Prepare for a Contract Audit with the Right Information
by Dermot Whittaker on February 6, 2019
Contract audits are good example of the oft-quoted maxim: Trust but verify. Contracts are created to provide a degree of certainty so business can proceed. Trusting in the contract’s terms, both parties start fulfilling their side. But over time, fulfillment can fall short, costs can grow, and management of the contract can go astray.
Contract audits address these possibilities for both parties by examining how the contract is being fulfilled in practice. Key to a successful audit is access to information about the contract: what it says and how it is being carried out. Gathering that information from your organization’s contracts may be a challenge.
Here are some contract audits and the contract information you may need to carry them out.
When procurement negotiates with a vendor for goods and services, it uses the contract terms to control costs. To be sure the organization is being charged correctly, the buyer may request an audit of the costs being reported by the vendor. Federal Acquisition Regulations (FAR) require such audits to ensure that the contractor’s costs are fair and reasonable. State and local governments have similar requirements.
Contract information needed: As a start, selecting contracts by counterparty and date range will put you and the auditing party on the same page, since any audit will include only specified contracts. Within the contract’s terms, three are likely to be important:
- Contract type – Costs are defined differently depending on contract type, with the most typical being Time and Materials, Cost Reimbursable, and Firm Fixed Price.
- Employee classification – Billing correctly for an employee’s work often depends on that person’s qualifications as defined in the contract or supporting document. An audit of costs will include labor costs broken down along the definitions agreed to in the contract.
- Subcontractor agreements – The contract terms for any work by subcontractors will need to be evident to the auditors as they examine subcontractor costs that are passed on to the purchasing organization.
Other relevant contract language includes definitions of indirect costs, expressly unallowable or disallowed costs, and approvals of specific costs such as travel. In addition, financial records and source documentation such as receipts and timesheets will be needed.
Ideally, the relevant contract terms have been surfaced from the start so that accounting bills according the contract. For the audit, it will make sense to associate cost documentation with the contract it pertains to. This material can be assembled for auditors to review, filed with appropriate cross-referencing, or managed electronically so that reporting can virtually assemble what is needed for the audit.
In the “trust but verify” department, the recovery audit is essential to the management of a long-term contract. The goal of a recovery audit is for either side to recover costs that were incorrectly billed. The audit compares the billing in a given period with the contract’s terms for billing and payment. The short-term result may be a charge back to the customer or an adjustment in the vendor’s favor – but with repeated recovery audits, both buyer and seller get better at administering the contract they worked so hard to negotiate.
Contract information needed: Among the terms to have ready during a recovery audit, are
- Delivery terms – These may include discounts for late or unacceptable delivery.
- Payment terms – At a minimum, these include the window for on-time payment and any increase for late payment. However, other terms may be relevant to determining correct billing: volume discounts, tiered pricing, service type rates, and rebates.
- Acceptance criteria – Refusal to accept a product or service delays payment. Criteria for customer acceptance of a product or service is defined in the contract – sometimes in a brief clause and other times with a multi-step procedure. Disagreement over what is constitutes a reasonable refusal is common. Refusal to accept deliverables costs both buyer and seller as time goes on, which makes it a good candidate for routine examination in a recovery audit.
Accounts payable is normally the first check on over-billing by a vendor, so a system for extracting delivery and payment terms so that they can be easily referenced by accounting is a good idea. This can be done manually if contracts and finance are using separate systems, or through an integration of the contract management system and the finance system used at the organization.
Standard terms and conditions are crafted to work across many contracts over time. Eventually they require review – when new laws are passed, new decisions are handed down, and new business circumstance arise. A terms audit, conducted internally, may focus on updating contract templates with language to reduce risk going forward, or it may examine language in executed agreements that needs to be amended. A terms audit may be warranted in response to a change in the legal landscape such as the GDPR, changes in state labor laws, or acceptance of cryptocurrencies within a jurisdiction.
