How to perform an accounts payable audit

An accounts payable audit is an independent review of your company’s accounts payable records. It helps ensure financial accuracy and prevent fraud—and, in many cases, it’s required by law. Since the Sarbanes-Oxley (SOX) Act was passed in 2002, publicly traded companies are legally required to undergo an impartial assessment of all relevant records.

‍

But even for small private companies, an AP audit is a valuable risk assessment tool. A 2024 study from the AFP found that 80% of businesses experienced either successful or attempted payment fraud in 2023, and the ACFE estimates that businesses lose 5% of their revenue to fraud each year. That kind of loss can impact profits no matter your size.

‍

In this post, we’ll explain what an accounts payable audit is, why it’s important to audit AP, and cover the step-by-step process of how to conduct an accounts payable audit to help you improve financial controls and limit the risk of fraud.

What is an accounts payable audit?

An accounts payable audit is an examination of your company's accounts payable records. It verifies the accuracy, validity, and completeness of the payments made and liabilities owed to your suppliers.

‍

AP audits ensure compliance with financial regulations, detect errors or fraud, and confirm your transactions are properly recorded. They also help assess the strength of your AP processes and internal controls, highlighting areas for improvement.

AP audit objectives

The goal of any audit is a “clean” outcome—for AP, that means:

1. Verifying accuracy: Ensures that the liabilities, payments, and invoices you recorded are accurate and match your supporting documentation
2. Identifying errors or fraud: Helps detect payment errors, unauthorized transactions, or fraudulent activity
3. Ensuring compliance: Confirms your AP records align with company policies, vendor contracts, and regulatory requirements like SOX, where applicable
4. Evaluating internal controls: Assesses whether your internal controls are effective in preventing errors or fraud
5. Validating completeness: Confirms that all expenses and liabilities were recorded correctly and in the right accounting periods

Why it’s important to audit accounts payable

Accounts payable audits are so important because AP handles outgoing payments, making it especially vulnerable to fraud, theft, or overpayments:

1. Mitigates fraud risks: AP audits help uncover gaps in your internal controls that could leave you susceptible to fraud. Identifying weaknesses is crucial to preventing accounts payable fraud before it happens.
2. Prevents payment errors: Duplicate payments are a significant challenge in AP operations. These issues often occur due to poor visibility throughout your AP workflow. Audits help identify payment errors and provide insight into which steps in your AP workflow need improvement.
3. Fosters confidence in your business practices: An efficient and reliable AP process is essential for your company's credibility. It showcases your ability to mitigate fraud and errors and assures stakeholders that your financial reporting is accurate. Confidence is crucial for attracting investors and maintaining a positive brand impression.

What do auditors look for in an AP audit?

When you submit your AP records for an audit, you’re making assertions that your records are accurate and complete. The auditor’s job is to evaluate whether your assertions are true. The four main assertions that auditors look at in an AP audit are:

1. Completeness

Auditors will ensure that you duly recorded and accounted for all your liabilities and payables balances within the appropriate accounting periods. To do that, they rely on cut-off tests, reconciliations, and audit trails to verify that all your invoices and payments are accurately recorded and that no transactions were omitted from your records.

2. Validity

Examiners will also audit the validity of your AP transactions. This often involves reaching out to your vendors and suppliers for a confirmation request that corroborates the payments and liabilities listed in your records. Your regular vendors are the biggest target, though the type and number of partners your auditors reach out to will vary based on your size and industry.

3. Compliance

You must record your AP transactions according to Generally Accepted Accounting Principles (GAAP). Auditors will examine your records to ensure that’s the case.

‍

The audit typically starts by scrutinizing year-end financial statements such as your balance sheet and income statement. Then, examiners randomly trace entries from your company's general ledger back to their sources. This process identifies whether you followed the correct accounting procedures.‍

4. Disclosure

The final assertion in an accounts payable audit is disclosure. Auditors verify proper disclosure by checking all the liabilities, calculations, and footnotes explaining unusual transactions in your year-end financial statements. They may also ask you to disclose a management representation letter that confirms your financial statements accurately represent your AP transactions.

How to audit accounts payable

Here’s a step-by-step guide to auditing accounts payable:

1. Plan and define the scope of the audit

Before jumping in, outline the objectives and boundaries of the AP audit. Determine the period the audit will cover (e.g., quarter-end, year-end) and your timeline for audit fieldwork.

‍

Considering the assertions relevant to accounts payable—completeness, validity, compliance, and disclosure, as discussed above—you’ll need to identify the documents and systems that need review. These typically include internal controls documentation, the AP ledger, general ledger, invoices, purchase orders, and bank statements.

