Preventing Fraud in Procurement: A Guide for South African Executives
Procurement fraud drains billions from companies every year – and South Africa is no exception. From inflated invoices to collusion with vendors, the red flags are often visible but ignored until it’s too late.
Our latest paper, Preventing Fraud in Procurement, equips executives and boards with the insight to:
- Identify the most common red flags in procurement.
- Implement robust internal controls and oversight.
- Leverage technology and analytics to detect anomalies
- Foster a culture of ethics and accountability
- Learn from a South African case study at Eskom
Fraud prevention is far cheaper, and less damaging, than remediation.
Protect your organisation’s resources, reputation, and stakeholder trust.
Executive Summary
Fraud in procurement is a serious threat to organisations across South Africa, leading to significant financial losses, reputational damage, and erosion of stakeholder trust. This paper provides executive leaders with a comprehensive overview of how to identify and prevent procurement fraud. It outlines common red flags – behavioural indicators (such as unexplained vendor favouritism or lavish lifestyles of procurement staff), procedural anomalies (like persistent single-source awards or bypassed controls), and documentation signs (for example, missing or altered invoices). Recognising these warning signs early is crucial; most fraudsters exhibit tell-tale behaviours or irregularities before their schemes are uncovered.
The paper also offers actionable guidance on strengthening defences against procurement fraud. Key recommendations include implementing robust internal controls (e.g. segregation of duties, multi-level approval workflows, and three-way matching of purchases), leveraging technology tools (such as e-procurement systems, data analytics, and even emerging solutions like AI-driven monitoring), and fostering an ethical organisational culture (through tone-at-the-top, clear policies, and protected whistle-blower channels). These measures align with South African regulations and governance frameworks – notably the Public Finance Management Act (PFMA), Municipal Finance Management Act (MFMA) and King IV code – all of which emphasise effective internal controls, transparency, and ethical conduct in procurement.
A South Africa-specific case study is presented, illustrating how procurement fraud at Eskom’s Kusile power station led to arrests and heavy losses, underscoring the real consequences of control failures. Ultimately, this report underlines that preventing procurement fraud requires proactive leadership oversight, a culture of integrity, and continuous vigilance. By heeding the red flags and implementing the recommended controls, companies can significantly reduce their fraud risk and safeguard both their finances and reputation.
Introduction
Procurement – the process by which organisations acquire goods and services – is inherently susceptible to fraud and corruption. Whether in the public sector or private industry, the high value of contracts and complexity of supply chains create opportunities for unethical behaviour. In South Africa, procurement fraud has been at the heart of many corporate and government scandals, contributing to wasteful expenditure and undermining public trust. For example, irregular public procurement spending exceeded R30 billion in a recent year, indicating that funds were potentially lost to mismanagement or fraud instead of being used to deliver services. Private companies are not immune either; global estimates suggest organisations can lose between 4% and 8% of their procurement spend to fraud.
The impact of procurement fraud extends beyond direct financial loss. Organisations face inflated costs, substandard goods or services, and damaged supplier relationships. There are also legal and reputational repercussions – fraud cases often result in criminal charges, regulatory penalties, and loss of stakeholder confidence. Senior leaders, therefore, have a critical role to play in establishing strong anti-fraud measures. Indeed, South Africa’s governance frameworks mandate this: Section 51(1)(a)(i) of the PFMA and Section 62(1)(c)(i) of the MFMA require accounting authorities to maintain effective, efficient, and transparent systems of financial and risk management and internal control. Similarly, the King IV Report on Corporate Governance calls for boards to implement a fraud risk management framework that prevents, detects, and responds to incidents as part of achieving the governance outcome of “effective control.”
This consulting report is tailored for executive leadership in South Africa. It first explores the common red flags that could indicate procurement fraud, helping leaders and oversight teams sharpen their vigilance. It then provides practical guidance on fraud prevention controls – spanning process controls, technology enablers, and cultural initiatives – grounded in both global best practices and South African regulatory context. A brief case study of a recent high-profile fraud incident is included to illustrate how these red flags and control gaps manifest in real life. The report is organised with clear sections and actionable takeaways to serve as a handy reference for strengthening your organisation’s defences against procurement fraud.
Common Red Flags of Procurement Fraud
Fraudulent procurement schemes often exhibit warning signs long before they are discovered. Executive managers should ensure their organisations can identify and investigate these red flags early. The red flags generally fall into three categories: behavioural indicators observed in people, procedural or process anomalies in how procurement is conducted, and documentation-related signs in records and paperwork.