Contract information needed: Like any contract audit, a terms audit should carefully define its scope: the area of risk or the terms in need of updating. A team may select contracts for audit based on location of the counterparty, operations, or governing law and jurisdiction. In addition, audits may be appropriate for contract clauses dealing with the following:
- Intellectual property – Not only is there a lot of litigation around IP (with potential impact on current contract language) but an evolving business model can affect what kind of IP needs definition and protection: Forward IP that may be developed? Background IP already in use? Third-party IP?
- Data protection and privacy – The GDPR (General Data Protection Regulation) of the European Union makes the rights of data subjects clear and stipulates that data controllers (this includes most organizations that handle customer data) need contractual agreements protecting personal data with data handlers such as cloud services providers.
- Labor law – Clauses that relate to worker protections and terms of employment may deserve reexamination when laws chnage. In addition to state and federal legislation, state and federal courts continually shape labor law. So do decisions by the National Labor Relations Board.
Preparing for a terms audit means identifying the contracts that are relevant to the focus of the audit. An advantage of an electronic repository with search-and-filtering capabilities is that contracts can be selected based on contract type, clause type, or even the presence or absence of a key phrase.
A negative balance or a persistently late deliverable tends to draw attention to itself. Other contractual requirements go unfulfilled for years if nobody checks. Examples include health and safety requirements, fair labor standards, environmental testing, anti-bribery assurances or standards of business ethics.
Compliance audits examine whether contract terms around ethical, labor, environmental, or other defined standards are being complied with. Inspections, certifications, or specific outcomes can confirm that the standards are being upheld.
Contract information needed: Certain contract types may be the subject of a compliance audit; for instance, manufacturing contracts may require certification of the labor conditions at the site where the product is made. Other contract-based information of value to this audit:
- Milestone records – recurring contract-based tasks that require a person to confirm that work was completed in accordance with a standard.
- Third-party inspection – documents that record inspection results as evidence of compliance with a contract’s standards; for example, health and safety standards, emission standards, etc.
- Certifications – documents that confirm that a third party has met a level of operations consistent with the standards in the contracts, for example, a level of sanitation, reduction in injury, anonymity in communicating grievances or violations, etc.
- Proof of licensing and insurance – documents that demonstrate the training, skill, and responsibility of any persons responsible for helping the fulfill the contract. This might include doctors and other providers, architects, engineers and construction firms, accountants or appraisers, or any specially trained worker.
Since proofs of compliance are not financial documents, they may find many homes in a busy organization. Ideally, they should be filed or cross-referenced with their relevant contracts. Electronic systems can usually store them with the related electronic contract.
Control audits take different forms. Sometimes a purchasing organization wants a cost control audit of its vendor to be certain that the vendor has systems in place to control and adequately document the costs of a project. This provides some assurance that the costs the vendor bills for are correctly arrived at and can be backed up.
Some organizations undertake a control audit internally to see if their contract management practices are being upheld. This often means checking whether contracts, negotiated clauses, and amendments are being approved only by authorized persons.
A control audit may suggest improvements to a system with few controls. Alternately, it may discover that the controls in place are adequate but are not being consistently followed.
Contract information needed: Contract approvals and signoffs can be tracked with a worksheet or even email approvals printed and stored with the completed contract. Without an accepted system of approval procedures, however, the presence or absence of a paper approval is hard to evaluate in an audit. If clauses, contracts, and changes are managed within an electronic system, an audit of approvals and other processes will have the data to see who accessed the documents and with what levels of approval authority.
In either case, the following information will be important in most internal control audits:
- Contract approvals – including signed final contracts as well as approvals required for different clauses and levels financial commitments.
- Change orders – changes to the statement of work or the acceptance criteria for a contracted project. An audit will often show if these changes are being made ad hoc or through a defined process with one responsible approver.
- Renewals – evidence that contracts are being reviewed for value before renewal and not simply allowed to auto-renew. Some organizations associate estimated savings from renegotiation with the contract record.
Contracts and audits go together. Contracts lay out a plan. Audits look back to see how the plan is working and suggest course corrections. For an audit to be effective, the organization needs information about its contracts. The more quickly it can assemble and report on that contract information, the better it will manage its contracts and its business going forward.