The most expensive part of procurement fraud is what happens after you spot it

When a fraud signal shows up in procurement, most organisations feel the same pull. Contain it fast. Keep it quiet. Move on.

Leaders worry about reputation, distraction, legal exposure, and morale. So the organisation treats it as an HR issue, exits the person involved, and closes the door.

Josh Byrne, Senior Procurement and Probity Consultant describes this pattern directly. Fraud gets classed as an HR event, people get moved on, and the business avoids investigating. He adds a point that should land with any leader:

It sends the wrong message to the wider employees across the organisation about how you actually manage a fraud event.

David Morgan, Managing Director, Veremark Whistleblower Technology Solutions describes the same impulse from the governance side. Boards want to protect reputation, so the instinct is to make it disappear — sometimes through a civil agreement, an NDA, or a payout.

Quiet endings remove a person. They rarely remove the opportunity.

A quiet exit stops a behaviour in the short term. It doesn't fix the conditions that made it possible.

Procurement fraud sits across the whole lifecycle — onboarding, contracts, approvals, invoicing, payment. It relies on weak points in process and control design. David puts the principle plainly:

If the control environment is well-designed and there has been an investment made by the business, that opportunity typically is less.

When you skip investigation, you keep three problems alive. You keep the same control gaps, because you never mapped how the issue moved through your systems. You keep the same influence points, because procurement integrity issues often involve relationships and pressure — and Josh notes the pressure on employees from senior levels is real. And you teach people the wrong lesson, because they watch what happens after an incident far more closely than they read policy documents.

The real cost isn't the incident. It's the pattern that follows.

Quiet endings defer investigation — they don't prevent it. Here's what compounds in the meantime.

The same gap gets exploited again. The onboarding shortcut or approval bypass that enabled one incident doesn't close itself when you exit an employee. The second incident is harder to defend, because you already had the signal.

Regulatory exposure escalates. Auditors focus on patterns because patterns suggest weak governance. One quiet exit might not draw attention. A second incident with no remediation between them changes the conversation entirely.

The eventual investigation costs more. When the issue resurfaces, the scope is wider, the data is older, and the remediation is more disruptive. Organisations that investigate early spend less overall than those that investigate late under pressure.

Trust erodes. Employees assume outcomes depend on power. Suppliers assume rules flex for the right relationships. Both assumptions corrode everyday procurement decisions in ways that never register as a single fraud event but steadily raise risk across the portfolio.

What a proper investigation actually produces

A well-run investigation should produce three things. A control map of what failed — not just who did it, but how the system allowed it. (For a deeper look at how control gaps form across the procurement lifecycle, see Where procurement fraud really starts.) A clear record of organisational response that stands up if a regulator or auditor later asks what you did when the signal appeared. And a signal to your people that raising concerns leads to change, not silence — which is what keeps speak-up channels credible over time.

Five questions to run after your next incident

1. ‍What did we find out? Did we investigate the how, or just the who.‍
2. What did we change? Not what training we ran. What changed in onboarding, approvals, variation controls, and separation of duties.‍
3. What would stop it happening again tomorrow? If someone in the same role with the same access started tomorrow, would the outcome be different.‍
4. What did people learn from watching? Did our response tell employees that concerns lead to improvement, or to silence.‍
5. Where did we stop looking? The place you stopped is usually where the next incident starts.

Listen to the full conversation

Listen to Procurement Talk — Series 8, Episode 4 — "Whistleblowing" with special guest David Morgan

• Spotify Podcast
• Apple Podcast
• Google Podcast

‍