How to master internal controls for accounts payable
Benchmark your company's expenses with Ramp's data.
straight to your inbox
Accounts Payable can be a daunting task to take on, especially for small business owners. However, without the right internal controls, it could also doom your business.
This post delves into how to establish robust internal controls for your accounts payable (AP) processes, enhancing their everyday operations without requiring significant changes. This post uses real-life examples and actionable tips to improve financial operations, emphasizing the importance of cost-benefit analysis in implementing effective internal controls.
What are accounts payable controls?
Accounts payable controls are a set of internal processes designed to ensure the accuracy and security of a company’s financial transactions, particularly in preventing and detecting fraud. These controls are essential for maintaining the integrity of financial information and safeguarding against fraudulent activities, especially in today’s digital environment. While the cost of implementing these controls may be difficult to measure, they are crucial for protecting a company’s assets, as failing to do so can lead to significant financial losses, such as a depleted bank account due to undetected fraud.
Types of AP controls
A well-structured accounts payable (AP) process requires multiple layers of internal controls to safeguard against errors, fraud, and unauthorized payments. Below, we break down the key types of AP controls into three main categories: your obligation to pay, data entry into the system, and payment of the debt.
Your Obligation to Pay
Controls in this category ensure that payments are legitimate and authorized before processing. These controls help verify that the obligation to pay is real, matches the company’s records, and is properly approved.
- 3-way match: After the AP clerk completes the 3-way match (matching the purchase order, receiving report, and invoice), a seasoned controller should review it to ensure accuracy.
- Vendor approval: Implement a preparer and reviewer process for each new vendor. This ensures no conflicts of interest, such as vendor addresses matching an employee’s address, preventing fraud.
- Authorization limits: Set transaction limits so payments above a certain threshold require additional approval. This control helps avoid manual errors and unauthorized high-value payments.
- AP aging report: Review the AP aging report monthly to monitor outstanding obligations and ensure alignment with the company’s cash flow needs.
- Budget-to-actual comparison: Regularly compare expenses to the budget to identify errors or overspending and correct them on time.
- Invoice approval process: Ensure that invoices go through a formal approval process, verifying that goods or services were received and invoiced correctly.
Data Entry into the System
This category of controls ensures that information entered into the AP system is accurate, reliable, and secure. Effective data entry controls prevent mistakes and reduce the risk of fraudulent or unauthorized entries.
- Vendor approval: Implement a dual review for new vendor entries to ensure data integrity and avoid fraudulent entries.
- Authorization limits: Apply system-based thresholds to prevent unauthorized large transactions from being processed without additional approval.
- Access controls: Restrict system access based on user roles. Only authorized personnel should be able to enter vendor information, approve payments, or modify data.
Payment of the Debt
Once an obligation has been verified and the data is entered correctly, the final step is ensuring that payments are made accurately and only by authorized personnel. Controls in this category help prevent unauthorized or incorrect payments from being processed.
- Wire/check approval: Ensure that one person prepares the payments, but only an authorized signer can approve and release the payment after a thorough review.
- Bank reconciliations: Perform monthly reconciliations to confirm that all payments match outgoing funds. To ensure accuracy, each reconciliation should have a preparer and a separate reviewer.
- Duplicate payment detection: Implement controls that flag potential duplicate invoices or payments to avoid paying the same bill twice.
How to build an accounts payable controls framework
Building an AP controls framework starts with understanding your current process. Begin by mapping out your AP workflow, whether you're a small team or a large organization. Document each step to identify key areas where errors or fraud could occur.
Next, implement segregation of duties—ensure that no one individual controls the entire AP process. For example, one person should enter invoices, another should approve them, and a third should handle payments. This reduces the risk of fraud or undetected errors.
Then, introduce key controls such as automated three-way matching, approval thresholds, and vendor approval processes. Use AP automation tools like Ramp to streamline these controls, enabling automated invoice matching, real-time approvals, and transparent audit trails.
To catch errors early, regularly review your AP aging reports and conduct monthly bank reconciliations. It’s also essential to train your team on the importance of following these controls and performing regular audits to ensure compliance.
