Procurement Fraud Risk Guide

What is procurement?

“Public procurement is the process of the acquisition, usually by means of a contractual arrangement after public competition, of goods, services, works and other supplies by the public service. The public procurement process spans the whole life cycle from initial conception and definition of the needs of the public service through to the end of the useful life of an asset or the end of a contract.”

Source: NI Public Procurement Policy

Overview of public procurement in Northern Ireland

Public sector contracts range from small contracts for local products and services (under £30,000 in value) up to multi-million pound projects which are advertised across the European Union (EU). Public procurement arrangements in Northern Ireland (NI) are:

Purchases below £5,000 – these are classified as procurement expenditure but are not subject to procurement rules. Organisations must ensure that all such purchases are subject to value for money considerations and central government bodies must adhere to Managing Public Money Northern Ireland.
Contracts between £5,000 and £30,000 – organisations will seek a minimum of two tenders to demonstrate value for money. They may use sites such as eTendersNI or Constructionline to identify potential suppliers to invite to tender. Or they may maintain “select lists” of contractors and suppliers.
Contracts over £30,000 – these are advertised on eTendersNI using a Centre of Procurement Expertise.
Local government – each local council carries out its own procurement. Most councils use eTendersNI to advertise their tenders and award contracts but some place details on their websites.

Why produce a Guide on procurement fraud risk?

Public procurement is vulnerable to fraud and corruption because of the level of expenditure, the volume of transactions, the complexity of the process and the number of stakeholders involved. Public procurement expenditure in NI is around £3 billion annually. The most conservative estimate of the level of fraud is 0.5 per cent (Cross-Government Fraud Landscape report, 2019) so the minimum potential level of public procurement fraud in NI could be £15 million. Procurement fraud can only be tackled effectively if it is identified, measured and reported. Only by recognising the nature and level of procurement fraud can effective controls be put in place.

A further reason for the Guide is the increased risk of procurement fraud as a result of the COVID-19 pandemic. This has already been highlighted by the NIAO in its guide on COVID-19 fraud risks, available at https://www.niauditoffice.gov.uk/publications/covid-19-fraud-risks-niao-august-2020 .

Purpose of the Guide

The purpose of this short Guide is to raise awareness across public sector organisations in NI about what procurement fraud might look like, the conditions that might give rise to procurement fraud risks, and the controls that can be put in place to combat the risks. It is relevant for Accounting Officers, senior managers, finance staff, procurement professionals, contract managers and any staff within an organisation who are involved in any way, no matter how small, in the procurement life cycle – from identifying a need for goods or services through to contract management and contract exit.

The Guide will also be useful for auditors reviewing procurement arrangements and procurement expenditure, helping them to see the warning signs (or “red flags”) of potential fraud. Internal audit in organisations will have a key role in ensuring that robust controls are in place across the procurement life cycle.

Structure of the Guide

The Guide sets out the key risks/red flags and mitigating controls associated with each stage of the procurement life cycle:

pre-tender stage – identifying need;
tendering – includes sourcing suppliers, evaluating tenders and selection of suppliers;
award of contract;
contract management – includes performance, quality, contract variation, invoicing; and
non-competitive procurement.

Fundamental principles

There are some over-arching fundamental principles which should be at the forefront of any consideration of fraud risk, including procurement fraud risk:

CULTURE – an open, honest, anti-fraud culture, with visible anti-fraud and raising concerns policies and adherence to the principles of public life, are essential in all public sector organisations.
RISK ASSESSMENT – an organisation must know its fraud risks (including procurement fraud risks) before it can counter them effectively.
AWARENESS – if staff in an organisation don’t receive regular fraud awareness training and don’t consider the potential for fraud, then they won’t recognise fraud. Raising awareness through ongoing training is key.

Further information

The Guide draws on information already in the public domain. You will find links to the sources used, illustrative case examples and a self-assessment checklist towards the end of the Guide.

