If you are managing an accounts payable department, you have some big risks to think about. There is the risk of fraud, the risk of duplicate or inaccurate payments and the risk of financial harm to the business from penalties or late fees/interest. According to AFP’s annual survey, 81% of companies were targets of Fraud in 2019. Needless to say, these are some pretty big risks for the business. When accountants talk about risks, we also need to talk about mitigating controls. Here are some key controls that will help ensure your accounts payable department remains successful:
Segregation of Duties
In basic terms, you want to eliminate the ability for one person to have total control of the AP and payment process. This may be hard to do (or impossible) for some small and micro businesses, but if you have the resources, proper segregation of duties can go a long way. Think about your process – does one person have the ability to add a vendor, enter a bill and send out the payment? If so, try to insert other people into the process such that an accounting manager is adding new vendors, business managers are approving the bills and another person is releasing the funds.
Background checks for accounting team members
Although background checks for accountants very rarely bring up any serious concerns, not putting this in place can cost your team dearly. Anyone that has access to the accounting or payment systems should have a background check performed upon joining the company. Look for red or yellow flags in the report that might indicate issues, and focus on things that are relevant to their potential role.
Note: you need to get the employee’s permission to perform a background check, so the best practice is to make the person’s offer letter contingent on satisfactory completion of a background check. If you don’t do it at the time of employment, you lose your leverage in getting their permission later when they are already employed.
Having a system of record
One of the main things that could slow an accounts payable process down and potentially cause late fees and penalties or eliminating the ability to take early-pay discounts is not having a strong accounts payable system. I’m not just talking about accounts payable automation systems like AP genie, but also more broadly about your system (or process) for handling this strategic business function. For example, do you only pay on invoices and not statements from vendors? How do you make sure invoices are being tracked and not just sitting on someone’s desk? Not having a strong system (i.e. having a manual, haphazard process) can be extremely detrimental to your company in many ways.
Manual approvals (signatures on paper) can be forged easily. If you have worked with your boss for more than a few months, you probably know how she/he signs their name. Try to replicate it right now – can you do it? Probably looks pretty good, right? That’s how easy it can be for someone to fool an accounts payable rep into thinking something was reviewed. Having a system in place, like AP genie, to securely manage the approval process will act as a strong mitigating control against improper approvals.
What’s a better control than having one person approve something? You guessed it: two! I just started singing “Happy Together” by the Turtles. Ok, back to business. A strong control is to implement dual approvals for invoices over a certain threshold. Using a system’s logic and controls makes this very easy to implement.
Role rotation and mandatory vacations
This is another control that is easier for larger companies to put in place. But here’s the deal: if someone in an important payables role does not take vacations or let others get involved in the process, it could mean that they are trying to protect something from being uncovered. The best mitigating control is to have people rotate in and out of roles from time to time and require vacations where someone else is covering.
Vendor onboarding approval
Putting this control in place will help protect you from fictitious vendors being entered into your system and getting paid. A classic example of this is when Google and Facebook paid out $23 million and $100 million, respectively, to a Lithuanian man who posed as a fake vendor. Yes, those amounts are correct. Having a strong approval process for new vendors will help mitigate this risk. At a minimum, run a report each month of your new vendors and have someone independent of the person requesting the vendor confirm that the vendor is legitimate.
This isn’t a fraud risk, but bottlenecks in the AP process can cost you money with late fees or penalties. Dive head first into your process – do you have bottlenecks in your system? Can an accounts payable automation system like AP genie help you overcome those bottlenecks? Driving out waste in the process and making your team more efficient can go a long way to make your team more successful.
You may not always catch fraud in the act, but you can look for it in other ways like using statistics. One I would point to is called Benford’s Law. It basically says that the digit used as the first digit in a number are not evenly distributed. The number “1” appears as the first digit in a number about 30% of the time – much more than any other number. And 9 appers as the first digit the least – only about 5% of the time. So if you look at your payments history, and the number distribution of the first number in the string seems out of place, you may need to look further to see if anything is in fact out of place.
Checks are the payment type most actively targeted for fraud. There are many types of check fraud: forgery, theft, and counterfeiting are only a couple. Distributing payments with checks is less secure than paying vendors electronically. Also, checks take more time to process and take more time to deliver, which could cost your company money in the form of late fees or lost opportunities. Convert your payments to electronic today to mitigate the risk of check fraud and lost checks.
Dual factor authentication
Any payment or banking system you use should have multi-factor authentication (MFA) capabilities. MFA requires the user to confirm their identity during the login process by using a separate code (via text, fob, authentication app, etc) in addition to the username and password. This significantly strengthens the login process against hacking or other forms of improper account access.
I love review controls. Partially because they can solve a lot of problems. If its impossible or impractical to put all these controls in place, review controls can be your fall back or safety net. Putting in place strong review controls can mitigate the risk that material misstatements or irregularities in your payables process occur. These could include budget to actual variances, year-over-year (or period-over-period variance analysis), trial balance reviews, vendor reviews, etc, ideally with multiple people seeing each report.
Ensure Success for your team
To ensure your team is successful in mitigating the many risks associated with accounts payable, take advantage of the built-in robust controls provided by AP genie. Take your team to the next level!