Accounts Payable Risk Assessment

The Accounts Payable (AP) process could be a significant source of risk, due to undetected errors, process inefficiencies, and fraud. Some major problems faced by the accounts payable teams include matching errors in purchase invoices, unauthorised purchases, duplicate payments, missing invoices, etc. 

This article explains the importance of undertaking an accounts payable risk assessment, the common risks involved, and the steps to conduct an accounts payable risk assessment to improve the overall efficiency of the accounts payable process.

Meaning of accounts payable risk assessment

An accounts payable risk assessment involves the reviewing of the accounts payable process and internal payment controls to identify any shortcomings in the overall AP process, minimise inaccuracies related to booking an incoming invoice and reduce the risk of fraud.

Common accounts payable risks

The objective of an accounts payable risk assessment is to identify risks that could harm the effectiveness of an organisation’s AP processes. As such, it is crucial to understand the risks to focus on. These risks include:

Payment Risks

Errors in the vendor master could have a multiplying effect down the line. Costs associated with issues like missed or late payments to suppliers, payments sent to a wrong entity or wrong addresses, penalties incurred, discount opportunities lost, and the ensuing tax implications can become costly for a business as well as damage vendor relationships.

Fraud

Fraud is the first thing that comes to mind when considering risks associated with accounts payable. External fraud that exploits the accounts payable process can be packaged in various ways.

· External fraud – The most common type is when an employee with authority to control payment works with the external vendor to arrange illicit payments to such a vendor. This could be done via duplicate payments or entirely fabricated payments.

Also, these cases involve instances where fraudsters notify a business that its vendor payment details have changed and provide alternative details to defraud the business. Also, external fraud involves cases where bogus invoices are flushed into the company’s system with the intent to mint money from the company.

· Internal fraud – The risk of fraud done by internal employees is of significant concern for an organisation’s AP team. Without proper controls, there would always be the risk of staff accessing AP systems to steal money from the organisation. This could involve employees changing the existing vendor’s banking information or payments to fictitious vendors.

Conflict of interest

Conflict of interest is also a major risk associated with accounts payable and could occur when there are loose controls or limited supervision over the procurement and payment process. One of the essential requirements for all these areas is a good division of labour which ensures a healthy set of checks and balances over personnel ordering the goods or services, the one receiving them, and the one who ultimately pays for them.

Error-prone processes

The other concern is the risk caused by unreliable, inaccurate, and inefficient AP processes. For instance, manual processes could result in human error, implying that suppliers are overpaid or underpaid. Another issue with manual processes is late payments and the high time taken to process a purchase invoice, which could adversely impact the organisation’s goodwill and relationships with key vendors.

Steps to conduct accounts payable risk assessment

When performing an AP risk assessment, it’s crucial to note that organisations will approach this exercise differently. In each case, the aim should be to identify the potential risks associated with the existing processes:

1. Receiving the invoice

Consider how the accounts payable department receives the supplier invoices, i.e., Are they received through the post, email or uploaded to a platform? Paper-based invoices involve numerous risks, such as they could go missing and be subject to delays or they could even be intercepted.

It would help if you looked for ways to mitigate such risks by digitising the invoicing process. For instance, organisations can provide their supplier with a self-service invoicing solution or a system-to-system integrated invoicing.

2. Capturing invoice data

Organisations also need to consider how data from vendor invoices are captured and communicated within their organisation, as manual data can cause a risk of human error for the company. If organisations automate this facet of the accounts payable process, with OCR data capture for instance, it could minimise the overall risk of invoice data being captured incorrectly and improve AP processes’ efficiency.

3. Access to accounts payable

When it comes to reducing the risk of fraudulent payments, it’s imperative for organisations to ensure that they have proper controls in place. The accounts payable risk assessment must periodically review the access of employees to the accounts payable platform and employees who can authorise purchases.

To improve controls and mitigate the risks, the organisations should ensure that access to the relevant systems must be provided only to authorised AP personnel and the procurement team.

4. Accounts payable visibility and transparency

Every AP risk assessment should consider how much transparency and visibility the organisation has over its accounts payable process. If the transparency and visibility over its accounts payable process are limited, there could be a risk of missed or duplicate payments.

Organisations could adopt a single, centralised platform for their accounts payable process. It will also provide AP automation features for improving visibility and transparency in their AP process, thereby reducing the risks.