The short answer: a revenue leakage audit traces one cohort of closed-won deals across five fields: close date in CRM, contract signature date, billing start date, final invoiced amount, and first cash receipt date. Every gap between those fields gets a cause code. Start at the bookings-to-cash path, not at the customer lifecycle, because that is where the largest and most traceable leaks live. The audit takes three CSV exports and roughly two weeks. This article gives the audit sequence, the thresholds that decide what counts as material, and the outputs the audit has to produce to be worth running.

Why the First Audit Usually Happens Too Late

Most companies run their first leakage audit for someone else. A lender asks why collections lag bookings. A diligence team finds invoices that do not match the ARR schedule. A board member asks why cash conversion fell two quarters in a row. At that point the company is reconstructing history under scrutiny instead of managing a known number. The mechanics of what leakage is and where it hides are covered in the revenue leakage overview. This article covers the audit itself: what to pull, what to compare, and in what order.

What a Revenue Leakage Audit Is, and What It Is Not

A revenue leakage audit is a cohort-level reconciliation that follows the same set of closed-won deals from CRM booking to bank receipt and assigns a named cause to every gap it finds. It is not a billing-system implementation. It is not a dunning setup. It is not a dashboard project. Those may follow the audit as fixes, but the audit itself is a two-week reconciliation exercise against data the company already has.

The distinction matters because the popular version of a "revenue leak audit" starts at the customer lifecycle: onboarding drop-off, failed payments, missed upsells. Those leaks are real. They are also downstream symptoms, and they are the leaks with the cheapest, most obvious fixes. The audit worth running starts where the money is largest and the evidence is strongest: the path from booked revenue to collected cash.

The Audit Sequence

  • 1. Scope one cohort. Take a single closed quarter of closed-won new business plus renewals. One quarter is enough to see the pattern and small enough to finish. Auditing all of history is how audits die.
  • 2. Pull three exports. CRM opportunities (closed-won, with close date, booked value, owner, stage history), invoices (issue date, amount, customer, credits), and cash receipts (date, amount, customer). CSV is fine. The method works without API access; the zero-API audit approach explains why a snapshot beats a live integration for diagnostic work.
  • 3. Reconcile five fields per deal. Close date in CRM, contract signature date, billing start date, final invoiced amount, first cash receipt date. Line them up per deal. The gaps you find are the audit.
  • 4. Assign a cause code to every gap. Four codes cover most of what you will find: billing delay, discount leakage, credit or write-off, attribution error. Resist inventing more codes until each of these has an owner.
  • 5. Quantify by category. Sum each cause code as a percentage of the cohort's expected billings. One blended leakage number is noise. Four category numbers are a work plan.
  • 6. Walk upstream on the worst category. For the deals behind the biggest category, check the stage history: what evidence existed at closed-won? Billing delays usually trace to stage-exit criteria that let deals close before implementation prerequisites were confirmed. Discount leakage usually traces to approval steps that exist on paper and not in the CRM.
  • 7. Install the ledger and the rhythm. Move the reconciled cohort into a leakage ledger with owners and next actions, and put it on a monthly review. An audit that ends in a slide deck gets repeated from scratch next year.

What Counts as Material

Illustrative: on $5M of expected quarterly billings, a 3% billing-delay rate plus 2-3% lost to discounting, credits, and collections is a $250K-$300K gap. That is the same math that makes single-digit control failures board-material once leadership plans against the top-line forecast. A working threshold for the audit: any single cause category above 1% of the cohort's expected billings gets its own owner and next action. Below that, log it and move on. The threshold is a triage rule, not a benchmark; the point is to stop treating a $150K billing-delay pattern and a $9K attribution error with the same urgency.

Which Revenue Integrity Controls Are Missing

Each cause category points at a specific absent control, which is what makes the audit more useful than a lifecycle leak checklist.

  • Billing delay points to stage-exit evidence at closed-won: deals marked won before implementation prerequisites, start dates, or signatures were confirmed.
  • Discount leakage points to a commercial approval workflow that is not enforced in the CRM, so the booked value and the contracted value diverge silently.
  • Credits and write-offs point to a missing definition of booked ARR: what counts as booked, at what value, under which acceptance criteria.
  • Attribution errors point to a CRM that is full but not decision-useful: owner, segment, and source fields that nobody reconciles because nobody reports from them.

On the Red List, the first two map to Phantom ARR and Activation Lag, two of the 20 failure modes tested in every Scorecard.

Common Mistakes

  • Starting with the customer lifecycle. Onboarding and dunning fixes are visible and satisfying, and they leave the bookings-to-cash seam unexamined. The audit ends with the biggest leaks still invisible.
  • Treating every gap as timing. "It will bill next quarter" is sometimes true and sometimes a write-off that has not been admitted yet. The cause code forces the distinction.
  • Blending categories into one number. A single 6% leakage figure produces a debate. A $95K billing-delay line with an owner produces a fix.
  • Running it once. A one-time audit finds last quarter's leaks. The ledger and the monthly review are what stop next quarter's.

MxM Point of View

Lifecycle-first leak audits start where the fixes are easiest, not where the money is. That ordering feels productive because it generates quick wins, and it systematically avoids the reconciliation seam between Sales, billing, and collections, which is where the material leaks sit and where the fix requires controls rather than a tool. The test MxM applies is blunt: if the company cannot reconcile five fields for one quarter's cohort of closed-won deals, it does not need a longer list of leak categories. It needs that reconciliation, cause codes, and a ledger someone owns. Everything else in the leak-audit genre is commentary on top of that exercise.

Illustrative Example

Illustrative example: a $14M ARR B2B SaaS company expected $3.6M in billings from a quarter's closed-won deals and renewals. The five-field reconciliation found $185K in gaps: $95K where billing had not started because implementation prerequisites were unconfirmed at close, $60K signed below the value still showing in CRM, and $30K in credits from a disputed onboarding scope. None of it was visible in the pipeline dashboard, because every deal was correctly marked closed-won. The example shows the failure pattern; it does not describe an MxM client engagement.

How MxM Approaches This

The Revenue Integrity Scorecard runs this reconciliation as part of the diagnostic, against three CSV exports and without API access to any system. The leakage findings land next to the stage-exit, forecast-governance, and reporting checks, ranked by operating impact, so the company sees whether leakage is the disease or a symptom of a looser control problem. The output is a cause-coded gap list with a recommended fix order, not a presentation.