"Shell Game" in the June 2006 issue of Baseline offers a compelling set of case studies in which internal IT people sucked off hundreds of thousands — even millions — of dollars from their employers through procurement scams.
I bring this up because it could easily happen in your company too — if the person who approves the contracts for services is the same one doing the audits (or audits never actually happen). In several of the companies, an insider had set up a shell company that was supposed to provide goods and services, but never did. (In one rather amazing case — Buca Inc. — the shell company even operated within Buca’s corporate headquarters! Didn’t the 10 employees of the shell operation wonder how come they were never invited to the Buca holiday parties?!)
It’s good reading with some common sense advice, such as: If your $90,000-a-year IT manager drives a $50,000 BMW, that could be a clue that some skimming is going on.