The procurement fraud landscape in Nigeria: what CFOs and auditors are facing

The procurement fraud landscape in Nigeria: what CFOs and auditors are facing

The procurement fraud landscape in Nigeria: what CFOs and auditors are facing

Before building controls, Nigerian finance and audit leaders need a clear-eyed understanding of the specific procurement fraud threats their organisations face and how they typically operate.

Procurement fraud in Nigeria operates across a wide spectrum of sophistication and scale. At one end, it involves simple schemes: a staff member inflating a petty cash purchase, a driver colluding with a fuel supplier to overstate litres delivered, an office manager creating a fictitious stationery vendor to generate small but persistent personal payments.

At the other end, it involves highly sophisticated, long-running schemes: senior procurement officers maintaining undisclosed interests in key vendors, tender committees manipulated to steer contracts to preferred bidders at inflated prices, and complex networks of shell companies and intermediaries constructed specifically to extract value from the organisation’s procurement spend over extended periods.

The ACFE’s regional fraud data consistently identifies asset misappropriation, which includes procurement fraud, as the most common fraud type in organisations across Africa, including Nigeria. The median loss per procurement fraud scheme is substantially higher than for other fraud categories. This reflects the fact that procurement transactions are typically large, the schemes often run for extended periods before detection, and the collusion between internal staff and external vendors that characterises the most damaging procurement frauds makes detection through normal oversight mechanisms particularly difficult.

The sectors most severely affected in Nigeria include public sector and government procurement, where the documented scale of procurement fraud runs to hundreds of billions of naira annually; oil and gas, where contract values are large and oversight is complex; manufacturing and FMCG, where raw material procurement is a persistent high-risk area; and financial services, where vendor management and technology procurement have emerged as significant fraud exposure points. No sector is immune, and no Nigerian organisation that spends money on goods and services can afford to treat procurement fraud as someone else’s problem.

Read our Nigeria Procurement Fraud Landscape 2026 for comprehensive threat analysis.

2. Key definition: what are internal controls over procurement?

Establishing a precise and authoritative definition of procurement internal controls gives Nigerian organisations the conceptual foundation for designing and implementing them effectively.

Definition — Internal Controls Over Procurement: According to the Institute of Internal Auditors (IIA), these are the policies, procedures, systems, and organisational structures that an organisation implements to ensure that its procurement activities (the acquisition of goods, services, and works from external suppliers) are conducted in an authorised, transparent, competitive, and accountable manner, that procurement transactions are accurately recorded, that assets acquired through procurement are properly safeguarded, and that the organisation is protected against fraud, waste, abuse, and conflicts of interest in its supplier relationships and procurement processes.

Effective procurement internal controls operate across the entire procurement lifecycle, from needs identification and specification development through vendor qualification and selection, contract award and management, goods and services receipt verification, invoice processing and payment, and post-procurement performance evaluation and vendor relationship management. Controls at each stage of this lifecycle are interdependent, and weakness at any single stage creates vulnerability that can be exploited despite the presence of controls at other stages.

3. The most common procurement fraud types in Nigerian organisations

Understanding how procurement fraud actually happens in Nigerian organisations is the essential prerequisite for designing controls that address the real threats rather than theoretical ones.

3.1 Fictitious vendor fraud

Fictitious vendor fraud involves the creation of a supplier that does not actually exist, or exists only on paper, in the organisation’s vendor master file, and the processing of payments to that fictitious supplier which are diverted to accounts controlled by the fraudster or their accomplices.

In Nigerian organisations, this fraud type is frequently enabled by weak vendor onboarding controls: the absence of rigorous due diligence on new vendors, lack of independent verification of vendor existence and legitimacy, and inadequate segregation of duties between the individuals who can create new vendors in the financial system and those who can authorise payments to them.

3.2 Inflated invoice fraud

Inflated invoice fraud involves a genuine vendor, one that actually supplies goods or services to the organisation, submitting invoices for amounts that exceed the agreed price, for quantities greater than actually delivered, or for goods and services that were partially or entirely not provided.

In Nigerian organisations, this fraud frequently involves collusion between the external vendor and an internal employee who approves invoices without adequate verification of receipt, who has a financial interest in the vendor, or who has been compromised through a kickback arrangement.

