Accounts payable

Accounts payable

Chartered Institute of Internal Auditors

Accounts payable refers to money that an organisation owes to its creditors (ie outside individuals and other businesses) for goods and services provided. They are generally short-term obligations to pay a debt and interest would not normally be charged if paid on time.  Accounts payable should not include payments to staff which should be paid via the payroll or expenses system.

The systems for ordering, receipt and payment for goods and services may represent some of the most significant systems within an organisation. Regardless of expenditure type there is a need to ensure risks are fully identified, assessed and mitigated by applying robust controls to ensure operations run effectively.

Organisations should have systems and procedures which properly support expenditure in terms of committed expenditure, value for money, declarations of potential conflict of interest with controls in place to protect funds from fraud and corruption. These systems are often linked to procurement, which is outside the scope of this guidance.

Our guide considers the following questions:

How does an account payable work?

How are payments made?
What does ‘payment terms’ mean?

How are accounts payable accounted for?

Why do accounts payables matter?

What can be included in an audit of accounts payable?

What potential control weaknesses need to be considered?

What is the Public Sector Payment Policy (PSPP)?

What are the main categories of invoice fraud?

What are some of the most common types of invoice fraud?

What are the potential risks and likely management responses?

 How does an account payable work?

The most common form of an account payable is a purchase made on credit, via a purchase order (or equivalent), to a supplier. Not all invoices will have a purchase order such as utility bills. The supplier subsequently expects payment of the debt within the agreed credit terms.  Some suppliers offer discounts to incentivise early payment.

The purchasing organisation usually receives an invoice from the supplier (creditor). Following a number of checks undertaken by the ordering department, such as, the goods ordered match the goods received, the agreed price/discounts have been applied, the invoice is arithmetically correct then it will be approved for payment by the budget holder. The supplier record will be updated by the finance department (purchase ledger) to show the amount owed as a creditor balance within the accounts payable ledger (until the debt is paid).

 What does ‘payment terms’ mean?

Payment terms, or credit terms, can be unique to the purchasing organisation. There may be a cash-discount incentive for early payment (within a defined number of days). As an example, 5% Net 30 means the debtor can deduct 5% from the invoice total if payment is made within 30 days. A payment after day 30 would have to be for the full amount, or possibly more if the invoicing organisation includes a penalty for not paying within 30 days.

 How are payments made?

Organisations use a variety of methods to pay a creditor.  More recently, these include ePayables which automate the manual and paper elements of the process.  Prior to paying an invoice, the organisation should have a verification process which includes the budget holder verifying the expenditure and confirming the goods/services were received.  This may involve matching the invoice to the purchase order and delivery slip.  This is known as three-way matching.

Ways an organisation can pay their debts include – cheques, electronic payments (such as Faster Payments, Bacs, CHAPS), cash, card payments (company or personal cards). Whilst it is possible to have to pay cash on delivery for goods or services, this is not explicitly covered within this guidance.

 How are accounts payable accounted for?

Organisations usually use accounting software to record and monitor cashflow, including accounts payable. Regardless of the system used, organisations will need to account for the debt.

Budget holders

When a purchase order is raised it is good practice to raise a commitment against a particular budget code enabling the budget holder to see the balance remaining. System controls should be in place to stop overspends taking place for that budget code. When the invoice is received/paid the committed expenditure will move to ‘actual’ expenditure enabling the budget holder to have a clear picture of spend.

Creditor/purchase ledger team

In addition to receiving (either directly or via the budget holder) and processing invoices for payment this function will also be following up on unauthorised invoices, reviewing aged creditors reports (accounting software allows organisations to sort its accounts payable according to the dates when payments will be due), credit limits are not being exceeded to ensure that any increases do not go unnoticed or inaccurate balances are not going undetected and reconciliation of supplier statements to confirm receipt of invoices/credit notes and identify invoices they have paid that have not been processed by the supplier.

Finance team

At the end of every accounting period the finance team usually prepare a set of accounts showing the financial position to that point in time. There will be some purchase invoices that have not yet been received, approved or fully matched. As a result these amounts will not have been entered into the accounts payable account (and the related expense/asset account).

