Investigating Procurement Irregularities with Forensic Tools

Procurement is where strategy, money, and ethics intersect and where some of the most damaging fraud and abuse can often be concealed.

From split purchases and bid rigging to undisclosed conflicts of interest, many schemes only come to light once the financial and reputational damage is already done.

At that point, leaders need more than a routine audit.

They need a structured forensic investigation backed by robust tools and methods.

This article explores:

1. How to use data analytics to spot anomalies at scale.
2. The role of forensic vendor due diligence and digital evidence.
3. Practical red flags that should trigger deeper investigation.
4. How to turn investigation findings into stronger procurement controls.

If you are a finance, risk, procurement or audit leader responsible for high-value spend, this piece offers a practical roadmap for investigating concerns and building a more proactive monitoring capability.

If you would like to discuss a current concern or test the integrity of a high-risk procurement area, reach out to the Duja Consulting forensic team for a confidential conversation.

Investigating Procurement Irregularities with Forensic Tools

Brought to you by Duja Consulting

Introduction

Procurement is where strategy, money and ethics meet. It is also where some of the most damaging forms of fraud, waste and abuse can hide. Inflated invoices, conflicts of interest, bid rigging and undisclosed relationships between staff and suppliers can drain value quietly for years before anyone notices. When suspicions eventually surface, decision makers need more than a traditional audit. They need a structured forensic investigation, supported by robust tools and methods, that can withstand legal and public scrutiny.

Forensic procurement investigations are not simply about catching “bad apples”. They aim to understand how irregularities occurred, who was involved, which controls failed and how to prevent repeat incidents. That requires a combination of specialised expertise and technology: data analytics across large volumes of transactions, forensic tools to extract and preserve digital evidence, structured techniques for reviewing supplier relationships, and disciplined case management that keeps every step traceable.

Global surveys continue to show that procurement is one of the highest risk areas for fraud and corruption, with schemes such as bid rigging, kickbacks, overbilling and collusion featuring prominently. At the same time, a significant minority of organisations still do not use data analytics at all to identify procurement fraud, despite clear evidence that analytical tools materially strengthen detection and deterrence.

This article outlines how organisations can investigate procurement irregularities using forensic tools, and how Duja Consulting typically structures such assignments. The focus is practical: what to look for, which tools to use, how to manage evidence, and how to translate investigative findings into stronger controls and governance.

1. Viewing procurement through a forensic lens

The starting point is to define what is meant by procurement irregularities.

These range from clear-cut fraud to more subtle breaches of policy:

• Collusion between employees and suppliers, for example kickbacks in return for contracts.
• Collusion between suppliers to fix prices or rotate bid winners.
• Manipulation of specifications to favour a preferred supplier.
• Overbilling, duplicated invoicing or “ghost” goods and services never delivered.
• Unauthorised contract variations that enrich a supplier without proper approval.
• Conflicts of interest that were not disclosed and managed.

A forensic lens does not assume that every irregularity is intentional fraud. Rather, it starts with hypotheses about potential schemes and looks for patterns in the data, documents and behaviour that either support or refute those hypotheses.

Forensic practitioners apply concepts such as:

• Red flag indicators – anomalies in behaviour or data that may point to a scheme.
• Triangulation of evidence – corroborating digital, documentary and testimonial evidence.
• Follow-the-money analysis – tracing flows of funds from purchase requisition to payment and beyond.

For organisations, the key shift is to stop treating procurement issues as isolated incidents and instead see them as potential symptoms of wider control failures or cultural problems.

2. Mapping the end-to-end procurement trail

Before tools are deployed, investigators need a clear picture of how procurement actually works in practice, not just how policies say it should work.

That means mapping the end-to-end cycle:

1. Needs identification and budgeting.
2. Specification drafting and sourcing strategy.
3. Supplier selection (quotations, tenders, evaluations and approvals).
4. Contracting and master data creation.
5. Ordering, receipting and invoice approval.
6. Payment and post-implementation review.

In many organisations this chain is supported by multiple systems: enterprise resource planning platforms, e-sourcing portals, contract management databases and payment systems.

Forensic investigators need to know:

• Where data for each step resides.
• Who can create, change or approve records.
• Where manual workarounds or “shadow systems” (for example spreadsheets) are used.

This process map becomes the backbone for the investigation. It guides data extraction, helps identify control gaps, and provides a framework for explaining findings to executives and, where necessary, law enforcement.

3. Prioritising risks and red flags before the investigation starts

Forensic work is resource intensive.

It is neither practical nor necessary to test every transaction in the same depth. A disciplined planning phase uses risk assessment and red-flag analysis to focus effort where it will have the greatest impact.

Typical procurement red flags include:

• Repeated awards to the same supplier just below tender thresholds.
• Tenders with very narrow or unusual specifications that few suppliers can meet.
• Last-minute changes to tender conditions or evaluation criteria.
• Short tender periods that appear to favour an incumbent supplier.
• Employees who create vendors, approve purchase orders and authorise payments, giving them excessive end-to-end control.
• Suppliers sharing contact details, directors, bank accounts or physical addresses.

