6 steps to recover unspent or misused funds in contract audits

A thorough contract audit can uncover fraud, identify areas of noncompliance or inefficiency, and result in cost savings. The author details six steps auditors can take to reverse engineer cash flow and recover potentially significant unspent or misappropriated funds.

This article was updated on November 17, 2025.

Disclaimer: The examples and findings are based on a composite, aggregated and synthesized body of knowledge derived from multiple anonymized audits and experiences. The views are solely those of the author and do not represent the official policy or position of any past, present or future employer or client. This content is for informational purposes only and does not constitute professional advice.

Contract audits verify whether organizations that receive funding under contracts from government agencies, grantors or public entities (the funders) have spent those funds according to the agreement. These audits determine if recipients delivered agreed-upon services and complied with performance, eligibility or reporting requirements. They can also determine whether any funds have been misappropriated.

As an auditor, I often review these types of contracts for clients and help them recover funds when necessary. In this column, I’ll describe the process I use to reverse engineer cash flow and identify misspent or misappropriated dollars.

I remember a single audit that sparked the process I now use to recover these funds. In this contract audit, everything looked fine on the surface. The hours matched. Staff delivered services with supporting time records. But something wasn’t adding up. A quick calculation revealed that the recipient’s profit percentage for the fiscal year was higher than anticipated. When I dug into the funding trail, it became clear: Money was received under the contract but not spent as intended. At first glance, total staff work hours appeared to fulfill contractual requirements for payroll funding. Upon closer examination, however, an unusually high number of hours in their staff time sheet records were coded to training and administrative pay codes, raising a red flag.

I explored further and found that ineligible pay codes — training time and ineligible meeting hours — had been inappropriately charged to contracts to compensate for a shortfall in genuine service delivery. Instead of hiring sufficient staff to meet service demands, the entity inflated reported hours, resulting in noncompliance with the contract terms and requiring a significant recovery of funds.

Whether you’re auditing a private-service provider, a public agency or charity handling earmarked or restricted funds by the funder or donor, these steps detail how to trace discrepancies, spot misuse and recommend structured recoveries as part of the audit process.

Getting started

Before diving into the contract audit, you’ll need access to documents and systems that tell the story of how the funds were used, including:

• The funding agreement or contract outlining what’s being funded, the period for the funding and any restrictions on how the recipient can use the funds.
• The general ledger, subledgers and journal entries that detail relevant expenses.
• Time records and payroll reports that substantiate staff activity against funded positions.
• Bank statements that corroborate payments and funding flows.
• Service delivery reports, such as hours worked, units delivered, or milestones achieved.

Auditors use the documents to trace transactions from the general ledger to the original documentation, reconcile internal data sources and understand the operational context behind financial entries. The following steps aid in accomplishing these tasks.

Step 1: Define the available funds and identify risks

I generally begin an audit to identify and recover misspent funds with two basic questions: What money was paid to the contract recipient, and what was it intended to pay for? To answer these questions, you’ll need to understand the contract’s funding terms by:

• Reviewing contracts in detail.
• Identifying any restrictions, reporting obligations or timelines.
• Mapping the funding to specific cost centers or general ledger accounts.

This process can be challenging and difficult to interpret results if the recipient’s records are limited. For example, I once reviewed a nonprofit that used a single account named “Admin Allocation 9000” to record administrative expenses without including details of the expenses. Without data fields indicating the specific classification, nature and amount for each expense (via segmented schedules), I couldn’t track whether the nonprofit spent contract funds appropriately. This type of situation might not be fraud, but it could be an invitation for it.

Once you’ve grasped the funding terms, you’ll need to figure out whether and where the system might’ve gone awry. If there’s an issue, it’s usually not one catastrophic error but a series of small missteps, including:

• Ineligible staff costs booked to programs.
• Administrative costs inappropriately allocated to contracts.
• Expenditures that don’t align with contract terms.