‍

Lastly, ensure the audit team has access to relevant systems, journal entries, documents, and staff throughout the audit process. This may include:

• Read-only permissions: Access to accounting software, procurement systems, and other platforms
• Interviews: Access to key staff involved in the AP process to ask questions and conduct interviews
• Physical entry: Access to any physical locations where you store relevant documents

2. Evaluate internal controls

Internal controls are critical to minimizing errors and fraud in AP. Start by examining:

• Segregation of duties: Are different staff responsible for approving invoices, processing payments, and reconciling bank statements?
• Approval workflows: Verify that payment approvals follow the organization’s policies
• Vendor management: Check procedures for adding and verifying new vendors to prevent fake or duplicate vendors
• Three-way matching: Confirm the company matches invoices to purchase orders and receiving reports before making payments

‍

If you identify internal control weaknesses, you must create audit procedures to address them. For example, say you find out one person prints checks, signs them, records payments, and reconciles the bank statement (i.e., there’s a lack of segregation of duties).

‍

In that case, there’s a high risk that the employee could commit AP fraud by paying fictitious vendors or intentionally paying a vendor twice and stealing the second check. Your audit procedures will need to test for fraud.

3. Analyze the AP ledger and general ledger

A detailed review of the AP ledger is essential to ensure accuracy and completeness. Perform the following checks:

• Compare AP balances to the general ledger to identify discrepancies
• Review month-end reconciliations and ensure the company recorded all outstanding liabilities
• Look for unusual entries, such as large or frequent adjustments, which could signal errors or fraud

‍

Audit software helps you quickly analyze trends and spot outliers, such as duplicate amounts or unexpected vendor activity.

4. Perform vendor and invoice testing

Use a sample-based approach to test vendors and invoices. Here’s how:

• Verify vendor information is accurate and complete (name, address, tax ID, etc.)
• Match invoices to corresponding purchase orders, contracts, and receiving reports
• Confirm that invoice amounts, due dates, and payment terms align with agreements
• Check for duplicate payments by cross-referencing invoice numbers and amounts

‍

Send confirmation letters to vendors asking them to verify balances owed. If you uncover discrepancies, investigate further.

5. Search for unrecorded liabilities

To ensure completeness, look for liabilities missing from the AP ledger. Here’s how:

• Review subsequent payments made after the audit period to detect any invoices the company should have accrued earlier
• Check open purchase orders for goods or services received but not yet invoiced
• Examine vendor statements for missed or pending payments

6. Summarize findings

Finally, compile your findings and report on the results of your audit procedures. Your audit working papers should include:

• A summary of procedures performed and key observations
• Identified errors, risks, or control weaknesses
• Recommendations to address issues, such as improved segregation of duties or enhanced automation tools

‍

Keep the audit report clear and actionable. Stakeholders should walk away knowing what went well, what needs attention, and how to improve.

Common weaknesses in AP internal controls

Depending on the size and maturity of your company, an accounts payable audit may reveal some weaknesses in your internal controls. Here are some of the most common weaknesses across small, medium, and large businesses:

Weaknesses in small businesses

1. Lack of segregation of duties: Limited staff often results in a single person handling multiple AP tasks, increasing the risk of fraud and errors
2. Heavily manual processes: Manual data entry increases the likelihood of simple mistakes and leads to inefficient processes
3. Inadequate approval workflow: An informal invoice approval process allows payments to be released without proper oversight or documentation

Weaknesses in midsize companies

1. Inconsistent segregation of duties: While roles may be more defined than in smaller businesses, staff overlap during high-volume periods can create opportunities for errors or unauthorized transactions to slip through
2. Insufficient matching exercises: Weak controls over invoice matching procedures can lead to duplicate or inaccurate vendor payments
3. Partially manual processes: Incomplete or outdated AP automation software can lead to continued reliance on inefficient and error-prone manual processes

Weaknesses in large enterprises

1. Risk of duplicate payments: Large transaction volumes and complex approval systems make it easier for duplicate invoices or payments to get approved
2. Incomplete system integration: Poor integration between your AP automation software and your enterprise resource planning (ERP) system can result in data integrity issues or incomplete financial reporting.
3. Decentralized AP processes: Inconsistent AP policies and workflows across locations or subsidiaries can create gaps in your internal controls

Improve internal controls for AP with Ramp

The prospect of an AP audit probably seems intimidating, but it doesn’t need to be. With the right tools, you can increase efficiency, improve transparency, and ensure strong internal controls around accounts payable.

‍

Ramp’s AP automation software provides a range of user roles and permissions, helping you manage finances efficiently while ensuring robust controls:

• Customizable approvals: Streamline workflows and ensure only authorized individuals approve payments
• Set role-based permissions: Assign precise roles to control who can manage, approve, and pay bills
• Detailed tracking: Monitor every step of your AP workflow for full transparency and compliance

‍

Learn more about how Ramp Bill Pay can help improve your audit outcomes.