Table 1 summarises some of the most common red flags in each category:
Examples of Warning Signs
Behavioural Indicators
Unusual employee behaviour:
Procurement staff having close, exclusive relationships with certain suppliers or showing unexplained favouritism to a vendor.
Lifestyle mismatches:
Buyer or official appears to be living beyond their means, e.g. cars or holidays on a modest salary.
Resistance to oversight:
Employee refuses to take leave, is overly defensive or controls all steps of a process without delegation.
Conflicts of interest:
Undisclosed financial interest in a supplier, or staff accepting inappropriate gifts/entertainment from vendors.
Procedural Anomalies
Bypassing of normal processes:
Frequent use of emergency or sole-source procurements without valid justification, avoiding competitive bidding
Irregular bidding patterns:
e.g. only one or two vendors bid repeatedly, or certain qualified contractors inexplicably fail to bid, suggesting collusion.
Manipulated timelines:
Tender adverts placed in obscure outlets or with unrealistic deadlines (e.g. over holidays) to limit competition; acceptance of late bids or improper bid alterations indicating a rigged process.
Split or inflated orders:
Large orders split into smaller ones just under approval thresholds to evade oversight, or sudden, unexplained spikes in spend with a particular supplier.
Documentation Signs
Missing or inadequate records:
Required supporting documents (receiving reports, quotations, etc.) are missing, incomplete or copied, suggesting potential tampering.
Altered or identical documents:
Paperwork appears altered or forged, such as invoices with white-outs, or multiple bids with identical formatting and errors, hinting at collusion.
Discrepancies in figures:
Invoice amounts or terms don’t match the purchase order, contract, or delivery records – e.g. an invoice charging for higher quantities than received, or duplicate invoice numbers for the same goods.
Vendor information anomalies:
Vendor records with incomplete or suspicious details (e.g. no physical address or a P.O. box only), or cases where a vendor’s contact data matches an employee’s (indicating a possible shell company).
Common red flags of procurement fraud by category.
Each of the red flags listed above serves as a prompt for further investigation, although it is not proof of wrongdoing on its own. For instance, an employee who suddenly adopts an extravagant lifestyle or refuses to rotate duties could signal that they are benefiting from kickbacks. Likewise, procedural red flags – such as the same supplier repeatedly winning bids under opaque circumstances or tenders consistently being run in a rushed manner – often accompany schemes like bid rigging or contract steering. Documentation issues are particularly revealing in procurement fraud, as schemes often require falsifying records. Thus, missing documents, altered invoices, or photocopied receipts where originals are expected should raise immediate concern. A pattern of sequential invoice numbers from one vendor, despite intermittent purchases, is another classic indicator of fraudulent billing.
It bears emphasis that red flags must be viewed in context. One red flag in isolation may be a benign error or coincidence. However, multiple red flags or a pattern of anomalies strongly suggest elevated fraud risk. Executives should ensure their procurement and internal audit teams are trained to spot these warning signs and empowered to investigate them promptly. In the next section, we translate these insights into concrete prevention strategies, detailing how to implement controls and safeguards to address the very red flags identified above.
Implementing Fraud Prevention Controls
Preventing procurement fraud requires a multi-faceted approach. Organisations must fortify their internal control environment, deploy modern technology tools for oversight, and cultivate a strong ethical culture.
The following measures can greatly reduce the risk of fraud in the procurement cycle:
Strengthen Internal Controls and Oversight
Rigorous internal controls are the first line of defence against procurement fraud. As mandated by the PFMA/MFMA, entities must have “effective, efficient and transparent systems of financial and risk management and internal control”.
Key controls include:
Segregation of duties:
No single individual should control an entire procurement transaction from end to end. Divide responsibilities among staff for requisitioning, approving, ordering, receiving, and payment. For example, the person who approves a purchase order should not be the one who can also receive goods and approve invoices. This prevents one person from having unchecked power to perpetrate fraud. Large organisations often split procurement and accounts payable departments to enforce this separation. Smaller firms should at a minimum ensure a second pair of eyes in the process.
Multi-level approval and limits:
Implement a tiered approval process for purchases. Set monetary thresholds that trigger higher-level sign-offs – e.g. a manager approves purchases up to a certain rand value, anything larger requires senior executive or finance approval. Crucially, ensure these approval limits cannot be bypassed by splitting purchases. The system should flag if multiple smaller orders are made to the same supplier in quick succession just under the limit (a known fraud tactic).