Using these indicators, investigators can identify high-risk categories (for example certain projects, business units or commodity types) and design tailored procedures.

This is where forensic tools begin to add value: rules-based queries, anomaly detection, and network analysis can quickly highlight transactions and relationships that deserve closer attention.

4. Using forensic data analytics to spot anomalies at scale

Modern forensic investigations rely heavily on data analytics.

Procurement typically generates large volumes of structured data, which can be mined for patterns that human reviewers would struggle to see.

Key analytical techniques include:

• Benford’s Law and numerical profiling to detect unnatural digit patterns in invoice amounts, suggesting manipulation.
• Duplicate testing for repeated invoice numbers, amounts, purchase order numbers or bank accounts.
• Date and time analysis highlighting suspicious timing, such as large approvals outside business hours or on public holidays.
• Threshold and split-purchase analysis to identify transactions clustered just below delegated approval levels or tender thresholds.
• Outlier and trend analysis to flag suppliers whose prices or volumes deviate significantly from the norm.
• Network and relationship analysis to uncover links between suppliers, employees and other parties.

Many organisations still underuse these techniques. Recent surveys indicate that around one in five organisations do not use data analytics at all for procurement fraud risk, missing opportunities to detect irregularities earlier and more consistently.

Duja Consulting typically combines commercial forensic software with tailored queries developed specifically for the client’s procurement environment. The aim is not to generate hundreds of false positives, but to produce a ranked set of high-risk items that investigators can examine in depth.

5. Drilling down with targeted transaction testing

Data analytics identifies where to look; transaction testing confirms what has actually occurred.

Once high-risk items or patterns are identified, investigators:

• Retrieve underlying documents: requisitions, tender records, evaluation scoresheets, contracts, delivery notes, invoices and payment evidence.
• Check whether required approvals, competitive quotes or tender steps were truly followed rather than reverse-engineered after the fact.
• Compare invoice descriptions with actual goods received or services delivered.
• Re-perform calculations on complex invoices, variations or escalation clauses.
• Cross-check invoice values against contract terms and market benchmarks.

Forensic tools assist at each step. Document management platforms allow investigators to tag, categorise and search thousands of documents. Optical character recognition enables text-searching within scanned documents. Analytics tools link each tested transaction back to system data, ensuring that nothing is overlooked.

The goal is to draw a clear line from data anomalies to specific control breaches or misconduct. For example, a cluster of split purchases identified analytically may link to a particular buyer who repeatedly avoided tender processes, or to a supplier that has quietly captured a category through serial low-value purchases.

6. Looking behind the supplier: forensic vendor due diligence

Procurement irregularities often involve suppliers that are not what they seem.

A supplier may be a front for an employee’s own company, a relative, or a network of colluding entities. Forensic vendor due diligence shines a light on these relationships.

Using a combination of public records, commercial databases and open-source research, investigators examine:

• Company registration details, directors and shareholders.
• Links between supplier directors and employees (for example shared addresses, surnames or social media connections).
• Whether suppliers share bank accounts, phone numbers or email domains.
• Past involvement in litigation, regulatory action or adverse media.
• Sanctions lists and debarment registers in relevant jurisdictions.

Specialist data-matching tools can automatically compare supplier master data against employee data to identify potential conflicts of interest. More advanced network analysis software visualises relationships as graphs, making it easier to spot clusters of related suppliers.

Where suspicious links are found, investigators gather further evidence: declarations of interest, emails, meeting records and any approvals granted. The combination of factual connection and undisclosed interest can be powerful in disciplinary or legal proceedings.

7. Following the digital footprint: emails, devices and systems

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Forensic investigations therefore make extensive use of electronic evidence, including:

• Email correspondence between employees and suppliers.
• Messages exchanged on collaboration platforms.
• System access logs showing who created or changed vendor records or purchase orders.
• Electronic approvals and workflow histories.

Forensic tools in this area include e-discovery platforms capable of processing large volumes of electronic communication. They allow keyword searches, conversation threading, time-line analysis and filtering by custodian or topic. Advanced analytics can group similar documents, identify communication patterns and surface potentially relevant conversations more quickly.

Proper preservation is essential. Investigators must maintain chain of custody, ensuring that digital evidence is collected in a defensible manner and stored securely. Where devices need to be imaged, digital forensics specialists use specialised software to capture complete copies, including deleted data where lawfully accessible.

8. Forensic interviewing that connects facts with behaviour

Data and documents tell part of the story; people tell the rest.

Forensic interviewing is a structured technique that uses evidence strategically to understand what really happened and why.

Key principles include:

• Planning – deciding who to interview, in which order, with what objectives and supporting documents.
• Establishing a baseline – starting with open questions to understand the interviewee’s role and responsibilities before confronting anomalies.
• Progressive disclosure – presenting evidence gradually, allowing the interviewee to respond, clarify and commit to versions of events.
• Professional neutrality – avoiding accusations; the focus is on facts, not emotion.
• Detailed note-taking and recording – ensuring that interviews can be referenced accurately in reports and proceedings.

