A procurement team spends four months negotiating a master servicesagreement with a major supplier. They fight for volume-based pricing tiers,early payment discounts, and favourable service-level penalties. The contractgets signed, filed, and celebrated.
Twelve months later, an internal audit tells a different story. Thebusiness has been paying the supplier’s standard rates on more than 60 per centof invoices processed against that agreement. Nobody cross-referenced thePurchase Orders (POs) against the contracted terms. The early paymentdiscounts? Never triggered, because Accounts Payable (AP) did not know theyexisted. The volume thresholds that would have unlocked the next pricing tier?They were missed by a narrow margin, spread across two different cost centresthat nobody thought to consolidate.
The total value left on the table: $2.3 million.
Not from fraud. Not from negligence in any single department. But from agap between what was negotiated and what was actuallyexecuted.
This is contract leakage. And it is happening, right now, in almost every enterprise of scale. Itis not one company’s story. It is a pattern that shows up time after time inpost-payment audits. The names and numbers change. The outcome remains thesame.
Why the Gap Exists
Contract leakage is not a procurement or AP problem. It is a systemicproblem. It is a disconnect between the commercial terms your businessnegotiates and the transactional behaviour that follows.
Research by McKinsey & Company has found that up to 80per cent of procurement functions are not fully aware of competitive terms andcontract structure across their supplier base. Many disputes trace back tovague or inconsistent contract language that never actually gets applieddownstream. The contracts exist. The savings are real in theory, but themechanisms to enforce them at the point of the transaction are nowhere to befound.
The root cause is structural. Your contracts probably live in onesystem, or worse, in a shared drive, or in someone’s inbox. Your PurchaseOrders get raised in a different system. Your invoices land in yet another. Andthe people in the middle, the buyers, approvers, and AP clerks, are expected tomanually bridge all of it, cross-referencing the commercial terms against everyline item on every invoice, every time.
At volume, that is not realistic. It is aspirational at best.
Consider the everyday breakdowns. Purchase Orders are raised afteran invoice has already been received and approved. Three-way matchingchecks the Purchase Order against the invoice, but never against the contract.Payment runs are executed from spreadsheets, where tens of millions in outflowsare approved on the strength of a familiar supplier name and areasonable-looking total. Rebates and volume discounts require manual claims,which nobody submits, because nobody is tracking cumulative spend against thethreshold in real time.
There is someone in your AP team right now approving an invoice againsta supplier that they have paid a hundred times before. They are not checkingthe contract. They are checking the Purchase Order, confirming the amount looksright, and moving on, because they have forty more to get through before lunch.
These are not edge cases. They are the operating reality ofprocurement and accounts payable in organisations processing thousandsof invoices per month.
What This Actually Costs
The latest research from World Commerce & Contracting, a global body forcommercial and contract standards, published in January 2026, puts the numberat 11 per cent. That is, on average, organisations lose 11 per cent ofthe contract value after the deal is signed. This is not from poor negotiation,but from how contracts are managed once execution begins. On a $500 millionannual spend base, that is $55 million walking out the door every year.
That figure has been trending upward. A 2021 joint report by KPMG and World Commerce& Contracting put average leakage at around 9 per cent, and analyses from both Accenture and McKinsey landed in the same range for complex,multi-supplier environments.
The problem is not stabilising. It is accelerating.
Yet the financial impact is only part of the story. Contract leakagecorrodes operational credibility. When an audit reveals systematicoverpayments against negotiated terms, the questions that follow areuncomfortable: Who was responsible for enforcing these terms? Why did ittake twelve months to identify? How many other contracts have the sameexposure?
For Chief Financial Officers (CFOs) and Controllers, this is a workingcapital problem disguised as a process problem. Every dollar of leakage is adollar that was already negotiated and won, then quietly given back. It doesnot appear as a variance in most management reporting because the contractedrate was never loaded into the system as the baseline. Your business does notknow what it should have paid, so how does it know what it overpaid? Theloss is invisible until someone goes looking for it.
And then there is the compounding effect. Suppliers who are consistentlypaid above contracted rates have no incentive to flag it. Why would they?Renewal negotiations start from a higher baseline. The gap widens with eachcontract cycle.
The savings were real. They were negotiated in good faith. And then theorganisation just did not collect them.
The Public Record Says the Same Thing
This is not just a theoretical weakness or consulting estimate. Auditorsfind the same pattern. Negotiated terms that were never enforced upon payment.
