Maverick & Off-Contract Spend Detector
Scan your spend against your preferred-supplier list and contract price lists, flag the purchases that went off-channel — wrong supplier, off-contract price, no PO — quantify the leakage by category, and route each cluster to the category owner. AI drafts the findings; a category manager confirms before anyone gets contacted.
A web tool where you import a spend export plus your preferred-supplier and contract reference lists; AI flags every line that went off-preferred, off-contract, or with no PO, clusters the findings by supplier and category, and quantifies the dollar leakage and the on-contract savings opportunity. A category manager reviews each cluster, confirms genuine maverick spend versus a valid exception, and approves the follow-up action — then the tool exports an action list and a summary email.
Before you start
- A Supabase account (free)
- A Vercel account (free)
- A Resend account (free)
- A spend / AP export, a preferred-supplier-by-category list, and contract price lists (CSV is fine)
- Claude Code or any AI coding agent
The problem this kills
You negotiated the contract. You named the preferred supplier. You agreed the price. And then the spend report tells a different story: someone in a regional office ordered the same item from a random vendor at list price, three departments bought a category you have a deal on from the wrong source, and a pile of invoices have no purchase order behind them at all. That is maverick spend — buying outside the channel you set up — and every line of it quietly bleeds the savings you fought for.
Finding it by hand is a slog. You export months of AP data, paste your preferred-supplier list into another tab, try to VLOOKUP contract prices against actual prices, and squint at thousands of rows trying to tell a genuine rogue purchase from a perfectly valid exception. By the time you have a number, it is stale, and you still have to figure out who owns the category, write it up, and chase it down — without accusing someone who had a legitimate reason.
This is exactly the kind of rules-based, high-volume detective work a small internal tool does far better than a spreadsheet — and you do not need to be a developer to build it.
What you'll build
A simple internal web tool for spotting and plugging spend leakage. You import three things — your spend / AP export, your preferred-supplier-by-category list, and your contract price lists (plus a no-PO flag wherever you have one). The tool checks every spend line against the rules: was it bought from a preferred supplier for that category, at or below the contract price, on a proper PO? It flags the lines that fail, clusters them by supplier + category so you are reviewing patterns and not 4,000 rows, and quantifies the dollar leakage and the savings opportunity if that spend moved on-contract — broken out by category and department.
Then comes the human gate. Each flagged cluster goes to the category manager who owns it. They review it on one screen, decide whether it is genuine maverick spend or a valid exception (a true emergency buy, a one-off, a supplier outage), and approve the follow-up action — move to contract, coach the requester, or dismiss as a known exception. Only after they approve does the tool produce the action list and the summary email. Nobody — no supplier, no requester — gets contacted on the AI's say-so alone.
What's inside the Implementation Plan
The plan is a single file you paste into an AI coding agent. It opens by interviewing you about your business — which system your spend export comes from, how your categories and suppliers are coded, how a preferred supplier maps to a category, where contract prices live, whether you even have a no-PO flag, and the exceptions you already consider legitimate — and then tailors the data model, the flagging rules, and every later step to your answers. This is a tool shaped around your spend taxonomy and your compliance rules, not a generic template.
From there it walks the agent through the database schema, the three CSV imports with duplicate guards, the off-preferred / off-contract / no-PO flagging engine, the supplier-plus-category clustering and leakage math, the category manager's review-and-approve screen, and the export of the action list and summary email. Every step ends with a ready-to-copy prompt. Because the whole thing runs on CSV in and a clean CSV out, you can build and use it this weekend even with no live connection to your ERP or spend system.
The governance it includes (this is the point)
Maverick spend is sensitive — you are effectively accusing colleagues and suppliers of going off-channel — so it is built like it matters: login so only your procurement team can use it, row-level security so you only ever see your own organization's data, and a complete audit trail of every import, flag, edit, confirmation, and export — who did what, and when. Nothing goes out automatically: every flagged cluster is a draft finding until the responsible category manager confirms it is genuine maverick spend (not a valid exception) and approves the action. That confirmation is the hard human-in-the-loop gate before any outreach. Duplicate guards on the transaction id stop the same spend line being counted twice, and the supplier-plus-category cluster key keeps one finding per pattern instead of a thousand near-identical alerts.
Who it's for
Category managers and procurement leads who are trying to drive contract compliance and stop savings leaking out the side door. If you can explain how you decide whether a purchase was a genuine rogue buy or a fair exception, you can build this — and trend your compliance month over month.
You've got this — open the plan, paste the first prompt, and let it interview you about your spend.