Fifteen plain-language answers covering scope, methodology, timing, conflicts, panel standards, and engagement structure — for CFOs and controllers on the operating side, and for transaction-services teams, sponsors, and lenders on the advisory side. If your question is not here, ask us directly.
Across the US mid-market, vendor-spend leakage typically runs between 3% and 11% of audited spend. KPMG cites up to 9% in contractual savings leakage from friction factors including supplier non-performance, invoice and credit-memo errors, and redundancies. Sectors with high vendor concentration and limited procurement maturity — multi-site healthcare, multi-unit restaurants, specialty trade construction — sit at the upper end of the range.
The defensible lookback for a US vendor contract leakage audit is 24 to 36 months. This window is bounded by state statutes of limitations on written contracts (typically 3 to 6 years) and by data quality, which degrades meaningfully beyond three years. Longer lookbacks are technically possible but rarely produce incremental recovery relative to the additional effort.
Contingency-based AP recovery firms work for a percentage of recoveries — typically 25% to 50% — and focus narrowly on duplicate payments and statement credits where their take is clearest. A forensic vendor contract leakage audit is fixed-fee, AICPA SSFS No. 1 compliant, and covers the full leakage surface: contract terms, renewal caps, MFN clauses, tier discounts, tax misapplication, and concentration risk.
A renewal-cap breach occurs when a vendor raises its rate at renewal by more than the maximum percentage permitted under the original contract. Caps are commonly set at 3% to 7% annually, often tied to CPI. Breaches are systematic in software, telecom, freight, and managed-services contracts because most buyers never reconcile the renewal invoice to the cap clause.
A standard mid-market engagement runs 4 to 8 weeks from kickoff to dossier delivery. Phase 0 data readiness takes 5 to 10 business days. Phase 1 forensic execution takes 3 to 5 weeks. Phase 2 reporting and recommendations takes 1 week. Worst-case ceilings are written into every engagement letter.
Standard intake includes the vendor master file, the AP transaction file for the lookback period, the top-50 vendor contracts and amendments, sales and use tax exemption certificates, and read-only access to the ERP or AP system. Additional pulls depend on the engagement's depth modules — telecom, freight, software, or insurance. A formal data request list is issued with the engagement letter.
No. The engagement is designed for a single primary point of contact in finance — typically the controller or AP director — with an expected time commitment of three to five hours total across the engagement. All forensic work is performed against extracted data in our environment. Operational disruption to AP, procurement, or vendor relationships is zero unless the client elects to act on findings during the engagement.
G&P Standards serves five US mid-market sectors: private-equity-backed multi-site healthcare services including dental and veterinary service organizations, specialty trade and middle-market construction contractors, multi-unit restaurant and hospitality groups, skilled nursing and senior living operators, and private-equity-backed or founder-led middle-market manufacturers. Each sector has documented leakage patterns specific to its vendor base.
Yes. The Vendor Concentration and Leakage Module is structured specifically for transaction-services and operational due diligence timelines, with a standard delivery window of 5 to 10 business days against a target's top-200 vendor population. The module is co-brandable or white-labelable to fit inside the prime advisor's broader diligence framework.
G&P is an independent boutique with no audit-attest practice and therefore no audit-independence exposure. A documented client-clearance log is refreshed before every engagement and the conflict screen is disclosed to the prime advisor at engagement-letter stage. This posture preserves the independence position of all four major audit firms when G&P is engaged as a subcontracted specialist.
Yes. G&P operates under three posture options: named subcontractor with disclosed workpaper authorship, co-branded with both firms appearing on the deliverable, or fully white-labeled where the prime advisor presents the work under its own brand. Posture is negotiated at engagement-letter stage and held consistently through delivery.
Professional Liability and Errors & Omissions at $5 million per claim and $5 million aggregate. Cyber Liability at $5 million. General Liability $2 million with $5 million umbrella. Certificates of insurance are issued direct to prime-advisor procurement on request, calibrated to the standard panel requirements of major US transaction-services firms.
G&P maintains a Master Services Agreement template compatible with Big 4 and middle-market advisor panel requirements. The MSA covers mutual NDA, IP assignment, conflict-of-interest screening, data-handling addendum, indemnification capped at fees paid, and termination for convenience. Execution under prime-advisor preferred form is also available.
Through the Borrower Vendor-Risk Review module, G&P delivers a lender-introduced forensic scan of a borrower's vendor concentration, contract-leakage exposure, and working-capital quality. The review is typically borrower-paid under a tripartite engagement letter, with findings shared with the lender. Useful as an underwriting condition, covenant-monitoring tool, or pre-refinancing diagnostic for acquisition lending and asset-based lending teams.
Yes. The Post-Close Vendor Optimization module is structured as a first-100-day execution sleeve covering recovery of identified leakage, renegotiation of in-scope contracts, vendor master cleansing, and AP-process hardening. Engagement is a fixed-fee work order or hourly under MSA, scoped against operating-partner-approved synergy capture targets and reported against documented dollar outcomes.
Direct correspondence is faster than the answers page. We respond within one US business day.