Having your accounts payable records regularly audited is an important part of reducing loss and preventing fraud.
A/P audits occur after the fact, so even if you're auditing current records, you're still looking into transactions that have been completed. Therefore, these audits shouldn't replace measures that aim to prevent errors from occurring in the first place.
To ensure an impartial audit, the auditor should not work within your accounts payable department or have any stake in the files they're looking into. However, even with an impartial auditor there are still some risks that could result in the audit missing things it should catch. Here are six common accounts payable audit risks you should avoid:
If you hire a third-party auditor who's incentivized based on contingency fee arrangements to look into your accounts, they might put forward every possible finding they can without researching and understanding the root cause.
Additionally, they might ignore small dollar items and only look into items that are cost-effective to find, which can lead to errors being missed.
When selecting a third-party auditor, make sure to choose someone who isn't just looking for a profit. You should also always check their references and speak to previous clients to verify their experience matches what you're looking for in an auditor.
Third-party auditors might not have a background in the accounts payable process. This lack of experience could cause them to flag items that are not legitimate errors.
Additionally, the way each industry handles its accounts payables has some unique characteristics that could lead to accounts payable audit risks. If you're in the auto industry, you'd want auditor experienced in the auto industry, not an auditor with background and expertise in apparel manufacturing.
A manual audit might not look across systems to see if there are transactions duplicated across more than one system. For companies using multiple ERPs or a p-card system, conducting a cross-system analysis is essential for noticing duplicates in different systems and aggregating spend that's associated with multiple vendor numbers because of the multiple systems.
Since there's no invoice number or vendor number associated with p-card transactions, there's no good way to include p-cards in your review without using an automated system with a fuzzy logic capability. Because p-card activity is more difficult to audit and tends to feature lower transaction amounts, auditors might choose to ignore p-card transactions in their audit.
However, this leads to accounts payable audit risks of overlooking errors and fraud.
If your auditor doesn't closely follow the Institute of Internal Auditors' guidelines and/or ignores p-card activity, they might easily overlook fraudulent activity.
An audit needs to be very thorough and look at everything, not just certain systems or large transactions, to ensure any fraud is caught.
Not all auditing is done in the company records. Auditors should also be looking into vendor records and analyzing vendor statements. If the auditor isn't reviewing a majority of vendor records, they're missing significant activity levels and unable to ensure there are no systematic problems.
When requesting and looking into vendor records, a level of professionalism needs to be maintained by the auditor so there's no vendor antagonism. You don't want an audit to result in a damaged relationship between you and your vendors.
Only targeting the large vendors and large transactions in an accounts payable audit risks leaving large areas where errors are occurring unchecked. On an aggregate basis, large dollar amounts are going out the door, just through smaller individual line items.
If your auditor ignores transactions below a certain amount in their audit or doesn't thoroughly examine all the payment systems you use, there's a high likelihood their audit is missing errors or even fraud.
Karl Andersson has devoted his career to helping organizations improve their business processes. For 15 years, he has worked with multitudes of Fortune 500+ companies as the CEO of Technology Insight. Before this, he spent 10 years working in the audit and consulting sectors, which included large international projects in both Europe and Asia. Karl brings a combination of industry expertise and real-world experience. The diversity of his clients has allowed him to understand a variety of industries, and the unique challenges that each of them face.