• US English
  • UK English
US: +1 (800) 737-5605 Call

How to Carry Out an Accounts Payable Risk Assessment

Accounts Payable Risk Assessment

In a healthy business, the accounts payable (AP) department works hand in hand with procurement to develop the strongest possible value and return on investment (ROI) for every dollar spent within the supply chain. Often, however, businesses struggle with an accounts payable function that is also a significant source of risk created through process inefficiencies, undetected errors, and fraud.

Eliminating these inefficiencies and working toward a healthy, productive, and accurate accounts payable system requires vigilance, dedication, and the right tool set. Performing an accounts payable risk assessment can help you identify and take measures to mitigate the risks faced by your company within the accounts payable department.

What is an Accounts Payable Risk Assessment?

While it is sometimes confused with the term accounts payable audit, an accounts payable risk assessment is actually a tool used to help produce an accurate and effective audit.

An accounts payable audit has two primary goals:

  • Data verification which is the examination of financial records for both completeness and accuracy.
  • Risk assessment, wherein a company’s accounts payable function is analyzed for both ineffective or incomplete internal controls and material misstatement—incorrect financial data that creates risk during planning, decision-making, and auditing. The assessment process also provides suggested improvements to reduce or eliminate these risks.

These goals have significant overlap. However, the former is focused simply on verifying existing information, while the latter is focused on thorough review and optimization of the payable process and control environment to reduce inaccuracies, control weaknesses, and risk created by fraud.

“As with most modern business processes, performing accounts payable risk assessment with manual processes can ironically create additional risk and waste due to the time and labor commitments required and the increased potential for costly errors.”

Performing an Accounts Payable Risk Assessment

Risk management begins with knowing where and how risk exposure is created. The crucial second step is creating and implementing solutions that address these risks, ensuring accuracy and completeness for current auditing purposes and process improvement for easier, more accurate reporting and auditing of future financial statements.

You can achieve these goals by following a straightforward series of steps.

1. Improve Your Risk Assessment Tool Set with Artificial Intelligence

As with most modern business processes, performing accounts payable risk assessment with manual processes can ironically create additional risk and waste due to the time and labor commitments required and the increased potential for costly errors.

Implementing a dedicated procurement solution with integrated artificial intelligence (AI) and automation makes it possible to apply continuous improvement to every process—including risk assessment. Centralized, cloud-based data management provides the ideal vehicle for collecting, accessing, and verifying all transactional data, while advanced analytics and machine learning help you pinpoint roadblocks, process inefficiencies, and potential sources of rogue spend and fraud.

It’s a smart choice that supports not just effective risk management strategies and fraud detection, but more efficient accounts payable and procurement functions across the board. It also makes the other function of an accounts payable audit—data verification—easier and more accurate while ensuring a complete and accurate audit trail.

2. Identify Sources of Potential Risk

Risk assessment for an internal audit starts with data collection. The goal is to identify, in detail, as many sources of risk exposure as possible. The more serious the risk, the more urgent it is to expose and correct it in order to avoid damage to your company’s financial health, competitive advantage, or public reputation.

Some of the most common sources of risk include (but are not limited to):

Rogue Spend

Also called maverick spend, these purchases fall outside of the accounting system and are invisible, creating potentially substantial damage to cash flow (e.g., inaccurate reporting means resources have to be shunted to cover unexpected expenses), vendor relationships (e.g., goods and services purchased might violate established contracts), etc.

Automated tracking, leveled roles and approvals, and integration with vendor and contract management help reduce this risk, and preserve the integrity of financial data for reporting, analysis, and audits.

External Fraud

The Association of Certified Fraud Examiners (ACFE) estimates that around 5% of all revenues generated by businesses worldwide are lost each year to fraud. That translates to about $3.7 trillion each year as of 2014. According to the Association for Financial Professionals, 82% of organizations experienced payment fraud of some type in 2019.

Perhaps unsurprisingly, nipping fraud risk in the bud is a high priority for any business looking to build value.

External fraud generally requires an “inside actor” to be successful. Two of the most common types are collusion and kickbacks. Collusion occurs when a staff member collaborates with one or more vendors to share ill-gotten gains created by duplicate payments (or “phantom” payments to non-existent suppliers). Kickbacks (also called overpayments) are created when records are falsified to overpay a collaborating vendor’s invoice and then split the proceeds.

One exception to the “inside actor” rule is “Business Email Compromise” fraud, or BCE. In this sophisticated scheme, scammers tailor a fraudulent request for funds to comply with the target’s accounting system and workflows, and take advantage of unsuspecting staff to steal thousands or even millions of dollars via wire transfer fraud.

