In many economic relationships that are mediated by digital infrastructure in 2026—AI services sold under usage-based pricing, app stores and ad platforms coordinating millions of small producers, cloud marketplaces matching heterogeneous demand, and enterprise vendors providing “AI copilots” inside regulated firms—the principal’s core problem is still the classic one: value is created by an agent’s hidden, multidimensional effort, but the principal only observes coarse and noisy performance outcomes. What has changed in practice is not the presence of hidden action, but the measurement stack that surrounds it. Outcomes are logged continuously, yet the most informative checks of “did you actually do the right thing?” remain intermittent, expensive, and often intrusive. As a result, these systems naturally combine (i) outcome-based compensation or continuation rules with (ii) occasional audits—spot checks, targeted reviews, red-team exercises, compliance examinations, incident postmortems, or third-party attestations—that generate additional signals about the agent’s behavior.
This paper starts from the observation that such audits are not merely an operational afterthought; they are a disciplined response to a fundamental tension in incentive design. Outcome data are plentiful but frequently misaligned with the principal’s true objective. A platform may care about long-run user trust while observing short-run engagement. A firm may care about model reliability and safety while observing a support-ticket rate that is driven by user mix. A regulator may care about non-discrimination while observing only aggregate approval rates. In these environments, a contract that is constrained to pay only as a (monotone) function of outcomes can end up rewarding precisely the wrong behaviors, or paying excessive informational rents to induce the right ones. Practitioners respond by adding “verification moments”: a random sample of calls is reviewed for quality, a subset of model outputs is checked for policy compliance, a fraction of vendors undergo KYB/KYC revalidation, or a periodic penetration test is performed. These are costly, so they are used sparingly, but they are also targeted: the audit is designed to be more likely to “pass” when the agent truly exerted the desired effort.
From a contract-theoretic perspective, the crucial role of an audit is that it creates an additional signal that is (even slightly) more diagnostic of the intended action than the realized outcome distribution alone. One can think of the audit as a coarse proxy for an otherwise unverifiable input: did the call center representative follow the script; did the model provider run the agreed evaluations; did the seller comply with return policies; did the recommender system include required diversity constraints; did the vendor’s internal controls meet a baseline standard. Importantly, the audit signal is not required to be perfect. Indeed, modern compliance practice is built around imperfect tests: checklists, sampling, anomaly triggers, and third-party reports with false positives and false negatives. What matters is not perfection, but separation—passing is meaningfully more likely under the desired behavior than under plausible deviations.
Why is such separation valuable? The difficulty with outcome-only incentives is that, in many hidden-action instances, the outcome distribution is simply not rich enough to identify the agent’s action. When multiple actions induce similar (or even identical) outcome distributions, any outcome-based scheme must either (a) fail to elicit the desired action or (b) pay in a way that is insensitive to the true deviation, thereby leaving slack incentive constraints and inflating the minimum expected payment needed for implementation. Limited liability then amplifies this problem: because the principal cannot punish the agent below zero, the standard “carrot and stick” logic collapses into “carrots only,” and the principal may be forced to overpay on outcomes that can also be produced by low-effort behavior. In the language of information economics, the principal is trying to purchase an action using a signal that is not sufficiently informative; rents are the price of that informational deficiency.
This is not just a qualitative concern. A line of recent work has made the worst-case performance of simple contracts precise. If we restrict attention to linear or monotone outcome-based payment rules—exactly the kinds of rules that are common in platforms and large organizations for reasons of simplicity, perceived fairness, and legal/compliance constraints—then there exist instances in which any such contract achieves only a vanishing fraction of the optimal principal utility. In particular, one can construct families where the best linear (or more generally monotone) contract extracts only a Θ(1/n) fraction of the benchmark achievable by an unrestricted optimal contract, where n is the number of actions available to the agent. The economic content of these Θ(n) gaps is straightforward: with many hidden actions, the principal can face an exponentially complicated “menu” of deviations, and a simple outcome-only payment rule lacks the degrees of freedom needed to deter them without paying large rents. The gap is not a pathology of irrationality or incomplete contracting; it arises even under full information about the environment and under standard limited-liability constraints.
This motivates the central question we address: if we are committed to simple outcome-based sharing rules—because they are scalable, interpretable, and robust—what is the minimal additional instrument that can close these worst-case gaps? Our answer is that occasional, binary audits can play exactly this role. The key is that audits introduce a second axis of conditioning that is not tied to the realized payoff-relevant outcome. In practice, this corresponds to the fact that many valuable compliance or quality checks do not directly create customer-facing value in that period (they are “overhead”), but they do create information about effort. Once the principal has even a coarse audit signal, she can concentrate incentive pay on events that are both (i) relatively rare and (ii) more likely under the desired action. This is the logic behind performance bonds, certification requirements, and spot-check regimes: pay (or continue) disproportionately when a verification step is successfully passed.
The operational constraint, of course, is that audits are costly. Human review takes time; external assessors charge fees; invasive checks may create privacy or security risks; and continuous monitoring may be infeasible or politically unacceptable. This is why real systems audit occasionally rather than constantly. A key conceptual point—one we formalize later—is that “occasional” does not mean “ineffective.” Because incentives depend on expected differences in payoffs across actions, a principal can often trade off audit frequency against audit-contingent rewards. Intuitively, if passing an audit is more likely under the desired action, then even a low audit rate can generate strong incentives when paired with a sufficiently sharp reward upon passing. This captures a pervasive design pattern in digital governance: rare but salient enforcement (account suspensions after a review; clawbacks after an investigation; preferred placement after certification) rather than continuous micromanagement.
At the same time, we should be clear about what we are not claiming. We do not assume that audits reveal the action, or that the principal can write arbitrarily complex state-contingent transfers. We also do not treat audits as free: the audit rate is a choice variable precisely because audits consume resources. Moreover, we do not claim that audits solve all incentive problems in practice. Audit design itself can be gamed, audit institutions can be captured, and a binary pass/fail signal necessarily compresses rich information. Our goal is narrower: to understand, in a stylized hidden-action environment with limited liability and simple payment structure, how much leverage a minimal audit channel can provide relative to outcome-only incentives, and how that leverage scales with the informativeness of the audit and the cost of performing it.
The policy relevance is immediate. Regulatory regimes for AI and digital platforms increasingly require some form of periodic assessment—model evaluations, data protection audits, algorithmic impact assessments, supply-chain due diligence. Firms often experience these requirements as compliance costs, but from an incentives standpoint they can also be viewed as mechanisms that enlarge the feasible set of implementable behaviors under simple compensation and governance rules. In other words, audits can substitute for complex contracts: rather than paying on an extremely high-dimensional set of outcomes (which is often impossible), a principal can pay on a small number of verifiable events generated by an audit process.
With this motivation in place, we now turn to the baseline hidden-action model, highlighting what optimal contracting looks like without audits and why simple outcome-based contracts can be sharply suboptimal in the worst case. This baseline will clarify exactly where the informational bottleneck lies and how an additional audit signal can relax it.
We begin with the standard hidden-action baseline in which the
principal observes only the realized outcome and cannot condition
payments on any additional verification signal. Formally, the agent
chooses an unobservable action i ∈ [n] that induces an
outcome distribution qi ∈ Δ([m])
over outcomes j ∈ [m]. Each outcome j generates a (verifiable) principal
reward rj ∈ [0, 1], so
action i yields expected
reward
$$
R_i \;=\; \sum_{j=1}^m q_{ij} r_j.
$$
The agent incurs a private cost ci ∈ [0, 1], and
we define welfare as Wi = Ri − ci.
