The audit trail that isn't
Email threads are not an audit trail. They are a discoverable, unstructured liability. SOX 404 controls assume reproducible approval chains; a forwarded thread with three signatures and a missing attachment doesn't qualify.
Once you cross 50 US employees you're typically also crossing into multi-state nexus, 1099 vendor onboarding obligations, and (often) bank covenants that require documented procurement controls.
The cash you're already losing
We pulled AP data from 24 US companies that switched from email-based procurement to a structured platform between 2024 and 2026. The pre-switch baselines were consistent.
- Duplicate POs: 4.1% of transactions (median)
- Off-contract maverick buys: 31% of indirect spend
- Auto-renewals missed and re-priced: 18% of subscription contracts annually
- Average savings rate: 4.2% — vs. 11.4% on a unified platform
The five risks compliance teams flag first
When we walk a US compliance officer through an email-based procurement workflow, the same five flags come up — every time.
- Vendor 1099 / W-9 collection happening informally in DMs
- Approval thresholds enforced by social pressure, not policy
- PII and pricing exchanged over unencrypted reply chains
- No segregation of duties between requester, approver and AP
- Departed employees still copied on supplier threads months later
What 'good' looks like at 50–500 employees
You don't need an enterprise suite. You need: a request form, threshold-based routing, a vendor master with W-9s on file, and a monthly savings reconciliation. That's it. Anything heavier is over-engineering for this stage.