Vector illustration of modern tablet with check marks placed near dollar banknotes and credit card

3.3 Bid rigging and tender manipulation

Bid rigging and tender manipulation involve interference with the competitive procurement process to ensure that a preferred vendor, typically one with a financial relationship with an insider, wins a contract at a price above what genuine competition would have produced.

Common bid rigging schemes in Nigeria include advance disclosure of tender specifications to preferred bidders, manipulation of evaluation criteria after bids are received to favour a predetermined winner, structuring of procurement requirements to match the specific capabilities of a connected vendor, and the creation of specifications so technically specific that only one vendor can realistically satisfy them.

3.4 Kickbacks and vendor collusion

Kickbacks involve payments, in cash, kind, or other benefits, made by a vendor to an internal employee in exchange for preferential treatment in the procurement process. This might take the form of contract awards, favourable price negotiations, overlooked quality deficiencies, accelerated payment terms, or continued vendor approval despite performance failures.

Kickback arrangements are among the most difficult procurement frauds to detect because they leave no direct financial footprint within the organisation. The fraudulent benefit flows to the employee personally rather than through organisational accounts.

3.5 Split purchasing

Split purchasing involves deliberately dividing a single procurement requirement into multiple smaller transactions, each below the threshold that would trigger competitive bidding or enhanced approval requirements, to circumvent procurement controls.

In Nigerian organisations, split purchasing is one of the most common and most consistently overlooked procurement fraud and control evasion techniques. It is particularly prevalent in organisations where procurement thresholds are defined but transaction data is not systematically analysed to identify patterns of splitting.

3.6 Conflict of interest in vendor selection

Undisclosed conflicts of interest, situations in which an employee involved in procurement decisions has a personal financial or family relationship with a vendor, represent one of the most pervasive procurement integrity risks in Nigerian organisations.

The disclosure cultures in many Nigerian organisations are insufficiently developed to surface these conflicts through voluntary declaration, and the vendor due diligence processes are insufficiently thorough to identify them independently. The result is that procurement decisions are routinely influenced by undisclosed personal interests without any of the management or governance oversight mechanisms that would identify and manage this conflict.

Our Vendor Master File Audits and Cleansing helps organisations identify fictitious vendors and suspicious records.

4. The comprehensive procurement internal controls checklist for Nigerian organisations

This checklist provides a practical, actionable framework that Nigerian organisations can use to assess the current state of their procurement controls and identify priority areas for strengthening.

4.1 Vendor master file controls

The vendor master file, the register of approved suppliers from which the organisation is authorised to procure, is the first and most critical line of procurement control. Without strong vendor master file controls, every subsequent procurement control is vulnerable to circumvention through the introduction of fictitious or compromised vendors into the approved supplier list.

Checklist items:

  • Does your organisation maintain a single, centrally managed vendor master file that is the only source from which payments can be made?

  • Is there documented, board-approved policy governing who is authorised to add, modify, or deactivate vendor records?

  • Is the individual who can add or modify vendor records different from the individual who can initiate or approve payments to vendors, with this segregation enforced at system level?

  • Is new vendor onboarding subject to a documented due diligence process that verifies legal existence, ownership, banking details, and regulatory compliance before the vendor is approved?

  • Are vendor bank account details independently verified through direct contact with the vendor’s bank or through a call-back to a contact number independently obtained?

  • Is the vendor master file subject to periodic independent review, at minimum annually, to identify and remove inactive vendors, identify duplicate or suspicious vendor records, and verify that all active vendors meet current eligibility requirements?

  • Is the addition of any vendor with a relationship to an employee as a connected party subject to enhanced approval and disclosure requirements?

4.2 Procurement planning and needs assessment controls

Strong procurement begins before the first supplier is contacted. The controls over procurement planning and needs assessment determine whether the organisation’s procurement requirements are genuine, appropriately specified, and free from manipulation designed to channel spend to preferred suppliers.

Checklist items:

  • Are all significant procurement requirements initiated through a formal, documented requisition process that identifies the business need, quantifies the requirement, and is approved by an authorised budget holder before any supplier engagement occurs?

  • Are procurement specifications developed through a process that involves multiple stakeholders, including the end user, finance, and relevant technical or quality assurance teams, rather than being determined solely by the individual who will manage the vendor relationship?

  • Are specifications reviewed to ensure they are outcome-based and genuinely competitive rather than designed to match the specific capabilities of a preferred supplier?