The principal offers an outcome-contingent contract t = (t1, …, tm)
before the agent chooses i,
where limited liability imposes
tj ≥ 0 for all
j.
(We can normalize the agent’s outside option to 0, so payments cannot be negative and the
agent can always opt out by selecting a zero-cost action if one exists,
or by declining the relationship.)
Given contract t, the
agent’s expected utility from action i is
$$
U_A(i\mid t) \;=\; \sum_{j=1}^m q_{ij} t_j \;-\; c_i,
$$
and the principal’s expected utility is
$$
U_P(i\mid t) \;=\; \sum_{j=1}^m q_{ij}(r_j - t_j) \;=\; R_i -
\sum_{j=1}^m q_{ij} t_j.
$$
We adopt the canonical Stackelberg/tie-breaking convention: the agent
chooses an action maximizing UA, and if
multiple actions tie, the tie is broken in the principal’s favor. This
convention is convenient analytically (it pins down an equilibrium
outcome) and economically interpretable (the principal can often add an
arbitrarily small perturbation to select among tie actions).
Fix a target action i that
the principal wishes to implement. The outcome-only implementability
constraints are linear. Incentive compatibility requires
$$
\sum_{j=1}^m q_{ij} t_j - c_i \;\ge\; \sum_{j=1}^m q_{i'j} t_j - c_{i'}
\quad \text{for all } i'\neq i,
$$
and individual rationality requires
$$
\sum_{j=1}^m q_{ij} t_j - c_i \;\ge\; 0.
$$
Because the objective UP is decreasing
in expected payments, the principal’s optimal contract for implementing
i is the one that minimizes
expected payment subject to these constraints:
$$
\min_{t\in\mathbb{R}_+^m} \;\; \sum_{j=1}^m q_{ij} t_j
\quad \text{s.t.}\quad
\sum_{j} (q_{ij}-q_{i'j}) t_j \;\ge\; c_i - c_{i'} \;\; \forall i'\neq
i,
\;\;\text{and}\;\;
\sum_{j} q_{ij} t_j \ge c_i.
$$
This “MINPAY” linear program is the workhorse for outcome-only moral
hazard: it makes clear that the principal is purchasing incentive
differences, and that the only levers are the m outcome states. Two implications
are immediate. First, implementability is not automatic even under full
information: if the outcome distributions are insufficiently separated,
there may be no nonnegative payment vector t that makes i optimal for the agent. Second,
even when implementation is feasible, limited liability forces the
principal to use “carrots only,” so payments must concentrate on
outcomes that are relatively more likely under i than under deviations.
A useful way to understand this LP is via its dual and the associated geometric interpretation. In the absence of limited liability, one can often use negative transfers to punish outcomes that suggest shirking; under tj ≥ 0, that tool disappears, and the feasibility region is a pointed cone generated by likelihood-ratio directions of the form qi − qi′. Duality then yields a familiar “mimicking” picture: implementation of i fails precisely when the agent can replicate (or weakly dominate) the distribution induced by i using a mixture of other actions that has strictly lower cost. Intuitively, if a convex combination of other action distributions looks too similar to qi, then any payment rule that rewards the agent based on outcomes alone must also reward that mixture, and if the mixture is cheaper for the agent, incentives unravel. This is the core informational bottleneck: outcomes compress behavior into a finite signal, and when that signal does not separate actions, the principal pays informational rents or cannot implement the desired behavior at all.
The LP perspective also highlights why optimal outcome-only contracts can look “unnatural” relative to the simple compensation schemes used in practice. The optimal t for implementing i is typically an extreme point of a polyhedron defined by the binding IC constraints and the nonnegativity constraints. Extreme points often involve paying on a small subset of outcomes, with zero payments elsewhere, because sparse solutions satisfy many linear inequalities tightly. Moreover, nothing in the LP requires payments to be monotone in the principal’s reward rj. Indeed, non-monotonicity can be optimal or even necessary: the principal may pay more on an outcome with smaller rj if that outcome is more diagnostic of effort. A stylized example is instructive. Suppose there are two outcomes, “flashy success” and “quiet compliance,” and a high-effort action increases the probability of quiet compliance but does little for flashy success; then the cheapest way to elicit effort is to put weight on the compliance outcome even if its contemporaneous revenue is lower. In other words, the payment schedule is driven by informativeness (likelihood ratios), not by realized value. This tension—value versus informativeness—is exactly where monotone and linear pay constraints can bite.
These observations motivate the restriction to simple contract classes that are common in platforms and organizations. Two canonical restrictions are (i) linear contracts, tj = αrj with α ∈ [0, 1], and (ii) more general monotone contracts where tj is nondecreasing in rj. Such restrictions can be justified by administrative simplicity, legal/compliance requirements, auditability of the compensation policy itself, and the desire to avoid paying “more for worse outcomes,” which can be politically or behaviorally unacceptable even when it is optimal in the LP sense. They also have a robustness motivation: when the mapping from observed outcomes to true value is misspecified or subject to manipulation, monotone rules may be less fragile than finely tuned, non-monotone ones.
However, the same restriction that makes contracts scalable also limits their power in the worst case. Recent approximation results make this precise: there exist families of hidden-action instances with n actions in which the optimal outcome-only limited-liability contract achieves a constant (or at least nonvanishing) principal utility, while the best linear contract—and even the best monotone contract—achieves only a Θ(1/n) fraction of that benchmark. Economically, these lower bounds arise because with many actions the agent has many “nearby” deviations, and a simple payment rule has too few degrees of freedom to simultaneously (a) reward the target action and (b) deter every deviation without overpaying. The principal is forced into a pooling-like payment schedule that keeps the target action barely attractive but also leaves slack constraints for other actions, and under limited liability the slack translates directly into rents.
A complementary way to view the Θ(n) gap is through “effective dimensionality.” The unrestricted outcome-only LP has m decision variables and can in principle tailor payments to exploit fine distinctions among the qi’s. Linear contracts collapse all m outcomes onto a single scalar rj, and monotone contracts constrain the ordering of payments to match the ordering of rewards. When n is large relative to the usable variation in outcomes-as-signals, the principal cannot separately price the different incentive constraints. As a result, the principal either gives up on implementing high-welfare actions or implements them only by paying on high-reward outcomes that are also attainable under low-effort actions, thereby diluting incentives and reducing principal surplus.
This baseline delivers two takeaways that guide everything that follows. First, the obstacle is not that outcomes are unobserved—outcomes are observed perfectly—but that they are an impoverished signal of hidden action once we respect limited liability and simplicity constraints. Second, the distortion created by simplicity is not a second-order effect: in the worst case it scales with the size of the action space. The next step, therefore, is to ask whether a minimal enrichment of the signal—one additional binary event that is mildly correlated with the desired behavior—can restore much of the lost surplus while preserving the operational virtues of simple outcome-based sharing. This is the role played by the audit channel we introduce next.
Formally, after the agent selects an unobservable action i ∈ [n], an audit can be
conducted with some probability p ∈ (0, 1] chosen by the principal.
When an audit is conducted, the principal receives a binary signal s ∈ {0, 1}, where we interpret s = 1 as “pass” (or “clean”) and
s = 0 as “fail” (or “flag”).
