"Fraud schemes do not create opportunity. They find it — in the gaps that organizations have left open, often for years."
The Fraud Triangle identifies three conditions required for occupational fraud: Pressure, Rationalization, and Opportunity. Of these three, Opportunity is the only element that organizations can directly eliminate. Every common fraud scheme — from payroll manipulation to procurement fraud to financial statement falsification — succeeds by exploiting a specific internal control weakness. This page documents both the schemes and the 8 critical control gaps that enable them.
The Most Common Fraud Schemes in Nigerian Organizations
1. Procurement & Vendor Fraud
The highest-value fraud category in most organizations. Procurement fraud includes ghost vendors, bid rigging, overbilling, fictitious invoices, and kickback arrangements between employees and suppliers.
- Ghost vendors: Fictitious supplier accounts created in the payment system; payments made to bank accounts controlled by insiders
- Split purchasing: Large purchases split into smaller amounts just below authorization thresholds to avoid review
- Kickback schemes: Employees direct contracts to favoured suppliers in exchange for personal payments
2. Payroll Fraud
Ghost employees, inflated salaries, unauthorized overtime, and continued payments to terminated employees. Payroll fraud accounts for approximately 14% of all occupational fraud cases globally (ACFE).
3. Expense Reimbursement Fraud
Fictitious expenses, inflated receipts, personal expenses claimed as business expenses, and duplicate expense submissions. Common across all levels of seniority — and frequently missed because individual amounts appear trivial.
4. Cash Theft & Skimming
Skimming — theft of cash before it is recorded in the books — is the most difficult asset misappropriation to detect because no accounting entry exists. It requires physical observation or statistical anomaly analysis to identify.
5. Financial Statement Fraud
Intentional misrepresentation of financial statements through fictitious revenues, understated liabilities, improper asset valuations, or concealed expenses. The least common but most financially devastating category, typically perpetrated by senior management under earnings pressure.
The 8 Internal Control Gaps That Enable Fraud
The Opportunity Leg of the Fraud Triangle
Segregation of duties requires that no single individual controls all phases of a transaction — initiation, authorization, custody, and recording. When one person handles all four, there is no independent check on their actions. This is the single most exploited control gap across all fraud categories.
In procurement: same officer raises purchase orders, selects vendor, approves payment, and reconciles the account
In payroll: HR creating, authorizing, and disbursing payroll without a second signatory creates a direct path to ghost employees
⚑ Red Flags
→Same person initiates and approves payments
→No secondary authorization on large transactions
→Bank reconciliation done by the cashier
→One officer has full system access across all modules
How to Fix It
✓Map all financial processes and identify single points of control
✓Implement dual authorization for all payments above a defined threshold
✓Restrict system access by role — not by trust or seniority
📊
ACFE: Lack of internal controls is the single most cited contributing factor in occupational fraud — present in over 30% of all cases reviewed globally.
Ghost vendor fraud occurs when fictitious supplier accounts are created and payments made to bank accounts controlled by insiders. Without robust onboarding, the organization cannot distinguish a real vendor from a fabricated one.
CAC verification is non-negotiable: every vendor verified against the Corporate Affairs Commission database before onboarding; registered business name must match bank account name
Related-party checks: vendors controlled by employees or their relatives represent serious conflict of interest and a common fraud vector
⚑ Red Flags
→Vendor bank account matches an employee's personal account
→Multiple vendors share the same phone number or address
→Vendor added and paid within days, no documentation
→No CAC certificate or TIN on file
How to Fix It
✓Formal vendor onboarding checklist: CAC docs, TIN, bank verification letter, references
✓Assign vendor onboarding to a team independent of procurement
✓Run periodic duplicate checks on vendor bank accounts across the entire master file
💡
In one engagement, we identified 11 ghost vendors in a mid-sized firm's payables ledger — all added by the same accounts payable officer over 2 years. Total exposure: over ₦80 million.
Override culture is culturally normalized in many Nigerian organizations. Senior executives routinely bypass procurement processes and approval thresholds. Fraudsters deliberately exploit this culture — using urgency or authority to trigger bypass behaviors.