Forensic tools support this by providing interviewers with dashboards or case views that summarise the relevant transactions, emails and relationships for each interviewee. Rather than confronting a buyer with vague allegations, an investigator can reference specific tenders, approvals or emails, and test explanations against the evidence

9. Managing evidence, chain of custody and case files

Procurement investigations often proceed to disciplinary hearings, regulatory reporting or criminal complaints. Weak evidence management can undermine even the strongest findings.

A forensic approach treats every piece of evidence as potentially courtroom-bound.

Good practice includes:

• A central case management system that records every step taken, by whom and when.
• Unique identifiers for each document, dataset, interview and piece of physical evidence.
• Clear chain-of-custody records whenever evidence is transferred, analysed or stored.
• Separation between working copies and original evidence, with original data preserved in unchanged form.
• Secure storage and access controls to protect confidentiality and integrity.

Specialised case management tools integrate documents, data analytics results, interview notes and task logs into a single environment. This makes it far easier to reconstruct the investigation, respond to legal challenges and provide regulators or auditors with a comprehensive, well-organised record.

10. Collaborating with legal, internal audit and management

Forensic procurement work does not happen in isolation. It must be aligned with legal strategy, internal audit plans and organisational governance.

Specialised case management tools integrate documents, data analytics results, interview notes and task logs into a single environment. This makes it far easier to reconstruct the investigation, respond to legal challenges and provide regulators or auditors with a comprehensive, well-organised record.

Effective collaboration typically involves:

• Legal counsel – advising on privilege, reporting obligations, employee rights, data protection and engagement with law enforcement.
• Internal audit – providing knowledge of existing controls, prior audit findings and risk assessments.
• Human resources – managing suspension decisions, disciplinary processes and communication with staff.
• Executive sponsors – ensuring the investigation has the authority and access needed, and that recommendations are acted upon.

Forensic tools can support this collaboration through controlled access to dashboards or reporting portals. Executives can track progress at a high level, while operational teams see the detail relevant to their responsibilities. This transparency helps maintain confidence in the process and reduces the risk of perceived bias.

11. From investigation findings to stronger procurement controls

An investigation is successful not only when it uncovers wrongdoing, but when it leads to stronger controls and a healthier procurement culture.

Common recommendations emerging from forensic work include:

• Tightening segregation of duties in the procurement cycle.
• Strengthening vendor onboarding checks, including automated conflict-of-interest testing.
• Requiring fuller documentation and justification for sole-source or emergency procurement.
• Enhancing training for buyers and approvers on red flags and ethical expectations.
• Implementing clear consequences for breaches, applied consistently at all levels.
• Establishing regular analytics-based monitoring as part of routine risk management.

The same forensic tools used for investigation can be transitioned into ongoing monitoring. Query libraries, risk indicators and dashboards developed during the case can form the foundation of a continuous assurance programme.

12. Building a proactive, technology-enabled monitoring capability

Leading organisations are moving from reactive investigations to proactive detection. Rather than waiting for whistle-blowers or audit findings, they embed forensic analytics into their procurement systems to provide early warning of irregularities.

A technology-enabled monitoring capability typically includes:

• Automated data feeds from procurement, finance and human resources systems into a secure analytics environment.
• Routine analytical tests for duplicate invoices, split purchases, unusual bidding patterns and supplier relationships.
• Risk-scored alerts that focus investigators on high-impact anomalies.
• Visual dashboards for procurement leaders, internal audit and risk committees, showing trends, hotspots and control effectiveness.
• Integration with whistle-blowing channels, so that tips can be cross-checked quickly against transactional evidence.
• Use of machine learning techniques to refine risk models over time, learning from confirmed cases of fraud or error.

This proactive approach does not eliminate the need for deep-dive investigations. Instead, it ensures that forensic tools are part of business-as-usual practice, improving detection speed, reducing losses and reinforcing a culture of integrity.

Duja Consulting supports clients in designing and implementing these monitoring frameworks, drawing on experience from complex forensic audits and investigations.

Conclusion: why procurement investigations need forensic depth

Procurement irregularities can erode value, damage reputations and, in the public sector, undermine trust in institutions.

Traditional audits alone are rarely enough to expose sophisticated schemes or entrenched patterns of misconduct. A forensic approach brings together rigorous methodology, specialised tools and investigative experience to uncover the truth and lay the groundwork for lasting improvement.

By combining data analytics, forensic technology, disciplined evidence management and skilled interviewing, organisations can:

• Detect irregularities earlier and more reliably.
• Quantify financial impact with greater confidence.
• Hold individuals and suppliers accountable based on solid evidence.
• Strengthen procurement controls and governance for the future.
• Demonstrate a clear commitment to ethical, transparent procurement.

Duja Consulting works alongside boards, executives and internal teams to design and execute procurement investigations that stand up to scrutiny and deliver actionable insight. Whether your organisation faces a specific allegation, concerning patterns in the data, or a desire to test the integrity of high-risk procurement areas, a forensic approach – supported by the right tools – is one of the most powerful ways to protect value and restore trust.

Connect with Duja Consulting! Follow us on LinkedIn!