A procurement team spends four months negotiating a master services agreement with a major supplier. They fight for volume-based pricing tiers, early payment discounts, and favourable service-level penalties. The contract gets signed, celebrated, and filed.

‍

Twelve months later, an internal audit tells a different story. The business has been paying the supplier’s standard rates on more than 60 percent of invoices processed against that agreement. Nobody cross-referenced the Purchase Orders (POs) against the contracted terms. The early payment discounts? Never triggered, because Accounts Payable (AP) did not know they existed. The volume thresholds that would have unlocked the next pricing tier? They were missed by a narrow margin, spread across two different cost centres that nobody thought to consolidate.

‍

The total value left on the table: $2.3 million.

‍

Not from fraud. Not from negligence in any single department. But from a gap between what was negotiated and what was actually executed.

‍

This is contract leakage. And it is happening, right now, in almost every enterprise of scale. Itis not one company’s story. It is a pattern that shows up time after time in post-payment audits. The names and numbers change. The outcome remains the same.

‍

Contract leakage is not a procurement or AP problem. It is a systemic problem. It is a disconnect between the commercial terms your business negotiates and the transactional behaviour that follows.

‍

Research by McKinsey & Company has found that up to 80 percent of procurement functions are not fully aware of competitive terms and contract structure across their supplier base. Many disputes trace back to vague or inconsistent contract language that never actually gets applied downstream. The contracts exist. The savings are real in theory, but the mechanisms to enforce them at the point of the transaction are nowhere to be found.

‍

The root cause is structural. Your contracts probably live in one system, or worse, in a shared drive, or in someone’s inbox. Your Purchase Orders get raised in a different system. Your invoices land in yet another. And the people in the middle, the buyers, approvers, and AP clerks, are expected to manually bridge all of it, cross-referencing the commercial terms against every line item on every invoice, every time.

‍

At volume, that is not realistic. It is aspirational at best.

‍

Consider the everyday breakdowns. Purchase Orders are raised after an invoice has already been received and approved. Three-way matching checks the Purchase Order against the invoice, but never against the contract. Payment runs are executed from spreadsheets, where tens of millions in outflows are approved on the strength of a familiar supplier name and a reasonable-looking total. Rebates and volume discounts require manual claims, which nobody submits, because nobody is tracking cumulative spend against the threshold in real time.

‍

There is someone in your AP team right now approving an invoice against a supplier that they have paid a hundred times before. They are not checking the contract. They are checking the Purchase Order, confirming the amount looks right, and moving on, because they have forty more to get through before lunch.

‍

These are not edge cases. They are the operating reality of procurement and accounts payable in organisations processing thousands of invoices per month.

The latest research from World Commerce & Contracting, a global body for commercial and contract standards, published in January 2026, puts the number at 11 percent. That is, on average, organisations lose 11 per cent of the contract value after the deal is signed. This is not from poor negotiation, but from how contracts are managed once execution begins. On a $500 million annual spend base, that is $55 million walking out the door every year.

‍

That figure has been trending upward. A 2021 joint report by KPMG and World Commerce & Contracting put average leakage at around 9 per cent, and analyses from both Accenture and McKinsey landed in the same range for complex, multi-supplier environments.

‍

The problem is not stabilising. It is accelerating.

‍

Yet the financial impact is only part of the story. Contract leakage corrodes operational credibility. When an audit reveals systematic overpayments against negotiated terms, the questions that follow are uncomfortable: Who was responsible for enforcing these terms? Why did it take twelve months to identify? How many other contracts have the same exposure?

‍

For Chief Financial Officers (CFOs) and Controllers, this is a working capital problem disguised as a process problem. Every dollar of leakage is a dollar that was already negotiated and won, then quietly given back. It does not appear as a variance in most management reporting because the contracted rate was never loaded into the system as the baseline. Your business does not know what it should have paid, so how does it know what it overpaid? The loss is invisible until someone goes looking for it.

‍

And then there is the compounding effect. Suppliers who are consistently paid above contracted rates have no incentive to flag it. Why would they? Renewal negotiations start from a higher baseline. The gap widens with each contract cycle.

