top of page

Protecting your business from procurement fraud

Updated: Aug 29, 2023

Guard your business's purse strings with diligence, for in the shadows of complacency, procurement fraud finds its breeding ground.

Protecting your business from procurement fraud

The greatest risk one can take is not to take a risk

As a leader or professional working within an environment that has been targeted by or is a high risk from procurement fraud and corruption threats, do you introduce risk planning and have access to a risk assessment to design your prevention approach?

One of the lessons learned working in and with large organisations can be the disconnect between introducing risk control measures, a response to risk through investigation or change management and an understanding of an organisations risk picture. If an organisation doesn't fully appreciate its level of risk, how can it accurately respond or measure the level of procurement fraud and corruption risk that it is impacted by.


In attempting to understand its level of risk an organisations leaders must first ask two simple questions, how and where is it being targeted by procurement fraud and do we know what the level of financial losses are. Simple questions, however, in all organisations that I've assessed over the years, that answer has generally been 'No'.

As part of the planning stage, in addition to the anti-fraud policies and procedures that it has in place, an assessment of risk identification and mitigation procedures that it currently in place and the fraud and corruption risks within finance, procurement, quality, security and asset management processes will help map out the current approach that is being taken to fraud and corruption.

In addition to these areas, it is important to understand the level of anti-fraud and corruption culture, is this something that is actively talked about within an organisation. The communication and engagement within an organisation that drives ethical standards can be the difference between identifying or receiving a report of procurement fraud or an individual not reporting suspicions because they don't trust a manager or leaders response.

As a leader, a simple way in which to clarify your organisation's counter fraud or anti-corruption culture and whether more action needs to be taken, is to ask staff two simple questions. Firstly, would you be comfortable in discussing openly the ethical issues within the organisation and secondly, would you feel safe in reporting a corruption risk to your line management. If the answer is no to either of these questions then consideration should be given to developing an inclusive approach where staff feel part of the solution and creating a new culture.

Are you able to identify, collect and analyse your own data that can help assess procurement fraud and corruption risk?


The process of creating a risk assessment starts with recognising the typologies of procurement fraud and corruption. Education and awareness is an essential element of the mitigation process to ensure individuals conducting the risk assessment understand how, where and by whom an organisation can be targeted.

This approach helps identify the data sources that are relevant to the risk assessment, an organisation must take stock of activities that are associated with procurement that might include finance, human resources, quality assurance, asset management and maintenance as well as compliance, investigation or intelligence information.

The size and scale of an organisation structure may have an impact on the complexity of a risk assessment, individuals or organisations involved and the information to be considered. Particularly where an organisation conducts an annual assessment or regularly assesses new risks against the current assessment, it may wish to create a risk model that can be used to consider typologies, individuals, departments, organisations and the mitigation structure.


To assist the assessment and implementation approach, creating a risk register where risks and mitigation recommendations are documented and using this method to support a decision making structure can be a valuable tool. If an organisation doesn't have a centralised group of managers or leaders that considers each risk and allocates ownership to affect change, what might be the consequences in the effectiveness of this approach.

Part of a decision making structure is to consider prevention and detection activities to mitigate the identified risks by enhancing systems and controls, policies and procedures and expertise and capabilities to prevent future procurement fraud and corruption.

Introducing a proactive approach and techniques to identify procurement fraud and corruption is a valuable method of testing the integrity of an organisation's mitigation framework and also the continued support and update of a risk assessment. Additionally, targeted audits and data analysis from the published risk assessment can be a useful exercise to more effectively use finite resources.


Creating a procurement fraud Response Plan can add great value where a new risk is identified and requires a coordinated response. Having a centralised decision making group that is guided by the plan not only creates an efficient and effective response to risk but also gives responsibility and ownership for each action.

As part of the change management process do you use a strategic approach to risk, specifically do you have a one, three or five year plan to support a change management approach. Is your annual risk assessment used to identify current and potential future risks, are there new patterns of fraud and corruption typologies and what prevention, detection or mitigation actions should be introduced.

In the continual improvement lifecycle, measurement and monitoring should be integral in performance assessment of the procurement fraud framework. Generally, a natural consequence of enhancing communication, engagement, prevention and detection techniques is the increase in data. Introducing risk mitigation might include lifting communication barriers that prevent discussion and reporting can be a valuable tool in the monitoring process.


To support all areas of risk mitigation, training and awareness should be introduced for all leaders, managers and staff that are involved in the identification and mitigation approach to help clarify their responsibilities and how procurement fraud can impact their organisation. If an organisation takes the approach that all staff and suppliers have the potential to identify and report risk, they have a greater opportunity to receive additional reports and create a greater understanding of their risk picture where education and awareness of current threats and methodologies are shared.

If you have any comment on this approach to risk, please feel free to comment and join our procurement fraud and corruption group on LinkedIn.

Do you want to work with us?

Book a Strategy Call with us to see how we can positively impact your risk approach

Be the first to receive our latest articles


bottom of page