Back to Hub

How to recognize technology limitations to mitigate risk and ensure digital transformation success


While technology can elevate user experience and automate many of our processes, it is not a remedy for all business challenges. Technology comes with constraints and does require human involvement, but when complacency lets limitations go unrecognized, frequent mistakes can be the result. If detection is not timely, or worse, nonexistent, errors can arise at scale, which can be damaging for any organization but particularly for larger businesses and especially when they pertain to contracts, payments and third-party relationships.

Often, misalignment occurs between the various parties in the process — an expectation gap that technology cannot always fill — because technology alone cannot manage compliance or provide the necessary transparency. Without proper governance and the appropriate controls in place, even a fraction of a percent of profit lost to overspend, inefficient or manual processes, lack of value for money, or fraud can amount to millions of dollars.

So, to identify, mitigate and correct risks before mistakes can happen at scale, many organizations turn to an external audit partner to help with compliance.

Examples of third-party misalignment

Let’s outline some of those constraints, or common blind spots, that exist between procurement, functional business units and suppliers that can weaken performance or contribute to third-party risk:

  • Supplier Accountability: A supplier may report incorrect costs in a cost-plus arrangement, which means a critical analysis of the contract and a careful validation of that cost must follow, taking up valuable time and resources.
  • Supplier Process Inefficiencies: The buying organization may not be aware of the supplier’s process gaps or deficiencies that are contributing to things like incorrect reporting, overcharges, and/or data protection violations.
  • Misaligned Tech Processes: A business may change, upgrade or enhance its technology, but may not have updated its internal controls to align with that change, leading to flawed or misguided processes.
  • Lack of In-house Expertise: Organizations often do not have designated subject matter experts who can fully quantify the magnitude of any contract or PO-related issue and determine the root cause.
  • Supplier Performance: As happens in many firms with long-standing supplier relationships, performance can go unchecked and complacency can set in, which means the organization no longer knows whether it is continuing to get value for money.
  • Market Price Correction: Some organizations fall into a pattern of not updating or checking their current prices to the market price, thus overpaying for a service.

To better understand the gap between technology capability and the assurance of compliance (and to learn how organizations can avoid this gap) Spend Matters talked with Patrick Gahagan, CPA, CIA, CFE and Director at SC&H Group, a consulting, audit and tax firm that reviews contracts and transactions to ensure compliance, provide transparency, find overspend and reduce third-party risk.

We asked him:

Is greater technology uptake the answer to ensuring contract compliance?

The short answer to that, he intimates, is no — not on its own.

“Not every contract, process or control can be completely and reliably automated. Take for example the management of indirect supplier contracts. While direct suppliers typically provide items and raw materials at unit prices easily managed with purchase orders (POs), indirect suppliers often provide labor and services that are not conducive to purchase order management.”

“Every day I read articles about computerizing contracts,” he explains, “and even smart contracts on the blockchain. But when those instruments are scrutinized, what you find is that while the technology is impressive, the type of transactions that can be managed with those tools are quite simple with limited variables. Those tools haven’t been optimized for the nuances of complex financial arrangements, particularly those you find with indirect suppliers.”

So, what are the limitations of technological automation?

“Even looking at cutting-edge smart contracts like those in the DeFi space, there are inherent limitations when enforcement of the contract relies on the data that exists outside of the blockchain. For instance, if a smart contract is based on the movement of the Dow Industrial average, smart contracts rely on ‘Oracles’ to report that information to the blockchain and allow the smart contract to execute accordingly. Those Oracles must be trusted intermediaries. If they report erroneous data, the smart contracts will fail. As such, the interaction with third-party data is a weak link that jeopardizes expected outcomes even with the most advanced technology available today.”

“Let’s assume full automation of contract compliance with indirect suppliers is possible, which currently isn’t the case, any contract that relies on third-party data such as cost will encounter the ‘data oracle’ dilemma. In essence, each supplier is its own data oracle. Any smart contract developer would see the risk in that arrangement.”

“The question enterprises should be asking then, is not whether third-party data should be validated, but whether it is more efficient and effective to do it themselves or have a dedicated service provider perform that task on their behalf.”

