Controls have their place and we must have them, but controls can be circumvented by collusion, or by senior management overriding them.
With regard to the complexity, there is a point where the system becomes so complex that the opportunities for fraud are increased. For instance, there's what's known as the downstream effect. If you have too many people involved, and if one corrupt employee is successful in committing a crime, the people downstream will not be aware that anything is wrong. For example, at the pre-solicitation phase, a corrupt employee could remove the entries for qualified vendors from the database, so that the vendors don't get the request for proposals or the call for tenders. If the trawl has been restricted this way, so that only the favoured vendors and some obviously unqualified ones get the RFPs, the people who are responsible for bid evaluation won't know this, and they'll proceed as if everything were correct
As to methods of prevention, there is the segregation of duties. There is also the performance of parallel checks and critical points. For instance, prior to the issue of a request for proposal, an independent person reviews the log of changes to the database to make sure no changes have taken place that shouldn't have. Also at this stage, an independent agency performs a background check on the short list of bidders and their senior management and directors.