The informativeness of the audit is captured by numbers
ai = Pr [s = 1 ∣ i],
so that higher ai corresponds
to actions that are more likely to pass the audit. We assume the audit
signal is generated independently of the realized outcome conditional on
the action. Economically, this corresponds to audits that check process
rather than realized performance (e.g., whether required steps were
taken), and analytically it allows us to separate the “value signal”
(the outcome j that determines
rj) from
the “behavior signal” (the audit pass/fail). This
conditional-independence assumption is not essential in
principle—Section 4 will naturally be stated in the joint signal space
(j, s)—but it keeps
the model transparent and highlights the role of even very coarse
verification.
Auditing is costly. Let κ ≥ 0 denote the per-audit resource cost to the principal (administrative expense, delay, investigator time, or the opportunity cost of scrutiny). Since an audit is performed with probability p, the expected audit cost is κp, and this cost is incurred regardless of whether the agent passes or fails. One can view p as a policy variable controlling the intensity of monitoring: higher p yields more information in expectation, but burns more resources.
The principal’s contract is allowed to depend on both the outcome and
(when an audit occurs) the signal. To preserve the operational
simplicity emphasized above, we restrict attention to a parsimonious
two-parameter class:
tj, s = αrj + bs, α ∈ [0, 1], b ≥ 0.
This contract has a natural interpretation: the agent receives a
baseline “commission” equal to a share α of the principal’s realized
reward, plus an additional bonus b only when the audit is conducted
and the agent passes. In practice, this resembles compensation schemes
that combine revenue sharing (or performance pay) with a compliance or
quality bonus contingent on passing a review. It also captures the idea
that the principal may wish to concentrate incentive payments on a
relatively diagnostic event (audit pass) while keeping the outcome-based
component simple and monotone in rj.
Limited liability is automatically satisfied within this class. Since rj ∈ [0, 1], α ∈ [0, 1], b ≥ 0, and s ∈ {0, 1}, we have tj, s ≥ 0 for all (j, s). We emphasize that b is not assumed to be bounded unless explicitly stated; this “unbounded payments” regime is a useful benchmark because it isolates how the expected incentives depend on the product pb. When payment caps matter (e.g., due to regulation or budget constraints), one can impose b ≤ B and the interaction with p becomes substantive.
Timing and commitment follow the standard Stackelberg moral-hazard logic. First, the principal commits to the audit policy and compensation parameters (p, α, b). Commitment is economically important: if the principal could ex post reduce audit frequency or renege on the promised bonus, then the audit channel would not provide credible incentives. In many settings commitment is supported institutionally (standardized audit protocols, third-party auditors, contractual enforcement, or reputational concerns), and in others it is precisely the friction that limits the usefulness of audits; we return to such limitations when interpreting the results. After observing (p, α, b), the agent chooses an action i. Then the outcome j ∼ qi is realized, an audit occurs with probability p, and if the audit occurs the signal s is drawn with Pr [s = 1 ∣ i] = ai. Finally, payments are made according to tj, s, and the principal bears the audit cost κ if and only if the audit is executed.
This structure yields particularly tractable expected payoffs. Under
action i, the agent’s expected
payment is
Ti(α, b) = 𝔼[tj, s ∣ i] = αRi + p b ai,
because the outcome component contributes α𝔼[rj ∣ i] = αRi,
while the audit bonus is paid only when an audit happens (probability
p) and the agent passes
(probability ai). Hence the
agent’s expected utility is
UA(i ∣ α, b) = αRi + p b ai − ci,
and the principal’s expected utility—net of expected audit cost—is
UP(i ∣ α, b, p) = 𝔼[rj − tj, s ∣ i] − κp = (1 − α)Ri − p b ai − κp.
Two features of these expressions are worth highlighting because they
govern much of what follows. First, the audit affects incentives only
through the differences in pass probabilities ai − ai′
across actions; it is therefore the separation of the audit
channel, not merely its existence, that matters. Second, holding (α, b) fixed, increasing
p both strengthens incentives
(via pbai)
and increases direct costs (via κp). This is the central
policy tradeoff: audit intensity buys incentive power, but at a resource
cost.
Equilibrium is defined in the same spirit as in the outcome-only
case. For fixed (p, α, b), the
agent chooses a best response:
i ∈ arg maxi′ ∈ [n]{αRi′ + p b ai′ − ci′}.
We maintain the canonical tie-breaking rule: if multiple actions
maximize the agent’s utility, the selected action is the one that
maximizes the principal’s utility. This convention both simplifies
exposition and reflects the idea that arbitrarily small perturbations
(or secondary performance criteria) can select among tied actions
without changing incentives in any economically meaningful way.
Individual rationality can be imposed directly as UA(i ∣ α, b) ≥ 0
for the implemented action; as usual, this can be folded into the
incentive constraints if a zero-cost outside option is available.
Finally, it is useful to record an immediate scaling observation that will become operational later. Since the audit-driven incentive term depends on p and b only through the product pb, the principal can often trade off audit frequency and bonus magnitude: lowering p and increasing b proportionally preserves expected incentives and expected bonus payments, while reducing audit costs linearly in p. Whether this substitution is feasible depends on whether b can be made large (unbounded transfers) or is constrained by a cap B (bounded payments). This distinction cleanly separates two regimes: one in which audits can be made arbitrarily rare without losing incentive power, and one in which a minimum audit intensity is required for feasibility.
With this audit-augmented model in place, the natural objects for implementability are no longer the outcome distributions {qi} alone, but the induced joint distributions over the enriched signal space (j, s) (or, under our independence assumption, the pair (qi, ai)). This enlargement is exactly what allows us to revisit the classic convex-combination (“mimicking”) logic in a sharper way, and to connect implementability to likelihood-ratio-type separation events generated by the audit.
To state this cleanly, it is convenient to temporarily step outside
the two-parameter class tj, s = αrj + bs
and consider arbitrary limited-liability contracts on the joint
signal space. Fix an audit policy p ∈ (0, 1]. Let the realized
observable “state” be k = (j, σ) where
j ∈ [m] is the
outcome, and σ records what
the principal observes about auditing. One natural encoding is σ ∈ {∅, 0, 1}, where σ = ∅ denotes “no audit,” and σ ∈ {0, 1} denotes “audit performed
and signal s = σ
observed.” Under action i, the
induced distribution over states is
πi(j, ∅) = (1 − p) qij, πi(j, 1) = p qij ai, πi(j, 0) = p qij (1 − ai),
using the conditional independence of j and s given i. A general limited-liability
contract is a nonnegative payment schedule {tk}k
with tk ≥ 0 for all
k. The agent’s expected
utility from action i is then
∑kπi(k)tk − ci,
and the principal’s expected utility is ∑kπi(k)(r(j) − tk) − κp,
where r(j) = rj.
For a fixed target action i, the classic “minimum payment”
problem asks: among all nonnegative payment schedules that make i incentive compatible (and
individually rational), what is the smallest expected transfer under
i? Writing this as a linear
program in the variables {tk}, the
constraints are the usual IC inequalities
∑kπi(k)tk − ci ≥ ∑kπi′(k)tk − ci′ for
all i′ ≠ i,
together with tk ≥ 0 and (if
imposed separately) IR: ∑kπi(k)tk − ci ≥ 0.
The objective is to minimize ∑kπi(k)tk.
This is exactly the Hermalin–Katz style primal LP, with the only
difference being that the “outcomes” are now elements of the enlarged
set {(j, σ)} rather
than just j ∈ [m].