⚑ Red Flags
→Frequent emergency purchases outside the procurement process
→Payments approved verbally with documentation added later
→No consequence when approval thresholds are exceeded
→System override logs never reviewed or acted upon
How to Fix It
✓Zero-tolerance policy for undocumented approvals regardless of seniority
✓ERP configured to log all overrides and alert the Audit Committee automatically
✓Emergency procurement protocol with 48-hour ratification requirement
A KYC form filed once at account opening and never reviewed again is not a compliance programme — it is a liability. Effective AML/KYC continuously monitors customer behaviour, flags anomalies, and updates risk profiles as circumstances change.
⚑ Red Flags
→KYC documents not updated in over 12 months
→No transaction monitoring thresholds defined or active
→Staff cannot explain the STR reporting process
→No designated AML Compliance Officer in practice
How to Fix It
✓Risk-based KYC review cycle: high-risk customers annually, medium-risk every 2 years
✓Automated transaction monitoring with defined thresholds and escalation paths
✓Mandatory AML/CFT training for all customer-facing and finance staff biannually
🏦
The CBN has issued significant regulatory sanctions for AML/KYC deficiencies — enforcement intensified following the FATF grey-listing of Nigeria in 2023.
When bank statements, ledger accounts, payroll registers, and stock records are not reconciled regularly, discrepancies accumulate — and so does fraud. The longer the reconciliation gap, the more time a fraudster has to cover their tracks.
⚑ Red Flags
→Bank reconciliations prepared quarterly or less frequently
→Long-outstanding reconciling items with no resolution
→Reconciliations prepared but never reviewed by a supervisor
→System records and physical counts consistently differ
How to Fix It
✓Mandatory monthly reconciliation schedule for all bank accounts and key ledgers
✓Supervisor sign-off on all reconciliations before month-end close
✓Escalation protocol for items unresolved after 15 days
Payroll fraud involves manipulating the payroll system to divert funds to fictitious employees, former employees not properly terminated, or inflated salary accounts. Particularly prevalent in public sector entities and large private organizations with weak HR-Finance coordination.
⚑ Red Flags
→Payroll headcount does not match HR headcount
→Multiple salaries paid to the same bank account
→Salary payments continuing after documented resignation
→Payroll changes made without HR authorization forms
How to Fix It
✓Headcount verification: match physical staff to payroll records at least twice yearly
✓Duplicate bank account report across the payroll master file monthly
✓All payroll changes initiated by HR and approved by Finance independently
👥
Payroll fraud accounts for approximately 14% of all occupational fraud cases globally. Ghost worker schemes have cost Nigerian public entities billions in documented losses.
Many organizations assign system access based on seniority or convenience rather than job function. Staff often have read, write, and approval access across modules they have no business accessing — creating manipulation opportunity that leaves no physical paper trail.
⚑ Red Flags
→Staff sharing login credentials for convenience
→System activity logs never reviewed by management
→Former staff accounts still active in the system
→Admin-level access granted to non-IT staff
How to Fix It
✓Full user access review — document who has access to what and why
✓Role-based access control (RBAC) across all financial systems
✓Offboarding checklist that includes immediate system account deactivation
Tips are the number one fraud detection method — over 40% of all cases (ACFE). Yet most Nigerian organizations have no formal, confidential reporting mechanism. Without this channel, fraud continues until losses become impossible to ignore.
⚑ Red Flags
→No formal ethics or reporting policy in the staff handbook
→Reports go directly to a manager involved in the issue
→Staff unaware of how or where to report concerns
→Previous reporters faced visible negative consequences
How to Fix It
✓Anonymous reporting hotline managed by an independent party
✓Formal non-retaliation policy with board-level backing
✓Annual ethics and fraud awareness training for all staff
📢
Organizations with formal whistleblower programmes detect fraud 50% faster and suffer significantly smaller losses than those without one (ACFE).
Key Takeaway
Every fraud scheme on this page succeeded because an internal control was absent, poorly designed, or not enforced. The Opportunity leg of the Fraud Triangle is the only element entirely within management's control. Close the 8 gaps documented here and you eliminate the most exploitable weaknesses in your organization's fraud defences.
Read: How Fraudsters Operate →