To take account of this an adjusting entry – ‘accrual’ will take place at the end of the accounting period.  The balance in accrued liabilities will be reported in the current liability section of the balance sheet immediately after accounts payable.

Company Y balance sheet

Current Assets: Current Liabilities:
Cash Accounts payable
Cash equivalents Accruals
Short-term investments Bank overdraft
Accounts receivable Short term loans
Sub total Sub total

 Why do accounts payables matter?

The payment of debts according to payment terms is vital to ensure the organisation maintains accurate cashflow and has visibility of their financial performance to operate effectively.  An organisation that has persistent debt may also struggle to gain further credit elsewhere, or present themselves as a viable concern. Frequently delayed payments can lead to the supplier withholding goods or services, which can be risk for organisations that are overly-reliant on individual suppliers.

Many organisations have a dedicated accounts payable manager or team. Proactive management of accounts payable includes:

1. Compliance with contractual arrangements and regulatory requirements

Organisations should ensure that they are operating within their contractual boundaries and within any requirements imposed by regulator (e.g. where paying on time is the norm and late payment is seen to be unacceptable across the business community resulting in late payment interest and debt recovery costs). This can be monitored using data available in the accounts payable function.

2. Checking the supplier is within risk appetite

This can include obtaining credit ratings, or ensuring their sustainability and ethical processes are concurrent with your own.  This may be a function carried out elsewhere in the organisation, rather than by accounts payable.

3. Monitoring and maintaining cashflow including regular review of debit balances

An organisation must be aware of any cash shortfalls or surpluses and be able to manage these. Accounts payable can provide regular reports enabling management to make cashflow decisions.

4. Sustainability/viability of organisation

Organisations should ensure that they don’t impact their longer-term viability by taking on too much debt. Data available within the accounts payable function can assist management with monitoring financial performance.

5. Future potential investment funds

Where an organisation has a surplus of funds, these should be managed appropriately and may be invested. Accounts payable, or the finance function, can assist with monitoring, or may have automatic ‘sweep’ accounts set-up to remove cash from a current account into a higher-interest account, and back again, based on previously agreed amounts.  If the organisation has a treasury or investment function they may be involved with this, or carry out the role.

6. Maintaining relationships/building reputation with suppliers

An accounts payable function has regular liaison with suppliers, and can build relationships, for example when discussing invoices, payment terms or timing of payments.

 What can be included in an audit of accounts payable?

Controls to be considered for testing/review:

  1. Policy and standard operating procedures are in place and disseminated to accounts payable and other organisational staff.
  2. Roles and responsibilities are clearly defined, with adequate segregation of duties and delegated approved ordering and payment authorisation limits.
  3. Official orders are raised in respect of all goods and services required by the organisation.
  4. There is adequate control over the creation and amendment of creditor master-file data, particularly bank account details. This is an area of increasing fraud where organisations are duped into changing supplier payment data and then make payments to fraudsters.
  5. There is adequate segregation of duties to ensure payments are only for goods and services received, including creating the requisition and purchase order, receiving the invoice and making the payment.
  6. Management review information in respect of invoices on hold and act upon it accordingly.
  7. Management periodically review all debit balances and take any necessary action.
  8. Payment runs are authorised in accordance with procedures stipulated prior to processing.
  9. The custody and handling of cheques and/or other negotiable instruments is secure and properly controlled.
  10. There is suitable three-way matching to ensure that authorised staff undertake this role, including segregation to ensure the three checks are not completed by one person.
  11. Reconciliations are timely and accurate, with any queries followed-up.
  12. Expense is coded to the correct budget holder, area and expense type.
  13. Authorised signatories are in place (either electronically or paper-based signatory lists).
  14. Input to and output from electronic payment systems is adequately controlled.
  15. Payments are correctly coded within the payment system to the cost centre and subjective codes.
  16. Other payment data (such as due date) are recorded accurately to enable monitoring to be undertaken.
  17. Mechanisms are in place to ensure that duplicate payments are avoided and/or detected.
  18. Systems ensure that invoice values paid are in accordance with contract prices.
  19. Systems to ensure that credit notes are controlled and actioned.
  20. Availability of system generated reports that provide such statistics as average time to pay a supplier, trends, etc.
  21. Adequate training/guidance is available to staff to support the identification of recoverable VAT.
  22. There is a mechanism in place to periodically review the effectiveness of recoverable VAT identification and coding.

