Contract audits are good example of the oft-quoted maxim: Trust but verify. Contracts are created to provide a degree of certainty so business can proceed. Trusting in the contract’s terms, both parties start fulfilling their side. But over time, fulfillment can fall short, costs can grow, and management of the contract can go astray.
Contract audits address these possibilities for both parties by examining how the contract is being fulfilled in practice. Key to a successful audit is access to information about the contract: what it says and how it is being carried out. Gathering that information from your organization’s contracts may be a challenge.
Here are some contract audits and the contract information you may need to carry them out.
When procurement negotiates with a vendor for goods and services, it uses the contract terms to control costs. To be sure the organization is being charged correctly, the buyer may request an audit of the costs being reported by the vendor. Federal Acquisition Regulations (FAR) require such audits to ensure that the contractor’s costs are fair and reasonable. State and local governments have similar requirements.
Contract information needed: As a start, selecting contracts by counterparty and date range will put you and the auditing party on the same page, since any audit will include only specified contracts. Within the contract’s terms, three are likely to be important:
Other relevant contract language includes definitions of indirect costs, expressly unallowable or disallowed costs, and approvals of specific costs such as travel. In addition, financial records and source documentation such as receipts and timesheets will be needed.
Ideally, the relevant contract terms have been surfaced from the start so that accounting bills according the contract. For the audit, it will make sense to associate cost documentation with the contract it pertains to. This material can be assembled for auditors to review, filed with appropriate cross-referencing, or managed electronically so that reporting can virtually assemble what is needed for the audit.
In the “trust but verify” department, the recovery audit is essential to the management of a long-term contract. The goal of a recovery audit is for either side to recover costs that were incorrectly billed. The audit compares the billing in a given period with the contract’s terms for billing and payment. The short-term result may be a charge back to the customer or an adjustment in the vendor’s favor – but with repeated recovery audits, both buyer and seller get better at administering the contract they worked so hard to negotiate.
Contract information needed: Among the terms to have ready during a recovery audit, are
Accounts payable is normally the first check on over-billing by a vendor, so a system for extracting delivery and payment terms so that they can be easily referenced by accounting is a good idea. This can be done manually if contracts and finance are using separate systems, or through an integration of the contract management system and the finance system used at the organization.
Standard terms and conditions are crafted to work across many contracts over time. Eventually they require review – when new laws are passed, new decisions are handed down, and new business circumstance arise. A terms audit, conducted internally, may focus on updating contract templates with language to reduce risk going forward, or it may examine language in executed agreements that needs to be amended. A terms audit may be warranted in response to a change in the legal landscape such as the GDPR, changes in state labor laws, or acceptance of cryptocurrencies within a jurisdiction.
Contract information needed: Like any contract audit, a terms audit should carefully define its scope: the area of risk or the terms in need of updating. A team may select contracts for audit based on location of the counterparty, operations, or governing law and jurisdiction. In addition, audits may be appropriate for contract clauses dealing with the following:
Preparing for a terms audit means identifying the contracts that are relevant to the focus of the audit. An advantage of an electronic repository with search-and-filtering capabilities is that contracts can be selected based on contract type, clause type, or even the presence or absence of a key phrase.
A negative balance or a persistently late deliverable tends to draw attention to itself. Other contractual requirements go unfulfilled for years if nobody checks. Examples include health and safety requirements, fair labor standards, environmental testing, anti-bribery assurances or standards of business ethics.
Compliance audits examine whether contract terms around ethical, labor, environmental, or other defined standards are being complied with. Inspections, certifications, or specific outcomes can confirm that the standards are being upheld.
Contract information needed: Certain contract types may be the subject of a compliance audit; for instance, manufacturing contracts may require certification of the labor conditions at the site where the product is made. Other contract-based information of value to this audit:
Since proofs of compliance are not financial documents, they may find many homes in a busy organization. Ideally, they should be filed or cross-referenced with their relevant contracts. Electronic systems can usually store them with the related electronic contract.
Control audits take different forms. Sometimes a purchasing organization wants a cost control audit of its vendor to be certain that the vendor has systems in place to control and adequately document the costs of a project. This provides some assurance that the costs the vendor bills for are correctly arrived at and can be backed up.
Some organizations undertake a control audit internally to see if their contract management practices are being upheld. This often means checking whether contracts, negotiated clauses, and amendments are being approved only by authorized persons.
A control audit may suggest improvements to a system with few controls. Alternately, it may discover that the controls in place are adequate but are not being consistently followed.
Contract information needed: Contract approvals and signoffs can be tracked with a worksheet or even email approvals printed and stored with the completed contract. Without an accepted system of approval procedures, however, the presence or absence of a paper approval is hard to evaluate in an audit. If clauses, contracts, and changes are managed within an electronic system, an audit of approvals and other processes will have the data to see who accessed the documents and with what levels of approval authority.
In either case, the following information will be important in most internal control audits:
Contracts and audits go together. Contracts lay out a plan. Audits look back to see how the plan is working and suggest course corrections. For an audit to be effective, the organization needs information about its contracts. The more quickly it can assemble and report on that contract information, the better it will manage its contracts and its business going forward.
If your business counts on contracts to function, then contract management software may be right for you. Contracts 365 is the leading contract management software for businesses that run Microsoft 365. With usability, functionality, and security at the forefront of development, Contracts 365 addresses all aspects of the contract lifecycle through a modern, intuitive interface specific to your users. If you would like to learn more, please don’t hesitate to reach out to us or, even better, request a demo, and we can show you how it works in real-time.