top of page

Defending from Within: Effective Strategies to Combat Procurement Fraud and Corruption Threats

Updated: Aug 29, 2023

External threats can pose a significant risk to your business during urgent events or natural and man made disasters. Discover effective strategies to combat this threat and safeguard your organisation from within.

Procurement fraud and corruption threats

External threats can be extremely damaging and can be exacerbated when it is linked to an insider. These threats can range from employees leaking sensitive information, creating fictitious requirements or illicitly diverting organisation funds. Uncovering the hidden cost can be challenging. In order to protect your organisation, it is crucial to implement effective strategies to combat external threats. By understanding the motivations behind these threats and implementing proper security and control measures, you can safeguard your business from potential harm.

At no time has education and awareness on procurement fraud and corruption threats been more important to an organisations integrity and its ability to identify and prevent these known and unknown risks. One thing that recent global events have taught us, is that global lockdown and manipulation and abuse of national procurement systems is to be expected and that we must plan and prepare for such events happening again.

The greatest danger often lies within our own ranks, where trust can be exploited and secrets can be betrayed


In order to effectively protect your business from insider and external threats, it is important to understand the different types of threats and where your organisation can be targeted. These threats can include insiders who intentionally seek to harm the company or use the opportunity of weak control measures and increased workloads to manipulate the payment or procurement systems. There are also accidental insiders who may unknowingly compromise sensitive information or unintentionally cause harm to the organisation. By understanding the different types of insider threats, you can better identify potential risks and implement appropriate security and control measures to mitigate them.


There are many global examples of how individuals within government, public sector leaders, suppliers have used the disruption and events of man made or natural disasters for their own illicit gain or collude with others to facilitate criminal activity.

Due to the urgent nature of any crisis, it is recognised that many control measures that should be in place are dropped to expedite the action and operations of an organisation. It is in these circumstances that procurement fraud and corruption can flourish. Examples include:

  • creation of a new company to facilitate the direct award of contracts

  • greater use of online procurement that facilitates the purchase of inferior or counterfeit goods

  • illicit disposal of materials that are classified as waste

  • theft of materials by contractors

  • creation of fictitious works and illicitly diverting payments

  • fictitious invoicing

  • using position and conflicts of interest to influence the award of contracts to friends, associates or business owners that individuals have a personal relationship with


Fraud within natural and man made disasters is not new and in the USA it is recognised as a significant problem, due to the billions of dollars that are spent on recovery and is an area where fraudsters will target quickly due to the urgency and weak control measures in place. In 2005 in the wake of Hurricane Katrina the National Center for Disaster Fraud was established and has to date received over 220,000 complaints.

However, on the positive side, the anti-corruption message remains strong and has been rejuvenated by President Biden re-establishing the USA's part in the fight against corruption.


Organised crime groups have been both organised and opportunistic, using both the situation of fear from the public and their search for medical solutions and the urgency and unavailability of healthcare products and personal protective equipment. They very quickly diversified into online sales for counterfeit, substandard, and falsified pharmaceuticals and medical products.

In such circumstances, the use of corruption to facilitate their illicit business model wasn't necessary where there is a global scramble to procure the limited quantity of PPE on the global market and due to the urgency, reduced governance, obfuscation of supply chains, and quality of products, the risk that organised crime is suddenly being funded by the healthcare system is more than likely.


One of the lessons organisations have learned or will have to face is their ability to understand the maturity of its business continuity planning and the performance of its compliance programmes. Our inability to measure the financial impact, in organisation response and adaptability, including the losses due to criminality from internal and external threats.


Do you have the ability to measure your response performance or the capacity to protect organisation assets and revenues during such events? In the same way that business continuity plans are put in place, to mitigate the risk of procurement fraud and corruption threats happening again, documented ownership and responsibility should be put in place throughout an organisation for departmental and operational monitoring and coordinated action.


At the core of a coordinated response to a significant national or global event, three areas need to be introduced into the discussion and response planning:

  • Risk identification and prevention of future corruption including the weakness in the current approach

  • introducing new and creative solutions for education and awareness to ensure that the whole organisation understands the risks and their role where a response is required

  • Knowledge sharing and lessons learned within risk assurance will support organisation and national planning and response to future events.


As the global pandemic impacted the majority of organisations, a maturity assessment and gap analysis should be conducted to measure performance and organisations ability to respond to future incidents, specifically, where we are now and where we need to get to ensure that future impact is identified or mitigated. Areas to consider should include:

  • Assessing the aggregated and transparent maturity level

  • Illustrating the difference in perception of maturity at various employee levels (leadership versus operations implementing the activities and policies at the coal face)

  • Gaps in knowledge and understanding of risks and responsibilities

  • Gaps in skills and abilities

  • Assessing maturity from different viewpoints based on the roles of those completing them


As part of an assurance programme gaps in knowledge and training should be assessed, specifically, what do we need to acquire or build to ensure that a workforce is able and has the flexibility to respond to the next incident or major event with reduced impact to the organisation? Areas of initial assessment should include:

  • IT Risk and Governance

  • Information security

  • Information privacy

  • Enterprise Governance, Risk and Compliance

  • Director duties

  • Occupational health and safety


At no time has education been more important to organisation development and ability to mitigate fraud risk in future disasters. One thing that the global pandemic has taught us, is that this disaster risk is now part of our global society and that such events will happen again.

Do you want to work with us?

Book a Strategy Call with us to see how we can positively impact your risk mitigation approach

Be the first to receive our latest articles


bottom of page