Three-way matching:
Require that payments are only processed when three documents agree – the purchase order, the supplier’s invoice, and the goods received note. This three-way match control ensures that an invoice is verified against what was ordered and what was delivered before payment is made. It helps catch false or inflated invoices; for instance, if an invoice lists 100 units but the warehouse receipt shows only 60 units received, payment should be halted until the discrepancy is resolved.
Vendor due diligence:
Strengthen vendor onboarding and management processes. Conduct thorough background checks on new suppliers to verify their legitimacy (e.g., checking registration details, ownership, and tax compliance). Maintain an approved vendor list and ensure exceptions are justified. Regularly review vendor master data for anomalies, such as duplicate or suspicious addresses (e.g., residential addresses or P.O. boxes), which may indicate fictitious vendors or conflicts of interest. It is also good practice to rotate or re-tender key supplier contracts periodically to avoid cosy single-supplier relationships.
Internal and external audits:
Establish a schedule of audits focusing on procurement. An internal audit (or an independent forensic team) should periodically sample procurement transactions to test compliance with policies and identify potential red flags. For example, auditors can verify whether proper competition was invited for tenders, whether documentation is complete, and whether any patterns of bias or irregularity emerge. Surprise audits or data analytics tests can be employed to identify issues such as recurring rounding of invoice amounts or employees and vendors sharing bank details. In the public sector, probity audits can be used for high-value tenders, where an independent auditor is embedded before contract award to ensure the process is fair and transparent. This proactive oversight can catch issues (such as favouritism or unexplained scoring changes) in real-time, preventing a tainted contract from being concluded.
Enforce consequences and accountability:
A strong control environment also means enforcing consequences for breaches. Management must take swift action on audit findings or violations of procurement rules – from disciplining staff for non-compliance to pursuing legal action in cases of fraud. Clear, consistently applied sanctions deter employees from attempting fraudulent acts when they know wrongdoing will be detected and punished. (This aligns with guidance from South Africa’s Auditor-General on consequence management for financial misconduct.)
Strengthen Internal Controls and Oversight
Rigorous internal controls are the first line of defence against procurement fraud. As mandated by the PFMA/MFMA, entities must have “effective, efficient and transparent systems of financial and risk management and internal control”.
Key controls include:
Segregation of duties:
No single individual should control an entire procurement transaction from end to end. Divide responsibilities among staff for requisitioning, approving, ordering, receiving, and payment. For example, the person who approves a purchase order should not be the one who can also receive goods and approve invoices. This prevents one person from having unchecked power to perpetrate fraud. Large organisations often split procurement and accounts payable departments to enforce this separation. Smaller firms should at a minimum ensure a second pair of eyes in the process.
Multi-level approval and limits:
Implement a tiered approval process for purchases. Set monetary thresholds that trigger higher-level sign-offs – e.g. a manager approves purchases up to a certain rand value, anything larger requires senior executive or finance approval. Crucially, ensure these approval limits cannot be bypassed by splitting purchases. The system should flag if multiple smaller orders are made to the same supplier in quick succession just under the limit (a known fraud tactic).
Three-way matching:
Require that payments are only processed when three documents agree – the purchase order, the supplier’s invoice, and the goods received note. This three-way match control ensures that an invoice is verified against what was ordered and what was delivered before payment is made. It helps catch false or inflated invoices; for instance, if an invoice lists 100 units but the warehouse receipt shows only 60 units received, payment should be halted until the discrepancy is resolved.
Vendor due diligence:
Strengthen vendor onboarding and management processes. Conduct thorough background checks on new suppliers to verify their legitimacy (e.g., checking registration details, ownership, and tax compliance). Maintain an approved vendor list and ensure exceptions are justified. Regularly review vendor master data for anomalies, such as duplicate or suspicious addresses (e.g., residential addresses or P.O. boxes), which may indicate fictitious vendors or conflicts of interest. It is also good practice to rotate or re-tender key supplier contracts periodically to avoid cosy single-supplier relationships.