Pre-tender Stage

Fraud Risks/Red Flags	Mitigating Controls
There may be a reluctance to follow procurement guidance or involve procurement professionals where appropriate.	Ensure that comprehensive procurement guidance is in place, with access to professional expertise as appropriate.
The need for particular goods or services may not be properly evidenced.	Ensure that comprehensive needs assessment procedures are in place and are strictly followed. These should include effective segregation of duties.
The procurement of particular goods or services may sit outside the organisation’s procurement plan, or timing may be unusual.	Ensure that needs assessment procedures include proper authorisation requirements.
Requirements may be either over specified or deliberately vague, possibly to favour a particular supplier.	Make use of standard templates for tenders, to minimise subjectivity and variation.
There may be an unusual pattern or overuse of single sourcing, possibly used to favour a certain supplier and influenced by a conflict of interest or bribery.	Monitor use of single sourcing on a periodic basis, to ensure it is not excessive and is properly justified in each case. Up-to-date and accurate management information is key for monitoring purposes.
There may be signs of a close relationship between a public official and a supplier.	Ensure staff are aware of the actual and perceived risks of a close relationship with suppliers. Ensure staff are aware of, and abide by, the principles of public life and any applicable code of conduct.
There may be undeclared conflicts of interest among public officials involved in specifying requirements or developing the business case.	Ensure that conflicts of interest are declared and properly managed. This may include an annual declaration and a declaration in relation to each procurement exercise.
There is the risk of bribery or coercion from potential suppliers, linked to gifts or hospitality offered to public officials.	Have a clear Gifts and Hospitality policy in place, and ensure that all staff are fully aware of its existence and contents and adhere to it. Maintain a gifts and hospitality register and review it periodically.
Commissioners may make a case for multiple procurements of the same goods or services, a possible indicator of splitting to avoid proper authorisation or the need for a tender process.	Analyse tender/contract patterns and values, especially around authorisation thresholds. Analyse expenditure patterns across suppliers to help detect possible splitting of tenders into multiple smaller amounts to circumvent authorisation thresholds.
Insufficient due diligence or market engagement regarding proposed new suppliers/contractors, and existing suppliers.	Perform appropriate due diligence on all proposed new suppliers and contractors, e.g. checks to Companies House or trade associations. Also periodically monitor the status of existing suppliers to ensure no change.

Tender Stage

Fraud Risks/Red Flags	Mitigating Controls
There may be a lower than expected number of tenders, suggesting manipulation of the specification or collusion between bidders in the form of bid rotation or market sharing.	Conduct market engagement exercises to help ensure appropriate levels of competition. This may include seeking feedback on the proposed specification to ensure it is not restrictive.
Bidders may withdraw from the tendering process unexpectedly, again suggesting collusion by way of bid rotation or market sharing.	Include non-collusion declarations in tender documentation. If fewer than expected tenders are received, seek feedback from tenderers who downloaded the tender documents but decided not to bid.
There may be evidence of close links between bidding organisations, which increases the risk of collusion.	Ensure there are clear channels for suppliers and contractors to raise concerns about possible collusion. Make sure that concerns are listened to.
The bids from a number of suppliers may be very similar, or all very close to the pricing model, suggesting possible collusion or price fixing.	Benchmark prices to similar suppliers in other areas.
There may be one conspicuously strong bid among a number of weak bids, suggesting bid manipulation.	Ensure there are clear channels for suppliers and contractors to raise concerns about possible bid manipulation. Make sure that concerns are listened to.
There may be a pattern of winning or losing bidders, or companies that don’t bid for certain contracts, suggesting collusion, bid rotation or bid manipulation.	Maintain a centralised contracts register. Review and analyse the register on a periodic basis to identify/determine patterns.
There may be evidence of contact between a bidder and a staff member through unofficial channels, indicating the possible leaking of information, bribery or a conflict of interest.	Establish an e-tendering platform and require its use for all communications. This will help to maintain an audit trail. Raise staff awareness of bribery and corruption risks through regular ethical procurement training sessions. Annual ethical procurement training should be mandatory for staff in procurement posts.
A staff member may have an undeclared conflict of interest.	Ensure that conflicts of interest are declared and properly managed. Consider using data analytics to check supplier details against staff details (e.g. same address or bank account).
A staff member may want to rush the tender process or short-cut proper procedures (perhaps by altering bids or accepting late bids), indicating possible conflict of interest or collusion with a bidder, bid manipulation, or bribery and corruption.	Ensure that staff are aware of their bribery risks and require them to adhere to a code of conduct or other statement of ethical behaviour. Ensure there are clear channels of communication for staff to raise concerns about potential conflicts of interest, collusion, bribery and corruption. Make sure that concerns are listened to.
A staff member may insist on dealing with a particular bidder, indicating possible collusion or bribery.	Implement robust arrangements for segregation of duties and rotation of staff.
A tender opportunity may not have been properly and widely advertised, in order to restrict the number of bidders or favour one bidder.	Establish clear arrangements for advertising tenders, and ensure they are adhered to in all cases.
Certain bidders may be given extensions, allowing them to submit tenders after the due date.	Monitor any extensions to ensure they were properly authorised and given for justifiable reasons. Consider their impact on the final outcome of the process.

