Wednesday, April 12, 2006
Top 10 Procure-to-Pay Control Violations and Process Breakdowns
Top 10 Procure-to-Pay Control Violations and Process Breakdowns
Sarbanes-Oxley and global outsourcing have changed the game for finance executives. Control violations and process breakdowns use to be limited to the realm of Six Sigma black belts, but those days are gone.
Once just operational snags, procure-to-pay control violations and process breakdowns threaten a company’s Sarbanes-Oxley compliance and add extra expense to financial operations. Whether faulty segregation of duties or payment errors, both can land you in hot water with either your auditor or your cost-cutting, outsourcing-minded CFO.
With a broad base of Fortune 500 customers, Oversight Systems collected data to compile the 10 most common procure-to-pay control violations and process breakdowns.
1. Segregation of Duties
Companies are now devoting thousands of man hours to hunt down segregation of duties (SoD) conflicts within their financial systems and processes. However, they’re finding that the vast majority of these potential SoD risks have never actually been violated. Moreover, many of the SoD violations were executed to get relevant work accomplished – not fraud.
Some push the idea that every single SoD risk can be eliminated with better management of user access rights within your ERP systems. However, most financial processes don’t operate inside a vacuum of a single financial system or perfectly defined roles that eliminate all SoD conflicts. Real world compliance demands a complete closed-loop control system that identifies SoD conflicts across multiple systems, quantifies control risk based on how (and if) a control weakness is exploited, monitors known risks where SoD conflicts cannot be eliminated, and provides documented proof of control effectiveness.
2. Vendor File Management
Ask any accounts payable manager, and they’ll tell you about their headache maintaining clean and accurate master vendor files. Common errors pop up with duplicate vendor files for “IBM” and “International Business Machines”. Multiple billing addresses and delivery locations only magnify the issue. However, more troublesome problems arise when purchase orders are entered and approved for inactive or invalid vendors who lack proper credentials. This control weakness can easily lead to financial risk.
3. Payment Errors
As the final output of the procure-to-pay process, payments are the end product of a series of tasks and sub-processes. Erroneous payments are the final result of process breakdowns and control violations within those sub-processes – vendor maintenance, PO approvals, receipt of goods, vouching for the invoice, etc.
Duplicate payments often originate with duplicate vouchers. As companies process and vouch for incoming invoices, most financial systems are configured to prevent an exact duplicate from entering the system. However, most AP departments occasionally run into rush-job situations where it’s acceptable to circumvent the preventive system control by adding a simple dash or suffix to the end of a voucher number.
Besides duplicates, common payment errors also include misdirected payments where the name on the check or account number of a wire transfer does not match the corresponding fields in master vendor file.
4. Out of Sequence Transactions
Process breakdowns frequently occur from transactions that don’t follow the defined process flow. For example, an invoice “issued” date or voucher “created” date can predate the approval date of the corresponding purchase order. In this situation, authorization to pay the invoice is inferred from receipt of the invoice as opposed to approval of the purchase order.
5. Bad Data Inputs
Efficient procure-to-pay processes rely on accurate data inputs to the accounts payable system from all internal and external sources – from corporate purchasing to vendor invoicing. Bad data inputs introduce errors into the process that typically rely on manual intervention to detect and correct. In some cases, the incoming invoice or purchase order includes more “lines” than what the production system can accept. Monitoring systems can automate much of that work by analyzing the source data systems and the accounts payable production system.
6. Unvouchered Receipts
Breakdowns in the procure-to-pay process often accumulate in a company’s suspense account for “unvouchered receipts” – also known as GRNI or “goods received but not invoiced”. While companies must accurately accrue for available resources that have not been invoiced, this suspense account often grows over time as invoices don’t exactly match up against the original journal entry to the GRNI account. Errors in reconciling this account often lead to over booking of liabilities.
7. Procurement Card Policy Violations
Procurement cards – a.k.a. purchase cards or simply P-cards – provide a convenient solution for authorized employees to buy low value goods and services with a company “credit card.” While P-cards reduce the work and costs of the accounts payable department, policy violations can occur where employees circumvent their purchase limits by splitting a single purchase into multiple P-card transactions. However, more common mistakes and process breakdowns occur where a purchase order is issued for an item purchased with a P-card. Other common control policy violations occur when an employee mistakenly submits a receipt on an expense report for goods purchased with the company P-card.
8. Freight Accruals
Similar to unvouchered receipts, freight accruals must be accurately reconciled or will lead to misstating a liability. While also common in the order-to-cash process, errors in procure-to-pay freight accruals often arise when the projected freight costs are consistently overestimated or underestimated. Without matching the estimated freight costs with the actual costs of freight, companies have faced significant surprises when closing their books.
9. Unused Discounts & Credits
Purchasing departments and division heads work hard to secure discounts with their preferred vendors, and vendors often issue credits for returns and past mistakes. However, many companies never fully utilize their available discounts and credits. In many cases, business line managers issue and authorize purchase orders in a rush to get their projects accomplished without taking the time investigate the available discounts and credits. Accounts payable managers then execute on the approved POs without context of whether the company is overpaying its vendors.
10. Errors in Data Aggregation
With the end of every reporting period, accounts from the procure-to-pay process roll up into the general accounting systems. Depending on the company, this data aggregation includes multiple iterations of the same ERP system or integration of heterogeneous systems. In either case, errors and control violations occur in this data aggregation as information is formatted, manipulated in spreadsheets, reformatted and uploaded.
posted by Brian Moran @ 2:01 PM