  • Is there a documented annual or periodic procurement plan that is reviewed and approved by senior management, enabling planned procurement to be monitored against budget and preventing unplanned procurement from circumventing competitive processes?

4.3 Competitive procurement and tender controls

The competitive procurement process, the mechanism through which the organisation selects suppliers on the basis of quality, price, and capability rather than personal relationships, is the central procurement integrity control. Its effectiveness depends on the rigour with which the competitive process is designed, administered, and protected from interference.

Checklist items:

  • Does your organisation have documented, board-approved procurement thresholds that mandate specific competitive procurement processes based on the value and nature of the procurement?

  • Are all tenders and requests for quotation issued simultaneously to all eligible bidders, with the same specifications and the same timeline, to prevent preferential disclosure to favoured suppliers?

  • Are tender documents, specifications, and evaluation criteria finalised and approved before any supplier communication, preventing post-bid modification of criteria to favour a predetermined winner?

  • Is the tender evaluation process conducted by a formal evaluation committee whose membership is independent of the individuals who developed the specifications and manages the vendor relationships?

  • Are all evaluation committee members required to sign conflict of interest declarations specifically for each tender before participating in the evaluation?

  • Are tender results, including the scores assigned to each bidder and the rationale for the award decision, documented in writing and subject to review and approval by an authority independent of the evaluation committee?

  • Is there a documented, accessible, and genuine process for unsuccessful bidders to seek feedback on their tender submissions?

4.4 Contract management controls

The award of a contract to a supplier is not the end of the procurement control process. It is the beginning of the contract management phase, during which the organisation must ensure that the supplier delivers what was contracted at the agreed price and to the agreed standard.

Checklist items:

  • Are all significant procurement contracts documented in writing, signed by both parties before any work commences or any goods are delivered, with clear specification of deliverables, prices, timelines, quality standards, payment terms, and remedies for non-performance?

  • Are contract terms reviewed by legal counsel before execution for all contracts above a defined value threshold?

  • Is contract performance monitored throughout the contract period against the specifications agreed at award, not merely at the point of invoice receipt?

  • Are contract variations subject to the same approval authority requirements as the original contract award, and documented in formal contract amendments rather than managed through informal agreement?

  • Is there a defined process for managing contract renewal and extension decisions, ensuring that contracts are not automatically renewed without a fresh assessment of whether the incumbent supplier continues to offer competitive value?

4.5 Goods and services receipt controls

One of the most common and most financially damaging procurement control weaknesses is the processing of payments for goods and services that were not actually received, received in smaller quantities than invoiced, or received in a quality inferior to what was contracted. Receipt controls are designed to ensure that payment is made only for what was actually delivered and accepted.

Checklist items:

  • Is there a documented goods receipt process in which an individual who is independent of the procurement and accounts payable functions physically verifies and records the receipt of goods against the relevant purchase order before any payment processing is initiated?

  • For services procurement, where physical receipt verification is more complex, is there a formal service acceptance process in which the relevant business owner confirms in writing that the specified services were delivered to the required standard before payment is approved?

  • Are delivery notes, service acceptance certificates, or other receipt documentation retained as supporting evidence for all payments and matched to the relevant invoice and purchase order as part of the payment approval process?

  • Is there a formal process for recording and following up on goods received notes where the corresponding invoice has not been received, preventing the omission of liabilities from financial records and the subsequent processing of duplicate payments?

4.6 Invoice processing and payment controls

The invoice processing and payment controls are the final line of defence between the organisation’s bank account and procurement fraud. At this stage, the control objective is to ensure that every payment is made only for a genuine, accurately priced, appropriately authorised, and actually received procurement, and that the payment is made to the correct, legitimately approved vendor.

Checklist items:

  • Is there a documented three-way match process, matching every invoice against the relevant purchase order and goods or services receipt documentation before any invoice is approved for payment?

  • Is the individual who approves invoices for payment different from the individual who created the purchase order, who manages the vendor relationship, and who processed the goods receipt, with these segregations enforced at system level where possible?

  • Are all payments above a defined threshold subject to dual authorisation, requiring independent approval from two separate authorised signatories before processing?

  • Is there a systematic check for duplicate invoices using invoice number, vendor, date, and amount before each payment run, to prevent double payment of the same invoice?

  • Are all changes to vendor payment details subject to an independent verification process before they are processed, specifically to protect against business email compromise fraud?

