1. Process and Administration
2. How to Audit for Contract Compliance
3. Information Security During a Compliance Audit

A contract compliance audit is conducted by the federal, state, or local government to make sure that independent contractors are abiding by and fulfilling the terms of the contract. Contractors must adhere to specific laws such as anti-discrimination policies and providing equal opportunities to women- and minority-owned businesses. Periodic audits can occur by contract or cover the entire portfolio of outside vendors to make sure that they are complying with the agreed-upon contract stipulations.

Process and Administration

Federal, state, and local governments each handle contract compliance independently. At the municipal level, contract compliance offices typically rely on best practices set by the state so they can maintain eligibility for grants and other forms of funding. At each agency, the process is usually managed by a contract compliance officer.

With contract compliance, existing government contracts are periodically reviewed to ensure fair hiring practices. Contractors and grant recipients may also be surveyed about their workforce makeup and hiring practices. The contract compliance officer also investigates claims of discrimination by its contractors and grantees.

How to Audit for Contract Compliance

Careful preparing and protocol for contract compliance can help prevent wasteful spending and other financial loss. Follow these steps to ensure a successful contract compliance audit.

  • Establish objectives for the audit, depending on where you are in the life cycle of the contract. Early in the contract term, a control audit focuses on the contractor's internal controls and processes to streamline those that may lead to overspending. A recovery audit is either done monthly or just before the final contract payment. This type of audit looks for duplicate or invalid charges as well as other billing discrepancies.
  • Designate an audit team, the size of which will vary depending on the size and complexity of the contract. Every audit team should at least include an accounting department, the contract manager, and a third party to oversee. Larger contracts may require the expertise of additional team members or even a forensic accountant if fraud is suspected.
  • A control audit involves closely reviewing the contract as well as payment data entry and accounts payable information for both companies involved. This audit evaluates for sufficient internal controls including information security, authorization protocol, and separation of duties.
  • In a recovery audit, the current amounts billed are reconciled with the contractor's most recent job cost report. Sample transactions for costs such as materials, overhead costs, administration, and labor may be done to look for red flags and confirm audit trails. Red flags may include missing or unorthodox cost descriptions, unusually large amounts, home office overhead costs, significant overtime, cost accruals or classifications, and costs incurred prior to the contract start date.
  • After the audit, the audit team gives the business owner and the contract owner a final report, often during an in-person meeting. The next steps will depend on the information contained in the report.

Information Security During a Compliance Audit

If you use contract management software, it's important to take steps to prepare for an upcoming contract compliance audit and make sure your documents and information are secure.

  • Each person in your company should be assigned to a user group and given specific permissions. This strategy is a simple way to prevent improper data access.
  • User interfaces, reports, and dashboards should have limited user access. Staff members should only be able to access the information they need for their job roles.
  • Set up user permissions so that they are passed along from higher-level to lower-level files. Make sure permissions are automatically updated by your software program during the course of a contract
  • Establish strong password enforcement and security policies, including two-factor authentication whenever possible. Define the systems and devices that can be used to access the system.
  • Every contract and document should have a rich audit trail that can be accessed with comprehensive search capabilities that support words, phrases, and metadata.
  • Frequently reassess security procedures to make sure policies and systems align with best practices.

After completing a contract audit, review the procedures to discuss what worked well and what didn't. You'll then be able to streamline the process so it will run more efficiently during future compliance audits.

If you need help with a contract compliance audit, you can post your legal need on UpCounsel's marketplace. UpCounsel accepts only the top 5 percent of lawyers to its site. Lawyers on UpCounsel come from law schools such as Harvard Law and Yale Law and average 14 years of legal experience, including work with or on behalf of companies like Google, Menlo Ventures, and Airbnb.