On a Tuesday morning in March 2024, a procurement officer at a mid-sized local manufacturing company approved what looked like a routine payment to a long-time supplier of spare parts. The supplier had been with the company for over 12 years. Their trucks were a regular sight at the plant gates in Namanve. On paper, the relationship was solid, predictable, and “trustworthy.”
Two weeks later, the company’s finance manager noticed something odd: the same supplier had invoiced for an unusually high quantity of industrial bearings, all marked as “urgent replacements” for a breakdown that never happened. The amount? UGX 480 million. The finance manager raised a cautious eyebrow but signed off. After all, the procurement team vouched for it.
What the company didn’t know was that this “routine” transaction was the final stage of a meticulously orchestrated fraud scheme that had been unfolding for months, not by outsiders, but with the willing hands of insiders.
Summit Consulting Ltd was brought in after the company’s board received an anonymous whistleblower email. The subject line was only three words: “Check your suppliers.”
The invisible war inside the company
By the time our investigation team arrived, the company’s leadership was split into two camps. One believed this was a supplier’s deception, a classic case of overbilling. The other suspected something darker: internal collusion.
This tension was palpable in the boardroom when I first met them. You could tell who was on which side by their body language. Procurement heads leaned forward aggressively, defending their processes. Finance people sat stiff, arms crossed, as if they’d been forced to attend a court hearing.
As a fraud investigator, I’ve learned that fraud thrives where relationships blur the line between professional and personal trust. And here, that line was so faint it was practically invisible.
How the scheme was engineered
- a) The entry point
Suspect 1, a mid-level procurement officer, had been employed by the company for eight years. A quiet man, often described by colleagues as “the guy who never talks in meetings,” he was the perfect camouflage. His link to the supplier went beyond work. He grew up in the same village as the supplier’s operations manager, Suspect 2. Their families had shared meals, funerals, and even loan guarantees.
In late 2023, Suspect 2 approached Suspect 1 with an idea: create “ghost orders” for spare parts, mark them as urgent, and get them paid before anyone could question the need. In return, Suspect 1 would get a cut, discreetly handed over in cash after payment cleared.
- b) The paperwork game
The fraud relied on manipulating the company’s procurement system. Every purchase request had to be justified with a “Breakdown Report” signed by maintenance. Suspect 1 convinced a junior maintenance supervisor, Suspect 3, to sign off on fake reports in exchange for a smaller payout. These reports listed machinery breakdowns in jargon so technical that most finance staff wouldn’t dare challenge them.
- c) Moving the money
Once invoices were approved, payments were made directly to the supplier’s bank account. This was the legitimate part, but the supplier’s accounts officer would then withdraw large sums in cash over several days, breaking them into amounts under UGX 20 million to avoid triggering bank reporting thresholds.
From there, the cash moved through Uganda’s informal transport network. Motorbike couriers (“boda riders”) collected envelopes from the supplier’s office and delivered them to Suspect 1 in parking lots near supermarkets in Kyaliwajjala. Suspect 1 would then meet Suspect 3 and pass on their share.
Occasionally, to speed things up, mobile money was used, but never in amounts over UGX 5 million per transaction, and always sent through numbers registered in other people’s names.
The red flags the auditor caught
The scheme might have continued indefinitely if not for one anomaly spotted by the external auditor. While reviewing supplier payments, the auditor noticed that the “urgent” spare parts orders for bearings all fell on Fridays, and often in the last week of the month.
Digging deeper, they found that the quantities ordered were inconsistent with the plant’s production volume. Bearings of that size typically lasted 12 months, yet some were being “replaced” every two months.
The auditor quietly flagged this to the board chair, who immediately engaged Summit Consulting Ltd for a discreet investigation.
Our team began with supplier payment data from the past three years. Within days, patterns emerged. The suspicious invoices all originated from a narrow set of purchase request numbers, and all bore the digital signature of Suspect 1.
Next, we visited the supplier under the guise of conducting a “vendor performance review.” Their delivery records were sloppy, deliberately so. But we found GPS data from their delivery trucks showing no actual trips to the plant on the dates of the alleged urgent deliveries.
We then traced the cash withdrawals from the supplier’s bank. The timing matched exactly with payments from the manufacturing company. CCTV footage from the bank branch in Mukono captured the supplier’s accounts officer withdrawing the money, often accompanied by Suspect 2.
The final piece came from mobile money transaction logs. One phone number, registered in a woman’s name from Mbale, repeatedly received UGX 4.9 million in the days following these withdrawals. That number, we discovered, belonged to Suspect 1’s live-in girlfriend.
The internal controls that failed
The company’s internal controls were not just weak; they were actively bypassed through collusion.
- Segregation of duties was compromised. Suspect 1 could both initiate purchase requests and approve them when the supervisor was “away.”
- Supplier vetting was cosmetic. Long-standing relationships were never re-evaluated, creating a comfort zone ripe for exploitation.
- Maintenance reporting relied on a single signature with no technical verification.
- Payment verification assumed that approved purchase orders were genuine; no one cross-checked with actual delivery records.
By the time the dust settled, the total confirmed loss was UGX 1.28 billion. Recovery efforts are ongoing, but as in many Ugandan fraud cases, much of the money has likely been spent on plots of land in rural districts, luxury goods, and debt repayments.
The board has since suspended all three suspects, terminated the supplier contract, and introduced new controls, including GPS-verified delivery logs, mandatory dual approvals for urgent purchases, and quarterly supplier audits.
What we learn from this is that your weakest link is often not a hacker in a foreign country, but the supplier you’ve trusted for years, and the employees who guard that trust.
