Carrying out an accounts payable risk assessment

The accounts payable department in any business can be particularly vulnerable to risk. But implementing a formal risk assessment process can help to mitigate any potential negative outcomes, while also improving overall efficiency.

Accounts payable (AP) is the department within an organization that is responsible for engaging with suppliers and processing and managing payments to third parties. As such, it has an important role to play in ensuring the smooth operation of the business.

However, it is also a function that tends to be ripe for improvement. AP processes are often inefficient, time-consuming and manual – and optimizing those processes can provide a significant opportunity to increase the return on investment (ROI) for procurement, as well as strengthening supplier relationships and accessing deeper insights into the company’s future cash flows. It’s also important to bear in mind that the AP department can be vulnerable to internal or external fraud, a risk it’s always worth protecting against.

While there are challenges to overcome, there are also plenty of steps that companies can take to optimize AP. By maximizing the efficiency of accounts payable, companies can transform the department into a well-oiled machine, both by improving the efficiency of processes and by minimizing the risk of error or fraud. With that in mind, one area that can yield significant improvements is the process used to assess the risks that can affect AP performance.

What is an accounts payable risk assessment?

An accounts payable risk assessment is an exercise which involves reviewing the AP process and internal payment controls in order to identify any shortcomings, reduce inaccuracies and minimize the risk of fraud. This is not to be confused with an accounts payable audit. An AP risk assessment should be regarded as part of the broader AP audit, which also typically involves verifying the accuracy of AP data.

Common accounts payable risks

An accounts payable risk assessment aims to identify risks that can harm the efficacy of the company’s AP processes. As such, it is important to understand which risks the risk assessment should focus on. These may include:

Internal fraud

The risk of fraud carried out by internal staff is a significant concern for AP teams. Without proper controls in place, there is a risk that staff with access to AP systems could steal money from the organization. This might involve changing an existing supplier’s banking information, or making payments to fictitious suppliers.

Maverick spend

Another area of concern is maverick spend – in other words, purchases that fall outside of compliance with the company’s established procurement policy and processes. Examples of maverick spend include transactions made by unauthorized individuals, purchases made without the necessary PO or approval process, and purchases from vendors other than the company’s preferred vendors. As such, there is a risk that maverick spend can have an adverse impact on cash flow, as well as damaging relationships with existing suppliers.

Maverick spend can also prevent the company from taking advantage of the cost savings negotiated with existing suppliers. Last but not least, there is a risk that unauthorized purchases may result in substandard goods.

External fraud/social engineering

Fraud can also be initiated from outside the organization. For example, fraudsters may use social engineering or phishing techniques to target unsuspecting staff. This might involve masquerading as an existing vendor and submitting an invoice with different bank account details. In other cases, internal members of staff may collude with external parties to defraud the organization. External fraud can also be perpetrated by suppliers, for example by double billing for goods or services.

Manual, error-prone processes

Also of concern is the risk presented by inefficient, unreliable or inaccurate AP processes. For example, manual processes can result in human error, meaning that suppliers are not paid correctly or overpayments are made. Late payments, meanwhile, may have an adverse impact on your relationships with key suppliers. Another consideration is that inefficient processes may lead to delays in invoice approvals – and that, in turn, could limit suppliers’ ability to take advantage of any early payment solutions that might be on offer, such as dynamic discounting and supply chain finance.

Running an accounts payable risk assessment

When it comes to carrying out an AP risk assessment, it’s important to note that different companies will approach the exercise in different ways. However, a good starting point is to consider the following aspects of the accounts payable process. In each case, the goal should be to identify any potential risks or points of failure associated with the existing processes:

1. Invoice arrival

Consider how your AP department receives invoices from the company’s suppliers – are they received via email, uploaded to a platform, or do your suppliers send paper invoices in the post? Paper-based invoices are associated with numerous risks: they can go missing, be subject to delays or even be intercepted. Look for ways to mitigate these risk by digitizing the invoicing process used by your suppliers – for example, by providing a supplier self-service invoicing solution, or by adopting system-to-system integrated invoicing.

2. Invoice data capture

You should also consider how data from invoices is captured and communicated within the organization, as manual data entry leaves the company at risk of human error. The good news is that if you automate this element of the accounts payable process, you can minimize the risk that your invoice data will be captured incorrectly – as well as improving the efficiency of your processes.

3. Accounts payable access

When it comes to minimizing the risk of fraudulent payments and maverick spend, it’s important to ensure proper controls are in place. As such, the accounts payable risk assessment should review which employees have access to the accounts payable platform, and who within the organization can authorize purchases. In order to improve controls and mitigate the risks, secure access to the relevant systems should be given exclusively to authorized AP and procurement team members.

4. Accounts payable visibility

Finally, the risk assessment should consider how much visibility the company has over key data points in accounts payable. If visibility over accounts payable data is limited, there is a risk that payments can be missed or that duplicate invoices may not be identified. By adopting a single, centralized accounts payable platform and integrating AP automation features, you can improve visibility over your AP data and thereby reduce the risks.