The benefit of this formulation is that strong duality immediately
yields a geometric characterization of implementability. In the
outcome-only world, action i
is not implementable under limited liability precisely when some convex
combination of other actions’ outcome distributions can “mimic” qi at lower
cost. Here the same statement holds with qi replaced by
the joint distribution πi. Concretely,
if there exist weights {λi′}i′ ≠ i
with λi′ ≥ 0
and ∑i′ ≠ iλi′ = 1
such that
∑i′ ≠ iλi′ πi′(k) ≥ πi(k) for
every state
k, and ∑i′ ≠ iλi′ ci′ < ci,
then i cannot be implemented
by any nonnegative transfer scheme on the joint signal space.
Intuitively, the mixture ∑i′λi′πi′
produces (weakly) higher probability on every payoff-relevant state than
πi does,
while costing the agent strictly less. Under limited liability, the
principal can only reward states, never punish them; thus any
payment rule that makes i
attractive also makes the cheaper mixture at least as attractive,
because the cheaper mixture experiences each rewarded state at least as
often. Conversely, if no such cheaper dominating mixture exists, the
separating hyperplane guaranteed by the dual can be interpreted as a
nonnegative payment vector that supports i as a best response. This is the
precise sense in which audits enlarge implementability: they refine the
state space, thereby making the coordinatewise domination condition
harder to satisfy.
Two immediate corollaries align with economic intuition. First, if the audit is uninformative in the strong sense that ai is identical across all actions, then πi adds no action-dependent variation beyond what qi already provides; indeed πi is just a fixed “splitting” of qi into audited and unaudited sub-states. In that case, implementability with audits collapses to implementability without audits: the convex-geometry obstacles are unchanged. Second, whenever there exist two actions i ≠ i′ with the same outcome distribution qi = qi′ but different audit statistics ai ≠ ai′, the joint distributions πi and πi′ become distinguishable. The convex-combination obstruction that previously arose from outcome indistinguishability can disappear, and actions that were impossible to implement with outcome-only payments can become implementable once the principal can condition on the audit signal.
This joint-distribution viewpoint also clarifies why a binary audit can be powerful. Even a single additional bit creates an event—“audit pass,” s = 1—whose relative likelihood across actions can be exploited. The dual characterization above is agnostic about how the separation is achieved; it simply says that what matters is whether there exists a state (or collection of states) that is sufficiently more likely under the target action than under any cheaper alternative, because such states can serve as “rewarding” events that do not excessively subsidize deviations. When the audit is binary, the most natural candidate is exactly the likelihood-ratio event s = 1. If for a target action i and a deviation i′ we have ai > ai′, then the state set {(j, 1) : j ∈ [m]} is uniformly more likely under i than under i′ by the factor ai/ai′, holding fixed the outcome distribution component. Paying primarily (or exclusively) on this event can therefore generate a large incentive differential per unit of expected payment.
Our L-separation assumption
can be read through this lens. The condition ai* ≥ amin > 0
and ai ≤ ai*/L
for all i ≠ i* is a
uniform lower bound on the likelihood ratio of the “pass” event:
$$
\frac{\Pr[s=1\mid i^*]}{\Pr[s=1\mid i]} \;\ge\; L\qquad \text{for all }
i\neq i^*.
$$
In other words, passing an audit is an event that is systematically—and
multiplicatively—more indicative of i* than of any other
action. This is precisely the kind of statistical separation that
defeats convex-combination mimicry: no mixture of cheaper actions can
simultaneously (i) match the frequency of an i*-indicative event like
s = 1 and (ii) preserve lower
cost, unless the audit is effectively non-discriminatory. Put
differently, the audit creates a “diagnostic” state that the principal
can reward without granting comparable expected rewards to lower-cost
deviations.
At the same time, this characterization is deliberately silent about how expensive it is to exploit the separation; it only addresses existence. If the principal is allowed arbitrary payments contingent on (j, σ), then implementability is governed entirely by the geometry of {πi} and the cost vector c. Once we restrict the contract class to tj, s = αrj + bs (and possibly impose a cap on b), implementability becomes quantitative: the principal may have the right separating event, but must check whether it can be rewarded strongly enough given the permissible transfer form. This is the bridge to the next section. There we use the same IC inequalities, but leverage the binary nature of s and the linear form of tj, s to solve for the minimum bonus b (and, with caps, the minimum feasible audit rate p) required to implement a desired action under L-separation.
Finally, we note a practical limitation of the joint-signal view that will matter in applications. The above dominance logic presumes the principal can commit to conditioning payments on the realized audit signal and that the audit statistics {ai} are stable primitives. In many real settings, audits are themselves strategic (the agent can game what is audited), noisy in ways correlated with outcomes, or subject to enforcement frictions (e.g., appeals, bargaining, or imperfect commitment). These complications do not invalidate the geometric insight—more informative signals expand implementability under limited liability—but they do affect which joint distributions are feasible and which states are credibly rewardable. Our goal here is to isolate the core mechanism: even a coarse audit that generates a high-likelihood-ratio event can break the classic convex-combination barrier and thereby unlock implementability that outcome-only contracts cannot achieve.
Under action i, the agent’s
expected payment and utility are
Ti(α, b) = 𝔼[tj, s ∣ i] = αRi + p b ai, UA(i ∣ α, b) = αRi + p b ai − ci,
and the principal’s expected utility (net of audit costs) is
UP(i ∣ α, b, p) = (1 − α)Ri − p b ai − κp.
Limited liability is automatically satisfied here because rj ≥ 0 and α, b ≥ 0 imply tj, s ≥ 0
for all (j, s).
Fix a target action i that
the principal would like to induce. The agent prefers i over any deviation i′ ≠ i exactly
when
αRi + p b ai − ci ≥ αRi′ + p b ai′ − ci′.
Rearranging yields the incentive constraint (IC) in its most useful
form:
Two immediate economic interpretations fall out of . The outcome-sharing
term α(Ri − Ri′)
covers the part of the incentive gap that is already reflected in
expected rewards; the remaining gap must be financed by the audit bonus,
scaled by the audit advantage ai − ai′.
When ai ≈ ai′,
the audit provides little leverage and b must be large; when ai ≫ ai′,
a small expected audit payment pbai
can produce a large incentive differential.
For a fixed (α, p), the minimum bonus
b that satisfies all IC
constraints is obtained by taking the maximum over deviations of the
lower bound implied by . Specifically, for each i′ ≠ i with
ai > ai′,
the constraint becomes
$$
b \;\ge\; \frac{(c_i-c_{i'}) - \alpha (R_i-R_{i'})}{p\,(a_i-a_{i'})}.
$$
Deviations with ai ≤ ai′
are qualitatively different: the audit term cannot help (the left-hand
side of is nonpositive for b ≥ 0), so the right-hand side must
already be nonpositive, i.e.,
(ci − ci′) ≤ α(Ri − Ri′) whenever
ai ≤ ai′.
If this fails for some i′ with ai ≤ ai′,
then no bonus b ≥ 0
can implement i within the
class tj, s = αrj + bs
at the given α: the audit is
“misaligned” against that deviation, and outcome-sharing must do all the
work.
Collecting these observations, we can write the closed-form minimum
bonus as
$$
b_i(\alpha)
=
\max_{i'\neq i:\, a_i>a_{i'}}
\frac{\big((c_i-c_{i'}) - \alpha (R_i-R_{i'})\big)_+}{p\,(a_i-a_{i'})},
$$
where (x)+ = max {x, 0}.
