10 Red Flags in Government Tender Awards and How to Identify Them
An educational guide to the ten forensic flag types detected by Tenders-SA in procurement award data, explaining what each flag means, how to interpret it, and what further investigation may be warranted.
10 Red Flags in Government Tender Awards and How to Identify Them
Tenders-SA processes thousands of tender award records from government sources across South Africa. Among these records, patterns emerge that warrant closer examination. The platform's forensic analysis engine detects ten specific flag types, each targeting a different form of procurement risk. Understanding these flags is essential for anyone conducting supplier due diligence, procurement audits, or tender investigations.
This guide explains each flag type: what it detects, why it matters in the South African procurement context, how the algorithm identifies it, and what you should do when you encounter it.
Understanding the Severity Levels
Each flag is assigned a base severity: Low (5 points), Medium (15 points), High (25 points), or Critical (40 points). The severity is then adjusted by a recency multiplier: flags related to events within the last 90 days score at full weight, events between three and twelve months ago score at 0.8, events between one and two years ago score at 0.6, and events older than two years score at 0.4. This ensures the risk score reflects current conditions.
Flag 1: Deregistered Entity Still Receiving Awards
Severity: Critical
This flag detects companies that have a CIPC status of Deregistering or Dissolved but have received a tender award within the last twelve months. A company in the process of deregistration is legally incapable of entering into new contracts, and an award to such an entity represents a compliance failure in the procurement process.
The algorithm cross-references CIPC company status data against the award database, looking for award dates that fall after the company's status changed to deregistering or dissolved. This is one of the most critical flags because it signals a fundamental breakdown in supplier verification.
What to check: Verify the company's current CIPC status directly on the CIPC website. If the deregistration is confirmed, the award should be reported to the relevant Treasury office.
Flag 2: Poor Annual Return Compliance
Severity: High
This flag is triggered when a company's CIPC annual return compliance score falls below 40 out of 100. Regular annual return filing is a basic legal obligation for all registered companies. Persistent non-compliance may indicate broader administrative dysfunction or an intentional strategy of operating outside regulatory oversight.
The compliance score is calculated from the company's annual return filing history with CIPC. Each year of non-filing reduces the score, and companies that fail to file for three consecutive years face deregistration.
What to check: Review the annual return history on the company profile. Determine whether the filings are merely late or entirely absent. Contact the company to verify their compliance status before proceeding with any contractual relationship.
Flag 3: New Entrant Receiving Large Awards
Severity: High
This flag detects companies that received their first government award within 180 days of their CIPC registration date and for an amount exceeding R5 million. While newly registered companies can legitimately win contracts, the combination of very recent registration and a high-value award warrants verification of operational capacity.
The algorithm compares the company's registration date against the first award date and award value. Results are limited to the top 100 by award value.
What to check: Verify that the company has the operational capacity, staff, and financial standing to execute the contract. Check director backgrounds and the company's physical premises. Consider whether the award followed a competitive process.
Flag 4: Disqualified Director
Severity: Critical
Certain directors are disqualified by CIPC from holding office due to contraventions of the Companies Act, including involvement in business practices that defraud creditors or the state. This flag is triggered when a company has a director marked as isDisqualified in the CIPC director database.
This is a critical flag because a company with a disqualified director may be ineligible for government contracts, and the continued participation of such a director could expose the procuring entity to legal risk.
What to check: Verify the director's disqualification status with CIPC. If confirmed, determine whether the director has been removed from the company's management structure. Report the finding to the relevant procurement authority.
Flag 5: Multi-Company Director Overlap
Severity: Medium to Critical (depending on overlap count)
This flag detects when the same director appears across three or more companies that have won awards from the same buying organisation. This pattern can indicate fronting arrangements, where the same individual controls multiple bidding entities to circumvent procurement rotation or set-aside requirements.
The algorithm analyses the CIPC director-to-company links within a department or municipality's supplier base. The severity increases with the number of overlapping directors.
What to check: Map the director's full network using the Company Director Lookup tool at /tools/company-director-lookup. Determine whether the companies operate independently or share resources, premises, or bank accounts. Verify B-BBEE status across all entities to check for potential fronting.
Flag 6: Address Clusters
Severity: Medium
Multiple suppliers registered at the same physical address may indicate shell companies, shared back-office arrangements, or coordinated bidding structures. The address cluster flag detects groups of awarded suppliers that share the same registered address.
Addresses are normalised before comparison to reduce false positives from minor formatting differences.
What to check: Investigate whether the shared address represents a legitimate business hub or incubator, or whether it appears to be a shell address. Cross-reference with director networks to see if the address clustering correlates with director overlaps, which would strengthen the case for further investigation.
