Red Flags In The Vendor File: What Supervisors Must Notice Before Signing Off?

May 26, 2026

A city audit found that former Austin Energy facility service specialist, Mark Ybarra, routed about $980,000 in public funds to fictitious vendors over a six-year period ending in 2023.

Ybarra had a city purchasing card to pay legitimate vendors for maintenance work but allegedly created at least 30 fake vendor accounts. Some were linked to his own or his relatives' addresses and emails. He submitted invoices for services such as debris removal and window cleaning that auditors could not verify.

Only eight of the payees were registered city vendors, and many invoices lacked basic contact information. However, supervisors approved the transactions and did not act on multiple red flags until a new manager questioned $80,000 in card charges made between April and July 2023.

Ybarra resigned when asked for supporting details and was later indicted on a felony theft charge. His wife, also a city employee, faces charges for refusing to cooperate in the investigation.

Austin Energy has since pledged tighter purchasing controls, stronger oversight of Procard use and a monitored and effective procurement governance framework.

Source: https://www.fox7austin.com/news/former-austin-energy-employee-sends-nearly-1m-fake-vendors-audit-says

Commentary

In the above matter, a facility service specialist allegedly slipped invoices past supervisors that lacked basic contact information and, in some instances, directed payments to addresses linked to the employee or relatives. The fraud only surfaced when a new manager questioned a cluster of charges and asked for documentation.

Effective loss prevention means equipping frontline approvers with simple, memorable red flags. Examples include vendors that share an address, phone number or bank account with an employee; invoices with vague scopes of work or no physical address; payments just under approval thresholds; or a single employee using the same vendors repeatedly without competitive quotes.

Training should pair these red flags with clear instructions: pause, ask questions, and, when necessary, send the invoice to procurement or internal audit for review.

Organizations should also reinforce that supervisors who raise concerns are protecting the business, not "slowing things down." Over time, a questioning culture at the approval level is one of the most cost-effective controls an employer can utilize.

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Red Flags In The Vendor File: What Supervisors Must Notice Before Signing Off?

An audit uncovers massive fraud in one city. We comment on simple data cues that should always trigger follow-up questions by management.

The Best Practice Breakdown: Allegation Recant

In this new podcast, McCalmon attorneys Jack McCalmon and Leslie Zieren discuss best practice implications when an employee, who reports sexual harassment and demands the accused be fired, later changes her mind.

Why Do Employees Not Take PTO? You Make The Call

A survey reveals nearly 25 percent of employees do not take their PTO for a variety of reasons. What do you say? We want to know. You make the call and join the conversation.

From Inbox To Account Takeover In Three Clicks

We comment on how multi?stage phishing paths that begin with trusted cloud links can quickly lead users to fake login or consent pages.

No Room For Grooming: Protecting Teen Workers From Sexual Misconduct

A doctor stands accused of sexual exploitation of a teen worker. We comment on the code of conduct, training, and rapid-response expectations that help organizations stop grooming behavior.