The Construction industry is known for having a long history of fraud perpetration due to processes and an operating environment that make it more susceptible to schemes than other industries. Over the past year, the COVID-19 pandemic has significantly increased opportunities and motivation for fraud to be committed in all businesses, specifically in the construction industry. Fortunately, contractors can implement and follow proven internal control procedures to help mitigate the risk of fraud from occurring, and to limit the size of potential thefts if committed.

Fraud Risks

According to the Association of Certified Fraud Examiners (ACFE) “Fraud in the Wake of COVID-19: Benchmarking Report” December 2020 Edition, 79% of survey respondents indicated they have seen an increase in the overall level of fraud, and 90% of survey respondents anticipate a further increase in the overall level of fraud in 2021. Additionally, this report indicated that preventing, detecting, and investigating fraud have become more difficult after COVID-19.

One of the reasons contractors are more vulnerable to fraud is the number of parties involved including vendors, subcontractors, and employees of various levels who can commit and conceal fraud. Employee levels can range from supervisors, foremen, project managers, to accounting/finance staff. Additionally, many contractors have smaller accounting departments, relative to other types of business, resulting in a lack of segregation of duties and fewer checks and balances Other contributing factors that make contractors vulnerable to fraud are remote job sites make it difficult to keep a careful watch over company assets and the ability to conceal theft and embezzlement through spreading out fraudulent costs over multiple contract jobs.

There are many common fraud-risks specific to the construction industry that are perpetrated, including:

  1. Embezzlement and fictitious vendors
  2. Payroll schemes, including ghost employees
  3. Vendor or Subcontractor kickbacks
  4. Theft of job-site materials
  5. Corruption (bribery, extortion, bid-rigging)
  6. Change order falsifications
  7. Cybersecurity and data theft

While many of these risks are pervasive to businesses in all industries, contractors are uniquely susceptible to fraud schemes involving kickbacks, job-site material theft, corruption, and change order falsifications.

What three factors must be present for fraud to be perpetrated?

  1. Motivation – Something must occur in an employee’s life that causes them to feel they need to obtain more money than they have access to through their normal salary or means.
  2. Rationalization – The potential fraudster must come to find an acceptable reason in their mind to commit fraud.
  3. Opportunity – There must be an opportunity for a potential fraudster to perpetrate a scheme.

In the post COVID-19 pandemic environment, motivation, rationalization, and opportunity for fraud have increased significantly. The only factor that a company can control is an opportunity to commit fraud, which is reduced through strong internal controls and creating an operating environment with a solid tone at the top with active oversight of financial results. It is much more cost beneficial to make an investment to prevent a fraud from occurring by taking away the opportunity or detecting it quickly, then to fall victim to a scheme that could take years to uncover.

What key internal controls can a contractor implement to prevent and detect fraud?

The principle foundation for strong internal controls is a system of adequate segregation of duties throughout the accounting and financial processes. There should be multiple employees involved in the responsibilities for authorizing transactions, recording transactions in the system, performing reconciliations, and access to cash funds or assets.

Some of the key areas that contractors should focus on internal controls and segregation of duties are:

  1. Customer billing, payment application, and receipts
  2. Disbursements to suppliers and subcontractors
  3. Payroll
  4. Job-site controls
  5. Bidding and change orders

Additionally, contractors should carefully review monthly financial results and closely monitor the jobs in progress schedule on a regular basis to identify any significant fraud that may be present. By focusing on these core processes and spreading out responsibilities to multiple employees, contractors can greatly limit the opportunities for fraud to be perpetrated and concealed by the same individual.

What are specific internal controls in each of the key areas of fraud concern for contractors?

Customer billing, payment application, and receipts

It seems basic, but reconciling billings and receivables should be performed by someone who does not have access to the incoming payments. Carefully review line items and quantities on payment applications for any irregularities. Monitor the jobs in progress schedules closely for significant overbillings or under-billings and investigate unusual items.

Disbursements to suppliers and subcontractors

Always obtain competitive bids for materials and subcontracts over a certain amount and have an employee other than the project manager review supplier and subcontractor invoices. Require dual signatures/approval on all checks or electronic funds transfers. Ensure the validity of payments on the front-end by pre-qualifying subcontractors, verifying subcontractor bonds with bonding agents and prohibiting payments to subcontractors unless surety bonds are on file. Also, watch out for lowest bids that are consistently awarded to the same subcontractor or supplier. Monitor the jobs in progress schedules closely for-profit fade to detect fictitious costs.


Keep a close eye out for duplicate payroll payments or fictitious employees on the payroll register and reconcile the W-2’s and payroll tax reports to the general ledger system. Also, perform occasional job site visits to compare employee headcount at the job site to time reports and payroll checks/direct deposits.

Job-site controls

Compare materials quantities purchased to the original bid. Reconcile purchase orders to job-site delivery tickets and invoices. Install security cameras to identify theft of materials. Track and monitor scrap sales of materials. Closely watch for profit fade on jobs.

Bidding and change orders

Establish an independent review of initial bid package and cost estimates by someone not involved in that job/project (i.e., cross check with another project manager). Monitor the bid-spreads on contract wins for any significant differences from competitor bids. For modifications to the scope of work, require signature on the change order before work begins. Compare the change order to the original contract schedule of values.

Implementing strategies in these key areas can help alleviate a contractor’s exposure to some of the most common fraud schemes.

Companies in the Construction industry can experience a disproportionate risk of fraud or theft because of their unique operating environment, long history of fraud perpetration in the industry, and newly evolving motivation and opportunity for fraud in a post COVID-19 environment. Taking the time and committing resources to prevent fraud from occurring will pay off dividends in the long run to protect your construction company from significant theft losses. Start by contacting a trusted advisor to perform an assessment of the effectiveness of your existing internal controls and recommend opportunities for improvements.

If you have questions about internal controls best practices for the construction industry or need assistance with a construction audit, LBMC can help.

Content provided by LBMC audit professional, Steve Thomason, CPA.