Feasibility additionally requires that for every i′ ≠ i with
ai ≤ ai′
we have (ci − ci′) − α(Ri − Ri′) ≤ 0.
When feasible, any b ≥ bi(α)
makes i incentive compatible,
and the tight deviation (the maximizer) is the one that
determines the marginal “price” of inducing i under this payment form.
Individual rationality (IR) can be incorporated without adding new
structure. If we include a “do-nothing” action 0 with c0 = 0 and normalize
R0 = 0 (or, more
generally, ensure there is some outside option with nonnegative
utility), then IR for action i
is simply the IC constraint against action 0:
αRi + p b ai − ci ≥ 0 ⇔ p b ai ≥ ci − αRi,
which is subsumed by the same max formula above when i′ = 0 is included among
deviations. In this sense, our “minimum payment” calculations can be
read as simultaneously enforcing IC and IR.
Given bi(α),
the minimum expected payment for implementing i within this class is
Timin(α) = αRi + p ai bi(α).
This expression makes clear why the product pb is the key object:
holding α fixed, IC depends on
pb (through pb(ai − ai′)),
and the audit part of the expected transfer also depends on pb (through pbai).
This “one-for-one” scaling property is what later allows us to reduce
audit rates in the unbounded-payment regime without changing either
incentives or expected transfers.
While one could in principle optimize α to trade off incentive provision
against revenue sharing, the L-separation setting points to a
particularly transparent choice: set α = 0 and rely entirely on the audit
event s = 1 to create
incentives. With α = 0, the IC
constraints become
p b (ai − ai′) ≥ ci − ci′,
so the minimum bonus is
$$
b_i(0)=\max_{i'\neq i:\, a_i>a_{i'}}
\frac{(c_i-c_{i'})_+}{p\,(a_i-a_{i'})},
\qquad
T_i^{\min}(0)=p\,a_i\,b_i(0).
$$
Now suppose the audit is L-separating for a target action
i*: ai* > 0
and ai′ ≤ ai*/L
for all i′ ≠ i*.
Then for every deviation i′ ≠ i*
we have a uniform lower bound on the audit advantage,
$$
a_{i^*}-a_{i'} \;\ge\; a_{i^*}\Big(1-\frac{1}{L}\Big),
$$
and hence, for α = 0,
$$
b_{i^*}(0)
\;\le\;
\frac{1}{p\,a_{i^*}(1-1/L)}\;\max_{i'\neq i^*}(c_{i^*}-c_{i'})_+.
$$
Multiplying by pai*
gives a clean upper bound on the minimum expected transfer:
where the last inequality uses that costs are nonnegative (or,
equivalently, that there is an outside option with ci′ ≈ 0
against which IC/IR must hold). Inequality is the quantitative
counterpart of the geometric story from the previous section: the audit
creates a “rewardable” event that is at least L times as likely under i* as under any
alternative, and therefore implementing i* requires expected
payments only within a constant factor of the effort cost.
Two limitations are worth flagging because they delineate the scope of the approximation result. First, if there exists a cheap deviation with ai′ ≥ ai*, then α = 0 cannot work (the audit cannot favor i*), and even with α > 0 feasibility may fail unless Ri* is sufficiently larger than Ri′. Second, when ai* is extremely small, the required bonus b can be very large even though the expected payment pbai* remains moderate; this matters only if we later impose an explicit cap on b. These observations motivate the next section: we translate the min-pay bound into a principal-utility guarantee relative to the no-audit benchmark OPT, and we show how the invariance in pb yields a vanishing-audit-cost corollary when bonuses are unbounded, while bonus caps force a strictly positive minimum audit rate.
We now translate the min-pay guarantee into a principal-utility guarantee relative to the best outcome-only limited-liability benchmark OPT. The subtlety is that our contract class is extremely restricted—tj, s = αrj + bs—so the comparison is not to the best linear contract but to the best (possibly nonlinear) limited-liability contract that conditions only on outcomes. The punchline is that, under L-separation for a target action i*, the principal can recover essentially the full surplus of i* up to a constant-factor distortion that depends only on L, plus the direct audit cost κp.
Fix an action i*
with Wi* = Ri* − ci* > 0
and suppose the audit is L-separating for i*: ai* > 0
and ai ≤ ai*/L
for all i ≠ i*. Then
there exist parameters (α, b, p) in the
simple family tj, s = αrj + bs
that implement i*
and satisfy the expected-payment and utility bounds
$$
T_{i^*}\;\le\;\frac{L}{L-1}\,c_{i^*},
\qquad
U_P\;\ge\;R_{i^*}-\frac{L}{L-1}\,c_{i^*}-\kappa p.
$$
Moreover, one can take α = 0
(i.e., rely purely on the audit bonus for incentives).
The proof is immediate from the construction in the previous section: with α = 0, we choose pb just large enough to cover the binding incentive gap, and gives the resulting bound on Ti*. Economically, the bound says that the informational rents needed to rule out all deviations are controlled by the separation parameter: as L → ∞ (nearly perfect separation), the required expected payment approaches ci*, i.e., the first-best “reimbursement of effort.”
To compare to no-audit contracts, we use a simple but useful upper
bound: under limited liability and IR, any outcome-only contract that
induces action i must pay the
agent at least ci in
expectation, hence the principal’s utility from inducing i is at most Ri − ci = Wi.
Therefore,
OPT ≤ maxiWi.
If we take i* to be
welfare-maximizing (or simply any action with Wi* = maxiWi),
then OPT ≤ Wi*
and Theorem 6.1 implies the additive welfare-relative guarantee
This is the cleanest general statement: audits let us approximate the
best no-audit payoff up to an additive loss of at most ci*/(L − 1)
(plus the direct audit cost). When the target action has substantial
surplus relative to its cost, this additive loss is itself a controlled
fraction of the surplus, yielding a constant-factor approximation in the
usual multiplicative sense. Concretely, whenever $W_{i^*}\ge \frac{L}{L-1}c_{i^*}$ (a
“nontrivial surplus” condition), implies
$$
U_P\;\ge\;\Big(1-\frac{1}{L}\Big)W_{i^*}-\kappa p
\;\ge\;\Big(1-\frac{1}{L}\Big)\mathrm{OPT}-\kappa p.
$$
This is the regime in which multiplicative approximations are
economically meaningful: if OPT (or
Wi*)
is extremely small, then any guarantee stated purely as a fraction of
OPT is fragile because the principal
can always opt out and obtain utility 0.
A striking feature of the simple payment form is that incentives depend
on p and b only through the product pb. Holding α fixed, the IC constraints (and
Ti’s audit
component) are unchanged if we replace (p, b) by (p′, b′)
with p′b′ = pb.
This yields a direct “rarification” corollary: in the unbounded-payment
regime (no exogenous cap on b), we can implement i* with the same expected
payment while driving the audit cost to zero.
Formally, fix any implementing parameters (α, b, p) (e.g.,
α = 0 and b = bi*(0)).
For any p′ ∈ (0, 1], define b′ := b p/p′.
Then for every action i,
αRi + p′b′ai − ci = αRi + pbai − ci,
so the agent’s best response is unchanged; the implemented action
remains i*, and the
expected transfer Ti* = αRi* + p′b′ai*
is unchanged as well. The only term that moves is the audit cost, which
becomes κp′. Thus,
taking p′ → 0
yields
UP → ((1 − α)Ri* − pbai*),
while preserving implementability and the expected-payment bound.
