Skip to main content
Industry:
Industry
22 Aug 2025

Fraud Resilience - Your Cornerstone in a “Perfect Storm”

Advanced manufacturing and automotive-adjacent industries are operating under sustained cost pressure, unstable supplier landscapes, and decentralized decision-making. This combination creates what forensic professionals refer to as a “perfect storm”—a set of conditions that reliably stretches internal controls to their breaking point.

Drawing on our investigations and fraud resilience assessments, we present two behavioral archetypes that frequently emerge under these pressures. Our aim is to help you understand what motivates internal fraud, identify key red flags, and give you a practical tool to evaluate your organization’s readiness. You’ll find a “quick & dirty” self-assessment checklist at the end to help you get started.

Behavior Archetype #1 – The Superman

A Tier-2 supplier shows signs of financial distress: late deliveries, requests for early payments, and a shrinking quality buffer. Sourcing cannot replace them quickly without risking a line stop. The plant controller—our “Superman”—decides to “buy time.”

He approves a tooling prepayment outside policy, routes two emergency purchase orders (POs) to a related “bridge” vendor with the same ultimate beneficial owner (UBO), and instructs the clerk to post a goods receipt (GR) on delivery of a partial fixture (or backdated to meet month-end) so that the three-way match (PO ↔ GR ↔ invoice) will authorize payment. He also splits an additional order into three smaller POs to stay below a dual-approval threshold.

The cash injection keeps the supplier afloat for a few weeks, and production continues. But then the Tier-2 files for insolvency. The prepayment is largely unsecured—there is no escrow, no performance bond, and no milestone-based evidence. The partially delivered tool cannot be capitalized, and the company records a direct financial loss.

  • Policy breach with intent: Deliberate use of exception paths (emergency POs, split buys, backdated GRs) to release cash to a distressed supplier.
  • Conflict risk: The “bridge” vendor had proximity (shared UBO or address) to the original supplier.
  • Asset risk: The tooling prepayment lacked defined milestones, acceptance protocol, or escrow, making recovery in insolvency unlikely.

This scenario is common when external pressures are high. The rationalizations often sound familiar:

  • “We had to meet the budget this quarter.”
  • “Market conditions are abnormal; finding a reliable alternative supplier takes months.”
  • “I only advanced payments we would have made anyway.”
  • Detect split POs: multiple POs to the same vendor within 7 days just under approval thresholds.
  • Flag prepayments with no linked milestones or no asset acceptance within 60–90 days.
  • Identify backdated GRs (GR date < invoice date < posting date near period end).
  • Screen for proximity: new or “bridge” vendors sharing address, phone, or UBO with distressed suppliers.

Behavior Archetype #2 – Exit Strategy

A category manager oversees a mid-size commodity involving frequent engineering changes. Over several months, he builds a vendor network that includes a new “specialty” supplier for urgent work and a small consulting firm for technical validations. The specialty vendor shares an address with a known subcontractor; the consulting firm is owned by a relative through an intermediary.

He routes spend through pilot orders and change orders, keeping each transaction below sourcing thresholds. Unit prices gradually increase through variation orders, justified as design tweaks. He also influences master data: creates vendors himself, assigns a generic industry code, and omits UBO details.

He is not formally resigning but talks about "market opportunities," accrues unused vacation, and rotates responsibilities so no single approver sees the full picture. When Internal Audit announces a thematic review, he transfers to another business unit and resigns weeks later. Losses surface after he’s gone.

  • Proximity/COI blind spot: Related-party connections between suppliers went undetected; no COI testing was triggered.
  • Purchase fragmentation: Repeated pilot and change orders avoided competitive tender and masked pricing trends.
  • Payment-term manipulation: Advance payments and short terms were added without additional review.
  • Master data weakness: Vendors were created via self-service, with missing UBOs and generic classification.
 

This behavior often appears in high-change environments with decentralized controls. The rationalizations:

  • “We needed a niche supplier for quick iterations.”
  • “Consulting was the fastest route for validation.”
  • “Everything cleared the system; the three-way match was valid.”
  • Proximity scan: New vendors sharing address/phone/UBO with employees, recent leavers, or existing suppliers; directors with prior ties ≤24 months.
  • Pilot/order clustering: Repeated orders below sourcing thresholds to the same vendor within 30–60 days.
  • Master data hygiene: Vendors created by the same user within 48 hours, with missing UBO, generic codes, or mail-drop addresses.

Quick & Dirty Self-Assessment Checklist

A fast way to evaluate whether your controls cover key pain points. If you answer "No" to any question below, that area may warrant further review or automation.

  1. Do we block new vendors with missing UBO, website, or industry code?
  2. Do we check for proximity (shared address, phone, UBO, or recent employment ties ≤24 months)?
  3. Do we prevent self-service vendor creation without maker–checker controls on bank details?
  1. Do approvers see 90-day PO context (count, spend, incident ID) at the point of approval?
  2. Do we auto-detect split POs (same vendor, 7–14 days apart, under approval thresholds)?
  3. Is our emergency PO rate kept below 1–2% per plant/quarter?
  1. Are prepayments blocked unless milestones + acceptance protocol are in place?
  2. Are they linked to an asset/work-order ID, with T+60/T+90 timers to verify completion?
  3. Do we flag “first invoice = prepayment” and hold further payments until evidence is submitted?
  1. Do we convert pilots to formal tenders after 2–3 orders or a set spend cap?
  2. Do we track single-bid rate by commodity, with sourcing-head review where needed?
  1. Do we flag unit-price jumps >10–15% without documented spec/volume change?
  2. Do manual journal entries (JEs) in the last 5 days that impact PPV require independent Finance co-approval?

Closing

Fraud resilience is the ability to operate under pressure without having to worry about people bending the rules. It’s built by identifying control seams where exceptions happen, connecting data across suppliers, payments, tenders, HR, and finance, and practicing what to do when red flags appear.

The two archetypes—the Superman and the Exit Strategist—will show up again in different forms. With targeted testing and clear response playbooks, your organization will spot them early and act before the damage is done.

If you're looking for a simple place to begin, take the Quick & Dirty Self-Assessment, choose 3–5 areas aligned with your pain points, and run them weekly for one month. Track hit rates, fine-tune thresholds, and—most importantly—most importantly - address the root cause each finding points you to. That’s how you move from one-off fixes to a system that truly protects your business.

Contact us

Tomáš Kafka

Tomáš Kafka

Partner
+420 732 402 826
Jakub Vojtíšek

Jakub Vojtíšek

FA Assistant Director
+420 739 313 447
Milan Kulhánek

Milan Kulhánek

Partner
+420 737 264 130