However, contract terms can be ambiguous, leading to misinterpretations that complicate matters. In one of my audits, I identified a significant number of purchases classified as program costs that included personal expenses unrelated to providing the services the recipient was contracted to deliver. Although many of these costs were fully recoverable by the funding organization, the absence of clear prohibitions in the contact terms limited recovery to only those items where noncompliance was explicitly evident.

Step 2: Design your recovery calculation

Once you identify misspent or misappropriated contract funds, you’ll need to determine how much you can recover. This involves determining two components: the cost-recovery rate and the total amount of potential noncompliant expenditures.

Typically, contracts specify a fixed-dollar recovery rate based on various funding components. The recovery rate represents the standardized amount the funder can reclaim based on the full cost of the funded categories, such as the cost per hour for noncompliant labor hours. This recovery rate is applied to the total amount of noncompliant expenditures for the final recovery amount.

When calculating the total amount of potential costs to pursue for recovery, you have two methods to choose from:

1. Extrapolated method: errors found in a statistically valid sample are projected to estimate total overpayments across the entire population.
2. Error-based method: only the actual overpayments found in the reviewed items are recovered, with no projection to the larger population.

You’ll also need to determine which time period to review. This can be challenging if the entity’s fiscal year doesn’t align with the contract period in question. For example, if you have multiple contracts with contracting periods that differ from the audited entity’s fiscal year, you may need to prorate each contract to align with its end date.

If you focus on the contracting period rather than the fiscal year, you’ll analyze all funding and expenditures between the contract’s start and end dates. For example, if the contracting period was April 1, 2023, to March 31, 2024, you’d examine all expenditures and reported service hours during that period. However, when obtaining detailed ledgers and reports for these periods, there’s a risk that the data may be manipulated or incomplete, where certain transactions in the general ledger are deliberately excluded or hidden. This vulnerability highlights why fiscal-year data — especially when previously validated by external audit — is a more reliable foundation for contract audits, as it reduces the risk of omissions or manipulation.

Externally audited financial statements that cover the fiscal year provide greater assurance that the general ledger is complete and accurately reflects the entity’s financial position. If you know that external auditors have already tested the underlying records for the reported amounts, you’ll have more confidence when calculating the difference between total costs funded and actual dollars spent for contract costs in the fiscal year. For example, if an audited company gets funding for every category on its income statement, it’ll be harder to identify and recover overfunded payroll expenses, administrative costs and utility costs if you’re analyzing only the contracting periods rather than the audited fiscal year.

Once you’ve selected your method and time period, you’ll begin analyzing the data for recovery. Any major funder should receive reporting on total delivered hours for each relevant period. First, you’ll summarize all program-level reported hours data. If the fiscal-year period is used, you’ll include contract hours from that period, with any applicable proration calculations applied. You may call this “fiscal year reported hours.”

Next, summarize all time sheets from the fiscal period, ensuring the assignment of only the applicable time frame within the fiscal year. Assess the validity of those records by looking at frontline employee names, hours worked, position code, pay code, program and wage rate.

Observe the staff member who normally retrieves time sheets as they perform the exercise again. They can also obtain other relevant source data, such as the entity’s wage rate, position and pay code listings. These records should be directly extracted from accounting or enterprise resource planning (ERP) software. Then, compare these data sources with the ones you’re auditing to identify inconsistencies.

Step 3: Use tie-outs to corroborate recovery calculations

I often use a tie-out technique to corroborate the recovery calculation. A tie-out is a process of ensuring that numbers in the financial statements match the numbers in the audit papers. This process entails starting from the initial source records and working forward to track totals. I’ll use payroll as an example, as that tends to account for a significant portion of funding in many cases.

You’ll need these documents for the tie-out process:

• Time sheet system data and summary of relevant staff.
• Payroll provider reports.
• Detailed payroll general ledger.
• Full general ledger.
• Financial statements.
• Bank statements.

