Fraud Education

Common Fraud Schemes Explained: How to Recognize and Avoid Them

Common fraud schemes succeed because they exploit the Opportunity leg of the Fraud Triangle — specifically, weaknesses in internal controls. This page maps the most prevalent fraud schemes in Nigerian organizations to the 8 critical internal control gaps that make them possible, giving compliance officers and audit professionals an actionable framework for closing those gaps before they are exploited.

"Fraud schemes do not create opportunity. They find it — in the gaps that organizations have left open, often for years."
The Fraud Triangle identifies three conditions required for occupational fraud: Pressure, Rationalization, and Opportunity. Of these three, Opportunity is the only element that organizations can directly eliminate. Every common fraud scheme — from payroll manipulation to procurement fraud to financial statement falsification — succeeds by exploiting a specific internal control weakness. This page documents both the schemes and the 8 critical control gaps that enable them.

The Most Common Fraud Schemes in Nigerian Organizations

1. Procurement & Vendor Fraud

The highest-value fraud category in most organizations. Procurement fraud includes ghost vendors, bid rigging, overbilling, fictitious invoices, and kickback arrangements between employees and suppliers.

  • Ghost vendors: Fictitious supplier accounts created in the payment system; payments made to bank accounts controlled by insiders
  • Split purchasing: Large purchases split into smaller amounts just below authorization thresholds to avoid review
  • Kickback schemes: Employees direct contracts to favoured suppliers in exchange for personal payments

2. Payroll Fraud

Ghost employees, inflated salaries, unauthorized overtime, and continued payments to terminated employees. Payroll fraud accounts for approximately 14% of all occupational fraud cases globally (ACFE).

3. Expense Reimbursement Fraud

Fictitious expenses, inflated receipts, personal expenses claimed as business expenses, and duplicate expense submissions. Common across all levels of seniority — and frequently missed because individual amounts appear trivial.

4. Cash Theft & Skimming

Skimming — theft of cash before it is recorded in the books — is the most difficult asset misappropriation to detect because no accounting entry exists. It requires physical observation or statistical anomaly analysis to identify.

5. Financial Statement Fraud

Intentional misrepresentation of financial statements through fictitious revenues, understated liabilities, improper asset valuations, or concealed expenses. The least common but most financially devastating category, typically perpetrated by senior management under earnings pressure.