Award of Contract

Fraud Risks/Red Flags	Mitigating Controls
Tender evaluation criteria are not set in advance, or are changed from those set out in the tender documentation, to favour a particular bidder. This could indicate possible conflict of interest, bribery or corruption.	Establish tender evaluation criteria at the pre-tender stage and include them in tender documentation, to promote transparency. Changes after that point should only be made to correct an obvious error in tender documentation. Ensure that no single person has responsibility for finalising the criteria.
In relation to the tender process: the tender scoring process may be altered to favour a particular bidder a bid may be disqualified for no apparent reason a bid may be manually altered after submission all indicating possible conflict of interest, bribery or corruption.	Ensure that all contract award panellists have had specific procurement fraud awareness training,and recognise the risks of bribery and corruption. Ensure that all panellists have declared any conflicts of interest in relation to the specific procurement exercise. Use an e-tendering platform to help prevent alteration of bids after submission.
The contract award panel: may be under-qualified or inexperienced may be unduly influenced by one panel member, or by someone outside the panel seeking to affect the outcome.	Ensure that the contract award panel is of sufficient experience and seniority for the scale of the procurement. Have clear guidelines in place for the operation of panels, to help minimise the risk of undue influence.
There may be little or no documentation to support the award panel’s decision. This could be an effort to conceal possible conflict of interest, bribery or corruption.	Ensure that standard documentation is used to record the panel decision, with appropriate supporting documentation. Use an e-tendering platform to facilitate proper recording of decisions.
There is evidence of one bidder winning multiple bids. This could indicate they have insider information as a result of conflict of interest, bribery or corruption.	Maintain a centralised contracts register. Review and analyse the register on a periodic basis. Query any unusual or unexpected patterns in relation to particular bidders.
The contract may be awarded to an unexpected contractor, indicating possible conflict of interest, bribery or corruption.	Ensure that standard documentation is used to record the panel decision, with appropriate supporting documentation. Ensure that all panellists have declared any conflicts of interest in relation to the specific procurement exercise.
An unsuccessful bidder may raise concerns about the bidding process/outcome.	Ensure that appropriate debrief information is provided to unsuccessful suppliers/contractors. Ensure there are clear channels for suppliers and contractors to raise concerns about the tender process. Make sure that concerns are listened to and investigated appropriately.