Internal and external audits:
Establish a schedule of audits focusing on procurement. An internal audit (or an independent forensic team) should periodically sample procurement transactions to test compliance with policies and identify potential red flags. For example, auditors can verify whether proper competition was invited for tenders, whether documentation is complete, and whether any patterns of bias or irregularity emerge. Surprise audits or data analytics tests can be employed to identify issues such as recurring rounding of invoice amounts or employees and vendors sharing bank details. In the public sector, probity audits can be used for high-value tenders, where an independent auditor is embedded before contract award to ensure the process is fair and transparent. This proactive oversight can catch issues (such as favouritism or unexplained scoring changes) in real-time, preventing a tainted contract from being concluded.
Enforce consequences and accountability:
A strong control environment also means enforcing consequences for breaches. Management must take swift action on audit findings or violations of procurement rules – from disciplining staff for non-compliance to pursuing legal action in cases of fraud. Clear, consistently applied sanctions deter employees from attempting fraudulent acts when they know wrongdoing will be detected and punished. (This aligns with guidance from South Africa’s Auditor-General on consequence management for financial misconduct.)
Leverage Technology and Data Analytics
Modern technology offers powerful tools to detect and prevent procurement fraud, often in real time:
E-procurement systems:
Moving away from manual, paper-based purchasing to a digital procurement platform can greatly reduce fraud opportunities. Electronic systems can enforce approval workflows, maintain an audit trail of all actions, and limit the ability to bypass controls. For instance, an online purchase requisition cannot proceed without the required approvals and will automatically route to the next approver based on preset rules. Likewise, the system can require that a valid purchase order exists before an invoice is paid, thereby implementing a 3-way match automatically.
Spend analytics:
Use data analytics to monitor procurement data for anomalies. Large datasets of purchase transactions can be analysed to flag potential red flags that humans might miss. Examples include identifying if multiple invoices are just below approval thresholds, detecting if one vendor is consistently just under the next lowest bid (a sign of insider info), or if an employee’s login is associated with creating a vendor and also approving payments to that vendor (indicating a conflict). Trend analysis can reveal unusual spikes in procurement spending or repetitive patterns that warrant investigation. Many organisations employ continuous auditing software or even AI tools to scan transactions for such risk indicators.
Automation and matching algorithms:
Automated matching can extend beyond 3-way matching. Systems can be set to automatically cross-verify vendor details against employee records to catch matches in addresses or bank accounts (useful for detecting phantom vendors tied to staff). Optical character recognition (OCR) and text analytics can compare invoice wording and layouts to spot if multiple vendors’ documents were potentially produced by the same source (a collusion clue). An emerging idea, as noted in the Eskom case, is exploring technologies like blockchain for procurement tracking to create an immutable ledger of transactions. Such transparency could make it harder to manipulate records without detection.
Access controls and cybersecurity:
Ensure that access to procurement systems is properly restricted. User permissions should follow the least privilege principle – e.g. a buyer can initiate a purchase order but cannot approve payments. Sensitive functions (like adding a new vendor or changing bank account details) should require dual authorisation. Strong cybersecurity is also essential to prevent external fraudsters from hacking or spoofing procurement communications (as payment diversion fraud has become more common). Controls such as multi-factor authentication and verification callbacks for bank details changes can thwart attempts by criminals impersonating suppliers.
Forensic data review in due diligence:
When engaging in major projects or supplier contracts, consider running data-driven forensic reviews. This could include checking whether any of the bidding companies have common directors or shareholders (to identify collusive bidding rings), or using data from platforms like the government’s tender defaulter database. Proactively using data in this way can prevent entering contracts with high-risk parties.
Eskom’s recent experience illustrates the value of technology in improving oversight. After uncovering fraud, Eskom announced plans to tighten approval workflows, increase supplier vetting, and use data analytics (even AI) to spot anomalous transactions early. By investing in such tools, organisations can greatly enhance their ability to detect fraud signals that would otherwise remain hidden in mountains of procurement data.
Foster an Ethical Culture and Safeguards
Modern technology offers powerful tools to detect and prevent procurement fraud, often in real time:
E-procurement systems:
Moving away from manual, paper-based purchasing to a digital procurement platform can greatly reduce fraud opportunities. Electronic systems can enforce approval workflows, maintain an audit trail of all actions, and limit the ability to bypass controls. For instance, an online purchase requisition cannot proceed without the required approvals and will automatically route to the next approver based on preset rules. Likewise, the system can require that a valid purchase order exists before an invoice is paid, thereby implementing a 3-way match automatically.
