An external auditor looks at four things on the procurement cycle. Here is the checklist by category and the traps that waste time.
Procura team · May 2026 · 7 min readOn procurement, the external auditor checks four axes. One. Segregation of duties: the person who places an order is not the one who validates receipt or pays the invoice. Two. Completeness: every received invoice is posted in the right period. Three. Valuation: amounts are correct, VAT is deductible. Four. Traceability: every entry can be traced back to a complete, compliant supporting document.
These four axes shape the tests run by the auditor, sample-based on a transaction set. The quality of your preparation drives the speed of the mission and the risk of qualifications in the report.
The permanent file gathers items that do not change each year: written and signed procurement policy, approval-threshold matrix, organisation chart with delegations, general terms of purchase, PO and contract templates, list of qualified vendors with their KYC dossier.
This file must be current. An auditor confronted with a five-year-old procurement policy becomes suspicious of the rest.
The annual file gathers the year's evidence: vendor invoices with proof of posting, POs and goods receipts, monthly reconciliation statements, bank statements, vendor sub-ledger, justification of period-end balances, sample full PO → receipt → invoice → payment chains.
The point is not to prepare it all manually, but to have clean extractions readily available from your procurement software. A tool that cannot extract clean transaction history costs you time at every mission.
Qualification number one: insufficient segregation of duties (too often a single person covers ordering plus paying). Number two: missing or non-compliant supporting documents. Number three: expenses misallocated across periods. Number four: undocumented off-balance-sheet commitments.
For the first qualification, the answer is organisational and supported by the procurement software's workflows. For the other three, the answer is procedural and again supported by the tool.
One. An immutable audit trail of every action, timestamped and signed by the user. Two. Segregation of duties enforced by the workflow, impossible to bypass. Three. An archive of supporting documents linked to each entry. Four. One-click audit-ready extractions, formatted for the auditor's working papers.
Procura ships these four by default. The audit mission lasts less, the qualification risk is mechanically reduced, and the finance team spends less time reconstructing history after the fact.
See how Procura digitizes your SYSCOHADA procurement cycle, from request to payment.