Operationally, this captures a familiar enforcement logic: if the
penalty/bonus upon detection can be made sufficiently large, then audits
can be made arbitrarily rare without weakening incentives.
In many applications, large bonuses are infeasible—due to liquidity
constraints, legal limits, reputational concerns, or internal pay
equity—so it is natural to impose a cap b ≤ B. The scaling argument
above then breaks: once b
cannot increase beyond B,
reducing p eventually destroys
incentives because pb
cannot be held constant.
The IC characterization from the previous section immediately yields
a minimum feasible audit rate. To implement a target action i with parameters (α, B, p) we need,
for each deviation i′ ≠ i with
ai > ai′,
$$
p \;\ge\; \frac{(c_i-c_{i'})-\alpha(R_i-R_{i'})}{B\,(a_i-a_{i'})},
$$
and feasibility also requires (ci − ci′) ≤ α(Ri − Ri′)
for any deviation with ai ≤ ai′
(since the audit cannot help against such deviations). Under L-separation for i* and the transparent
choice α = 0, the worst-case
denominator satisfies ai* − ai′ ≥ ai*(1 − 1/L),
so it is sufficient to audit at rate
$$
p_{\min}\;\equiv\;\frac{1}{B\,a_{i^*}(1-1/L)}\;\max_{i'\neq
i^*}(c_{i^*}-c_{i'})_+
\;\le\;\frac{c_{i^*}}{B\,a_{i^*}(1-1/L)}.
$$
At p = pmin and
b = B, the same
expected-payment bound as in Theorem 6.1 continues to hold (we are
simply implementing the required product pb at the cap), but the
principal now necessarily incurs audit cost κpmin. In short:
with bounded transfers, the constant-factor incentive leverage of an
L-separating audit remains,
but it must be “paid for” with a strictly positive audit frequency.
Taken together, these results formalize a simple tradeoff that will reappear in our lower bounds: informativeness of audits (captured by L) controls the payment distortion, while feasibility of large contingent transfers controls the audit-rate distortion. The next section shows that some form of such additional action-correlated signal is not merely helpful but, in a precise worst-case sense, necessary for overcoming the known Ω(n) revenue losses of outcome-only contracts.
The baseline difficulty is familiar from the recent algorithmic-contracting literature: even with full information and limited liability, restricting the principal to an outcome-only simple family (linear shares, or more generally monotone/“interpretable” payment schedules) can force large revenue losses relative to the optimal outcome-only contract. Intuitively, the optimal outcome-only contract may need to “bet” on a diagnostically informative event—even if that event is not the highest-reward outcome—whereas linear/monotone contracts are compelled to pay at least as much in states that are (i) higher-reward and (ii) much more frequent under all actions, generating large informational rents.
We formalize this via a pair of lower-bound statements that we view as complementary to Theorem 6.1. The first is purely a no-audit impossibility for simple outcome-only contracts; the second shows that a binary L-separating audit can break the hard instance and restore a constant-factor guarantee, with an explicit dependence on L.
For every n, there exist
instances with n actions and
m = Θ(n)
outcomes such that:
1. The optimal limited-liability outcome-only contract (no audits)
achieves OPT = Θ(1) principal
utility by inducing a particular action i* with Wi* = Θ(1).
2. Every contract tj = αrj
(and, in variants of the construction, every outcome-only contract)
achieves principal utility at most O(OPT/n).
The construction can be understood as a “staircase” of actions and outcomes (adapted from the Θ(n) separations in, e.g., Dütting et al. 2019, 2021b): there is a single target action i* whose extra social value comes from shifting probability mass toward a set of outcomes that are only slightly below the top outcome in reward, while many alternative (cheaper) actions place substantial probability on the top outcome itself. The only way to make the agent strictly prefer i* is therefore to pay disproportionately on the diagnostic outcomes. An unrestricted outcome-only contract can do this (it may be highly nonlinear and even non-monotone), concentrating transfers on those diagnostic states and keeping expected payments close to ci*.
By contrast, linear and monotone contracts are forced to “drag along” the frequent high-reward states. To see the core arithmetic in its simplest form, it is useful to keep in mind the following stylized incentive pattern. Suppose the IC binding deviation differs from i* primarily in the probability of some event E that is (say Pr [E ∣ i*] = Θ(1/n)) but essentially absent under the deviation. If E is the only event that separates i*, then achieving an expected incentive of order ci* requires a contingent payment of size Θ(n ci*) upon E. An unrestricted outcome-only contract can implement this by paying only on E, yielding expected payment Θ(ci*).
However, if the payment schedule must be monotone in rewards, and E is not the top-reward outcome, then any payment of size Θ(n ci*) on E forces payments of at least that magnitude on all (more rewarding) outcomes. If those higher-reward outcomes occur with constant probability under many actions, the induced expected payment explodes to Θ(n ci*), wiping out essentially all surplus and leading the principal to prefer inducing some much cheaper (and much lower-welfare) action. This is exactly the “informative-but-low” versus “unimpressive-but-frequent” tension: the contract language (linear/monotone) does not let the principal single out the informative event without also paying on the frequent event.
We emphasize a conceptual point about this lower bound. It is not claiming that is powerless—OPT is achieved by an outcome-only contract. Rather, it says that if we further restrict the principal to very simple outcome-only forms (as one often does in practice for transparency, legal, or operational reasons), then there are worst-case instances where the resulting loss is linear in the number of actions.
Take any such hard instance from Proposition 7.1 with target action
i* achieving OPT = Θ(1) and Wi* = Θ(1).
Now augment the model with a binary audit signal s ∈ {0, 1} such that ai* > 0
and
$$
a_i \;\le\; \frac{a_{i^*}}{L}
\qquad\text{for all } i\neq i^*,
$$
for some constant L > 1.
Then there exists an audit-augmented contract in our simple class tj, s = αrj + bs
(indeed, α = 0 suffices) that
induces i* and
achieves
$$
U_P \;\ge\; R_{i^*}-\frac{L}{L-1}c_{i^*}-\kappa p
\;\ge\; (1-1/L)\,W_{i^*}-\kappa p
\;\ge\; (1-1/L)\,\mathrm{OPT}-\kappa p.
$$
Thus, for constant L and
vanishing audit rate (when bonuses are unbounded), the principal
recovers a constant fraction of the best no-audit outcome-only
benchmark, even though outcome-only linear/monotone contracts were Θ(n)-suboptimal on the same
instance.
Economically, the audit channel creates exactly the “diagnostic event” that simple outcome-only contracts lacked the freedom to single out. Instead of trying to contort outcome payments so that the agent is rewarded mainly in informative-but-low outcome states (which monotonicity/linearity prevents), the principal can place incentive weight on s = 1, an event whose likelihood ratio is controlled uniformly by L. The separation parameter L plays the same role that a strong statistical test plays in enforcement: it bounds the maximal advantage that any alternative action can obtain in the rewarded event.
The restoration above is not magic; it is quantitatively pinned down by
L. If L is large, then (L/(L − 1))ci* ≈ ci*
and we are close to first-best reimbursement. If L is only slightly above 1, then the factor L/(L − 1) is large, and the
audit bonus must generate substantial expected rents to deter
deviations. In particular, if we imagine a sequence of instances where
L = 1 + δn
with δn → 0, then the
best guarantee one can hope for from this binary-audit leverage degrades
like
$$
1-\frac{1}{L} \;=\; \frac{L-1}{L} \;\approx\; \delta_n.
$$
This clarifies the sense in which an “action-correlated” signal must be
meaningfully informative to overcome Ω(n) worst-case losses of
simple outcome-only contracting: constant-factor recovery requires L bounded away from 1 by a constant. Put differently, audits that
only weakly correlate with effort cannot substitute for the expressive
power of complex outcome-only transfers.