Spend analytics:
Use data analytics to monitor procurement data for anomalies. Large datasets of purchase transactions can be analysed to flag potential red flags that humans might miss. Examples include identifying if multiple invoices are just below approval thresholds, detecting if one vendor is consistently just under the next lowest bid (a sign of insider info), or if an employee’s login is associated with creating a vendor and also approving payments to that vendor (indicating a conflict). Trend analysis can reveal unusual spikes in procurement spending or repetitive patterns that warrant investigation. Many organisations employ continuous auditing software or even AI tools to scan transactions for such risk indicators.
Automation and matching algorithms:
Automated matching can extend beyond 3-way matching. Systems can be set to automatically cross-verify vendor details against employee records to catch matches in addresses or bank accounts (useful for detecting phantom vendors tied to staff). Optical character recognition (OCR) and text analytics can compare invoice wording and layouts to spot if multiple vendors’ documents were potentially produced by the same source (a collusion clue). An emerging idea, as noted in the Eskom case, is exploring technologies like blockchain for procurement tracking to create an immutable ledger of transactions. Such transparency could make it harder to manipulate records without detection.
Access controls and cybersecurity:
Ensure that access to procurement systems is properly restricted. User permissions should follow the least privilege principle – e.g. a buyer can initiate a purchase order but cannot approve payments. Sensitive functions (like adding a new vendor or changing bank account details) should require dual authorisation. Strong cybersecurity is also essential to prevent external fraudsters from hacking or spoofing procurement communications (as payment diversion fraud has become more common). Controls such as multi-factor authentication and verification callbacks for bank details changes can thwart attempts by criminals impersonating suppliers.
Forensic data review in due diligence:
When engaging in major projects or supplier contracts, consider running data-driven forensic reviews. This could include checking whether any of the bidding companies have common directors or shareholders (to identify collusive bidding rings), or using data from platforms like the government’s tender defaulter database. Proactively using data in this way can prevent entering contracts with high-risk parties.
Eskom’s recent experience illustrates the value of technology in improving oversight. After uncovering fraud, Eskom announced plans to tighten approval workflows, increase supplier vetting, and use data analytics (even AI) to spot anomalous transactions early. By investing in such tools, organisations can greatly enhance their ability to detect fraud signals that would otherwise remain hidden in mountains of procurement data.
Foster an Ethical Culture and Safeguards
Perhaps the most important fraud deterrent is an organisational culture that emphasises ethics, transparency, and accountability from the top down. Senior leaders set the tone.
Here’s how culture and soft controls can prevent procurement fraud:
Tone at the top:
Leadership should communicate a clear message that fraud and corruption will not be tolerated. A strong ethical tone is demonstrated through actions – for example, executives following procurement rules themselves, declaring conflicts of interest, and promoting openness. The board and CEO should visibly support anti-fraud initiatives and insist on integrity in procurement decisions. As one governance report noted, ethical leadership cultivates a “culture of honesty, transparency, fairness, responsibility and accountability” throughout the organisation. When employees see that management truly values ethics over expediency, they are less likely to rationalise fraudulent behaviour.
Policies and training:
Establish comprehensive policies such as a Code of Ethics/Conduct, a Conflict-of-Interest policy, and a Gift & Hospitality policy. These should explicitly cover procurement scenarios – for example, requiring disclosure of any personal relationships with suppliers, capping the value of acceptable gifts or requiring gifts to be declared. Regular training should be provided to all employees involved in purchasing on these policies, procurement procedures, and how to spot red flags. Ensure that suppliers are also made aware of your organisation’s stance (many companies require suppliers to sign a Supplier Code of Conduct). An educated workforce and vendor base are more likely to comply and to speak up when something is amiss.
Whistle-blower channels:
Encourage employees, suppliers, and even customers to report suspicious behaviour. Establish secure and confidential reporting channels (such as an ethics hotline or online portal) protected by the Protected Disclosures Act. It is vital that whistleblowers are shielded from retaliation so that people feel safe to report fraud. Many procurement frauds have been exposed by tips from insiders or vendors who noticed irregular conduct. By promoting a “see something, say something” culture and acting on tips, companies can catch schemes early. King IV also advocates that governing bodies institute safe reporting mechanisms as part of good governance practices.
