Fraud and corruption risks in poor supplier management
Serious Fraud Office cases show how trusted insiders can exploit gaps and weaknesses in contracting and supplier management processes. Learn what to watch out for and how to strengthen internal controls.
Supplier management
Supplier management is when an organisation engages with its suppliers and service providers. It includes the initial contract and onboarding, approval and payment of bills, and oversight of performance. Trusted people can easily take advantage of weak controls or a lack of rules in this area.
Weak supplier management includes:
- poor or non-existent procurement processes
- one person managing all aspects of a supplier’s contract, including payment
- poor requirements for approving invoices
- not sufficiently monitoring the work of a supplier.
Real fraud and corruption cases
Fictitious suppliers
If there is a lack of oversight and internal review, staff with system access and financial authority can load fictitious companies as suppliers and allocate work or payments.
An employee and his wife defrauded a company of $2.2 million by setting up and administering multiple companies to supply goods and services. Most of the goods and services were not needed by the company or were provided by unqualified personnel at substandard quality. The invoices were kept just below the employee’s delegated authority levels to allow him to approve the invoices himself.
-
Undeclared conflicts of interest contribute to $2.2 million procurement fraud
Bank account manipulation
Employees with access to supplier records can alter bank account details to redirect legitimate payments to personal or controlled accounts.
An employee responsible for all financial administration defrauded a trust of $1.2 million over 15 months. The organisation’s banking system had a two-part authorisation system – one person raised the transaction order and another approved it. The employee raised transaction orders then accessed the banking credentials of a former employee to authorise 43 payments to himself.
-
Employee commits $1.2 million fraud against Waitangi National Trust
False invoicing
Staff can submit false invoices for goods and services not delivered, using real or fake suppliers.
An employee responsible for day-to-day finances defrauded a school of $375,000 over seven years. The employee created, approved and paid 77 false invoices to himself from funds meant for a large building project for the school. The fraud was detected when the employee was on leave and an external contractor discovered that the invoices did not match up with the payments for the building project.
-
$375,000 fraud detected while school employee on leave
Collusion and procurement corruption
Staff can collude with external suppliers to inflate prices, split contracts or bypass procurement rules.
A supplier bribed an employee with $7,500 to get a $140,000 contract to supply USB flash drives. The employee:
- informed the supplier of the company’s plan to purchase
- helped the supplier by searching for and finding cheap product
- instructed the supplier to purchase the product and sell on to the company for a profit
- manipulated procurement documentation to look like the supplier had provided the lowest price.
-
Procurement corruption fraud at Auckland Council reported by whistleblower
Weaknesses that can enable fraud and corruption
Fraud in supplier management is often enabled by internal control failures and a lack of oversight or peer review.
Poor supplier due diligence
Due diligence should be more than a procedural formality or tick-box exercise. Staff should understand the purpose behind each check and critically assess whether the information provided by a supplier pitching for work is reasonable and complete. For example, confirming that a supplier is a registered company is important – but reviewing the registration date might reveal if the business was recently established, which could indicate a higher risk, inexperience, or a shell company set up for dishonest purposes. Ensure checks are meaningful.
Lack of segregation of duties
When a single person is responsible for all procurement and contracting activities, key checks – like supplier due diligence – can be missed or bypassed. If one employee identifies the need for goods or services, selects the supplier and also approves the invoices, the risk of inappropriate relationships, undisclosed conflicts of interest, or fraud can increase and go undetected. To mitigate this, different people should be assigned and contribute to each stage of the procurement and payment process.
Lack of audit trails
When changes to supplier records – such as bank account details or contact information – are not logged or monitored, it becomes difficult to detect unauthorised or fraudulent modifications. This lack of visibility allows internal actors to manipulate data without triggering alerts or being held accountable.
Infrequent reviews
Supplier information and payment patterns left unchecked for extended periods can create blind spots where fraud can continue undetected. Without regular scrutiny, fictitious suppliers, duplicate records or unusual payment trends can go unnoticed. Infrequent reviews also make it more difficult to detect changes in supplier risk profiles, such as shifts in ownership.
Strengthen processes and controls
Strengthening governance, enforcing segregation of duties and fostering a culture of accountability are critical to mitigating risks in supplier management. This section includes practical controls you can consider reinforcing or introducing to improve oversight and reduce fraud risk.
Supplier onboarding
Ensure more than one person approves new suppliers and changes to bank account details. This helps prevent unauthorised or fraudulent entries.
Access management
Restrict system access based on roles and enforce segregation of duties. Remove access for staff who have left the organisation.
Invoice verification
Require at least two-person confirmation of goods and services received for payments above a certain amount or for new suppliers. This can be done by using three-way matching of purchase orders, receiving reports and invoices to prevent payment of fraudulent or inflated bills, for example.
Monitoring and audit
Conduct regular audits of supplier information and payment transactions to identify anomalies and investigate anything unusual or suspicious. Establish a routine review process to help identify anomalies early and strengthen overall supplier oversight.
Whistleblower policies
Communicate to staff how they can report suspected fraud through safe reporting channels. Ensure that concerns are investigated promptly and that whistleblowers are protected from retaliation.
Training and awareness
Provide regular training to staff involved in procurement, finance and supplier management to raise awareness of fraud risks, red flags and how to report concerns. Encourage a proactive and vigilant mindset.
Download the PDF
More information
- Find out more about other Serious Fraud Office cases
- Learn countermeasures and controls that organisations can put in place to lower their fraud risk
- Get in-depth information on how to manage procurement risks effectively
- Find out more about the seven common personas that fraudsters use when committing financial crimes
- Understand the wider impacts of public sector fraud, beyond just financial