In applications, the lower bound highlights why purely performance-based
pay that is constrained to be simple, proportional, or monotone can be
fragile in environments with many hidden actions: the principal may need
to reward “compliance evidence” (or other action-correlated indicators)
rather than only the most valuable observable outcome. Our audit signal
is a stylized representation of such evidence. At the same time, the
construction also makes clear what we are claiming: if the principal is
allowed to write arbitrary outcome-only contracts, then audits are not
inherently necessary for attaining OPT;
the necessity is driven by the practical restriction to simple,
interpretable outcome-only schemes.
A common operational constraint is that auditing resources are allocated
conditional on observable performance: high-variance, suspicious, or
high-stakes outcomes trigger more scrutiny. Formally, after observing
outcome j, the principal
audits with probability p(j) ∈ [0, 1] rather than
with a constant rate p.
Retaining the same audit signal technology Pr [s = 1 ∣ i] = ai
(independent of j conditional
on i), expected transfers
under action i become
Ti(α, b, p(⋅)) = αRi + b ai∑jqijp(j) = αRi + b ai p̄i,
where p̄i := 𝔼j ∼ qi[p(j)]
is the induced by action i.
Expected audit cost is similarly κ p̄i.
The key difference from constant-p auditing is that p̄i is now
action-dependent via qi. Thus, even
if the itself is conditionally independent of outcomes, the can create
additional leverage because different actions lead to different audit
frequencies.
Two observations are useful. First, all incentive constraints for a
target i* take the
same form as before after the replacement p ⤳ p̄i:
αRi* + bai*p̄i* − ci* ≥ αRi′ + bai′p̄i′ − ci′ ∀i′ ≠ i*.
Second, outcome-dependent auditing can be than constant p because it allows the principal to
concentrate audits on outcomes that are (i) relatively likely under
i* and (ii)
relatively unlikely under tempting deviations, thereby increasing p̄i* − p̄i′
even when ai* − ai′
is modest. In practice, this is the familiar idea of “risk-based
auditing”: one does not need to audit everyone uniformly if observable
outputs indicate where auditing is most informative or most
deterrent.
The limitation is equally clear. If the hard instances are such that the outcome distributions qi are nearly indistinguishable across actions (the canonical reason outcome-only simple contracts fail), then p̄i is nearly constant across i for any fixed rule p(⋅), and outcome-triggered auditing does not generate much additional separation. In that case, the value of auditing continues to come primarily from ai being action-correlated rather than from p(j) being outcome-correlated.
Binary pass/fail is a simplification. Many compliance systems output
multi-level evidence (e.g., severity scores, checklists, or graded
certifications). Let s ∈ [S] := {1, …, S}
be an audit signal drawn according to Pr [s = k ∣ i] = ai, k
with ∑kai, k = 1.
Consider the natural generalization
tj, s = αrj + bs, bs ≥ 0,
(with an overall audit rate p,
so expected audit-dependent payment is p∑kbkai, k).
The expected payment and agent utility are
$$
T_i \;=\; \alpha R_i + p\sum_{k=1}^S b_k a_{i,k},
\qquad
U_A(i) \;=\; \alpha R_i + p\sum_{k=1}^S b_k a_{i,k} - c_i.
$$
For a fixed target action i*, choosing the vector
b ∈ ℝ+S
to minimize Ti*
subject to IC is a linear program. A robust and economically
interpretable implication of this LP structure is that . In particular,
when one deviation i′ is binding (or
approximately binding), the cost-effective way to relax its IC
constraint is to put weight on signal realizations k that maximize the ai*, k/ai′, k,
i.e., states in which i* is disproportionately
likely relative to the deviation. Paying on such a “most separating”
audit outcome produces the largest incentive per unit of expected
payment under i*.
This is the multi-signal analogue of why, in the binary case, paying only on s = 1 is without loss within our simple family. Conceptually, multi-level audits enlarge the designer’s menu of diagnostic events; but the mechanism still resembles a : identify one (or a few) audit realizations that best distinguish i* from its closest competitors and concentrate bonuses there. This also connects to practice: certification regimes often reduce rich evidence to a single rewarded credential (“pass the audit”) precisely because such discretization is easy to administer and legally defensible, while still capturing much of the statistical separation.
The preceding analysis targets exact Stackelberg implementation: the
agent must strictly prefer i*. In many environments,
approximate incentives suffice—because behavior is noisy, because the
principal is content with near-target performance, or because the model
primitives are only estimated. A standard relaxation is ε-IC:
UA(i*) ≥ UA(i′) − ε ∀i′ ≠ i*,
for some tolerance ε ≥ 0. In
our binary-audit class (for simplicity, keeping p constant and s ∈ {0, 1}), this changes the lower
bound on the required bonus to
$$
b(\alpha,\varepsilon)
\;=\;
\max_{i'\neq i^*:\ a_{i^*}>a_{i'}}
\frac{(c_{i^*}-c_{i'})-\alpha(R_{i^*}-R_{i'})-\varepsilon}{p\,(a_{i^*}-a_{i'})},
$$
with the same feasibility caveat as before if some deviation has ai* ≤ ai′
and a strictly positive residual incentive gap. Two robustness lessons
follow immediately. First, when we only need ε-IC, expected payments fall with
ε until the relevant incentive
constraints cease to bind. Second, the dependence on p(ai* − ai′)
makes precise a practical tradeoff: with weaker audit separation,
approximate IC can be much cheaper than exact IC, but only up to the
point where the audit signal no longer supplies enough incremental
expected incentive.
This relaxation also serves as a partial hedge against misspecification. If the principal chooses (α, b) using conservative estimates âi and the true ai differ moderately, one often obtains a guarantee of the form “i* is ε-IC,” where ε is proportional to the estimation error times pb. Thus, approximate implementation is not merely a behavioral assumption; it is a natural robustness target when audit statistics are learned from data.
Finally, we briefly discuss dynamics. In procurement and compliance
settings, principals do not know audit pass rates ai with
certainty ex ante; they infer them from experience, third-party reports,
and changing organizational environments. Suppose the principal
repeatedly contracts with the agent over periods t = 1, 2, …, and each period an
audit (if executed) yields a realization of s. If the principal believes she is
currently inducing action i*, then audit outcomes
provide samples from a Bernoulli distribution with mean ai*,
allowing estimation of ai*
at a rate $\tilde O(1/\sqrt{T})$ after
T audited periods. This
matters because our revenue bound depends on separation only through
L (and on ai* > 0
for feasibility): once the principal has a conservative lower confidence
bound on ai*
and an upper bound on competing ai’s (from
institutional knowledge or worst-case modeling), she can choose b to satisfy IC with high
probability.
There are two conceptual wrinkles. The first is : because actions are hidden, the principal cannot directly sample ai′ for deviations i′. In practice, this is where domain knowledge enters: one typically has defensible upper bounds on how well a low-effort policy can perform on the audit (captured by L-separation), even if one cannot estimate each ai′ precisely. The second wrinkle is . Our vanishing-audit-rate corollary relies on commitment to a large b coupled with a small p. In repeated relationships, a principal who cannot commit may be tempted ex post to reduce b after observing good performance, undermining incentives. This points to an institutional complementarity: to fully exploit low-frequency audits with high-powered contingent bonuses, one needs contracting or governance structures that make the promised bonus credible (or that replace it with reputational or legal enforcement).
