Today, information technology (IT) procurement covers everything from software licenses and cloud services to hardware, cybersecurity tools, managed services, and long‑term support contracts. These arrangements are frequently highly technical, structured in ways that are difficult for non‑specialists to challenge, and renewed year after year with limited review. This combination makes it easier for issues to go unnoticed and allows problematic practices to become embedded over time.
As technology spend becomes more central to business strategy, the risks of misconduct around these decisions have also become more subtle and complex. For risk officers, audit committees, internal audit leaders, and compliance teams, IT procurement often does not get the scrutiny it deserves. What appears to be a straightforward technology purchase can involve inflated costs, biased vendor choices, weak approval processes, or improper benefits masked as normal commercial terms.
Why Is IT Procurement Especially Vulnerable?
IT procurement is not like most other spending categories. Buyers often depend on a small group of technical specialists to define requirements, assess vendors, and justify pricing. Contracts themselves can be layered and complex, bundling licenses, implementation support, training, maintenance, upgrades, and automatic renewals into a single arrangement. In practice, this means a single deal can mix genuine business needs with opportunities for misuse that are easy to overlook.
In investigations, three risk factors show up repeatedly.
- First is information asymmetry, only a handful of people truly understand the technical specifications.
- Second is recurring spending, where inflated costs are spread over time and attract less scrutiny.
- Third is vendor lock‑in, where systems become so embedded that meaningful competition becomes difficult.
These conditions are not isolated to any one region; they are seen globally, including in India, across both public and private sector organizations.
Known Patterns and What Issues Commonly Show
Public enforcement actions over the years point to a recurring set of issues in technology procurement. The specifics differ, but the underlying patterns are strikingly consistent, improper payments channeled through intermediaries, tender requirements shaped to favor select vendors, inflated service or support arrangements, and benefits provided to key decisionmakers outside the four corners of the contract. The parties involved may change, but the methods rarely do.
In one case, a large organization awarded a contract to a technically inferior vendor after key decisionmakers received travel, hospitality, and assurances of future employment. In another, a major infrastructure initiative continued to pay duplicate license and maintenance fees for systems that were only partially implemented. In a third, payments were routed through third‑party entities that contributed little commercial value but helped obscure the flow of improper benefits.
How Corruption Usually Works
| Stage | Key Risks/Issues | Control Weakness Indicators |
| 1. Specify Need | – Requirements written too narrowly – Tailored specifications favouring specific vendors | – Specifications influenced by a small group – Limited transparency in requirement setting |
| 2. Select Vendor | – Conflicts of interest – Weak due diligence – Favored or biased bidding | – Undisclosed relationships – Inadequate vendor vetting process |
| 3. Contract | – Inflated pricing – Excess/unused licenses – Bundled or unnecessary services | – Phantom or padded services – Difficult benchmarking of pricing |
| 4. Implement | – Frequent change orders – Unnecessary upgrades – Inflated support costs | – Third-party kickbacks – Lack of validation of service delivery |
| 5. Renew | – Autorenewals without challenge – Poor usage review – Price escalation over time | – Entrenched vendors – High switching costs (vendor lock-in) – Long-term contracts rarely reassessed |
Improper benefits are rarely paid as clear‑cut cash bribes. More often, they are embedded in seemingly legitimate arrangements, such as consulting fees, reseller commissions, inflated training or support contracts, luxury travel, gifts extended to family members, off‑policy discounts, or assurances of future roles. The goal is straightforward: Influence the commercial decision while ensuring the benefit appears routine and defensible.
Traditional Risks and New Risks as Technology Evolves
Traditional corruption risks in IT procurement have not gone away. They have evolved alongside cloud services, software as a service (SaaS) models, managed platforms, and AI‑driven purchasing. While the delivery models have changed, the underlying incentives and the behaviors they can do remain largely the same.
| Traditional Risk Areas | Emerging Risk Areas |
| Excess hardware purchasesUnclear maintenance contractsInflated long-term licensesSingle-vendor specifications | Cloud over-commitmentSaaS subscriptions with little usage reviewAI claims that few can independently testBundled ecosystems that increase lock-in |
Who Benefits and Why Do These Schemes Persist?
The benefits rarely flow to just one party. Internal decision‑makers may gain influence, financial rewards, gifts, or future career opportunities. Vendors secure access, revenue, and comfort around renewals. Intermediaries earn fees by making these relationships appear routine and compliant. These arrangements tend to persist because everyone involved receives something of value, while the organization bears the cost, often spread across budgets that are no longer closely examined.
What Can Organizations Do Now?
Effective controls do not need to be complex, but they do need to be applied consistently. Strong governance starts with clear separation of responsibilities distinguishing who defines the requirement, who evaluates vendors, who approves the contract, and who authorizes payment. It also depends on more rigorous vendor due diligence, clearer justification for commercial decisions, and regular checks to ensure the organization is paying only for what it uses.
A Final Thought
Corruption in IT procurement rarely announces itself early. It tends to sit quietly within complexity hidden in renewals, technical terminology, and long‑standing vendor relationships. Over time, however, the consequences can be significant, ranging from financial leakage and regulatory exposure to weakened controls and erosion of trust.
As technology budgets continue to grow, governance needs to keep pace. For boards, audit committees, and risk leaders, the question is no longer whether this risk exists, but whether their organizations have sufficient visibility to manage it effectively. This is the point at which action becomes necessary.
How Ankura Can Help
Ankura supports organizations in managing IT procurement risk across the full lifecycle — from prevention and early risk detection through investigation, remediation, and control enhancement. Our work brings together forensic investigation capabilities, financial crime expertise, data analytics, vendor due diligence, and practical risk advisories to help organizations understand what happened, why it happened, and how to reduce the likelihood of recurrence.
Our support typically spans four interconnected areas:
Investigate
Examine decision‑making, financial flows, and third‑party involvement to identify how outcomes were influenced.
Assess
Review contracts, pricing structures, approvals, and deviations to assess whether commercial terms were justified and properly governed.
Audit
Assess technology spend against deployment and operational reality to identify inefficiencies, gaps, or compliance concerns.
Strengthen
Enhance controls, vendor governance, approval frameworks, and oversight to address root causes — not just symptoms.
As part of broader IT procurement reviews, Ankura also helps organizations identify recurring risk signals such as:
- Automatic renewals proceeding without challenge
- Price escalation absorbed over time
- Vendor entrenchment reducing competition and transparency
Addressing these issues early helps contain cost, strengthen governance, and reduce the risk of future misconduct.
© Copyright 2026. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC, its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
