5 best internal controls over vendor master file
Internal controls over vendor master file keep your data secure with clear rules, audit trails, and consistent oversight for long-term data integrity
Sometimes small details make a big difference. In this blog, we will explore the importance of having a dedicated Accounts Payable (AP) email address that is used exclusively for managing invoices and communications between the AP team and suppliers.
To many, this may seem like a small detail. However, in our view, this is one of the most important controls that will help ensure your AP team operates efficiently. A dedicated invoice email address can also help protect your organisation from the rising risk of invoice fraud.
Running an efficient AP function is easier said than done. This is especially true for large organisations that need to process hundreds, if not thousands, of invoices each year. Unless you have the right systems and processes in place, things can quickly descend into a confusing mess. And, as we know, when things turn messy, you run the risk of making incorrect payments.
That is why you should take the time to put into place controls that will help your AP team manage the flow of incoming invoices.
For any organisation managing large numbers of suppliers, it’s all too easy for invoices to disappear. Some suppliers may send invoices through to the employee that is requisitioning the good or service. Other suppliers may send their invoices to various individuals within the accounting department.
It’s not hard to imagine invoices easily slipping through the cracks, resulting in missed deadlines and late-payment fees.
Communicating to suppliers a clear process for them to follow when sending invoices is essential. In previous times, many organisations had a dedicated PO Box to receive invoices. In this day and age, when most suppliers send invoices via email, a dedicated email address is an ideal alternative.
Building and maintaining strong relationships with your suppliers starts with open communications. This is particularly the case when it comes to matters surrounding the payment of invoices.
It’s important that your communications with suppliers are comprehensive and easily accessible to all members of your AP team. In the event that a supplier sends through an incomplete or inaccurate invoice, the AP team will need to communicate with the supplier in order to request that the invoice be resent.
Likewise, if you are short paying an invoice, the reasoning needs to be clearly communicated to the supplier.
Records of all such communications will be easier to maintain if a single dedicated email address for invoices is used. Any member of your AP staff will immediately have access to the full communications chains.
We know that cyber criminals are routinely targeting AP teams in an attempt to carry out invoice fraud. They may be manipulating payment details in invoices, conducting phishing expeditions or sending hidden malware to your AP team. Whatever their modus operandi, invoices coming in via email can pose a serious security threat to your organisation.
The staff members with access to these emails need extensive training in identifying anything suspicious.
For example, they need to be on the lookout for ‘From’ addresses that don’t exactly match the supplier’s domain. They need to be trained to hover over any links with their cursor to identify potential phishing attempts. They need to be aware of the risks associated with attachments. Importantly, they need to carefully look at the content of emails for telltale signs of malicious intent, such as poor grammar and spelling.
By restricting the receipt of all invoices to one dedicated email address and limiting the number of people with access to it, you can ensure those individuals receive the training they need to keep your organisation secure.
Maintaining data accuracy and consistency over the entire life cycle is a key priority for all AP functions. This means that you need a system in place to ensure that data contained in invoices is accurately encoded into your ERP/Vendor Master File.
It is important to ensure that a limited number of individuals in your AP team have responsibility for encoding invoice data, so you can reduce the risk of data anomalies creeping into your accounting systems.
Furthermore, Segregation of Duties principles mandate that data encoding and data verification should be conducted by separate individuals. This is essential to prevent errors or internal fraud that may result in incorrect payments. By having a dedicated email address for incoming invoices, and limiting the individuals with access to that email account, you can more effectively ensure you are adhering to Segregation of Duties principles.
Whilst the AP function of any organisation needs to ensure that only legitimate and accurate invoices are paid, it also needs to ensure that payments are processed on time. Late payments can undermine relationships with suppliers. They can also result in late-payment fees being charged.
One of the most common reasons for late payments is that suppliers send through invoices to individual employees within the organisation, usually the employee who has requisitioned the good or service. All too often, emails containing invoices sit in an individual employee’s inbox for a long time before they are forwarded on to the AP team.
By having a dedicated email address for all invoices, and ensuring that all suppliers are aware that they need to send their invoices to that dedicated email address, you can help ensure suppliers are always paid on time.
One of the biggest challenges that AP teams face is handling duplicate payments. Without a proper plan for handling invoices, it is easy for mistakes to be made and for invoices to be paid more than once.
If every supplier sends through invoices to different people in your organisation, or suppliers send the same invoice to multiple people in your organisation, it can be exceedingly difficult to keep track of which invoices have already been paid. Conceivably, two members of the AP team could end up processing an invoice at the same time.
With a single dedicated invoice email address, it will be much easier to keep track of what invoices have come through, and which invoices have been paid – all essential to managing invoices and avoiding duplicate payments.
The template below can be used for informing all your suppliers that they need to send invoices to your dedicated email address, as well as the information they should include in the invoice:
For further information on managing invoices and how to run your Accounts Payable function according to best practices, read our full 8 Step Procure-to-Pay Guide.
Internal controls over vendor master file keep your data secure with clear rules, audit trails, and consistent oversight for long-term data integrity
The vendor master data cleansing process is a critical activity every AP team should periodically undertake to stop payment errors and fraud.
Establishing vendor master file best practices is the first step to cleaning your how your supplier data should be handled and maintained.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.