Taken together, these extensions suggest a general message: the specific binary-p model is not fragile. What matters is the presence of an event—generated by auditing policy, audit evidence, or their interaction with outcomes—whose relative likelihood is uniformly higher under the desired action than under the relevant deviations. The richer the audit system, the more degrees of freedom the principal has to manufacture such events; but the same likelihood-ratio logic continues to govern how much incentive can be purchased per dollar of expected payment.
The central design implication of our analysis is that . Without action-correlated signals, one is often forced into a hard choice: either keep contracts simple and accept significant inefficiency (or low principal utility), or move toward complicated, high-dimensional outcome-contingent schemes that are expensive to specify, fragile to misspecification, and hard to administer. When an audit channel provides even a coarse diagnostic event that is relatively more likely under the desired action than under deviations, a principal can recover much of the lost ground while preserving a simple payment structure. In our notation, the economic object is the likelihood-ratio separation embodied in L: paying on an event whose probability under i* is larger by a factor of at least L than under any competing action allows the principal to “buy incentive” at a bounded markup over real effort cost. The mechanism is not magic; it is the same identification logic that underlies statistical testing. What changes is that we no longer require outcomes j themselves to carry the full informational burden.
In practice, “auditability” in AI systems can mean several concrete capabilities: immutable logging of model inputs/outputs and human overrides; reproducible training pipelines; secure access to evaluation harnesses; provenance for data and model artifacts; and standardized red-team protocols whose results are hard to game. Each of these can be read as an attempt to increase an effective separation parameter: raise ai* (the probability that a good-faith, high-effort supplier passes an audit) while lowering ai for low-effort alternatives, or at least bounding ai from above. From a procurement perspective, this suggests a complementarity between technical governance and contract design: rather than asking the contract alone to induce safety investments, we can invest in that makes safety investments legible. Once the diagnostic event is available, the payment rule can remain administratively lightweight—e.g., a baseline fee plus a contingent bonus for passing a third-party evaluation, obtaining a certification, or meeting a compliance attestation.
A second implication concerns the role of audit frequency versus audit severity. In environments where very large contingent transfers are feasible, our framework predicts that the principal may want audits paired with contingent bonuses, because incentives depend on the product pb whereas audit cost scales with p. This resonates with compliance practice: occasional deep inspections (expensive but strong) can deter shirking even if they occur infrequently. However, AI procurement often operates under de facto caps on contingent payments: public procurement rules, budget constraints, internal compensation policies, reputational limits on “bonuses,” and legal restrictions on penalty-like clauses under limited liability. In that bounded regime, we should expect a nontrivial to emerge. This is a useful warning for policy: mandating audits in name only, while making meaningful consequences infeasible, can fail to change incentives. Conversely, if one cannot or will not increase the contingent component, then increasing audit frequency (or lowering audit cost) becomes the margin on which governance can bite.
Third, the model clarifies why many real-world schemes gravitate toward “single-event” compliance triggers. AI regulation and internal governance frequently operationalize rich evidence into a small number of binary states: certified/not certified, approved/not approved, passed/failed a red-team, allowed/blocked for deployment. This is often criticized as overly coarse. Our results suggest a more constructive reading: when the goal is to induce costly hidden actions under limited liability and simple contracting constraints, concentrating incentives on the most diagnostic event can be close to optimal. The normative question then becomes: are we choosing diagnostic events that truly separate good practice from bad practice, or are we choosing events that are merely easy to administer? This is a design problem about the audit technology itself—about what the audit measures, who runs it, and how resistant it is to strategic gaming.
At the same time, we should be explicit about what our conclusions do say. Auditability is not a free lunch. If audits are weakly related to the latent actions of interest—formally, if ai is similar across actions, so L is close to 1—then adding an audit channel does not rescue simple contracts. This provides a precise way to interpret concerns about “checkbox compliance” in AI: if low-effort behavior can reliably pass the audit (high ai for undesirable i), then the audit event is not diagnostic, and rewarding it will at best waste money and at worst induce performative behavior optimized for the audit rather than for true welfare. In procurement language, the buyer should treat audit design as part of the product specification. A requirement like “provide audit logs” is valuable only insofar as it changes what can be credibly verified and therefore changes the incentive constraint set.
These considerations also interact with an increasingly salient constraint in AI governance: privacy. Many of the strongest audits—access to raw data, granular logs, or model internals—create privacy and security risks for users, organizations, and intellectual property holders. Privacy constraints can be modeled as restricting the feasible audit signal, effectively lowering the attainable separation L or imposing a cap B on how sharp the contingent consequence can be. This suggests a concrete policy tradeoff: privacy-preserving auditing (secure enclaves, cryptographic attestations, differential privacy) can be valuable not only ethically but economically, because it expands the feasible set of audits that can be run at all. The open technical question is how much separation can be achieved under realistic privacy budgets, and how contracts should optimally trade off privacy cost against incentive benefits.
Several open questions arise once we move beyond the single-agent, independent-signal benchmark. The first is . Large AI systems are produced through supply chains: a model developer, a data vendor, a deployment integrator, and a monitoring provider. Audits often observe joint behavior (e.g., an incident response exercise implicates both development and operations). Incentives then hinge on attributability: can an audit signal be decomposed into components informative about each agent’s action, or is it a public signal that induces free-riding? Extending the model to multiple agents with shared audit outcomes would connect directly to classic moral hazard in teams, but with the added twist that the principal may be able to choose which diagnostic events to generate and how to allocate bonuses across parties.
Second, deserve special attention. In many deployments, the probability of an audit or the content of an audit report is naturally correlated with outcomes (incidents trigger investigations; complaints trigger reviews). Correlation can be helpful—creating additional separation through targeted scrutiny—but it also creates new strategic considerations: agents may devote effort to managing observables that drive audit selection rather than to improving underlying performance, or may attempt to suppress signals that trigger audits. A clean theory of optimal audit selection when the audit process itself is endogenous—and possibly manipulable—would be particularly relevant for AI incident reporting regimes.
Third, . Our audit channel implicitly treats ai as technologically given. In reality, audits are performed by humans and organizations with their own incentives, budgets, and biases, and auditors may be subject to capture. Modeling the auditor as an additional strategic agent (or allowing the primary agent to influence audit accuracy) would change the implementability picture: the principal may need to incentivize the auditor, randomize audit assignment, or design transparency rules that raise the cost of manipulation. In AI, where evaluation procedures can be gamed (Goodhart’s law), this issue is not peripheral; it is central to whether auditability is real or illusory.
Finally, there is a broader methodological point. The model’s value, in our view, is not that real AI procurement can be reduced to a binary signal s ∈ {0, 1}, but that it isolates a robust comparative-static: improving the diagnostic power of verifiable events relaxes the tension between contract simplicity and incentive strength. This reframes a practical agenda. Instead of treating “better contracts” and “better audits” as substitutes, we should treat them as complements: contract design determines how incentives load on diagnostic events, while audit and evaluation design determine which diagnostic events exist. The most important investment may therefore be institutional: building credible, privacy-respecting, hard-to-game audit ecosystems that make desirable development and deployment practices verifiable enough to be worth rewarding.