Contract Management

Fraud Risks/Red Flags	Mitigating Controls
A winning bidder may sub-contract work to a losing bidder, suggesting collusion between bidders at the tender stage.	Monitor the use of sub-contractors to look for any patterns that might indicate collusion.
Unexplained additional works or services leading to additional contract costs may indicate bid manipulation, with submission of an intentionally low bid to win the contract, followed by requests for contract variations.	Have clear procedures in place for contract variations, to ensure they are properly documented, justified and authorised. Challenge contractors/suppliers who seek variations to the contract post-award.
There are risks around invoicing for contracts/supplies: invoices for work not completed or supplies not delivered lack of supporting documentation or use of photocopies unexpected items invoiced duplicate invoices for the same supplies/services multiple invoices of a similar value, which could indicate splitting to avoid appropriate authorisation.	Implement a “No purchase order, no pay” policy to ensure a full audit trail. Have effective arrangements in place for checking invoices before payment, including adequate supporting documentation and evidence that the specified supplies/services have been provided. Analyse expenditure to highlight unusual items. Use software for duplicates testing. Test for physical evidence of supplies/services. Analyse expenditure patterns across suppliers/contractors to help detect possible splitting of tenders into multiple smaller amounts to circumvent authorisation thresholds.
Evidence of a close relationship between a contractor/supplier and an employee could indicate bribery or gifts and hospitality, and could jeopardise contract management, e.g. ineffective contract monitoring.	Ensure that contract managers are appropriately trained and aware of their bribery risks. Have a clear Gifts and Hospitality policy in place, and ensure that all staff are fully aware of its existence and contents and adhere to it. Managers should spot check/review contract monitoring reports. Ensure there are clear channels for staff to raise concerns about possible collusion, bribery and corruption. Make sure that concerns are listened to.
A high level of complaints from service recipients might indicate the use of sub-standard materials or unqualified workers on a contract, or the supply of inferior goods for the same contract price.	Perform spot checks on quality of goods and services supplied, to ensure they are in line with the contract. Ensure contract management roles and responsibilities are well defined and include provision for site visits/inspections during the course of a contract. Have a clear line of communication for customer/service user complaints. Monitor the feedback and respond appropriately.
A contractor or supplier inquiring about a missing payment could indicate that the payment has been fraudulently diverted, either internally or externally.	Verify supplier details on initial set-up. Close off any unused/dormant supplier accounts to prevent them being used to facilitate fraud. Requests for change of bank account details should not be processed automatically; there should be a clear and robust verification process for all staff to follow. Ensure adequate segregation of duties in the payment process.
Missing supplies or an unexpected delivery address could indicate a member of staff or contractor diverting goods for personal use.	Always ensure approved delivery addresses are used. Monitor goods received notes for unexpected addresses. Maintain comprehensive inventory/asset records and monitor usage levels. Have a regular programme of physical asset checks/stock-takes.
Unexpected or unexplained delays could indicate a contractor manipulating the contract in order to claim extra costs.	Monitor contract overruns in terms of both cost and time, and ensure there is clear justification for any variations. Ensure contract terms are invoked to secure service credits or recovery of costs due to supplier delays.

Non-competitive Procurement

Fraud Risks/Red Flags	Mitigating Controls
The aggregate spend to a contractor or supplier may exceed the threshold for tendering, yet no tender process has been completed, indicating splitting to avoid proper process or to favour a particular contractor/supplier.	Monitor aggregate spend to individual contractors/suppliers to look for evidence of splitting to avoid tender thresholds.
Use of a business procurement/purchasing card may show an unusual expenditure pattern or unexpected items, indicating possible purchases made for personal use.	Limit the number of procurement cards and users. Apply a maximum expenditure level and restrict categories of purchase on the card. Monitor procurement card expenditure to identify unusual or unexpected items or suppliers, or transactions at unusual times.
There may be signs of a close relationship between an employee and supplier, perhaps influenced by bribery or gifts and hospitality.	Ensure staff are aware of their bribery risks and require them to adhere to a code of conduct or other statement of ethical behaviour. Have a clear Gifts and Hospitality policy in place, and ensure that all staff are fully aware of its existence and contents and adhere to it.
Supplier details, such as address or bank account, may be the same as a staff member, indicating a possible undeclared conflict of interest or a false supplier account used to divert funds.	Ensure robust supplier/contractor verification procedures are in place and carry out periodic due diligence e.g. checks to Companies House. Consider matching payroll and creditors’ data to identify undeclared conflicts of interest.
Procurement records may show an unusual or unexpected delivery address, indicating possible diversion of supplies for personal use.	Ensure that suppliers are aware of valid business delivery addresses and ask them to query any unexpected addresses. Monitor goods received notes for unexpected addresses. Maintain comprehensive inventory/asset records and monitor usage levels.
In relation to cash-based transactions: holding an unusually large cash balance increases the risk of misuse excessive or unexpected cash purchases may suggest circumventing normal procurement procedures and controls, possibly for fraudulent reasons.	Limit the use of cash to the absolute minimum. If cash is necessary, hold only a moderate balance. Ensure clear rules are in place for the use of cash in relation to purchases. Analyse cash-based transactions regularly, to identify possible fraudulent use.

