Procurement and purchasing fraud: Risks, red flags, and prevention strategies


In observance of International Fraud Awareness Week, Nov. 12-18, now is a good time to brush up on some of the most common types of fraud schemes in government and other public sector organizations. These frauds can be costly in financial, reputational, and operational terms.

It is hard to nail down exactly how much money is lost each year to procurement fraud, but according to the Risk and Insurance Management Society, Inc. (RIMS)’s Risk Management Magazine, it is somewhere between 4% and 8% of an organization’s total expenditures.

For example, one of the world’s busiest passenger airports, in the southeastern United States, is currently undergoing a $6 billion expansion under a 20-year capital program. Using the top range of the RIMS estimated percentage of expenditures (8%) for a portion of the project expenditures ($2 billion), which is a conservative estimate in a large construction program, you can estimate that $160 million could potentially be lost to procurement fraud. (This is a conceptual, illustrative example for reference only, as most major airports in the United States are conducting major capital projects due to funding from the Bipartisan Infrastructure Law.)

In the construction industry, the estimated amount of procurement and purchasing fraud is typically higher than in other industries, which is why it is important to implement commonsense controls to reduce the risk of fraud. Organizations should also hire procurement fraud professionals, or work with their Chief Oversight Official (COO) – usually the Office of the Inspector General (OIG) or Chief Audit Executive (CAE) – to monitor for fraud. (More on this later). By having a robust fraud detection plan and using experienced fraud professionals, organizations can help reduce the risk of loss and see benefits far exceeding their costs.

What can your organization do to prevent such a loss to taxpayers and customers?

Here are a couple of tips, scenarios, and examples for reducing your exposure to procurement fraud.

1. Conduct a procurement risk assessment: Organizations should conduct an in-depth analysis of high-risk routine and one-time purchases, regardless of size or cost, on at least an annual basis. Be certain to review your policies/procedures to confirm that they’re in line with the best practices of the American Bar Association's Model Procurement Code. Other steps you can take include reviewing common risk metrics such as staff turnover and purchasing amounts by staff member; assessing the implementation of previous audit findings; and examining all the sole source and emergency purchases for documentation of the special or unique circumstances. These are just a few of the low-hanging items to look for in your risk assessment.

a. Sole source contracts or procurements: This method has a higher-than-average risk due to the nature of procurement. Under this contracting method, your organization should and likely does require you to swear, under penalty of perjury, that no other vendor in the country can provide the good or service you need. Typically, this type of procurement method should be used only when extensive market research has been performed by the subject matter expert, such as an engineer or professional planner, along with your procurement professional(s). The sole source method carries significant costs to your organization because the vendor is now aware that you’re going to seek out or use only them for their goods or services, so a premium for this is often baked into the cost.

b. Emergency procurements: We live in a world where emergencies are more common, from pandemics to crumbling critical infrastructure, so there is a need for this procurement method. But in some cases, emergency procurements are used in situations where an organization failed to plan for something, such as replacing a roof that was in the organization’s capital improvement plan but was put off for many years due to a lack of available funding or failure to relay the urgency to the right person or people. Calling a project an emergency when it’s not opens the organization to fraud risk; emergency procurements typically result in astronomical costs to the organization because of the costs vendors can load into a proposal or bid when the word “emergency” is mentioned. A good control to prevent emergencies and emergency procurements is to audit your capital plan; update it at least every two years to reflect the actual condition assessment; and develop timelines that consider how lengthy the procurement, onboarding, and mobilization of a major capital plan project can be. As the saying goes, “If you fail to plan, then you’re planning to fail.”

2. Competition and alternative procurement continuing analysis: Often, the highest-risk and most common procurements are sole source contracting, emergency procurements, requests for proposals (RFPs), and invitations to bid (ITBs). Watch for these general red flags of potential procurement fraud within these procurement delivery methods.

The other risk from this contracting method is that someone in the organization is concealing a potential competitor to get a “friends and family special of an employee,” or is contract steering; both are fraud. You can mitigate this by asking your COO to perform a conflict-of-interest check. The oversight official’s office should have several tools and procedures to help reduce the risk of contract steering or conflicts of interest, but it is important to be proactive. Another way to mitigate the risk from this contracting method and manage project costs is to issue a request for information (RFI) to the public and publish it on all the available and popular procurement websites. If only the sole source vendor responds, you’ve demonstrated a good-faith effort to solicit competition, and it gives you some assurance that the market truly has limited or no competition for that good or service.

The procurement or purchasing office in your organization should have a form that requires the department/division leader and the chief procurement official to sign off that a true emergency exists and that selecting a single bidder or quickly soliciting bids from a handful of vendors for the emergency outweighs the cost and risk of a traditional procurement method.

Another major risk, as also mentioned above, is that someone in the organization is attempting to steer a contract to a preferred vendor they have worked with before, or that they are seeking to remedy a problem due to the lack of planning or poor management. Additionally, it could also be a potential red flag that someone is being bribed or getting a kickback.

a. Requests for Proposals (RFPs) and Invitations to Bid (ITBs): These are among the most common methods of procurement for the government, not-for-profit organizations, and business community sectors.

In RFPs, the technical requirements and scope of work are the two most important items to consider. The most common types of fraud in RFPs happen when the purchasing agency doesn’t have clear and transparent specifications/scope of work, and is at the mercy of potential “bad actors” to refine the scope via the questions and answer period or when they win the contract and submit several change orders that are going to blow the project’s budget. One of the best ways to prevent fraud in this area is to have the subject matter experts, rather than the procurement professionals, write the scope of work and technical specifications. It is also appropriate to have an external expert, who will not submit a proposal or have an interest in the outcome, review the cost estimate for accuracy and reasonableness. The cost estimate will tell you how far off the prices are once you open the pricing plan. We’ve seen several situations where a large capital program didn’t get accurate, real-time cost estimates from its contractors and therefore had to pause or cancel major projects because the price proposals were five, six, seven, or more times the budget amount, simply because they did not get an accurate and reasonable cost estimate.

An ITB is one of the most common procurement methods, particularly for construction, and also one where a lot of fraud can occur. One of the most common schemes is a bid rotation scheme, where contractors conspire to take turns being the lowest bidder on contracts. This is so they can each submit more costs to the buyer on price, because they know what the other is submitting in their bid. Then, after the work is complete or another bid is released, a different contractor bids, and the scheme continues. This is especially harmful because public organizations are required by law, in most places, to select the lowest, most responsive and responsible bidder. A documented reason for not choosing the lowest bidder is needed, and is also rare because another procurement process would compromise the integrity of the schedule and cost estimate. This may sound like it doesn’t happen often, but it’s quite common in smaller markets where they may only have a handful of contractors that bid on contracts.

In conclusion

The best way to prevent procurement and purchasing fraud is to educate your entire team on prevention, because fraud prevention begins with everyone. Also, use your oversight professionals as your teammate and advocate. Many times they are the most qualified to support your organization as you look to reduce waste, fraud, and abuse.

Subject matter expertise

  • Contact Frank Frank+Banda
    Frank Banda

    CPA, CFE, PMP, Managing Partner – Government and Public Sector Advisory

  • Close


    Let’s start a conversation about your company’s strategic goals and vision for the future.

    Please fill all required fields*

    Please verify your information and check to see if all require fields have been filled in.

    Please select job function
    Please select job level
    Please select country
    Please select state
    Please select industry
    Please select topic

Related services

This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its partners, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.