The detailed payroll general ledger — the bridge between the payroll provider report and the full ledger — often contains critical information, but it can be onerous to sort through. Most sophisticated contract recipients will have a report that produces a detailed payroll general ledger, often extracted through a reporting module in their ERP or accounting system. This ledger contains all entries involved in payroll transactions. An effective tie-out of the detailed payroll general ledger compared to the total payroll expense on the income statement includes only net pay, deductions and contributions. Excluding gross pay avoids double counting. Other common items to exclude are future liabilities that aren’t a current payroll expense, such as vacation carryover or workers’ compensation board administrative costs.

The most common issue that I’ve observed is contract recipients’ use of operational cost efficiency methods to maximize profits — doing more with fewer employees. For example, instead of hiring supervisors to review service delivery or frontline work, staff supervisors complete contract-related services on their own. A detailed examination of payroll can allow for efficient fund recovery.

Step 4: Flag issues early

Conduct a deeper review if you encounter these red flags during your audit:

• End-of-year spending spikes on capital items outside the contract scope. In one of my audits, an organization secured contract funding to support a service program but used the funds to buy property and set up a separate profit-generating initiative. We saw indications that the services delivered didn’t align with the purpose in the original contract.
• Vague journal entries reclassifying expenses across programs.
• Miscellaneous payments connected to the company owner, such as property held in their name.

Through many audits, I’ve learned to analyze internal contract issues that may affect recoveries. In one audit, a service provider’s contract was structured incorrectly. The contracting model was designed for payroll funding, where service hours could be tracked and reported. However, the contracted program in question was supposed to be funded on a fixed monthly basis, according to work performed by the contractor, not hourly staff.

The service provider reasoned that staff would occasionally perform additional required services not outlined in the original contract, and these services could be tracked. In practice, staff hadn’t done any tracking, and there was no formal approval process for the added component. Ultimately, the situation required negotiation to calculate a fair offset. Once we determined that those services were necessary, I allowed for verified actual costs for contractors (supported by invoices) to offset a portion of the unspent payroll funds, for a reduced recovery. Flagging these types of issues early on is essential to avoiding drawn-out disputes or arbitration.

After you identify red flags and determine the potential recovery, you’ll present those findings to the contract recipient and explain the calculation. Depending on the contract’s terms and conditions, you may reference specific sections in the guidance to prevent disputes. I recommend framing the audit as a collaborative process that includes discovery sessions focused on the initial recovery amount as a preliminary number, as this encourages contract recipients to cooperate rather than escalate a matter to arbitration.

Step 5: Structure the recovery plan

Once you and the contract recipient have agreed upon a recovery amount, you’ll formulate a recovery plan that balances compliance with practicality. The plan should:

• Involve returning unspent funds to the funder or offsetting future funding amounts.
• Create policy adjustments for clearer tracking, avoiding disruption of the contractual relationship.
• Inform management of any recommendations for improved internal control measures.

I’ve helped organizations avoid escalating issues by providing clear memos and improving reporting templates. In one audit, my team helped a vendor implement a tracking approach that split hours by individual contract and established a comprehensive tracking mechanism within relevant departments. Once deployed, the entity produced reports that broke out total delivered hours by contract with complete employee-level time sheet detail. This linked employees precisely to relevant contracts for contractual compliance.

Step 6: Build recovery readiness into future audits

The best way to avoid needing to recover funds is to prevent their misallocation. I recommend completing the following tasks:

• Segmenting funded costs in the chart of accounts in a detailed manner.
• Tying payroll coding directly to contract deliverables.
• Reconciling service reports to financials quarterly, not annually.

When organizations employ these controls, audits go smoothly, funders gain trust and recovery is a last resort, not a salvage mission.

Recovering unspent or misused funds doesn’t always mean chasing fraud. Often, it’s about finding where a system failed, tracing gaps and helping the organization fortify itself. When you reverse engineer that story, you don’t just find the missing money; you find a better way forward.

Sacha Ratnarajah, CFE, CPA, is an experienced audit professional specializing in internal audit, risk management and fraud prevention. He works with private entities, nonprofits and charitable organizations. Contact him at sacha.ratnarajah@gmail.com.