Where procurement fraud really starts

Most organisations talk about fraud like it arrives as a single event. A bad invoice. A fake supplier. A rogue employee. That framing feels manageable because it suggests you can catch fraud at the end.

In practice, integrity risk builds earlier and quieter. It grows inside supplier onboarding, contract setup, approvals, variations, and payments. It also grows inside social dynamics, pressure from senior stakeholders, and a tolerance for exceptions that slowly become the standard.

David Morgan, Managing Director, Veremark Whistleblower Technology Solutions puts the core idea plainly: “If the control environment is well-designed and there has been an investment made by the business, that opportunity typically is less.” The point isn’t to obsess over motivation or morality. The point is to reduce opportunity through design.

Fraud risk often starts as process risk

Workarounds usually come first. A supplier gets onboarded fast because delivery teams feel urgency. Due diligence steps get skipped because “we’ve worked with them before.” A contract variation gets approved by email because no one wants to slow things down. An invoice gets paid because the relationship matters.

None of this looks like fraud on its own. Together, it creates a path with low friction.

Josh Byrne, Senior Procurement and Probity Consultant describes the aim as having “systems and processes… of good quality to prevent a fraud event as best we can.” That sentence sounds obvious, but it becomes harder when the business faces pressure. Integrity risk tends to rise when urgency becomes the default, not the exception.

A useful prompt for leaders is simple. Where does your procurement flow rely on people doing the right thing, instead of making the wrong thing harder to do.

Invoice fraud hides inside “normal” work

Invoice fraud gets discussed as if it’s always forged documents and fake vendors. The quieter version is more common. Weak approvals. Poor separation of duties. Variations that never get challenged. Payments that go through because “the work got done,” without checking if scope and pricing still match the agreement.

David calls out the basics that many teams struggle to operationalise: invoices should be “correct and fair,” and organisations should avoid “fraudulent payment of invoices.”

In many cases, the weak point isn’t the invoice. It’s the structure around approvals. If one person can influence supplier selection, contract terms, variations, and invoice approvals across the same relationship, you don’t need an elaborate scheme for risk to rise. You just need a structure that allows too much influence to sit in one place.

A practical check helps. Pick a high spend supplier and map who can influence onboarding, scope changes, approvals, and payments. If the same names keep appearing, you’ve found a design gap.

Segregation of duties still does a lot of heavy lifting

Teams sometimes treat segregation of duties like an old finance control that slows modern procurement down. David argues for it as prevention, not bureaucracy.

“If you think about segregation of duties… if you get that control well-designed… it just reduces the risk of fraud happening in the first place.”

That matters because it targets opportunity. It reduces reliance on trust and reduces the chance that urgency or relationships can steer outcomes without challenge.

If you want a sharper test than “do we have segregation,” ask this. Where can one person move a supplier from onboarding to payment with minimal checks, especially when the business wants speed.

Conflicts of interest become risky when power enters the room

A conflict of interest policy doesn’t solve conflicts. It only works if people declare conflicts and the organisation manages them properly, especially when the conflict touches a live commercial decision.

David gives a scenario many teams recognise: “There may be certain executives or a board member that has a commercial interest in that supplier… How is that conflict managed? How has it been declared? Have there been arm’s length controls put in place?”

The risk isn’t the conflict existing. The risk is how people behave around it. The host describes the pressure as “real,” especially when senior stakeholders influence supplier outcomes. Even if a junior employee can’t sign anything, they often shape the steps that make the signature feel inevitable.

A useful leadership question is uncomfortable but practical. In your organisation, when a senior person “suggests” a supplier, do teams treat it as input, or as direction.

The quiet ending that creates repeat risk

When suspected fraud surfaces, some organisations treat it as an HR event and try to end it quickly. Josh describes the pattern: “That person or persons are moved on… [and] the business doesn’t want to go through the process of actually investigating the fraud.”

He also points to the knock-on effect. “I think it sends the wrong message… about how you actually manage a fraud event.” People notice what happens after a fraud incident. Suppliers notice too. If the lesson is “we make it go away,” you build a culture of silence.

The discussion captures why quiet endings happen. “We want this to go away quickly. And as quietly as possible.” That might involve an NDA or a civil agreement. It might end in termination. What often gets skipped is the learning loop that fixes the conditions that made the incident possible.

A cleaner way to frame oversight is not “what did we conclude,” but “what did we change.” If you don’t change anything, you keep the same opportunity in place.

Where speak-up fits, without pretending it replaces controls

Speak-up channels matter in procurement because early signals often sit with people, not systems. A supplier sees an improper request. Someone in accounts payable sees repeat anomalies. A procurement team member sees a directed outcome that doesn’t make sense.

But speak-up doesn’t replace control design. Reporting can surface problems earlier. Prevention still comes from governance, separation, and the discipline to hold the line when pressure shows up. The conversation also notes how difficult it can be to raise concerns when senior people are involved, which is why independence and safe handling matter.

Listen to the full conversation

If procurement integrity risk, invoice fraud, and conflicts of interest sit on your desk, the full conversation goes deeper into how these risks show up across the procurement lifecycle, and what control design can realistically change.

Listen to Procurement Talk - Series 8, Episode 4 – "Whistleblowing" with special guest David Morgan

• Spotify Podcast
• Apple Podcast
• Google Podcast

{{whistleblowing-cta="/components"}}