What is one use case example of third-party data validation?

“While automation and digital transformation are paramount to the success of every enterprise, it’s important to recognize that technology is only as accurate as the instructions it is given. So, while it’s simple to ascertain whether a contract has been fulfilled, it’s not always easy to validate whether the actions pertaining to the contract are being carried out as agreed in the terms.”

“By way of example, a contract may prescribe cost plus 20% when the supplier’s system operates as a margin. However, margin and markup are different mathematical calculations. Margin is profit as a percentage of sales, while markup is profit as a percentage of cost. If a supplier clerk then enters 20% into the system, that is a 20% margin. A 20% margin requires a 25% markup. Inputting a 20% margin means the supplier bills .05 more on every dollar of cost. This scenario happens often and, since the error is programmed into the system, can result in massive losses.”

That example frames one of the more tangible benefits of engaging third-party auditing expertise in terms of compliance, but two other areas stood out to us as being particularly pertinent in the current business climate: supplier relationships and business goals alignment. We were interested, firstly, in understanding how undertaking an audit can help your supplier relationship, especially the long-term ones that have bred familiarity.

How can third-party auditing expertise help improve and maintain supplier relationships?

“Companies are comfortable working with longtime suppliers,” Gahagan explains. “However, familiarity isn’t the same as trust. Earned trust occurs when, at a minimum, you have credibility, reliability and transparency. If any of those factors aren’t evident or cease to exist, what remains is something other than earned trust. The inertia of enterprise relationships can continue during times of declining trust, and even long after the trust has eroded, because ending or resetting relationships is complex. As a result, inequitable relationships, with one side realizing a disproportionate share of the benefits, occur.”

“Audits bring facts to light and quantify the impact of outcomes that deviated from expectations in the contract. This newly established transparency prompts leaders to face uncomfortable truths and make informed decisions. The facts exist regardless of whether the audit brought them to light; but, with the facts exposed, and assuming good faith exists, companies can find ways to restore relationships and mutually accommodate changes to contracts and processes that align with everyone’s objectives.”

Speaking of mutual goals, secondly, we wanted to understand how outside expertise in the form of auditing can help drive the alignment of the supplier and buyer with their business strategies.

How can closing the expectation gap between procurement, business units and suppliers foster successful organizational strategy implementation?

“Successful strategy implementation relies on contracts, processes and controls working in harmony,” Gahagan continues. “Since a multitude of factors can lead to inconsistencies, it is paramount to have detective controls to identify and correct issues in a timely manner. Organizations need to resist the temptation to point blame and instead encourage the various stakeholders to collaborate and optimize solutions in a fashion that results in the best outcome for the organization.”

“For instance, while procurement may optimize for cost savings, a business unit may have a legitimate case for generating greater value from a higher cost service. As a result, a business unit’s verbal agreement with a supplier might conflict with that supplier’s contract. Remediating a discrepancy might require the supplier to refund amounts billed that exceeded contract terms, or it might be to amend the contract to align with the verbal agreement. Figuring out both the path forward and remediation requires partnership, collaboration and an ability to act responsibly while resisting expedient paths.”

On a more general note: as we witness more tech adoption and growth in data, has the need for third-party auditing expertise changed?

“Conceptually, the role of auditing has not changed at all. Auditors are independent, objective third parties who look at transactions and answer questions about financial transactions such as:

  • Is the transaction real?
  • Is the data set complete?
  • Does the transaction align with applicable criteria such as a contract or a financial standard?”

“The change is how auditors perform procedures to answer those questions. Auditors are responding to digital transformation by digitally transforming themselves. We leverage technology to perform validation more quickly and comprehensively. There is an increasing focus on data analysis and data validation. The best auditors are adept at interrogating massive data sets using sophisticated software combined with strong risk awareness. Technology does not replace an auditor’s intuition and judgement, but it allows audit procedures to be performed at scale and thus reach more precise conclusions than was previously possible in the age of paper and calculators.”


Spend Matters thanks Patrick Gahagan of SC&H for this valuable insight.

This Brand Studio post was written with SC&H Group’s Contract Compliance Audit Services team.