Accounts Payable (AP) is a critical part of the financial operation of all companies and, as such, it can be subject to fraud without careful reconciliation and oversight. Strong accounts payable audit procedures can also ensure the accuracy and timeliness of your bill payments, with the best of these procedures allowing a mixture of daily checks, routine internal controls and external audit procedures.

We’ve put together a handy checklist of the key AP controls, which we’ve summarised into four main categories. We hope your AP team will find it helpful to see which areas are already covered and if there are any areas that need improving. Of course, this is a general list and every business is different, so we can’t hope to cover every aspect of each company’s AP audit. However, we hope you’ll find it useful as a top-level checklist.

Types of internal controls

There are four key areas of internal control:

• Prevention
• Detection
• Direction
• Monitoring

We look at each of these in turn, making brief suggestions for the key controls in each. Naturally the first area – Prevention – contains the most detail, with the intention of stopping mistakes and fraud before they happen.

1. Prevention

The following controls, put in place and used automatically, will help prevent the misuse of a company’s working capital and fraud.

Approvals
Before payment is made, a supplier invoice should be checked and approved by the person who placed the original order to ensure it shows: the correct goods; the correct quantity; and the correct price (including any agreed discounts). This can be tracked by the use of purchase order numbers given to the supplier before an invoice is sent.

Authorisation
Cheques and electronic payments should be correctly authorised. An up-to-date ‘authorisation sign off sheet’ should be kept on the company’s intranet identifying the value range and the people who can sign off. For example:

• All purchases up to a value of £1,000 require authorisation by a financial controller
• All purchases over and above £1,000 require authorisation by a controller and director

Verification
It’s important to obtain verification for anything that is a cost to the business. For example, ownership of assets is verified by documentation such as a contract, lease agreement or purchase invoice. Similarly sales commission is verified by supporting documentation such as a purchase order or signed contract.

Segregation of duties
The following are examples of sensible precautions to take with regard to segregating duties:

• The person recording bank transactions should not perform the bank reconciliation
• The director authorising capital expenditure should not update the fixed assets register
• A salesman should not be able to change standing data files for prices or commission rates

Safeguarding assets (physical controls)
These are the most important types of physical controls that should be put in place to safeguard a company’s assets:

• Cash and cheques are locked in the safe
• All fixed assets are security-tagged
• There is restricted staff access to the computer file server room
• Periodic stock counts are carried out

Processing controls
The main invoice processing controls are as follows:

• Batch totals (completeness, accuracy)
• Unique reference numbers, invoice numbers (completeness, accuracy)
• Numerical sequence checks
• Exception reports

Computer Controls
These are the most common computer controls:

• Location of server
• User passwords on all machines
• Restricted program access
• System software maintenance – restricted access, access logs
• All machines set to time-out when not used after a certain period of time

2. Detection

Used properly the above controls should stop most misuse occurring. However, even with the best processes in the world, mistakes and fraud will still sometimes happen. The controls listed below should be put in place to detect events after they occur. This would include fraudulent activity, duplicate payments and general errors.

• Bank reconciliations
• Supplier statement reconciliations
• Weekly accounts payable audit
• Key metric analysis
• Inter-company/group balance reconciliations
• Fixed assets register to accounting system
• Review of operating performance
• Management accounts – budget to actual
• Analytical review
• Ratio analysis

3. Direction

Direction is key to the establishment and maintenance of internal controls. It is the responsibility of management not only to set the tone for how everyone in the business is expected to behave but also to put in place stringent policies and procedures that encourage desirable behaviour (contract terms, incentives) and ensure against fraud and bad work practices. These include:

• Policies and procedures manuals
• Recruitment controls – background checks, references, evidence of qualifications
• Quarterly visits to all locations/sites
  

4. Monitoring controls

There is no mystique about using a computer to help with auditing, and most systems allow data to be manipulated in various ways and extracted into an ad-hoc report.  For instance, a complete list of debtor balances could be filtered so that only a list of those over their credit limits was printed out.

Even if the reporting capabilities of a particular system are limited, the data can usually be exported directly into a spreadsheet package and then analysed.  Using the search facility is much quicker than searching through print-outs by hand.  This offsets the so-called ‘loss of audit trail’ to a significant extent.

There are a few specialist accounts payable audit packages specifically designed either to ease the auditing task itself or to carry out audit interrogations of AP data automatically.

Accounts Payable Audit software needs to:

• Be designed first and foremost for AP professionals
• Segment the results in an order of priority
• Exclude non-relevant AP transactions
• Help identify areas for improvement through extensive reporting
• Identify trends, pinpoint exceptions and potential areas of concern
• Locate errors and potential fraud by comparing and analysing files according to end-user criteria
• Identify control issues and ensure compliance with standards
• Age and analyse accounts payables or any other time-sensitive transactions
• Recover expenses or lost revenues by testing for duplicate payments, gaps in invoice numbers or unbilled services
• Test for unauthorised employee/supplier relationships
• Concentrate on how to improve the systems, processes and people involved in Accounts Payable
  

FISCAL AP Forensics® suite is designed for purchase ledger professionals to use daily and weekly to help create best-in-class performance based Accounts Payable teams. It is easy to use and quick to use and delivers an immediate ROI.