Skip to main
University-wide Navigation

Employee Purchasing Fraud can happen at any time, in any unit. However, anyone from University administration, to a student employee working part-time can reduce the likelihood of this adverse event. There are five steps employees/units follow when engaging with a vendor, and each step has its corresponding risks and prevention methods.


Step 1: During step one, a unit determines a need for a product or service. It is here where a false vendor or need for an item could be created.

              How to reduce the risk?

  • Other than essential supplies, a business purpose should be documented for a corresponding service or product.
  • The above business need should have appropriate approvals.

Risk Example: A New Jersey Transit Superintendent and five others were charged with alleged scheme to defraud the transportation agency. The superintendent arranged for $2.1 million to be paid to four companies controlled by his associates who received kickbacks as compensations. This is an example of why all item and vendor needs should be reviewed to prevent fraudsters from creating fake vendors or need for items. For additional information:

Step 2: Step two is how the vendor is selected. The risk here is the potential for bids to be fixed, as well as the possibility of the existence of a conflict of interest regarding the vendor.

              How to reduce the risk?

  • Be aware of bid or price patterns to determine bid rigging or price fixing.
  • Look for suspicious statements or behavior to discover potential collusion.
  • Confirm the validity of the vendor. If a new vendor is selected, the vendor’s federal tax ID number, address and phone number should be confirmed with the IRS.
  • Search for overlaps between vendor and employee mailing addresses.
  • Investigate any changes or requested changes to a vendor’s profile.

Step 3: At step three, the unit verifies receipt of the item(s) purchased, or that services have been rendered.  The risk lies in whether the person who made the purchase is the same person confirming whether the merchandise was received, or the service had been provided by the vendor. When duties are not properly separated, someone could keep some or all of what was ordered for themselves, or the University may pay for an item/service it did not receive.

              How to reduce the risk?

  • An employee other than the person who placed the order should be the one to verify the receipt.
  • Approve payment for products or services only after verifying receipt.

Risk Example: In New Mexico, a lab employee used his government credit card for personal Amazon purchases, totaling $150,000 across at least 400 purchases. It is due to a lack of segregation of duties that allowed this employee to spend money freely without anyone knowing. For additional information:
Step 4: At step four, the unit approves the invoice for payment. The invoice could include items not received by the unit or be inflated with additional charges or altered pricing.

              How to reduce the risk?

  • Review all invoices before submitting the invoice to be paid. Always check to make sure that invoices match the quoted price and that no extra costs have been added to inflate the bill.
  • Ensure that the invoice has not been previously submitted for payment.
  • Contact the vendor directly for clarification If there is a problem.

Risk Example: A Florida man was charged with procurement fraud after paying $200,000 in kickbacks to a project manager who, in turn, sent $85,000 back to him. Additionally, he falsely inflated costs to cover the kickbacks. This is an example of why all invoices should be reviewed before payment, to ensure the proper amounts are being paid. For additional information:

Step 5: At step five, accounts payable sends payment to the vendor. This is when “the rubber meets the road,” so to speak. The unit either has the risk-mitigating protocols in place at steps 1-4 to protect the University, or it doesn’t.

              How to reduce the risk?

  • Compliance – Follow the policies set forth in the Business Procedures Manual.
  • Fraud Classes – The University of Kentucky Internal Audit (UKIA) department conducts fraud seminars that go more in-depth about fraud prevention and detection.  If you are interested in attending one of the Fraud seminars offered by UKIA, log into your MyUK account and click on the learning tab to gain access to the next available fraud seminars.
  • Comply Line – UK’s anonymous tip line allows people to communicate suspicions of fraudulent activity without the fear of being connected to it.
  • Background Checks – Conduct background checks and reference checks of new hires to help prevent potential fraudsters from corrupting our workplace.

If you would like to receive news and information about current risks, fraud concerns and more, please subscribe to UKIA’s listserv by sending an e-mail to with the following text in the message body: subscribe INTERNALAUDIT-L.