  • Is there a regular review of the aged creditors listing to identify unusual payment patterns, including payments made outside normal payment terms, payments to inactive or recently added vendors, or unusually large or round-number payments?

4.7 Procurement data analytics controls

Manual transaction-by-transaction review is insufficient to detect the systematic patterns that characterise the most damaging procurement fraud schemes. Data analytics controls, the systematic analysis of procurement transaction data to identify anomalies, patterns, and outliers that warrant investigation, are an essential complement to transaction-level controls.

Checklist items:

  • Is your organisation conducting regular data analytics reviews of procurement transaction data to identify potential fraud indicators?

  • Are analytics specifically designed to detect split purchasing, identifying multiple transactions to the same vendor within a defined period that individually fall below competitive procurement thresholds but collectively represent a significant procurement requirement?

  • Are analytics designed to identify payments to vendors with addresses, phone numbers, or bank account details that match employee records, a common indicator of fictitious vendor fraud?

  • Is there analysis of vendor concentration, identifying vendors that represent a disproportionate share of procurement spend in specific categories, to flag potential preferential treatment or vendor dependency risks?

  • Are analytics reviewing the timing and sequencing of procurement approvals to identify patterns suggestive of retroactive approval?

4.8 Conflict of interest and disclosure controls

Undisclosed conflicts of interest are among the most difficult procurement integrity risks to detect after the fact and among the most preventable through proactive governance controls.

Checklist items:

  • Does your organisation have a written conflict of interest policy that defines what constitutes a conflict of interest in the procurement context, requires annual disclosure by all staff involved in procurement decisions, and specifies the process for managing disclosed conflicts?

  • Are conflict of interest declarations required at the point of each specific procurement decision for all members of tender committees and all individuals with approval authority over vendor selection, contract award, or payment?

  • Is there a documented register of disclosed conflicts of interest that is reviewed by the board or audit committee?

  • Is there a mechanism, such as a confidential whistleblower hotline, through which employees can report suspected undisclosed conflicts of interest without fear of retaliation?

Industrial worker managing inventory in a warehouse with a clipboard and checklist.

5. Procurement fraud red flags: what internal auditors and CFOs should watch for

Knowing the specific warning signs that procurement fraud is occurring or has occurred enables faster detection and intervention before losses compound.

The most important procurement fraud red flags in the Nigerian context include:

  • Vendors with post office box addresses and no verifiable physical location

  • Vendors that were added to the master file shortly before significant payments were processed to them

  • Invoices without proper letterhead, registration numbers, or contact details

  • Single-source procurement awards in categories where multiple qualified vendors exist

  • Procurement specifications that are unusually narrow or technical in ways that favour a single supplier

  • Vendors whose bank account details changed shortly before a large payment was processed

  • Employees in procurement or finance roles who are living visibly beyond their apparent income level

  • Unusually high rates of vendor master file changes in a specific period

  • Procurement approvals that are consistently processed by the same individual without secondary review

  • Invoice amounts that cluster just below approval thresholds across multiple transactions

Each of these red flags, in isolation, may have an innocent explanation. In combination, or when multiple red flags point to the same vendor, employee, or process, they represent a pattern that warrants structured investigation rather than reassurance.

6. Procurement fraud and control developments in 2026

The procurement fraud landscape and the control responses to it are evolving rapidly. These are the most significant developments Nigerian organisations need to understand and respond to.

6.1 AI-powered procurement fraud detection is now accessible

In 2025, artificial intelligence-powered procurement fraud detection tools became accessible to mid-market Nigerian organisations for the first time. Platforms use machine learning to analyse 100% of procurement transactions in real time, identifying anomalies, patterns, and risk indicators that would take human reviewers months to detect through manual sampling. Nigerian organisations that have historically relied on periodic manual procurement audits can now supplement these with continuous AI-powered monitoring that dramatically reduces the window in which procurement fraud can operate undetected.

6.2 Business email compromise in procurement has reached crisis levels

The Interpol Africa Cyberthreat Assessment (2025) identified procurement-related business email compromise, in which fraudsters impersonate vendors or senior executives via compromised or spoofed email accounts to redirect payment to fraudulent bank accounts, as the fastest-growing and most financially damaging cybercrime affecting Nigerian businesses. In 2025, several Nigerian organisations lost amounts in excess of ₦500 million to single BEC incidents targeting procurement payment processes. The control response, mandatory out-of-band verification of all payment detail change requests, is simple, low-cost, and highly effective but remains inconsistently implemented.