The 8 Internal Control Gaps That Enable Fraud
The Opportunity Leg of the Fraud Triangle
01
of 08
Process Design
No Segregation of Duties
Single-person control over entire transaction cycles
Risk
Segregation of duties requires that no single individual controls all phases of a transaction — initiation, authorization, custody, and recording. When one person handles all four, there is no independent check on their actions. This is the single most exploited control gap across all fraud categories.
In procurement: same officer raises purchase orders, selects vendor, approves payment, and reconciles the account
In payroll: HR creating, authorizing, and disbursing payroll without a second signatory creates a direct path to ghost employees
⚑ Red Flags
Same person initiates and approves payments
No secondary authorization on large transactions
Bank reconciliation done by the cashier
One officer has full system access across all modules
How to Fix It
Map all financial processes and identify single points of control
Implement dual authorization for all payments above a defined threshold
Restrict system access by role — not by trust or seniority
📊
ACFE: Lack of internal controls is the single most cited contributing factor in occupational fraud — present in over 30% of all cases reviewed globally.
02
of 08
Vendor Management
Weak Vendor Onboarding & Verification
Paying vendors that do not exist — or should not
Risk
Ghost vendor fraud occurs when fictitious supplier accounts are created and payments made to bank accounts controlled by insiders. Without robust onboarding, the organization cannot distinguish a real vendor from a fabricated one.
CAC verification is non-negotiable: every vendor verified against the Corporate Affairs Commission database before onboarding; registered business name must match bank account name
Related-party checks: vendors controlled by employees or their relatives represent serious conflict of interest and a common fraud vector
⚑ Red Flags
Vendor bank account matches an employee's personal account
Multiple vendors share the same phone number or address
Vendor added and paid within days, no documentation
No CAC certificate or TIN on file
How to Fix It
Formal vendor onboarding checklist: CAC docs, TIN, bank verification letter, references
Assign vendor onboarding to a team independent of procurement
Run periodic duplicate checks on vendor bank accounts across the entire master file
💡
In one engagement, we identified 11 ghost vendors in a mid-sized firm's payables ledger — all added by the same accounts payable officer over 2 years. Total exposure: over ₦80 million.
03
of 08
Authorization & Governance
Override Culture & Approval Bypass
When authority overrides process — controls become decoration
Risk
Override culture is culturally normalized in many Nigerian organizations. Senior executives routinely bypass procurement processes and approval thresholds. Fraudsters deliberately exploit this culture — using urgency or authority to trigger bypass behaviors.
⚑ Red Flags
Frequent emergency purchases outside the procurement process
Payments approved verbally with documentation added later
No consequence when approval thresholds are exceeded
System override logs never reviewed or acted upon
How to Fix It
Zero-tolerance policy for undocumented approvals regardless of seniority
ERP configured to log all overrides and alert the Audit Committee automatically
Emergency procurement protocol with 48-hour ratification requirement
04
of 08
Compliance Framework
AML/KYC Treated as a Checkbox
Policies that exist on paper but not in practice
Risk
A KYC form filed once at account opening and never reviewed again is not a compliance programme — it is a liability. Effective AML/KYC continuously monitors customer behaviour, flags anomalies, and updates risk profiles as circumstances change.
⚑ Red Flags
KYC documents not updated in over 12 months
No transaction monitoring thresholds defined or active
Staff cannot explain the STR reporting process
No designated AML Compliance Officer in practice
How to Fix It
Risk-based KYC review cycle: high-risk customers annually, medium-risk every 2 years
Automated transaction monitoring with defined thresholds and escalation paths
Mandatory AML/CFT training for all customer-facing and finance staff biannually
🏦
The CBN has issued significant regulatory sanctions for AML/KYC deficiencies — enforcement intensified following the FATF grey-listing of Nigeria in 2023.
05
of 08
Monitoring & Review
Absence of Regular Reconciliations
Unreconciled accounts are where fraud hides longest
Risk
When bank statements, ledger accounts, payroll registers, and stock records are not reconciled regularly, discrepancies accumulate — and so does fraud. The longer the reconciliation gap, the more time a fraudster has to cover their tracks.
⚑ Red Flags
Bank reconciliations prepared quarterly or less frequently
Long-outstanding reconciling items with no resolution
Reconciliations prepared but never reviewed by a supervisor
System records and physical counts consistently differ
How to Fix It
Mandatory monthly reconciliation schedule for all bank accounts and key ledgers
Supervisor sign-off on all reconciliations before month-end close
Escalation protocol for items unresolved after 15 days
06
of 08
Human Resources & Payroll
Ghost Employees & Payroll Manipulation
Payroll is among the highest-risk fraud areas in Nigerian organizations
Risk
Payroll fraud involves manipulating the payroll system to divert funds to fictitious employees, former employees not properly terminated, or inflated salary accounts. Particularly prevalent in public sector entities and large private organizations with weak HR-Finance coordination.
⚑ Red Flags
Payroll headcount does not match HR headcount
Multiple salaries paid to the same bank account
Salary payments continuing after documented resignation
Payroll changes made without HR authorization forms
How to Fix It
Headcount verification: match physical staff to payroll records at least twice yearly
Duplicate bank account report across the payroll master file monthly
All payroll changes initiated by HR and approved by Finance independently
👥
Payroll fraud accounts for approximately 14% of all occupational fraud cases globally. Ghost worker schemes have cost Nigerian public entities billions in documented losses.
07
of 08
IT & Systems Access
Poor Access Controls & Privileged User Abuse
System access given by trust — not by role
Risk
Many organizations assign system access based on seniority or convenience rather than job function. Staff often have read, write, and approval access across modules they have no business accessing — creating manipulation opportunity that leaves no physical paper trail.
⚑ Red Flags
Staff sharing login credentials for convenience
System activity logs never reviewed by management
Former staff accounts still active in the system
Admin-level access granted to non-IT staff
How to Fix It
Full user access review — document who has access to what and why
Role-based access control (RBAC) across all financial systems
Offboarding checklist that includes immediate system account deactivation
08
of 08
Culture & Reporting
No Whistleblower Framework
Most fraud is first detected by a tip — not an audit
Risk
Tips are the number one fraud detection method — over 40% of all cases (ACFE). Yet most Nigerian organizations have no formal, confidential reporting mechanism. Without this channel, fraud continues until losses become impossible to ignore.
⚑ Red Flags
No formal ethics or reporting policy in the staff handbook
Reports go directly to a manager involved in the issue
Staff unaware of how or where to report concerns
Previous reporters faced visible negative consequences
How to Fix It
Anonymous reporting hotline managed by an independent party
Formal non-retaliation policy with board-level backing
Annual ethics and fraud awareness training for all staff
📢
Organizations with formal whistleblower programmes detect fraud 50% faster and suffer significantly smaller losses than those without one (ACFE).

Key Takeaway

Every fraud scheme on this page succeeded because an internal control was absent, poorly designed, or not enforced. The Opportunity leg of the Fraud Triangle is the only element entirely within management's control. Close the 8 gaps documented here and you eliminate the most exploitable weaknesses in your organization's fraud defences.

Read: How Fraudsters Operate →