Rotation and mandatory leave:
To disrupt long-term collusion and hidden schemes, rotate staff in key procurement roles periodically. No buyer or contract manager should handle the same supplier or contract for too many years without oversight. Additionally, enforce that employees take their annual leave – a classic anti-fraud measure. Perpetrators often resist taking holidays because they fear their misdeeds will come to light in their absence. Ensuring they do take leave increases the chance that another staff member filling in will spot something awry.
Integrity due diligence and declarations:
Require annual declarations of conflicts of interest from procurement personnel and decision-makers, including any outside business interests. Perform integrity checks on staff in sensitive positions (within legal and reasonable bounds), such as monitoring lifestyle changes or unusual wealth indicators, as well as checking social media if relevant. While trust in employees is important, verifying that trust through due diligence is equally important in an area as prone to temptation as procurement. In one reported instance, reviewing a procurement officer’s public social media posts revealed lavish purchases, raising alarm that his lifestyle far outstripped his salary.
Reinforce consequences and reward integrity:
Coupled with the earlier point on consequences for wrongdoing, also consider recognising and rewarding ethical behaviour. Employees who refuse to bend rules or who report concerns in good faith could be acknowledged (even if privately) as a sign that doing the right thing is valued. When fraud cases occur, transparently update the organisation on outcomes – e.g. “Employee X was dismissed and prosecuted for procurement fraud” – to reinforce that misconduct leads to serious repercussions.
Building a strong ethical culture is not a “soft” measure – it is a critical control. Many fraud cases begin with rationalisation (employees convincing themselves that fraudulent behaviour is acceptable or will go unnoticed). A culture of integrity, backed by diligent governance, removes those rationalisations. It also complements the hard controls: even the best procedures can be undermined by colluding individuals, which is why nurturing integrity and vigilance in people is paramount.
Case Study: Procurement Fraud at Eskom (Kusile Power Station)
A recent South African case starkly illustrates how procurement fraud can unfold and the consequences that follow. Eskom, the national power utility, has faced several corruption incidents in its procurement processes in recent years. One notable case emerged at the Kusile Power Station project, involving the fraudulent purchase of industrial equipment.
The Fraud Scheme:
In 2018, Eskom investigators discovered that a pump at Kusile had been procured for an exorbitant price of R857,977, despite an identical pump (same model and serial number) having been bought for only R18,835 in 2015. In other words, the supplier charged Eskom over 45 times the normal price by exploiting the procurement process. This grossly inflated purchase was not an isolated error – it pointed to a deliberate scheme. The significant price discrepancy suggests collusion between insiders and the vendor to defraud Eskom, likely through fake justifications for a sole-source procurement or false specifications to conceal the fact that a standard pump was available at a fraction of the cost. Such a scheme could only succeed if normal controls were bypassed or if key individuals were involved. Indeed, it was later revealed that insiders had manipulated the process, treating the procurement as if the high-priced pump were unique and urgently needed, thereby avoiding competition and scrutiny.
Red Flags Missed:
In hindsight, several red flags were present. The price was an outlier – paying nearly a million rand for equipment that had been previously bought for under R20k – which should have triggered questions and a market price comparison. There may have been procedural red flags as well, such as an “emergency” procurement justification or a waiver of competitive bidding to expedite this purchase. Documentation might have been falsified, such as fake quotes or collusive specifications written to only fit the overpriced pump. That the serial numbers were identical reveals the brazen nature of the fraud; the conspirators did not even bother to conceal that it was the same item. This indicates either a breakdown in record-keeping or the audacity that no one would cross-check past purchases – a cultural red flag in itself.
Consequences:
The fraudulent contract resulted in significant financial losses for Eskom, a company already under financial strain. More dramatically, it led to legal action. In March 2025, a multi-agency sting (led by the National Joint Operational Intelligence Structure) resulted in six individuals being arrested, including a former Kusile Procurement Officer and a Procurement Manager. These arrests underline that those involved – both internal staff and presumably external accomplices – are facing criminal charges. South Africa’s Prevention and Combating of Corrupt Activities Act (PRECCA) criminalises such conduct, and the individuals could be prosecuted for fraud, corruption, and related offences. The fact that arrests occurred years after the 2018 purchase shows that forensic investigations eventually caught up, even if the scheme initially slipped through. It often takes time and a trigger (in this case, possibly a whistle-blower or a diligent audit) to unravel complex frauds.
