GovIQ
Compliance

Procurement Audit Trails: What the C&AG and Comptroller Expect to See

A clean procurement audit trail is the single most important protection a contracting authority has. Here is what auditors look for and how to ensure your records are defensible.

24 February 2026·6 min read·GovIQ Research

Tags

Audit TrailC&AGDocumentationComplianceRecords Management

Need a free compliance audit for your procurement?

Get free audit report

The Auditor's Perspective

The Comptroller and Auditor General (C&AG) examines public procurement as part of its annual value-for-money audit work. In recent years, C&AG special reports on procurement have consistently identified the same categories of failure: inadequate documentation of the procedure selection decision, incomplete tender evaluation records, missing standstill evidence, and post-award variation management without proper approval.

The standard against which the C&AG assesses procurement is not perfection, but defensibility: could a reasonable official, looking at the file, understand what decision was made, why it was made, and what the authority did to comply with the applicable rules?

What Must Be Documented

At minimum, the procurement file should contain: the initial business case or approval to proceed; the estimated contract value and the basis for that estimate; the procedure selection decision with justification; the tender documents as issued; all clarification questions and answers; the evaluation record (individual scorer sheets, consensus record, overall ranking); the award decision notification; evidence that the standstill period was observed; the signed contract; and any post-award variation approvals.

For above-threshold procurements, the tender documents and award decision must also be published via eTenders and, where required, OJEU. The contract award notice must be published within 30 days of contract signature. Failure to publish the award notice within the prescribed period is a breach of S.I. 284/2016.

Common Audit Findings

The most frequently reported audit findings in Irish public procurement are: missing or inadequate justification for the procedure chosen (particularly for single-tender actions or negotiated procedures); evaluation records that do not match the stated award criteria; contract variations that were not approved at the required level; and contracts that were extended or renewed without a further competitive process.

The treatment of conflicts of interest is another common focus. All evaluators should complete a conflict of interest declaration before seeing tender responses. Where a conflict is identified, the evaluator should be excluded. The absence of conflict of interest declarations is a consistent finding in tender evaluation audits.

Building a Defensible Record

The most effective way to build a defensible procurement record is to create it in real time, not retrospectively. Each decision — procedure selection, shortlisting, evaluation, award — should be documented at the time it is made, not after. This matters particularly for procedure justification: a contracting authority that documents why it chose a restricted procedure at the time of the PIN publication has a far stronger position than one that creates justification after a challenge arises.

Hash-chained audit trails provide an additional layer of assurance: each event is linked cryptographically to the preceding one, making it impossible to insert, delete or alter an event without breaking the chain. This is the audit architecture that GovIQ deploys for every procurement — ensuring that the C&AG's question is always answerable.

Let GovIQ route your next procurement automatically.

Get a free procurement audit report — your procedure, documents and audit trail in one signed pack.

Get free audit report