Useful sources

Review into the risks of fraud and corruption in local government procurement, Ministry of Housing, Communities and Local Government, June 2020:

https://www.local.gov.uk/review-risks-fraud-and-corruption-local-government-procurement

Procurement Red Flags, Audit Scotland, October 2019:

https://www.audit-scotland.gov.uk/uploads/docs/um/fraud_red_flags_procurement.pdf

Managing the Risk of Procurement Fraud, Local Government Association and CIPFA Counter Fraud Centre, June 2015:

https://local.gov.uk/sites/default/files/documents/managing-risk-procurement-7fd.pdf

Protecting your supply chain from fraud, Local Government Association and CIPFA Counter Fraud Centre, April 2020:

https://www.cipfa.org/services/counter-fraud-centre/support-and-resources/articles/covid-19-protecting-the-local-government-sector-supply-chain-from-fraud

Conflicts of Interest: a Good Practice Guide, Northern Ireland Audit Office, March 2015:

https://www.niauditoffice.gov.uk/publications/conflicts-interest-good-practice

Managing Fraud Risk in a Changing Environment, Northern Ireland Audit Office, November 2015:

https://www.niauditoffice.gov.uk/publications/managing-fraud-risk-changing-environment

Managing the Risk of Bribery and Corruption, Northern Ireland Audit Office, November 2017:

https://www.niauditoffice.gov.uk/publications/managing-risk-bribery-and-corruption

Raising Concerns: A Good Practice Guide for the Northern Ireland Public Sector, Northern Ireland Audit Office, June 2020:

https://www.niauditoffice.gov.uk/publications/raising-concerns-good-practice-guide-northern-ireland-public-sector

Case examples

Source: Review into the risks of fraud and corruption in local government, MHCLG, June 2020

Possible collusion at tender stage

A senior education officer had responsibility for developing a tender document for school improvement services. The partners of both the senior officer and the officer’s line manager were providers of school improvement services. Neither employee had declared a conflict of interest. The officer was in a position to draft the tender to favour certain providers or preclude others. The issue was revealed because the individuals bidding for the work declared their connection to the council employees. The tender process had to be withdrawn because of the risk of legal challenge from other providers of school improvement services.

Abuse of a business procurement card

A trusted and long-serving member of staff held a credit card for business purposes. The person’s managers did not adequately check card payments and supporting paperwork as they were too busy. As long as things looked “OK”, they authorised all payments. A new manager noticed odd transactions that “didn’t look right” and the matter was raised with the Counter Fraud Services Team. An investigation found that there were over 100 personal transactions on the card over a two-year period, including holidays, amounting to a total of around £8,500. The officer was dismissed and prosecuted. The fraud could have been prevented if managers had followed proper authorisation procedures.

Diversion of funds to a personal account

A finance officer amended supplier bank account details to divert genuine payments into his own account. Once the payment run was processed, the officer corrected the details. The total estimated fraud loss was £80,000. The fraud was discovered when genuine suppliers enquired about outstanding payments. The fraud was facilitated by weak controls, in particular limited segregation of duties and no independent review of system audit trails which would clearly have shown the amendment of supplier bank details. The fraud may not have been detected if the person had fabricated false invoices rather than diverting payment of genuine invoices.

