A recent audit report from the U.S. Department of Health and Human Services Inspector General disclosed that the agency “did not award a $529 million sole source contract in accordance with Federal requirements, and that other, more qualified contractors may have been available to perform the duties of the contract at a lower cost to the Government.”

Admittedly, the circumstances under which the contract was awarded were extraordinary. In 2021, with an unprecedented number of unaccompanied alien children arriving at the U.S. southern border, The IG reported that the HHS Administration for Children and Families (ACF) awarded a contract to operate an emergency intake site. The audit concluded that the need for intake site had been anticipated by the agency for several months, and that officials awarded the sole source contract 3 days after receiving an unsolicited proposal from the vendor.

The audit report also concluded that ACF could not provide documentation that it conducted a price analysis before awarding the contract to show the vendor’s price was fair and reasonable. It also reported that ACF’s price analysis, completed 3 months after contract was awarded, showed that the $529 million was more than double what it should have been.

Setting aside the politically charged issues of border enforcement and immigration and timing of the report, it highlights yet another example of the perils of sole source contracting – something I have dealt with many times in my audit career.

There is a tendency to assume that sole source contracting involves fraud, but that’s rarely the case. Instead, it’s often circumvention of controls for expediency. I have led many audits and investigations where the first clue was not a fraud hotline tip. It was a contract file. Sole sourcing is sometimes justified. Emergencies happen. Unique expertise exists. But I have learned this simple truth. When competition disappears, risk increases and resources are often wasted.

Internal auditors should not assume wrongdoing. We should assume exposure. Your role is to test whether the decision to award a contract on a sole source basis was legitimate, documented, and controlled.

Here are the warning signs I look for when a contract has been awarded on a sole source basis:

1. Weak or Generic Justification for Award

If the explanation could apply to almost any vendor, you have a problem.

Watch for:

• Vague statements such as “only vendor capable” with no technical analysis
• No market research or vendor comparison in the file
• Copy and paste justifications across multiple contracts
• A justification written after the contract was already signed
• Emergency declarations for non-urgent services

Practical test:
Ask the business owner to identify two other vendors who could have provided the service. If they struggle, the organization likely did not perform due diligence.

2. Repeated Use of the Same Vendor

One sole source can be reasonable. A pattern rarely is. Watch for:

• The same vendor receiving multiple sole source contracts across departments
• Contracts renewed year after year without re-evaluation
• Sequential contracts each just under competitive bidding thresholds
• Work scopes expanding beyond the original purpose

This is a classic control circumvention technique. Instead of one large contract requiring competition, management breaks it into smaller ones.

3. Specifications Written Around a Specific Vendor

This is one of the most reliable indicators of procurement manipulation. Watch for:

• Technical specifications that match a vendor’s marketing brochure
• Brand names embedded in requirements
• Proprietary features required without justification
• The vendor helping draft the statement of work

If a vendor helped write the requirements, the competition has already been compromised.

4. Last Minute Procurement Pressure

Fraud and waste thrive on urgency. Watch for:

• Procurement receiving requests days before services must begin
• Claims that “operations will shut down” without documentation
• Management bypassing normal review or legal approval
• Repeated emergency purchases by the same department

Urgency is often manufactured to eliminate oversight.

5. Pricing Red Flags

Without competition, price becomes a major exposure. Watch for:

• No independent cost estimate
• No price negotiation documentation
• Rates significantly above market benchmarks
• Large upfront payments
• High change orders shortly after award

One pattern I often see is this. The initial contract looks reasonable. The profit appears in the amendments.

6. Conflicts of Interest

This is where internal audit must be especially alert. Watch for:

• Personal relationships between the vendor and employees
• Former employees hired by the vendor immediately before the award
• Undisclosed outside employment
• Vendors located near an employee’s residence
• Vendor using a personal email domain

A simple vendor address search has uncovered more issues than some complex analytics projects.

7. Contract Management Weaknesses

Improper sole sourcing often shows up after the contract is signed. Watch for:

• No performance metrics in the contract
• Invoices approved without evidence of services delivered
• Time and materials billing without time records
• Deliverables accepted by the same person who requested the vendor
• No periodic vendor performance reviews

When oversight is weak, abuse becomes easy.

8. Vendor Behavior That Avoids Scrutiny

Vendors involved in questionable arrangements often behave differently. Watch for:

• Resistance to audits or site visits
• Requests to communicate outside official channels
• Invoices lacking detail
• Rapid increases in scope after engagement
• Reluctance to provide supporting documentation

Good vendors welcome transparency.

Using AI to Mitigate the Perils of Sole Sourcing

Artificial intelligence now gives internal auditors and management a powerful advantage in identifying and evaluating sole source contracts.

Instead of waiting for a complaint or conducting periodic sampling, auditors can continuously monitor procurement activity. AI tools can scan contracts and justification memos to identify copied language, analyze purchasing data to flag vendor concentration patterns, detect sequential contracts just below approval thresholds, and compare pricing against internal and external benchmarks.

Statements of work can be reviewed by AI to identify specifications written around a specific supplier, and anomaly detection models can highlight unusual change orders, billing patterns, or emergency declarations. Used properly, AI does not replace professional judgment. It directs your attention. It helps you find the transactions most likely to expose control circumvention before they become fraud investigations or public headlines.

Sole sourcing does not automatically mean misconduct. But in my experience, a disproportionate share of procurement fraud cases involves irregularities in contract awards. If internal auditors keep their antennas up, they have a better chance of detecting issues early, before they become reputational events.