An automated accounts payable system, with controlled access, pre-vetted vendors, leveled buying and approval access, and tools like three-way match verification will make this type of fraud much easier to detect—and much more difficult to perpetrate.

Internal Fraud

Not every criminal fraud risk requires outside agents. Accounts payable fraud can be perpetrated by a single employee, falsifying vendor files or even creating a new vendors from the air. The fraudster sends real payments to the fake vendor, collecting the money themselves using a false address.

Another internal fraud risk is check fraud, where a check is either altered or intercepted by malefactors. The digital version of check fraud using electronic payments is called Automated Clearing House (ACH) fraud. In this scenario, disbursements are routed to dummy accounts controlled by the fraudster or a collaborating third party.

In all instances, thieves may attempt to dodge existing internal controls by keeping the amounts stolen below established “cut-off” amounts to minimize the risk of having their fraud exposed. As with external fraud, full transactional transparency and automated reporting and analysis make it much easier for management to spot suspicious payment activity long before it appears on a bank statement. In addition, adding approval controls for the creation of a new vendor file can prevent would-be thieves from gaming the system altogether.

Conflicts of Interest

In a lax or overworked control environment, it may be tempting for staff to wear multiple hats, controlling multiple job functions without any sort of complementary organization reducing the risk of fraud and human error.

As a result, the potential risk exposure increases dramatically. For example:

  • A person who handles the inventory of physical checks might also be a signatory for payments made from the company account or placed in charge of the check register.
  • The person in charge of the master vendor file could have authorization to sign agreements and approve invoices for payment.
  • A person in charge of journal entries for the balance sheet is an authorized signer on the company bank account.

Strategic segregation of duties both eliminates risk and reduces temptation for any susceptible parties.

The supply chain is another source of potential conflicts of interest. If anyone in the procurement or payables departments is receiving tips, gifts, or other incentives from vendors, supplier relationship management and profitability can be damaged by staff “playing favorites” instead of following policy and procedure to ensure the best payment terms and value for the company.

Automated workflows for purchasing and approval, with built-in contingencies, pairs well with clearly defined roles and policy-based separation of duties. In addition, vendor management supported by data-driven vendor performance evaluation and integration with contract management eliminates favoritism and low-key bribery while encouraging actual supplier relationship development through strategic negotiation and shared goals. 

Payment Delays and Errors

Manual processes can create unintentional risks by allowing for multiple payments, late payments, and incorrect payment amounts to slip through the cracks. A lack of transactional data transparency and process inefficiencies can add more expense through chasing exceptions and damaged vendor relationships.

Accounts payable automation reduces risk created by problems like these by removing the risk of their occurrence. Automated workflows and approval chains ensure every transaction is both documented and verified as it moves through the cycle, along with any corrections or adjustments. Low-value tasks like data entry are taken out of human hands, speeding and streamlining processes while reducing risk and errors. Visibility aids in analysis, accruals, forecasting, and strategic sourcing while maintaining payment timelines and any valuable incentives or bonuses.

The result is complete, accurate financial data for forecasting, reporting, and audit trails. 

3. Document Your Assessment and Implement Improvements

After assessing your AP risk exposure, create a summary detailing each risk and a firm connection with the planned solution. Each risk should have a clear definition and solution. Rather than simply saying “implemented software package” as a panacea, detail each risk and the specific workflows, policies, and processes required to eliminate that specific risk.

For example, if you discover check fraud within your accounts payable function, you could create a detailed separation of duties and a contingency workflow in the event one or more parties cannot meet their respective obligations at any given time. This will ensure, for example, that if Tom (an authorized signatory on the company account) is out of the office, checks can still be signed by Susan, but not Bill, who is in charge of the inventory of physical checks.

And once you’ve addressed the sources of risk in your accounts payable department, don’t forget to follow up. Make process review and risk assessment a regular part of your workflows. When risk assessment is built into your business processes, it’s much harder for fraud, rogue spend, or supplier problems to take you by surprise.

Remember, there’s always room for (continuous) improvement—especially with machine learning and advanced analytical tools.

Assess—and Address—Your Accounts Payable Risk

Forewarned is forearmed, and by performing an accounts payable risk assessment, you can ensure your risk is low while keeping efficiency, morale, and productivity high. By combining AI and automation with strategic and consistent process improvements, you can take the risk out of risk assessment and protect your company’s reputation and bottom line.

Optimise Your AP Function with Less Risk and Higher Efficiency With PurchaseControl

Find Out How
image_pdfDownload PDF

Business is Our Business

Stay up-to-date with news sent straight to your inbox

Sign up with your email to receive updates from our blog

Schedule A Demo

Enter your email below to begin the process of setting up a meeting with one of our product specialists.