Unnecessary work and overcharging

Concerns were raised about a school business manager who placed nearly £350,000 of orders for property maintenance work and IT equipment with two suppliers over a two-year period. He was responsible for all aspects of procurement and had placed orders without consulting the heads of departments on whose behalf he was apparently procuring the goods and services. The officer breached financial procedures by failing to obtain quotes and/or deliberately splitting orders to avoid proper authorisation. An investigation found that the suppliers used were unsuitable for the work undertaken, much of which was deemed unnecessary. It was strongly suspected that the owners of both firms were known to the business manager in a personal capacity and that the business was awarded for personal gain. The officer resigned.

Collusion with supplier

A council’s Principal Engineer colluded with a contractor’s Contract Manager for two and a half years in relation to road re-surfacing. Over 100 jobs were vastly overcharged, with surface areas, materials, labour and charges for disposal of old surfaces all significantly overstated. The overcharging amounted to £1.9 million. The issue came to light when a whistleblower raised concerns with the contractor. The contractor alerted the council and an investigation was undertaken. The fraud was perpetrated either by the contractor’s Contract Manager creating “ghost” sub-contractors who supposedly worked on the jobs, or genuine sub-contractors claiming for work not undertaken (in collusion with the Contract Manager). It appears the money was then cashed and distributed to the relevant parties.

Procurement fraud by abuse of position

A council housing manager created fictitious suppliers to divert payments to third parties with no entitlement. He requested payments to the fictitious suppliers, supported by false invoices and forged documentation, for work that was not carried out. In some cases, the address for the location of work did not even exist. The housing manager was well-liked and trusted and his line manager authorised the payments without checking the authenticity of the documentation or the need for the requested work. The fraud came to light when an Accounts Payable check showed the same bank details for multiple “suppliers”. The housing manager was prosecuted for four counts of fraud amounting to over £307,000 and imprisoned for 18 months.

Employee corruption

A housing department employee colluded with her husband, who had a cleaning services business, to inflate costs charged to the council, and ensured work was awarded to her husband’s business. The business had been set up by the council as a new supplier for a one-off job costing £900, but had been paid £126,000 over the course of a year. The council employee had not declared a conflict of interest. The fraud was discovered in a special exercise that analysed council spend to ensure proper compliance with procurement rules, which stated that spend over £10,000 must be put out to tender and subject to a contract. No contract was in place for the £126,000 spent on cleaning services. The employee resigned before a disciplinary hearing could be held and the council stopped using the supplier.

Kickbacks in exchange for contracts

A housing manager accepted bribes from suppliers in return for helping them secure council contracts, including £125,000 from one contractor who was awarded a £2 million council contract. The manager is estimated to have personally gained £400,000, as well as tickets to premiership football matches, meals and golf trips. The manager’s misconduct was revealed when a colleague raised concerns with the council’s internal audit department. He was jailed for three and a half years.

Self-assessment checklist

Source: Adapted from Managing the Risk of Procurement Fraud, Local Government Association and CIPFA Counter Fraud Centre, June 2015

Good practice standard	Yes / No	Action required
Do we have a zero tolerance policy towards procurement fraud?
Have we undertaken procurement fraud risk identification and assessment?
Are we vigilant for new procurement fraud risks and scams?
Do we require staff in procurement roles to have annual training in ethical procurement, including fraud awareness?
Do we have the right approach – and strategies, policies and plans – that are effective in countering procurement fraud?
Do we have a ‘no purchase order, no payment’ policy?
Do counter-fraud staff review the procurement activity of our organisation?
Do we report regularly on how well we are tackling procurement fraud risks?
Do we raise awareness of procurement fraud risks with new staff (including agency staff), existing staff, and our suppliers?
Do we work well with national, regional and local networks to ensure we know about current procurement fraud risks and issues?
Do we work well with other organisations to ensure we effectively share knowledge and data about fraud and fraudsters?
Do we identify areas where our internal controls are not working as well as intended? If so, do we take action quickly?
Have we reviewed our procurement procedures in line with best practice?
Do we have arrangements in place that encourage our staff to raise their concerns about money laundering?
Do we have effective arrangements for recording and reporting procurement fraud?
Do we have visible and effective arrangements in place for staff to raise concerns?
Are we confident that we have sufficient counter-fraud capacity and capability to prevent and detect procurement fraud?