Find out what biometric verification is and why it’s important – especially in a new AI-powered era.
Payment Security 101
Learn about payment fraud and how to prevent it
The goal of the Accounts Payable (AP) function in any organisation is simple: To ONLY pay invoices that are legitimate and accurate. At first glance this goal seems straight forward. However, any Accounts Payable function can quickly become overwhelmed when processing large numbers of invoices from hundreds, if not thousands, of suppliers. Without rigorous Payment Controls in place, your organisation may find itself facing major losses due to fraud and error throughout the Procure to Pay cycle.
Following this 8-Step Guide will ensure your Accounts Payable function follows best-practice principles that mitigate the risk of incorrect payments.
(Prefer reading the .PDF? Download the guide here.)
The first step to ensuring your Accounts Payable function runs effectively and efficiently, is having clear requisition policies and procedures set down by your organisation’s Board or Senior Management.
These rules must clearly stipulate the types of requisition requests, including dollar values, that require managerial authorisation. When managerial authorisation is necessary, the rules must specify which specific managers in each function or department are tasked with approving or denying requisition requests. Budgetary parameters must also be clearly stipulated in advance.
Quality assurance controls may also need to be mandated by the Board or Senior Management for certain types of goods or services. These may necessitate managers obtaining approval from other individuals with specific expertise. For example, prior to purchasing third-party software, the manager of a department may need to seek the approval of an IT manager, to ensure the software meets minimum security standards.
All staff need to be aware of the requisition policies and procedures, which typically include:
Once your organisation has agreed internally to purchase a particular good or service, it is necessary to advise the supplier of your decision. This is done through the issuance of a Purchase Order (PO).
Typically, a Purchase Order is used for the purchase of a single good or service, whereas a contract is negotiated with a supplier for ongoing commercial arrangements. The Purchase Order may outline specific details about the purchase including price, quantity, quality specifications and fulfillment times.
The process for issuing a Purchase Order includes:
Copies of the Purchase Order should be supplied to:
Maintaining an accurate and up-to-date Vendor Master File is critical. Data anomalies increase the risk of payment errors. Furthermore, lax internal controls can result in cases of internal fraud.
When considering that the average Vendor Master Files contain 25% anomalous data, this is a significant risk that all organisations should be addressing.
When onboarding new suppliers into your Vendor Master File, follow these steps:
In an ideal world, every supplier would fulfil every Purchase Order accurately and on time. However, in reality, this is often not the case. All too often suppliers do not fulfil their obligations. Every organisation’s Accounts Payable function has a responsibility to ensure payments are not processed to a supplier unless they have fulfilled their obligations as outlined in the Purchase Order.
Some of the common problems organisations experience with suppliers of goods include:
Best-practice mandates that the following steps should be followed when suppliers fulfil orders:
In some organisations, the requisitioner will also complete a separate Inspection Report. This is a qualitative assessment to determine whether the goods procured meet expectations. This can also be a useful mechanism to determine whether services purchased align with the Purchase Order. If undertake, the Inspection Report should be made available to the AP team and filed under the correct supplier code number in the Vendor Master File.
With the right systems and procedures in place, it is possible to efficiently determine whether an invoice is legitimate and accurate. This allows your Accounts Payable team to efficiently process those invoices that need to be paid, whilst avoiding fraud or error.
The following steps represent best-practice when it comes to receiving and handling invoices:
As discussed above, some suppliers send invoices that do not align with the Purchase Order. They may be incomplete or incorrect invoices. This can result in significant inefficiencies and will require your AP team to liaise with both the supplier and the requisitioner.
Some of the common challenges found in invoices include:
Determining whether or not an invoice should be paid is one of the most important responsibilities of the Accounts Payable team.
Once an invoice is received, the Accounts Payable team needs a system to check the validity of the invoice. This is achieved through either 2, 3 or 4 Way Invoice Matching.
Inadequate reporting and filing systems would make Invoice Matching impossible. Only when Purchase Orders, Receiving Reports and Inspection Reports are created according to established procedures, will the Accounts Payable team be able to efficiently access the information they require to conduct Invoice Matching.
If, for whatever reason, an invoice does not match with the Purchase Order, Receiving Report or Inspection Report, payment should be stopped pending further information. The Accounts Payable team should seek further clarification from the requisitioner, who may need to liaise with the supplier to address certain issues.
Guidance for whether to opt for 2, 3 or 4 Way Invoice Matching is a determination of the Board or Senior Management. Typically, smaller invoices will only require 2 Way Invoice Matching. Larger invoices will require 3 or 4 Way Invoice Matching.
As stated previously, the purchase of services will not require a Receiving Report but may require an Inspection Report.
Payment processing is a high-risk activity due to the possibility that supplier banking details have been fraudulently manipulated or erroneously entered into your systems.
If your organisation’s Accounts Payable function has carefully followed the steps outlined above, the risk will be significantly lower. However, fraud and error can occur at any stage of the payment lifecycle, so careful verification of banking details needs to take place just prior to the disbursement of funds.
Implementing these controls will help you verify banking details before issuing electronic funds transfer (EFT) payments to suppliers:
This free tool allows you to verify the supplier’s banking data against eftsure’s database comprising over 2 million Australian organisations. It allows you to ensure, in real-time, that the supplier’s Account Name aligns with their BSB and Account Number.
Adhering to these 8 Steps will help ensure your organisation’s Accounts Payable functions operates effectively, whilst reducing the risks you face of fraud and error throughout the Procure to Pay cycle.
Whilst many of these steps may be manual, resource intensive and time consuming, they are essential to ensuring only legitimate and accurate invoices are paid by the Accounts Payable function.
By embracing a Shift Left approach that embeds security considerations throughout the Procure-to-Pay lifecycle, you can ensure your organisation is safeguarded against losses due to fraud or error.
The good news is that technologies now exist that can help automate a range of these essential steps. Platforms, such as eftsure, drive efficiencies throughout the Procure to Pay process. Whether it’s onboarding and maintaining a clean Vendor Master File, checking supplier credentials for compliance purposes, or ensuring that EFT payment details are accurate, eftsure is a tool that allows you to embrace Automatic Controls to operate your Accounts Payable function effectively and efficiently.
Contact eftsure today for a no-obligation demonstration of how we can help ensure your Procure to Pay cycle runs efficiently and securely.
CLICK HERE to receive a FREE COPY of our Procure-to-Pay Checklist – So you can make sure you’ve taken all the necessary steps before processing an invoice.
You may have heard of the term “FinOps” being thrown around. But what exactly is it? Why is it important for finance …
Financial leaders face an escalating risk of cyber-crime, with tactics becoming more and more sophisticated. As threats grow, it’s increasingly critical for …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.