Impact and Remedial Actions:
The Eskom case has had significant repercussions beyond the arrests. For Eskom, it was another blow to its reputation, highlighting governance failures in its supply chain. Trust from stakeholders (government, public, investors) was further eroded, pressing the utility to implement reforms. Eskom’s leadership responded by tightening procurement governance, setting up a new Group Investigations and Security Division that consolidates forensic and security functions to investigate wrongdoing better. Procurement processes were reviewed and tightened. Eskom indicated that it would introduce more stringent approval workflows for high-value purchases, strengthen supplier vetting, and increase internal audits of procurement decisions. The company also looked to technology, evaluating the use of blockchain for procurement tracking and AI-driven monitoring to detect anomalies (for example, sudden price jumps or repetitive patterns) in real time. Additionally, Eskom committed to segregating duties better and bolstering whistle-blower protection, recognising that too much power had been concentrated in a single hand at Kusile and that employees must feel safe to report irregularities.
For the wider industry, the Eskom incident is a cautionary tale. It demonstrates how procurement fraud can thrive in environments with weak oversight, and conversely, how its exposure can catalyse positive change. Companies across sectors can learn from this by proactively assessing their own procurement controls. For instance, are there any purchases with abnormally high pricing that merit review? Are policies around sole-sourcing and emergencies being strictly enforced? Ensuring transparency in all procurement steps and regularly auditing big contracts can help avoid a Kusile-type scenario. As Eskom’s CEO noted, rebuilding trust requires unwavering commitment to rooting out corruption and improving systems. The case ultimately underscores that fraud prevention is far cheaper than the cost of fraud – Eskom paid a hefty price not just in money but in credibility, which robust controls and ethical vigilance might have safeguarded.
South African Regulatory and Governance Context
South Africa has a strong legislative and governance framework aimed at promoting integrity in procurement, which executive leaders should leverage as guidance for fraud prevention:
Public Finance Management Act (PFMA) and Municipal Finance Management Act (MFMA):
These Acts govern public sector finances but also influence best practices in private companies. They unequivocally require maintaining effective internal controls and the prevention of irregular expenditure. For example, the PFMA obliges accounting officers to ensure “effective, efficient and transparent” financial systems, while the MFMA similarly mandates municipal managers to have robust risk management and internal controls. In practice, this means organisations must have clear procurement policies, adhere to competitive bidding processes, and avoid conflicts of interest or “fruitless and wasteful expenditure.” Non-compliance can result in audit findings, financial penalties, or legal liability for responsible officials.
King IV Code on Corporate Governance:
King IV applies to all organisations (public, private, and non-profit) and provides principles for good governance. It emphasises an ethical culture, good performance, effective control, and legitimacy as outcomes. Under King IV, boards are expected to govern risk and opportunity (Principle 11), which includes fraud risk, and to ensure compliance with laws (Principle 13). Specifically, King IV advocates for implementing a fraud risk management framework that can prevent, detect, and respond to incidents of fraud. This implies that boards should have visibility of the company’s fraud risk exposure in procurement and should satisfy themselves that management’s controls (and combined assurance model involving internal audit, risk, and forensic functions) are effectively mitigating those risks. King IV also calls for organisations to establish confidential reporting mechanisms (whistleblowing) and to embed ethics into the corporate DNA – aligning closely with the cultural safeguards discussed above.
Prevention and Combating of Corrupt Activities Act (PRECCA):
This law criminalises corruption in both public and private sectors, including bribery and kickbacks in procurement. Executives need to remember that a corrupt procurement deal is not only a breach of policy but also a criminal act. Companies can face severe reputational fallout and legal consequences (including being barred from government contracts or even liable for failing to prevent bribery) if their employees engage in corrupt procurement practices. Adhering to PRECCA means ensuring no staff accepts or offers undue gratification and that any suspected corruption is reported to law enforcement.
Other governance instruments:
Public sector entities have additional guidelines such as National Treasury’s procurement regulations, the Preferential Procurement Policy Framework Act (PPPFA), which sets out fairness and B-BBEE considerations, and oversight bodies like the Auditor-General and Special Investigating Unit (SIU) that probe procurement irregularities. In the private sector, the Companies Act and Johannesburg Stock Exchange (JSE) listings requirements (for listed companies) oblige directors to act in the best interests of the company, which includes safeguarding assets against fraud. South Africa also encourages companies to adopt standards like ISO 37001 (Anti-Bribery Management Systems) as a proactive measure.
