How to perform an accounts payable audit

For larger companies, conducting a liability assessment isn't just a choice, but a mandatory obligation. Since the enforcement of the Sarbanes-Oxley Act in 2002, it's a legal requirement for publicly traded companies to undergo an impartial assessment of all relevant records. Even for small private companies, an independent audit is an invaluable risk assessment standard provided by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) to help detect potential fraud or identify weaknesses in accounting procedures.

‍

The AFP Payments Fraud and Control Survey 2023, highlighted that 65% of companies encountered attempted payment fraud. The average business experiences a loss of around 5% in revenue due to fraud. This 5% decline has a notable impact on profits across businesses of diverse sizes. Conducting regular audits, including internal ones, is critical to the company's long-term financial health.

Accounts payable audit

AP represents the outstanding balance that a business owes its suppliers for goods or services rendered. It's a key element of the company's working capital and good financial position. Within the organization, AP is responsible for processing invoices and payments, as well as tracking supplier relationships.

‍

An AP audit carefully verifies the accuracy of invoices while making sure that robust controls are in place for managing the organization's financial records. The main aspects of this audit include a thorough review of invoices and payments for accuracy and authenticity.

Why we conduct accounts payable audits

Potential underpayments and theft directly impact AP which makes this process critical. There are three specific areas particularly vulnerable within AP:

• Mitigating fraud risks: Internal controls represent standard procedures that play a pivotal role in minimizing human errors, deterring fraud, and preventing improper payments. In the absence of these critical controls, the AP function becomes susceptible to fraudulent activities or misappropriation. Audits serve to uncover and rectify such inaccuracies.

• Preventing duplicate payments: The risk of making duplicate payments poses a significant challenge in AP operations. These errors often occur due to inadequate visibility within the AP workflow. Audits serve as indispensable checks, identifying and rectifying inaccuracies to prevent unnecessary financial drain and safeguard the financial integrity of the organization.

• Fostering confidence in business practices: Crafting a reliable and smooth end-to-end AP procedure is essential for upholding a company's credibility and trust. It authenticates your business, showcases the implementation of controls to mitigate fraud and errors, and assures stakeholders about the reliability of your financial statements. Confidence in business practices is pivotal for attracting investments and upholding a positive market standing.

Objective of an accounts payable audit

The goal of both internal and external audits is a 'clean' audit outcome. Achieving a clean audit signifies the auditor's certification of accurate financial statements devoid of material misrepresentations or significant issues.

‍

Additionally, specific audits demand companies to showcase the effectiveness of their internal controls. For instance, in a Sarbanes-Oxley audit, the audit's outcome, known as an opinion, ensures the adequacy of the company's internal controls in managing financial data and transactions.

Accounts payable assertions

Completeness: All liabilities and payables balances are duly recorded and accounted for in financial records within the defined accounting period. Auditors rely on cut-off tests, reconciliations, and audit trails to provide precise record-keeping. Year-end financial statements must incorporate cut-off tests for purchases and cash payments to guarantee accuracy. Auditors rely on audit trails to match payments with recorded payables and identify any unmatched documents.

‍

Validity: Protecting the legitimacy of AP transactions, auditors send confirmation requests to vendors and suppliers. They usually contact regular vendors and sometimes approach a subset of other business partners, even with no outstanding balances.

‍

Compliance: Ensuring adherence to accounting principles, the audit typically starts by scrutinizing year-end financial statements such as balance sheets and income statements. Then, examiners randomly trace entries from the company's general ledger back to their sources. This meticulous process unveils whether correct accounting procedures were correctly followed.

‍

Disclosure: Ensuring AP accuracy on year-end financial statements is a key audit step. Auditors verify proper disclosure by checking liabilities, purchase calculations, footnotes explaining unusual transactions, and a management representation letter confirming full disclosure.

How to audit accounts payable

Auditors review AP records for legitimacy, aiming to detect fraud or errors. Instead of concern, viewing audits as a chance to identify and fix issues beforehand is key.

‍

Curious about the focus of an AP audit? While specifics may vary, auditors generally examine the following: 

• A thorough review of AP internal controls
• Who reconciles AP summaries with the general ledger?
• Does the company use an annual expense budget?
• Comprehensive AP ledger at period-end
• Records for any undisclosed liabilities
• Procedure for managing expenses
• Usage of three-way matching in AP
• Handling of purchase orders
• Segregation of duties in AP
• Credit card purchase protocol
• Oversight of vendor activity
• Process for new vendor management
• Approval flow in AP
• Adoption of electronic payments
• A specific method for electronic payments
• Pertinent financial reports: balance sheets and cash flow statements

‍

During inquiries and inspections, documents like the payable ledger are reviewed, and actions such as check signing or electronic payments are observed. Control weaknesses prompt the creation of specific audit procedures.

‍

Performing an audit on AP isn't a one-size-fits-all process. Auditors tailor their methods based on a company's size and need for a comprehensive check. State-to-state variations exist in adhering to Generally Accepted Accounting Principles (GAAP) regulations, particularly for public companies that might issue supplementary reports not bound by GAAP standards. 

Unlocking accounts payable audits: Key procedures explained

In most corporations, the AP division handles a large volume of transactions. Consequently, the AP ledger may be susceptible to errors or even be used to conceal fraudulent journal entries. So, how do auditors manage AP? Use four core procedures to assess whether this account is devoid of ‘substantial discrepancy’ and aligns with U.S. GAAP.

Reviewing standard operating procedures (SOPs)

Effective SOPs are essential for ensuring the seamless functioning of the AP department. However, some companies lack formalized SOPs, and others may not consistently adhere to existing ones.