6.3 The BPP’s enhanced procurement compliance framework

The Bureau of Public Procurement released enhanced compliance guidelines in 2025 that significantly strengthened the procurement control requirements for federal and state government agencies and government-owned enterprises. The updated guidelines include mandatory electronic procurement management systems for all MDAs above a defined expenditure threshold, enhanced vendor due diligence requirements including CAC registration verification and tax compliance confirmation, and mandatory publication of contract awards above ₦5 million on the BPP’s online platform.

6.4 ESG and supply chain integrity requirements are changing vendor management

International partners, investors, and customers are increasingly requiring Nigerian organisations to demonstrate not just that their own procurement processes are clean but that their supply chains meet defined standards on labour practices, environmental compliance, anti-corruption, and human rights. This ESG supply chain integrity requirement is driving a new generation of vendor due diligence, going beyond financial and legal verification to assess whether vendors meet social and governance standards.

6.5 EFCC’s continued corporate procurement enforcement focus

The EFCC’s corporate enforcement activities in 2025 continued to include a significant focus on procurement fraud, particularly in organisations that receive public funds, are listed on the NGX, or operate in regulated sectors. Several high-profile investigations and prosecutions in 2025 involved senior procurement and finance executives in Nigerian financial institutions and state-owned enterprises. The enforcement signal is clear: procurement fraud at senior levels of Nigerian organisations is no longer treated primarily as a civil matter. It is an active criminal prosecution priority.

Our Procurement Fraud Investigation Support helps organisations respond when red flags have already been identified.

7. The bottom line

Procurement fraud in Nigeria is not a peripheral risk that affects only careless organisations or those in uniquely exposed sectors. It is a systematic, pervasive, and financially devastating threat that operates wherever procurement controls are weak. And in a significant proportion of Nigerian organisations across every sector, it is operating right now.

The controls in the checklist above are not aspirational best practices designed for global multinationals. They are practical, implementable, proportionate measures that any Nigerian organisation, regardless of size, sector, or current maturity level, can begin building immediately.

The question is not whether your organisation can afford to implement strong procurement controls. It is whether your organisation can afford the procurement fraud losses, regulatory sanctions, and reputational damage that inadequate controls make inevitable.

Related services from Business Cardinal

Recommended reading from the Business Cardinal blog

Let’s work together

Every naira lost to procurement fraud is a naira that should have served your business, your shareholders, your donors, or your beneficiaries. At Business Cardinal, we help Nigerian organisations assess, design, and strengthen their procurement internal control environments. We understand the specific procurement fraud risks that Nigerian organisations face, the regulatory requirements that apply across different sectors, and the practical realities of building strong procurement controls in the Nigerian operating environment.

Contact us today:

📧 Email: hello@businesscardinal.com
📞 Phone: +234 802 320 0801
📍 Address: 5, Ishola Bello Close, Off Iyalla Street, Alausa, Ikeja, Lagos, Nigeria

Contact Business Cardinal to discuss how we can help protect every naira of your spend.

Business Cardinal – Your Partner in Procurement Integrity

References

  1. Institute of Internal Auditors (IIA). Practice Guide: Auditing the Procurement Function.

  2. Association of Certified Fraud Examiners (ACFE). Report to the Nations on Occupational Fraud and Abuse.

  3. Bureau of Public Procurement Nigeria. Procurement Compliance Guidelines (2025).

  4. Interpol. Africa Cyberthreat Assessment Report (2025).

  5. Economic and Financial Crimes Commission (EFCC) Nigeria. Corporate Enforcement Reports (2025).

  6. Committee of Sponsoring Organizations of the Treadway Commission (COSO). Internal Control — Integrated Framework.

  7. Financial Reporting Council of Nigeria. Corporate Governance Code (2025 update).

  8. Transparency International. Corruption Perceptions Index and Procurement Integrity Resources (2025).

  9. World Bank. Procurement Framework and Anti-Corruption Guidelines.

  10. Chartered Institute of Procurement and Supply (CIPS). Procurement Fraud Awareness and Prevention.

There are no comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Start typing and press Enter to search

Shopping Cart
wpChatIcon
wpChatIcon