said. But it remains necessary to also repeat certain checks after the supply of goods and services.

Events that could trigger post-engagement due diligence checks include follow-up requests by contracted parties to change bank account details, potentially also accompanied by the submission of suspicious invoices.

Other red flags include where a supplier makes changes to subcontracting arrangements or staff involved in procurement.

The merger or acquisition of a supplier by another entity, adverse media coverage, a complaint or tip-off about the supplier, or advice from an external agency, such as NSW Procurement, are also signs to watch for, the Commission said.