‍

When SOPs are in place, the audit team conducts a thorough examination. They also test a sample of transactions to verify if AP personnel comply with these procedures.

‍

If the AP department lacks SOPs or if the current SOPs do not reflect the department's operations, the audit team halts fieldwork temporarily. Auditors resume testing once the AP department issues formal SOPs or updates them accordingly. 

Paper trail analysis

Auditing by vouching' refers to tracking a transaction from its origin to its conclusion. Analyzing this paper trail involves examining source documents, such as:

• Purchase orders
• Vendor invoices
• Journal entries for AP & inventory
• Bank records

‍

The audit team selects transactions randomly or based on their significance or frequency. They make sure the company adheres to invoice terms and receives the correct discounts.

Vendor confirmations

Auditors may dispatch forms to the company's vendors, asking them to 'confirm' the outstanding balance. Confirmations can either:

• Indicate the amount owed according to the company's accounting records
• Keep the balance blank, requiring the vendor to fill it

‍

If the vendor-confirmed amount doesn't match the AP ledger's recorded amount, the audit team investigates the exception and seeks clarification. Unresolved discrepancies may call for further testing procedures and could‌ lead to a qualified or adverse audit opinion, depending on the discrepancy's scale and nature.

Financial statement verification

Auditors compare the figures recorded in the company's financial statements to those maintained by the AP department. This involves reviewing the month-end closing process to make sure expenses are recorded in the appropriate accounting period.

‍

Additionally, auditors assess the process of identifying and recording related-party transactions. They also scrutinize vendor invoices paid with cash and unrecorded liabilities involving received goods or services pending payment processing. The Association of Certified Fraud Examiners found that financial statement fraud costs the companies on average 1 million dollars.

Accounts payable risk assessment

Firstly, differentiate between an AP risk assessment and an AP audit. An AP audit verifies the accuracy of records, while a risk assessment examines processes and controls to prevent errors and fraud.

‍

Therefore, an AP risk assessment is a vital inclusion in an audit.

‍

Internal team and fraud risk: Fraud isn't just an external threat. Employees having access to conflicting functions can create fraud risks, emphasizing the need for duty segregation. Small firms with limited staff handling AP are more vulnerable. Lack of segregation allows misuse, like paying fake vendors or colluding for unauthorized payments.

‍

Fraud and cybercrime: Weaknesses in AP processes, controls, and staffing create opportunities for fraud and cybercrime. Fraud can stem from internal employees or external parties like vendors. This includes billing schemes, check and ACH fraud, and cyberattacks like the Business Email Compromise (BEC).

‍

COVID-19 intensified payment fraud, especially through BEC, due to disrupted AP procedures. Cybercriminals exploit vulnerabilities by posing as vendors or senior staff through phishing or email spoofing and manipulating wire instructions for fraudulent payments. Businesses face median losses of $104,000 due to internal control issues, contributing to a total of $7 billion in occupational fraud cases, involving corruption, asset misappropriation, and fraudulent statements.

‍

External and internal fraud: The Association of Certified Fraud Examiners estimates an average 5% loss for businesses globally, equating to a staggering $3.7 trillion relative to the Global GDP.

‍

External fraud in AP manifests in various forms:

• Collusion: Involves internal employees collaborating with external suppliers for illicit payments using duplicate or fake invoices, resulting in shared profits.
• Overpayment: Where invoices are intentionally overpaid, and the excess amount is diverted for personal gain by involved parties.
• Conflicts of interest: Weak supervision and loose controls in procurement and payments create conflicts of interest. A robust division of labor is crucial for oversight in ordering, receiving, and paying for goods or services. Another risk arises from gifts influencing supplier selection; seeking multiple bids before engagement enhances due diligence and justifies vendor choice.

Common control weaknesses in small entities

• Single person handling multiple critical tasks like approving purchases, entering invoices, issuing payments, reconciling bank accounts, and adding vendors.
• Lack of secondary review before payment issuance.
• Weak or absent bidding procedures.
• Failure to reconcile AP details with the general ledger.
• Inadequate vetting of new vendors.
• Absence of budget creation and expense comparison.
• Lack of unannounced audits within AP and expense procedures.
• Single-person electronic payment authorization without secondary involvement.
• Irregular or delayed bank account reconciliations.
• Lack of scrutiny in matching payee names on canceled checks with vendor names in the general ledger.
• Risk of fund embezzlement due to lack of segregation of duties within the expense cycle, allowing potential theft scenarios.

Access level for auditors

Making sure auditors have the required access to your systems, journal entries, documents, staff, and beyond is crucial. This may encompass:

• Read-only permissions: Access to accounting software, procurement systems, and pertinent platforms.
• Interviews: Auditors may conduct interviews with key personnel engaged in the AP process.
• Physical entry: Access to filing cabinets or locations where pertinent documents are kept.

‍

It's vital to oversee and regulate this access to safeguard your data's integrity and confidentiality. A comprehensive grasp of the typical audit procedures, necessary documentation, and access prerequisites can greatly simplify the auditing process.

Making audits less daunting

While audits are essential for business compliance, they need not be intimidating. By implementing efficient tools and resources to automate the entire AP process—from purchase orders to invoicing and payment — transparency becomes inherent. 

‍

Leveraging reliable AP automation and procure-to-pay software streamlines invoice processing, accelerating supplier payments, minimizing errors, and eradicating potential fraud risks. Such systems not only enhance operational speed but also significantly improve the prospects of sailing through future AP audits.