The ultimate guide to conducting a procurement audit
Discover the seven-step process to running a procurement audit that helps maintain purchasing compliance while identifying irregularities and possible fraud.
You’ve developed precise procurement processes, automated approval workflows, and vendor risk profiles.
We’ve got this locked down, you assure yourself. Do we need to review the process of auditing our procurement history each quarter?
Here’s the thing:
Even the biggest and best companies are vulnerable to fraud: A single fraudster tricked Facebook and Google out of $100m throughout a couple of years.
Avoid getting yourself into a similar position with our seven-step process to running a procurement audit that helps maintain purchasing compliance, create more efficient buying processes, and identify irregularities and possible procurement fraud.
What is a procurement audit?
A procurement audit is a process that companies engage in periodically to ensure their procurement procedures are being followed, to look for opportunities to kill inefficiencies, and, most importantly, to spot any irregularities or potential occurrences of fraud.
With companies procuring everything from extensive technological stacks covering various software categories to a myriad of material goods, there are always chances that a gap arises between policy and reality. A procurement audit is about checking your work to ensure everything has occurred as expected. The audit answers questions like
- How compliant has our actual purchasing been with our processes?
- Can all of our purchases and payments be accounted for, and are they genuine expenses?
- What processes need changing, adopting, or improving?
To be effective, procurement audits should be completed regularly (quarterly is generally appropriate for most businesses), following the same process each time to ensure consistency.
{{cta1}}
How to run a procurement audit in 7 steps
1. Determine who is responsible for auditing procurement history
Clearly defining responsibilities and reporting lines is a critical first step in your procurement audit.
In many cases, the procurement team — generally led by the head of procurement or procurement manager — is responsible for running the audit.
However, this can cause concerns about the relevance and usefulness of the audit.
If the same people who run procurement are responsible for auditing procurement, there is a tendency to overlook small mistakes or inconsistencies that someone could otherwise catch.
For this reason, it can be an excellent idea to ascribe audit tasks to other individuals.
For instance, the procurement leader might be responsible for reviewing current processes, perhaps in conjunction with a senior leadership team member. In contrast, other team members like procurement specialists or officers analyze the procurement contracts of their colleagues to minimize any conflict of interest.
2. Brief key personnel
The best practice at this point in the audit process is to engage with crucial leadership stakeholders and brief them on the audit you’re about to undertake.
Let them know what data you will review, who is responsible for auditing which procurement activities, and how you’ll present your findings. If they have specific concerns or questions they’d like answers to (such as whether a given process is still relevant or helpful), they can bring them up with you here.
Similarly, this is a good time to brief your audit team on the upcoming process and solicit feedback before beginning.
Contact the team in writing and allow them to consider questions like
- What processes do you feel are overly complex or unnecessary?
- Which procurement processes leave the company most exposed to risk?
- How would you change our procurement processes?
Then, hold one-on-one meetings with each team member to discuss their thoughts and consolidate any relevant requests into your investigation.
3. Start with purchase order and requisition forms
This step is where you dig into the audit procedures themselves, starting with the forms you use to process:
- Purchase orders
- Purchase requisitions
- RFPs (request for proposal)
- RFIs (request for information)
- RFQs (request for quotation)
Related: RFI vs. RFP vs. RFQ: What's the difference?
Depending on the volume of purchasing at your organization, it may be unrealistic to audit every single one of your procurement documents.
In this case, select a reasonable sample to audit, ensuring you cover each form type, vendor, and procurement team member.
As you audit your forms, look specifically to ensure they:
- Comply with your purchasing guidelines
- Include the correct signatures and proper authorization
- Contain realistic figures that match your actual purchasing requirements
- Include pricing information that matches your contract with that vendor
4. Review current vendor relationships
Next, dig into each of the relationships and contracts you have to ensure compliance with your internal controls.
Check each vendor against your selection requirements around risk management, financial stability, pricing, and performance.
Where inconsistencies arise, follow up with the person responsible for establishing the relationship. Then, understand if they made a reasonable exception with the appropriate approval.
Even mid-sized companies have hundreds of relationships and contracts in play at any moment, making it unrealistic to review every single one each time you perform an internal audit.
Instead, focus only on those relationships established since the last procurement audit unless your vetting guidelines have changed, in which case you should conduct a full review.
{{cta1}}
5. Analyze procurement practices
This step focuses your attention on the processes and workflows in your procurement function rather than auditing specific purchases to ensure compliance with those processes.
Developing effective procurement processes is a balance between minimizing risk and maximizing efficiency.
The more steps included in a purchase process—especially if they involve risk assessments, approval workflows, and vetting—the lower the risk generally becomes.
However, including more steps in the procurement process also extends the time it takes to complete and benefit from the new vendor relationship.
In this step of your audit, use your risk mitigation guidelines and the feedback you received from the procurement department to optimize each process and find the right balance between the two goals. Identifying any issues or inconsistencies in the last few steps should guide you here.
For instance, suppose you spotted several mistakes in procuring software platforms, but it’s hard to identify where those mistakes happened. In that case, you might create separate approval processes for each step in the SaaS purchase process.
6. Hunt down out-of-process spending
Not all spending will go through the purchasing department or follow your set processes.
Team leaders have corporate spending cards, emergency purchases happen, and software overages are incurred—all without the explicit knowledge or involvement of the procurement team.
Run an audit of each instance to confirm that such spending is legitimate and within the boundaries of expectation.
Look specifically for:
- Unexpectedly large purchase amounts
- Unfamiliar suppliers
- Repeat purchases from the same vendor
Use this process to spot potential fraudulent purchases. You can also use it to identify areas where you can put formal agreements in place.
If, for instance, one of your team members regularly buys from a particular vendor, it could be an opportunity to negotiate a more formal purchasing agreement.
7. Build your procurement audit report
The last step is compiling all your findings into a consolidated report.
Once completed, share it with the leadership team and your procurement employees.
Explain your findings using simple terms, and use graphs, screenshots, and images to illustrate your points where appropriate.
This example uses clear and easy-to-understand language and organizes information into a table for easy skimming:
File the audit report in a shared folder for easy access, then implement any process changes.
Procurement audit checklist
Use this handy checklist each time you conduct a procurement audit to ensure consistency across reports:
- Assign responsibilities for audit tasks
- Brief the leadership team
- Seek feedback from the procurement team
- Audit purchase orders, requisition, and RFQ forms
- Audit vendor relationships
- Audit procurement process
- Audit out-of-process spending
- Build the audit report
Understand procurement performance in real-time with Vendr
Procurement audits are essential for spotting non-compliance issues, irregularities, and potential fraud.
However, leaving the management of procurement processes and vendor compliance until a quarterly review is insufficient.
Stay on top of procurement performance throughout the quarter, and gain real-time supplier insights using Vendr, the procurement buying platform designed specifically for managing SaaS relationships:
- Nail contract management processes by managing all relationships in one place
- Deliver on your spend management goals with overlapping license analysis
- Use automated workflows to ensure compliance with internal buying policies
Find out how much you could save on monthly SaaS spending with our free savings analysis.
{{cta2}}