The Scale of the Problem
IT procurement fraud prevention is not a compliance afterthought — it protects a material share of the budget. The ACFE's 2026 Report to the Nations estimates that organisations lose around 5 percent of annual revenue to occupational fraud, with a median loss of about USD 104,000 per case and an average exceeding USD 1.4 million. Asset misappropriation appears in roughly 90 percent of cases, and billing schemes — fake or inflated invoices, a core procurement-fraud type — account for about 22 percent of US asset-misappropriation cases at a median loss near USD 100,000 each.
For a large IT estate, with its high spend, complex contracts and steady flow of invoices, the exposure runs well into seven figures. Fraud control is therefore part of the same value-protection discipline as the rest of the procurement function — the savings a good team negotiates can be quietly drained by a single uncontrolled payment channel.
The Schemes That Target IT Spend
A handful of schemes account for most procurement losses, and IT spend is exposed to all of them.
| Scheme | How it works | Primary control |
|---|---|---|
| Billing schemes | Fictitious or inflated invoices for goods/services never delivered | Three-way matching |
| Kickbacks | Employee favours a supplier for personal benefit, accepting overpriced deals | Conflict-of-interest checks, price benchmarking |
| Shell vendors | Fake supplier created in the master file, often using staff details | Vendor verification & segregation of duties |
| Payment diversion | Vendor bank details changed to redirect funds | Verified bank-change policy |
| Licensing overcharge | Supplier bills for licences or maintenance never used or agreed | Usage reconciliation, audit rights |
The IT-specific variants — licensing overcharge and phantom renewals — are easy to miss because they hide inside legitimate-looking vendor invoices. Reconciling what is billed against what is actually deployed requires the visibility of a complete software licence inventory; without it, an inflated maintenance line is indistinguishable from a real one. Kickbacks, meanwhile, often reveal themselves as prices that sit oddly above market — which is exactly why independent benchmarking is a fraud control as well as a savings tool.
The Vendor Master File Risk
The single highest-risk object in the whole process is the vendor master file. Most procurement fraud runs through unauthorised additions or changes to it: a dishonest employee creates a fictitious vendor using their own address or tax ID, or changes a real vendor's banking details to divert payments. A request to change a vendor's bank account is statistically one of the highest-risk events in accounts payable — the precise mechanism behind payment-diversion fraud — and deserves a dedicated, verified policy rather than an email approval.
The defences are specific: cross-check vendor addresses and tax IDs against employee records, verify every bank-detail change through an independent channel back to the vendor, and flag name, address or bank "change-and-change-back" patterns. This is the data-integrity layer beneath the wider contract compliance monitoring discipline — the same governance instinct applied to the payment file rather than the contract.
A bank-detail change request is not an administrative task — it is the most dangerous transaction in your payment process. Treat it as one: verify it independently, every time, no exceptions for urgency or seniority.
The Controls That Stop Fraud
Four controls do most of the work. Segregation of duties ensures no single person can both create a vendor and approve its payments, or approve an invoice and modify bank details — the structural barrier that makes most schemes require collusion rather than one bad actor. Three-way matching of purchase order, receiving record and invoice before payment stops the organisation paying for anything not actually ordered and received. A locked-down vendor master file with verified changes protects the payment channel. And continuous anomaly monitoring of the source-to-pay process flags duplicate invoices, threshold-skimming and unusual banking changes in near real time.
These controls do not run themselves. Embedding them is part of the governance maturity charted in the procurement maturity model, and they are increasingly automated inside a contract and spend management platform that monitors every transaction rather than relying on periodic sampling.
How Detection Actually Works
The most striking finding in the fraud data is that the best detection tool is human, not technical. For the fourteenth consecutive study, tips remain the number one detection method — uncovering 43 percent of cases, nearly three times more than internal audit at 15 percent. A confidential, trusted reporting channel is therefore as important as any system control, because the people closest to the fraud usually see it first. Anomaly analytics and AI-driven monitoring matter — and connect directly to the detection use cases in our analysis of AI in procurement decision-making — but they complement tips rather than replacing them.
Controls, Culture and the Negotiation Link
Fraud prevention is finally a question of culture as much as controls. Segregation of duties and three-way matching only work where the tone from the top makes clear that integrity is non-negotiable and that a confidential tip will be acted on without reprisal. The same independence that defines good vendor relationship management — close partnership without compromised judgement — is what keeps the relationship from sliding into the conflicts of interest that kickbacks exploit. Independent price benchmarking sits at the centre of both disciplines, catching the overpriced deal whether its cause is a weak negotiation or a corrupt one. To stress-test your procurement controls and benchmark your spend against the market, request a confidential briefing, and ground the framework in the CIO Contract Governance white paper.