Finally, be prepared to adapt. As your business grows, so should your controls. By continuously evaluating and improving your AP framework, you can maintain strong oversight and reduce financial risk.
Internal controls best practices
- Understand the current process: Map out your existing AP process, whether you're a sole employee or have a full accounting team. Create a process narrative or flowchart to clearly document how your AP system works and current participants.
- Identify potential risks: Ask, "What could go wrong?" Consider scenarios like paying the wrong vendor or processing fraudulent payments. List these risks to guide where controls are most needed.
- Define key controls: Once you've identified risks, establish key controls to prevent or detect issues. These controls are critical to ensure the accuracy and security of your AP system.
- Segregation of duties: To reduce fraud and errors, ensure that different people handle separate parts of the AP process (e.g., one person enters invoices, another approves payments).
- Automate where possible: Use automation tools like Ramp to streamline repetitive tasks like invoice matching and approval workflows, which minimizes human error and increases efficiency.
- Conduct regular reviews and audits: Schedule regular checks of your AP process to ensure that controls are functioning properly and catching any issues early.
- Train your team: Educate employees on the importance of internal controls and how to spot red flags in the AP process. Ensure everyone follows procedures consistently.
- Adapt and improve: Regularly evaluate your AP controls to keep them up-to-date with company growth and new technologies. Continuous improvement ensures long-term effectiveness.
Where does automation fit in?
Accounts payable automation is a powerful tool for strengthening internal controls. AP automation reduces manual intervention, minimizing human error and the risk of fraud by enforcing strict, built-in controls. For example, automated three-way matching ensures that payments are only made when invoices, purchase orders, and receipts align, eliminating errors like incorrect payments to vendors.
With Ramp, companies can implement custom approval workflows, ensuring that transactions surpassing certain thresholds receive appropriate review before processing. Additionally, AP automation provides real-time visibility into outstanding payments and vendor data, making it easier to catch discrepancies and detect potential fraud. By automating these critical tasks, businesses can maintain strong financial oversight without relying solely on manual processes, ultimately enhancing both efficiency and control.
Examples of a lack of accounts payable controls
Let’s consider this real-life example of a lack of internal controls in the accounts payable process.
Tom, the senior accountant, frantically called the CFO’s cell phone. The CFO was scheduled to be on vacation all week, but this couldn’t wait. He had noticed, by happenstance, that 6 months ago, they had paid a former employee, Albert, $2,000, instead of their vendor Alberti Inc.
Tom always complained that it didn’t make much sense to have an executive assistant, with no accounting background reviewing his work, but there wasn’t much Tom could do. The CFO was too busy to review the nitty-gritty and thought someone at the lower level could be a second set of eyes. But this time, it was a manual error that couldn’t be reversed. The bank could not get involved because it was much past the number of days in order to reverse the wire. And that former employee’s phone was probably not going to get picked up any time soon.
Here's another true story:
Brenda, the controller, picked up the phone. It was Richard, a representative of a vendor who recently had a spat with the owners of the business where Brenda works. Richard asked if the owners were around because he really wanted to thank them! “What for?”, said Brenda. “Oh, it’s the holiday season and when I was looking at the most recent wire transactions, I noticed that the owners wired over to me $1,100 instead of the $100 that was owed. It was a nice gesture from them, given what a difficult year it has been. But I’m glad to see that they’ve decided to let bygones be bygones.” Brenda hung up the phone to frantically take a look at the transaction that Richard was talking about. It turned out, she manually punched in an extra one. And now, she had no choice but to fess up to the owners.
The average business owner may read these examples and conclude that these accountants were just bad at their job. But as an auditor for 7 years, I never met a perfect accountant. But what prevented catastrophes like these to those imperfect finance departments was one thing—proper internal controls.
Take full control of your accounts payable with Ramp
Ready to implement these controls in your AP cycle? Ramp's accounting automation platform makes it easy to implement AP controls with real-time data sync, automated invoice processing, and integrated payments. Ramp’s automation capabilities simplify invoice processing, ensuring timely payments and helping you build strong relationships with vendors.