diff --git a/app/models/user.rb b/app/models/user.rb
index 9b0bb51d43f4eba5976c847791a970e27cf158d7..7328a6d5d14709e9331e7f94b7c8d0f087d13fd7 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -275,6 +275,7 @@ def update_tracked_fields!(request)
   has_many :project_callouts, class_name: 'Users::ProjectCallout'
   has_many :term_agreements
   belongs_to :accepted_term, class_name: 'ApplicationSetting::Term'
+  belongs_to :created_by, class_name: 'User', optional: true
 
   has_many :organization_users, class_name: 'Organizations::OrganizationUser', inverse_of: :user
   has_many :organizations, through: :organization_users, class_name: 'Organizations::Organization', inverse_of: :users,
@@ -1568,10 +1569,6 @@ def accessible_deploy_keys
       ])
   end
 
-  def created_by
-    User.find_by(id: created_by_id) if created_by_id
-  end
-
   def sanitize_attrs
     sanitize_name
   end
diff --git a/ee/spec/models/concerns/identity_verifiable_spec.rb b/ee/spec/models/concerns/identity_verifiable_spec.rb
index 68f2eebc98ae47c0e0f647da15be60679c705201..1e20f3697df0574e0873c139aa85d839c90959df 100644
--- a/ee/spec/models/concerns/identity_verifiable_spec.rb
+++ b/ee/spec/models/concerns/identity_verifiable_spec.rb
@@ -165,12 +165,8 @@ def assume_high_risk(user)
     end
 
     context 'when the user is a bot' do
-      let_it_be(:user) { create(:user, :project_bot) }
       let_it_be(:human_user) { build_stubbed(:user, :with_sign_ins, :identity_verification_eligible) }
-
-      before do
-        allow(user).to receive(:created_by).and_return(human_user)
-      end
+      let_it_be(:user) { create(:user, :project_bot, created_by: human_user) }
 
       it 'verifies the identity of the bot creator', :aggregate_failures do
         expect(human_user).to receive(:identity_verified?).and_call_original
@@ -201,13 +197,9 @@ def assume_high_risk(user)
       end
 
       context 'when the bot creator is nil' do
-        before do
-          allow(user).to receive(:created_by).and_return(nil)
-        end
+        let_it_be(:user) { build_stubbed(:user, :project_bot) }
 
         context 'when the bot was created after the feature release date' do
-          let(:created_after_release_day) { true }
-
           it 'does not verify the user', :aggregate_failures do
             expect(user).to receive(:created_after_require_identity_verification_release_day?).and_return(true)
             expect(identity_verified?).to eq(false)
@@ -215,8 +207,6 @@ def assume_high_risk(user)
         end
 
         context 'when the bot was created before the feature release date' do
-          let(:created_after_release_day) { false }
-
           it 'verifies the user' do
             expect(user).to receive(:created_after_require_identity_verification_release_day?).and_return(false)
             expect(identity_verified?).to eq(true)
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 4f4efd4bc23930732d420ad911e1d3bf2d16fbe1..5a0b4f069229c400ae9c70fb843ac4a979f2ad0f 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -155,6 +155,7 @@
   end
 
   describe 'associations' do
+    it { is_expected.to belong_to(:created_by).class_name('User').optional }
     it { is_expected.to have_one(:namespace) }
     it { is_expected.to have_one(:status) }
     it { is_expected.to have_one(:user_detail) }