Maverick spend in decentralized organizations: why traditional controls make it worse

When procurement discovers that a business unit spent $340,000 with an unapproved vendor on corporate cards, the standard response is to tighten controls: restrict P-Cards, mandate purchase orders, add approval layers. It is the wrong response. The Hackett Group reports that organizations lose between 5% and 16% of negotiated savings annually to maverick buying, and the most common form—68% of non-compliance cases—is “wrong channel”: employees using approved suppliers but bypassing the e-procurement system. They are not being non-compliant. They are being rational.

The problem is structural, not cultural. Decentralized organizations with multiple local buying points and weak central procurement functions predictably produce higher maverick spend rates. Levvel Research found that only 60% of centralized procurement organizations consistently cross-check purchase orders against contracts. In decentralized structures, that number drops sharply. The traditional response—adding more controls on the path of least resistance—increases the friction differential between the compliant and non-compliant paths, making the problem worse.

The friction differential: why P-Card bans backfire

Procurement teams in decentralized organizations often respond to maverick spend with a familiar sequence: restrict P-Cards to a few authorized users, require purchase orders for all spending above a low threshold, and add approval layers for non-catalog purchases. These measures are designed to enforce compliance. In practice, they widen the gap between the speed of getting work done and the speed of getting work done through official channels.

Hyperbots research on automated PO systems documents that “when PO approvals take 5–10 business days, employees bypass the process entirely to meet operational deadlines.” When the official process takes days and Amazon checkout takes two minutes, employees choose the faster route. The P-Card becomes the bypass mechanism, not the control mechanism.

“Legacy PO systems are designed around enforcing compliance rather than making compliant buying easier. Modern platforms that integrate catalogs, guided buying, and automated approvals show higher compliance because following policy is the path of least resistance, not the hardest path.”
— Hyperbots, How to Prevent Maverick Spending

Why “PO required” is not a control

A purchase order requirement is only effective if there is no alternative payment channel. In most organizations, there are at least three: P-Cards, expense reimbursement, and direct invoicing to AP. Each is an escape hatch that bypasses the PO requirement entirely.

Exceleris Consulting notes that “corporate credit cards (P-Cards) are notorious vehicles for maverick spend.” The reason is straightforward: the card is already in the employee’s wallet, the supplier does not ask for a PO, and the transaction settles before procurement knows it happened. Banning P-Cards for certain categories does not stop the spending. It shifts it to expense reimbursement or personal cards, where visibility is even worse. “Shadow spend”—purchases on personal cards later reimbursed—is the hardest maverick spend category to detect because it leaves no trail in procurement systems until the reimbursement request reaches AP.

Veridion’s analysis of maverick spend statistics adds another dimension: 67% of Experience and Compliance leaders at top-performing organizations identify employees’ lack of understanding or disregard for procurement policy as a leading cause. But lack of understanding is not the same as disregard. When employees do not know which suppliers have negotiated contracts, or what the pricing terms are, they buy from whoever is fastest. The information failure is a system design failure, not a personnel problem.

The root causes in decentralized organizations

Maverick spend in decentralized structures clusters around four root causes, each requiring a different intervention:

• Process friction: Approval workflows requiring 5–10 business days for a $200 purchase. Employees rationally choose the faster route. Fix: streamline approvals for low-value, low-risk purchases.
• Information asymmetry: Business units do not know which suppliers are contracted or at what pricing. Fix: publish searchable catalogs with contract terms visible at the point of purchase.
• Technology fragmentation: Separate systems for sourcing, contracting, POs, and AP prevent automatic detection of off-contract purchases. Fix: integrated spend analytics that consolidates data from all payment channels.
• Incentive misalignment: Business unit leaders are measured on speed and operational outcomes, not PO compliance. Fix: include compliance metrics in business unit performance reviews.

The Hackett Group’s data on indirect spend confirms the scale: 29% of indirect spend is off-contract, with typical maverick spend rates of 10% for non-mature organizations and 5% for world-class organizations. The gap between “typical” and “world-class” is not closed by adding more controls. It is closed by making the compliant path the natural path.

What good looks like: guided buying at the point of purchase

Organizations that sustain 90%+ contract compliance share a common pattern: they make compliant buying frictionless. Suplari’s research on maverick spend control notes that “organizations implementing enterprise spend visibility typically see a 20–30% reduction in maverick spend within 90 days, simply by making the problem visible.” When business unit leaders see their own compliance metrics on a dashboard, compliance improves without heavy-handed enforcement.

The specific interventions that produce measurable results:

• Deploy guided buying with integrated catalogs. When employees can find an approved supplier in 30 seconds and see negotiated pricing, they use it. Friction is the biggest driver of maverick spend.
• Implement auto-approval for low-risk purchases. Purchases under $500 from approved suppliers within budget should require zero approvals. This eliminates the friction that drives small purchases to P-Cards.
• Use real-time compliance alerts at the point of purchase. Before an employee checks out with an unapproved supplier, show them the cost difference and offer a one-click switch to the approved vendor.
• Track compliance by business unit, not by procurement team. Monthly compliance reports shared with business unit leaders drive behavior change more effectively than procurement policies enforced retroactively.
• Treat exceptions as system design failures, not rule violations. When a business unit consistently buys off-contract, the question is not “why don’t they follow policy?” but “what makes the compliant path slower or harder?”

Top-performing organizations reach 90%+ contract compliance using this approach. Organizations that treat maverick spend control as an ongoing discipline (monthly metrics, continuous monitoring, quarterly reviews) sustain those rates. Those that rely on one-time policy enforcement see compliance drift back to 20–25% maverick spend within six months.

What this means in practice for procurement leaders

1. Measure your current maverick spend rate before changing any controls. Combine spend and contract data to establish a baseline. If your baseline is above 10%, adding more policy enforcement is the wrong first move.
2. Audit your payment channels. Count how many payment paths exist that bypass POs (P-Cards, expense reimbursement, direct AP invoicing, supplier portals). Each one is an escape hatch that renders PO mandates ineffective.
3. Implement guided buying before you restrict cards. Restricting cards without providing a faster alternative path simply shifts spending to less visible channels. Deploy guided buying with catalogs first, then restrict cards for the categories covered.
4. Fix information failures at the point of purchase. Employees cannot comply with contracts they do not know exist. Publish contract terms, preferred supplier lists, and pricing in the tools employees already use.
5. Include compliance metrics in business unit performance reviews. What gets measured gets managed. When a business unit leader sees their 14% maverick spend rate in a monthly review, behavior changes faster than any policy memo can produce.

Organizations that shift from enforcement to friction reduction typically see compliance improve by 15–25% within the first quarter, without adding a single approval layer. Those that continue adding controls on top of a high-friction procurement process will find that each new control produces a new workaround.

FAQ