Contract management best practices recommend regular contract compliance audits. However, unlike financial statement audits, which typically take place annually, contract reviews occur more frequently. For example, an audit schedule for engineering and construction contracts often include monthly payment audits, as well as a quarterly, semi-annual or annual audits for longer projects. Fully understanding compliance auditing procedures increases the chance you’ll catch mistakes that otherwise could result in wasteful spending and cost overruns.
Establish Audit Objectives
Where the review occurs within the contract life cycle will determine audit objectives. A control audit -- one that takes place early in the contract life cycle -- typically focuses on evaluating the contractor’s processes and internal controls. The goal is to improve communications and identify and streamline processes at risk for overspending. A recovery audit -- one that takes place monthly or before the final contract payment is due -- looks for billing discrepancies, such as invalid, overstated and duplicate charges. The goal is to prevent billing errors and recover overpayments.
Assemble the Audit Team
In deciding on the size and composition of the audit team, look at the size and complexity of the contract. At a minimum, both control and recovery audit teams should include the contract manager, a representative from the accounting department and a neutral third party. However, large or complex contracts may require additional team members who are familiar with contract management and auditing procedures. If the audit uncovers fraudulent activities, it may be necessary to bring in an experienced forensic accountant or fraud investigator.
Control Audit Procedures
A control audit looks mainly at billing and payment procedures and preventive controls. Procedures include an intensive review of the contract and both the contractors and accounts payable billing and payment data-entry procedures. The review looks for adequate internal controls such as separation of duties, an authorization system and information security. Tests may include creating, processing and paying a sample invoice, often introducing intentional errors to see whether the existing controls are effective.
Recovery Audit Procedures
Monthly recovery audits reconcile the contractor’s last job-cost report to the amounts billed during the current period. Auditors start by reviewing the job-cost report and comparing it to contract billing and payment terms. Based on the presence of any red flags, auditors may select and test just a few or many sample transactions for different types of costs such as labor, materials, administrative and overhead costs. Transaction tests typically consist of recalculations and constructing audit trails. According to KPMG, an audit, tax and advisory services firm, auditors look for discrepancies such as significant overtime, cost reclassifications, cost accruals, unusual or missing cost descriptions, large or unusual dollar amounts, costs incurred before the contract began and home office overhead costs.
Create a Follow-up Report
Following the audit, the team prepares and submits a final report to the business owner and the contractor, usually in a face-to-face meeting. Although findings determine how much information the report contains, the focus is on identifying, explaining and providing recommendations for rectifying discrepancies or inefficient procedures. Auditors also state the objectives, as well as explain contract review and audit test procedures.