The Fraud Prevention Team talks about fraud risk vulnerability in NHS purchase order spend and the introduces the national exercise that focused on reducing the vulnerability

As previously reported in Preventing procurement fraud in the NHS: Findings from a national proactive exercise procurement fraud has been and remains an issue of concern across the whole of the NHS. Despite it being a huge area of spend and activity and crossing all sectors of the NHS, there is still a low level of fraud reporting. This has been the driver for NHSCFA making procurement fraud prevention a priority. NHSCFA estimated the financial loss to fraud, wastage and error from procurement and commissioning budgets to be approximately £300.4 million for the 2019/20 financial year.

In May 2019, NHSCFA launched a three-part NPE directed at building a more accurate understanding of procurement fraud FVE, and tackling fraud risk vulnerabilities within NHS procurement systems, informed by an earlier sample pilot exercise. By asking NHS organisations to undertake local proactive activity we sought to improve NHSCFA’s understanding of procurement fraud risk vulnerabilities. The NPE measured three procurement fraud risk areas (disaggregate spend, contract management, and PO vs non-PO spend) and identified approximately £6.06 billion of potentially vulnerable spend.

Phases 1 and 2 of the NPE were successfully completed, and baseline figures for the three areas of fraud risk vulnerabilities were obtained. Due to the advent of Covid-19 and the impact to the NHS, phase 3 was delayed from 2020 and resumed in 2021. The findings of phases 1 and 2 were reported in Preventing procurement fraud in the NHS and issued to the sector in 2021.

Phase 3 obtained comparable information solely focused on PO spend activity. The other two areas of disaggregate spend and contract management areas were excluded due to the unforeseen impact of Covid-19 on NHS procurement activities.

This report presents the analysis of the completed exercise to examine fraud risk vulnerability within NHS PO spend and identifies savings for NHS provider organisations (referred to as NHS organisations throughout this report).


The baseline dataset was designed to improve NHSCFA’s intelligence and understanding of fraud risk vulnerabilities within NHS procurement systems.

What is the PO fraud risk?

The risk of fraud in the procurement process is significantly heightened when purchasing activity does not follow the organisation’s pre-established procurement protocols and policies. Risk of fraud is mitigated when organisations use established control mechanisms such as their P2P / PO system.

Where non-PO spend occurs, an organisation is exposed to a far greater risk of fraud in the procurement process. Spend via the organisation’s pre-established procurement route (i.e., the P2P / PO system) acts as a deterrent and mechanism to preventing fraud.

What data did NHSCFA collect?

For the 2019 data collection during phase 1 of the national exercise, each NHS organisation was asked to identify, by quarter, the following information sets, broken down by different spend types (the NHS-eClass system was used to classify spend):

  • All spend by spend type
  • Spend that did not link to a purchase order, by spend type

The data collection for the 2018-19 financial year acts as the baseline dataset, and the data collection for 2019-20 acts as the comparable dataset. These two datasets were collected to analyse the level of non-PO spend present in each NHS organisation and the impact of NHSCFA-led fraud prevention activity. We requested data to be broken down by the NHS-eClass system so that comparisons could be drawn between different spend types.

Phase 1 of the NPE demonstrated positive participation, achieving an 81% return rate from NHS organisations which in turn provided substantial basis for analysis work undertaken to establish the baseline indicator.

The success of phase 1 and positive engagement encouraged a 10% increase in response rate (91%) of participating NHS organisation in the comparison dataset exercise (2019 – 2020) for phase 3 of the project.

Help us improve

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!