‍

The savings were real. They were negotiated in good faith. And then the organisation just did not collect them.

This is not just a theoretical weakness or consulting estimate. Auditors find the same pattern. Negotiated terms that were never enforced upon payment.

‍

In August 2024, the ACT Integrity Commission announced an investigation into the conduct of ACT Health executives involved in delivering the project, following a referral by the Interim Director-General. By December 2024, the ACT Auditor-General had published a performance audit (Report No. 13 of 2024) into ACT Health's management of its Digital Health Record contract with NTT Australia. The contract, originally valued at $66 million, had ballooned to $110 million through variations and scope additions. The Auditor-General found that ACT Health's processes for managing payments were "poor" and "ineffective." They concluded that the directorate could not provide assurance that "services paid for were actually received or that the price paid for those services was the correct price."

‍

Invoice line items lacked sufficient detail to describe the services being purchased. Work orders and purchase orders were incomplete or missing entirely, with five transactions processed without either document in place. ACT Health did not conduct any cost benchmarking since signing the deed of agreement, meaning it had no way to verify whether the prices being charged still reflected competitive market rates, let alone the original contracted terms. The Auditor-General noted that it was "difficult for ACT Health to demonstrate that purchases are necessary, appropriately budgeted for and properly authorised."

‍

The significance of cases like this is not that these organisations had no process. It is that they had procurement frameworks, approval pathways, and contract documents, yet money still leaked because the commercial terms were not enforced at the point of transaction.‍

A fair objection from many CFOs is: ‘We already have rules. We already have systems. We already have controls.’

‍

That is true. However, most of those controls, as outlined in the Public Company Accounting Oversight Board's (PCAOB) guidance on internal controls, are designed to confirm whether a transaction followed workflow, not whether the business captured the full commercial value it negotiated.

‍

Your sign-off process can confirm that the right person approved a payment. It cannot confirm that the invoice actually reflects the prices and terms agreed on in the contract.

‍

Three-way matching can confirm that the invoice matches the Purchase Order and receipt. But it cannot confirm if the Purchase Order itself even reflects the contract.

‍

An Enterprise Resource Planning (ERP) system can automate payment runs. It cannot enforce a rebate, discount, or service-level penalty that was never structured into the system in the first place.

‍

That is the uncomfortable truth. Many organisations have rules. They just have rules for process compliance, not for commercial enforcement.

‍

So when a CFO says, ‘we already have this covered’, the sharper question is not whether a system exists. It is whether every payment is being checked against the actual commercial terms before money leaves the business.

‍

If you do not know, the controlled environment is weaker than it looks.‍

The fundamental shift required is not more auditing after the fact. Itis proactive, pre-transactional verification, closing the gap before the payment is made.

‍

Imagine every Purchase Order, every invoice, and every payment being automatically cross-referenced against the governing contract in real time, at the point of processing. Pricing is validated against the negotiated schedule before approval, not six months later during a spend review. Early payment terms are surfaced to AP the moment they become actionable, not buried on page 14 of a Portable Document Format (PDF) file.

‍

This is not a technology aspiration. It is an operational design choice. The data already exists in contracts, in Enterprise Resource Planning systems, and in procurement platforms. The problem is that these data sets are disconnected, and the humans bridging them cannot operate at the speed, volume, and accuracy required.

‍

The enterprises that close this gap will not do it by hiring more analysts or adding another retrospective review. They will do it by embedding contract verification and pre-transactional intelligence into the workflow itself, making compliance the default, not the exception.

‍

The goal is not simply to catch leakage. It is to make leakage structurally impossible.‍

Your procurement team fought hard for those favourable terms. Your board expects those savings to be reflected in the bottom line.

‍

So here is the question every CFO should be asking:

Of the $100 million, $500 million, or $2 billion your organisation spent last year under contract, how much of it actually reflected the terms you negotiated?

‍

If you cannot answer that with confidence, the leakage is already there. The only question is how much.