B-BBEE Fronting risks: A
A uniquely South African fraud risk in procurement relates to Black Economic Empowerment preferences. B-BBEE fronting is the practice of misrepresenting a company’s empowerment status to win contracts. This is a fraudulent misrepresentation and can take many forms (from token black shareholders with no real control to complex schemes). Executives should treat unusual B-BBEE arrangements as a red flag – for instance, if a new supplier’s ownership changed suddenly just before a tender, or if the supposed black owners are not involved in operations. Fronting is illegal and punishable. Ensuring thorough due diligence on B-BBEE credentials (and being wary of “too good to be true” empowerment claims) will help prevent this form of fraud. The King IV principle of legitimacy ties in here: procurement decisions must not only be fair but also seen to be fair and equitable in line with national transformation goals.
In essence, South African regulations and governance codes provide a clear blueprint: maintain transparent, well-controlled procurement systems, uphold ethics and fairness, and respond decisively to any misconduct. Companies that align their internal policies with these frameworks not only reduce their risk of fraud but also demonstrate good corporate citizenship. Executive leadership should regularly benchmark their organisation’s practices against these requirements – for example, verifying annually that the procurement policy reflects PFMA/MFMA standards, that the audit committee reviews fraud risk as recommended by King IV, and that there are no gaps in compliance that fraudsters could exploit.
Conclusion
Procurement fraud is a pervasive risk that no organisation can afford to ignore. As this paper has detailed, fraud can take root in any stage of the procure-to-pay process – from vendor selection and bidding, to ordering and invoicing – but it seldom occurs without warning. Red flags are usually waving, whether in an employee’s behaviour, an oddly executed procedure, or inconsistencies in paperwork. Executive leaders must ensure their teams are trained to recognise and respond to these warning signs early, rather than after losses have mounted.
Preventing fraud in procurement is fundamentally about implementing checks and balances: strong internal controls that make it difficult for any individual to exploit the system, combined with oversight mechanisms to catch irregularities. By enforcing segregation of duties, implementing rigorous approval steps, maintaining transparent record-keeping, and conducting regular audits, organisations create a control environment where fraud is difficult to commit and relatively easy to detect. Augmenting human oversight with technology – such as automated procurement systems and data analytics – further tightens the net, flagging anomalies that humans might overlook and providing real-time assurance that processes are followed.
Equally important is the human factor. A culture of integrity, driven by leadership example, is the glue that holds the anti-fraud framework together. When employees understand that doing the right thing is non-negotiable and that speaking up is safe and valued, potential fraudsters are isolated and exposed. In such an environment, those red flags are more likely to be reported and acted upon promptly. On the other hand, a complacent or unethical culture can render even the most effective controls ineffective. Leaders should therefore continuously nurture ethical standards and make it clear that procurement integrity is as important as profitability and operational efficiency to the organisation’s success.
The South African case study of Eskom’s procurement fraud at Kusile highlights both the consequences of failing to prevent fraud – financial loss, legal action, reputational damage – and the urgency of remedial action. It reinforces that proactive prevention is far better than reactive investigation. By learning from such incidents, companies can identify their own vulnerabilities. For instance, an executive might ask: “Could a Kusile-type scam happen in our procurement process? Have we ever paid vastly different prices for the same item? Do we have any single points of failure where one person’s discretion could be exploited?” Honest answers to these questions can drive improvement.
In conclusion, preventing procurement fraud is an ongoing journey of vigilance and improvement. It demands a holistic approach: awareness of what can go wrong, controls to guard against it, technology to enhance oversight, and a strong ethical compass to guide everyone involved. Executive leadership across South Africa’s industries must champion this cause. By doing so, they protect not only their own organisations’ resources and reputations, but also contribute to a broader culture of accountability and trust in the markets they operate in. In a country where corruption has too often dominated headlines, a concerted effort to fortify procurement against fraud is an essential step toward sustainable and transparent business growth. The tools and knowledge are at hand – as outlined in this paper – and with leadership commitment, the risks of procurement fraud can be dramatically reduced, if not eliminated.
References:
This report draws on a range of sources, including anti-fraud frameworks (ACFE, IACRC), South African governance codes (King IV), legislation (PFMA, MFMA, PRECCA), as well as case studies and expert commentary on procurement fraud. These sources underscore a consistent message: effective controls and ethical leadership are the best defence against procurement fraud. Each citation in the text corresponds to the source material for further reading or verification of facts and best practices discussed.