Accounts payable (A/P) is one of the more vulnerable areas to fraud in almost any organization. All cash leaving an organization flows through A/P, so it is important to ensure that payments are properly approved, are made to legitimate suppliers and are for the correct amount.
The key to reducing the risk of A/P fraud is to implement strong internal controls and to ensure adherence to business rules. Below are 10 keys to reducing your organization’s susceptibility to both fraud and error:
- Automate as much of the A/P process as possible to reduce risk of errors and fraud. Automation enforces adherence to business rules, reducing the opportunities to commit fraud. Manual processes however often rely on post-payment review to detect deviations from business rules, and therefore detect errors and fraud only after the fact.
- Pay vendors using EFT(electronic funds transfer), electronic banking, or by using a 3rd party electronic payment service, rather than by paper cheques. Paper cheques are highly susceptible to fraud and should be avoided as a method of payment whenever possible.
- Reconcile bank accounts to the General Ledger on a weekly or daily basis to identify unauthorized withdrawals and potential cheque fraud. Discrepancies should be investigated and reported to management immediately.
- Control changes to the vendor database. Permit changes to be made only by authorized individuals, and only upon receiving appropriate management approval. Vendor database activity should be reviewed by management on a regular basis. Any vendors that are no longer used, and any duplicate entries, should be removed.
- All vendor payments should be processed using the A/P system. Do not allow manually generated payments that bypass the A/P system and circumvent established controls.
- Invoices should be approved by the responsible manager before payment. The person approving invoices should not be able to add a new vendor to the vendor database, or be able to generate cheques.
- Payment transactions must be approved by authorized signing authorities before being released. Signing authorities should be documented.
- System controls should detect duplicate invoices, preventing the same invoice from being paid twice.
- Use debit/credit cards whenever possible, to reduce the volume of transactions flowing through A/P. Ensure there are proper controls in place governing card usage.
- Document the A/P processes so that if regular staff are away someone else can easily take over.
The above is not an exhaustive list of A/P internal controls; the most appropriate internal controls will vary depending on the size and nature of the organization. Although errors and fraud cannot be eliminated, the risk of error and fraudulent disbursements should be significantly reduced by implementing these measures.
If you would like assistance in optimizing your accounts payable processes, reducing business risk and strengthening your organization, please contact me at 613-727-1230 ext 212 or email@example.com.
Richard MacNeill, FCPA, FCMA, CMC, Dipl. T. is a partner at OTUS Group, a team of advisors to business, government and not-for-profit organizations.