In August 2024, the ACT Integrity Commission announced an investigationinto the conduct of ACT Health executives involved in delivering theproject, following a referral by the Interim Director-General. By December2024, the ACT Auditor-General had published a performance audit (Report No. 13 of 2024) into ACT Health'smanagement of its Digital Health Record contract with NTT Australia. Thecontract, originally valued at $66 million, had ballooned to $110 millionthrough variations and scope additions. The Auditor-General found that ACTHealth's processes for managing payments were "poor" and "ineffective."They concluded that the directorate could not provide assurance that "servicespaid for were actually received or that the price paid for those services wasthe correct price."
Invoice line items lacked sufficient detail to describe the servicesbeing purchased. Work orders and purchase orders were incomplete or missingentirely, with five transactions processed without either document in place.ACT Health did not conduct any cost benchmarking since signing the deed ofagreement, meaning it had no way to verify whether the prices being chargedstill reflected competitive market rates, let alone the original contractedterms. The Auditor-General noted that it was "difficult for ACT Healthto demonstrate that purchases are necessary, appropriately budgeted for andproperly authorised."
The significance of cases like this is not that these organisations hadno process. It is that they had procurement frameworks, approval pathways, andcontract documents, yet money still leaked because the commercial terms werenot enforced at the point of transaction.
The Counter-Argument You Will Hear
A fair objection from many CFOs is: ‘We already have rules. Wealready have systems. We already have controls.’
That is true. However, most of those controls, as outlined in the Public Company Accounting Oversight Board's(PCAOB) guidance on internal controls, are designed to confirm whether atransaction followed workflow, not whether the business captured the fullcommercial value it negotiated.
Your sign-off process can confirm that the right person approved apayment. It cannot confirm that the invoice actually reflects the prices andterms agreed on in the contract.
Three-way matching can confirm that the invoice matches the PurchaseOrder and receipt. But it cannot confirm if the Purchase Order itself evenreflects the contract.
An Enterprise Resource Planning (ERP) system can automate payment runs.It cannot enforce a rebate, discount, or service-level penalty that was neverstructured into the system in the first place.
That is the uncomfortable truth. Many organisations have rules. Theyjust have rules for process compliance, not for commercial enforcement.
So when a CFO says, ‘we already have this covered’, the sharperquestion is not whether a system exists. It is whether every payment isbeing checked against the actual commercial terms before money leaves thebusiness.
If you do not know, the controlled environment is weaker than itlooks.
What a Better Model Looks Like
The fundamental shift required is not more auditing after the fact. Itis proactive, pre-transactional verification, closing the gap beforethe payment is made.
Imagine every Purchase Order, every invoice, and every payment beingautomatically cross-referenced against the governing contract in real time, atthe point of processing. Pricing is validated against the negotiated schedulebefore approval, not six months later during a spend review. Early paymentterms are surfaced to AP the moment they become actionable, not buried on page14 of a Portable Document Format (PDF) file.
This is not a technology aspiration. It is an operational designchoice. The data already exists in contracts, in Enterprise ResourcePlanning systems, and in procurement platforms. The problem is that thesedata sets are disconnected, and the humans bridging them cannot operate atthe speed, volume, and accuracy required.
The enterprises that close this gap will not do it by hiring moreanalysts or adding another retrospective review. They will do it by embeddingcontract verification and pre-transactional intelligence into the workflowitself, making compliance the default, not the exception.
The goal is not simply to catch leakage. It is to make leakagestructurally impossible.
The Question Worth Asking
Your procurement team fought hard for those favourable terms. Your boardexpects those savings to be reflected in the bottom line.
So here is the question every CFO should be asking:
Of the $100 million, $500 million, or $2 billion your organisation spentlast year under contract, how much of it actuallyreflected the terms you negotiated?
If you cannot answer that with confidence, the leakage is already there.The only question is how much.
Sources
· McKinsey & Company – Mitigating procurement value leakagewith generative AI – Publicly available (open access PDF)
· World Commerce & Contracting – Closing the procurementvalue gap – Publicly available (gated, requires form submission)
· KPMG & World Commerce & Contracting – Contract lifecyclemanagement report (2021) – Publicly available (open access PDF)
· Accenture – AI approach to maximizing value in supply chainprocurement – Publicly available (open access)
· McKinsey & Company – Contracting for performance:Unlocking additional value – Publicly available (open access)
· ACT Audit Office - Report No. 13 of 2024 – Publicly available(government publication)
· Public Company Accounting Oversight Board (PCAOB) – A layperson'sguide to internal control over financial reporting (ICFR) – Publiclyavailable (government body publication)