Flag 7: Threshold Proximity Clustering
Severity: High to Critical
Public procurement in South Africa operates with prescribed financial thresholds that determine the procurement method required. Awards just below these thresholds can indicate procurement splitting: deliberately dividing a contract into smaller portions to avoid higher-level approval or tender requirements.
The key thresholds are R500,000 (municipal quotation ceiling), R1 million (open tender requirement), R2 million (competitive tender), R10 million (board approval), and R50 million (executive approval). The algorithm uses SQL to detect clusters of three or more awards near each threshold level, considering the same buyer-supplier combination.
What to check: Review the clustered awards to determine whether they represent genuinely separate contracts or a single project artificially divided. Check contract descriptions and timelines for evidence of splitting. Threshold proximity flags are among the strongest indicators of procurement irregularity and warrant escalation to the relevant Treasury supply chain management office.
Flag 8: Dormant Company Activation
Severity: Medium
A dormant company that has filed no annual returns for three or more years and suddenly wins a contract worth over R1 million may indicate the activation of a shelf company for procurement purposes. This pattern is particularly concerning if the company shows no other recent business activity.
The algorithm cross-references the annual return filing gap against the award date and value.
What to check: Verify whether the company has legitimate recent operational activity beyond the government award. Check director and shareholder changes around the time of the award. Assess whether the company has the capacity to deliver on the contract.
Flag 9: Post-Award Director Resignation
Severity: High
When a director resigns within 90 days of their company receiving a large contract award (over R2 million), it may indicate an exit strategy after bid manipulation, disguised beneficial ownership, or the completion of a shell company life cycle.
The algorithm compares director resignation dates from CIPC against large award dates to identify resignations that occur suspiciously soon after a significant contract is secured.
What to check: Contact the buying organisation to enquire whether the key personnel represented in the bid evaluation remain with the company. Verify that the departing director has been properly replaced. Assess whether the resignation affects the company's ability to deliver.
Flag 10: OCPO Restricted Supplier
Severity: Critical (active restriction)
The National Treasury's OCPO publishes a restricted supplier list of companies and individuals prohibited from doing business with the state. This flag is triggered when a supplier on the restricted list is matched to an award record. The flag also incorporates the World Bank and AfDB cross-debarment lists.
The system uses company name normalisation and fuzzy matching (pg_trgm with a 0.7 threshold) to match restricted supplier entries against the award database. A date-aware overlay distinguishes between restricted-during-award (the strongest signal), currently restricted (active but no award overlap), and restriction-history (expired).
What to check: Review the restriction details including the restriction reason, period, and authorising body. Determine whether any awards fall within the restriction period. If so, this represents a serious procurement compliance failure that should be reported to the relevant Treasury office.
How to Use These Flags in Practice
Individual flags should not be treated as conclusive evidence of wrongdoing. Their value increases when multiple flags appear on the same supplier profile, creating a pattern of concern. A supplier that appears on the restricted list (Flag 10), has a deregistered entity status (Flag 1), and shows threshold-clustered awards (Flag 7) presents a stronger case for investigation than a supplier with a single low-severity flag.
All flagged findings should be verified against the original source data (CIPC registry, OCPO list, tender award notice) before any action is taken. The Forensic Analysis tool provides source references and data timestamps to support this verification.
Summary
The ten forensic flags cover the most common procurement risk patterns in South African government contracting: entity status failures, compliance failures, director-linked risks, address anomalies, threshold manipulation, dormant entity reactivation, and restricted supplier violations. Understanding what each flag detects, why it matters, and how to verify it is essential for effective use of the Forensic Analysis tool. Start investigating at /tools/forensic-analysis and use the restricted supplier browser at /tools/restricted-suppliers to cross-reference flagged suppliers.
Tags
Based on this article's topics, here are some current tenders that might interest you
FOR THE PROVISION OF A COMPREHENSIVE ECO-FRIENDLY CLEANING, HYGIENE AND PEST CONTROL SERVICE AT THE NEW OBSERVATORY FORENSIC PATHOLOGY INSTITUTE (OFPI) UNDER THE CONTROL OF THE DEPARTMENT OF HEALTH, WESTERN CAPE GOVERNMENT FOR A FIVE (5) YEAR PERIOD
Appointment of a Panel of Suppliers for the Provision of Ad Hoc Forensic Investigation Services
PANEL OF ATTORNEYS AND FORENSIC WORK FOR A PERIOD OF 36 MONTHS
Want to see all available tenders?
Browse All Tenders →Share this article
10 Red Flags in Government Tender Awards and How to Identify Them
An educational guide to the ten forensic flag types detected by Tenders-SA in procurement award data, explaining what each flag means, how to interpret it, and what further investigation may be warranted.