Common Procurement Fraud Typologies
The most prevalent procurement fraud typologies identified in Irish public sector audit findings include: bid rigging (collusion between tenderers to fix prices or allocate contracts); specification manipulation (tailoring technical requirements to favour a predetermined supplier); single tender authorisation abuse (inventing urgency or other grounds to avoid competition); conflict of interest non-disclosure (award to connected parties); invoice fraud (false invoices submitted by contractors for work not performed); and payment manipulation (approving payments to incorrect accounts or fictitious suppliers).
Many frauds exploit process weaknesses rather than breach security controls directly. Specification manipulation, for example, typically requires only that an internal official write a specification that only one supplier can meet — no external hacking required. This makes human behavioural controls — segregation of duties, mandatory peer review, cooling-off periods for conflicts — as important as technical controls in procurement fraud prevention.
Key Preventive Controls
Segregation of duties is the foundational control for procurement fraud prevention. The functions of requisitioning (identifying the need), specifying (writing the requirement), evaluating (scoring tenders), approving (authorising the award) and paying (processing invoices) should be performed by different individuals wherever possible. For smaller organisations where full segregation is not achievable at every stage, compensating controls such as mandatory second approval and post-award review by an independent person should be implemented.
Conflict of interest management requires a formal declaration process at the start of every procurement. Evaluators must disclose any personal or professional relationship with any tenderer and must be recused where a conflict exists. Declarations should be recorded in the procurement file and retained. The authority should also conduct checks against publicly available company information to identify undisclosed connections — a company registered to the address of an evaluator's family member is a red flag that a declaration review should catch.
Detection Controls and Anomaly Analysis
Preventive controls reduce the opportunity for fraud; detection controls identify fraud when it occurs. Key detection controls for procurement include: regular sampling and audit of procurement files by internal audit; post-award performance review comparing what was specified against what was delivered; supplier payment analysis to identify patterns (consistently low invoices just below authorisation thresholds, payments to newly registered companies, sudden changes in payment account details); and analysis of tender win rates by supplier (a supplier winning a very high proportion of bids across a category warrants investigation).
Data analytics tools can surface anomalies in procurement patterns that manual review would miss — for example, by identifying that the same evaluator consistently scores the same supplier highest across different evaluation panels, or that a particular supplier only submits tenders when a specific procurement officer is involved. The Irish public sector is increasingly using procurement analytics as a fraud detection tool, and GovIQ's audit chain provides the structured event log that makes such analytics possible.
Responding to Suspected Fraud
When fraud is suspected, the contracting authority must act promptly and carefully to preserve evidence while avoiding actions that might alert the suspected fraudster or compromise any subsequent investigation. The immediate steps are to notify the accounting officer and legal advisor, preserve all procurement records (including email correspondence and system access logs), and contact An Garda Síochána if a criminal offence is suspected.
The authority should not conduct its own interrogation of a suspected employee until legal advice has been taken — improper investigation procedures can compromise a criminal prosecution and may give rise to claims of unfair dismissal. Where the fraud may have involved other authorities or suppliers in other jurisdictions, the authority should also consider whether to notify the European Anti-Fraud Office (OLAF) if EU funding is involved. Recovery of misappropriated funds through civil proceedings or insurance claims should be explored in parallel with any criminal process.
Let GovIQ route your next procurement automatically.
Get a free procurement audit report — your procedure, documents and audit trail in one signed pack.
Get free audit report