 What potential control weaknesses need to be considered?

Potential control weaknesses include:

  1. Procurement procedures are not being adhered to.
  2. There is no segregation of duties between the officers requisitioning, ordering, receiving goods and authorising the invoice for payment.
  3. Goods or services are obtained from inappropriate suppliers.
  4. Payments made without due authority.
  5. Payment made for goods/services not received.
  6. Payments made to the incorrect supplier.
  7. Duplicate payments.
  8. Late payment/breach of Public Sector Payment Policy.
  9. Fraud/theft.
  10. Payments are not correctly accounted for impacting on the customers’ ability to prepare statutory accounts.
  11. Payments are not in line with agreed contract/order values.
  12. VAT exemptions are not applied, resulting in overpayments.

 What is the Public Sector Payment Policy (PSPP)?

All central government departments and their agencies are required to:

  • Comply with the CBI Prompt Payment Code and Government Accounting regulations. The annual report and accounts must include payment policies and whether they have adhered to the CBI code;
  • Publish detail of their payment performance in their annual reports and accounts; • Publicise their arrangements for handling complaints about failure to pay on time.

Government Accounting regulations require that all bills are paid within contract terms.  Where no contract exists bills should be paid within 30 days of the receipt of goods or a valid invoice, whichever is later.

 What are the main categories of invoice fraud?

There are four common kinds of invoice fraud:

1. Insider fraud

This refers to cases of fraud in which an insider’s access to the organisation’s assets and payments, or their ability to influence the outcomes of organisational processes, would be essential for committing the fraud.

2. Supplier fraud

This includes any fraud for which it can be shown that steps were deliberately taken by the supplier to mislead the organisation with a view to obtaining payments that were not properly due.

3. Mandate fraud

This is also variously described as ‘change of bank account scams’, ‘payment diversion fraud’ or ‘supplier account takeover fraud’. This type of fraud occurs when someone gets an organisation to change a direct debit, standing order or bank transfer mandate, by purporting to be from a supplier they make regular payments to in order to benefit from unauthorised payments.

4. Publisher fraud

This involves organisations being misled into erroneously paying for services such as advertising space in publications, which are not required and may not be provided.

 What are some of the most common types of invoice fraud?

Some of the most common types of invoice fraud include:

  • Duplicate invoicing.
  • Including hidden or incorrect fees, such as ‘handling fees’, ‘on-costs’ and ‘administration fees’.
  • Over-inflated agency commission above contracted rates.
  • VAT fraud, such as VAT charged on invoices without a VAT registration number.
  • Invoicing for services that were not supplied.
  • Invoices are sent to for adverts in publications that do not exist.

How to prevent and detect fraud

1. Establish the right culture

Setting the right anti-fraud culture within the organisation is vital in preventing fraud and corruption. Ensure those involved in the process of payment of invoice comply with policies and procedures.

2. Skills and knowledge of staff

Staff at all levels should be aware of the existence of the anti-fraud policies in place and, where necessary, be familiar with their detailed provisions. Training should also be provided to relevant staff on anti-fraud issues to ensure that staff are aware of fraud indictors which will require further investigation.

3. Maintain register of changes of suppliers’ details

Appropriate contact should be made with the (real) supplier using original contact details to confirm changes and then sent a bank account amendment form for their Finance Director or Company Secretary to sign, confirming the change of bank account details.

4. Know your supplier

Suppliers should be asked to confirm information already held by the organisation, such as the previous bank account details, registered address, email address, company registration number, company VAT number or the name of the Company Secretary.

5. Actively monitor the payment process

Continually monitor the internal control framework to ensure it remains effective. Undertake regular fraud risk assessments and systems audits to identify threats. Undertake accounts payable audits to identify duplicate payments, incorrect supplier payments, missed discounts and rebates and tax errors.

6. Communication

Suppliers should be made aware in writing of the organisation’s policy regarding changes to methods of payment bank account details.

 What are the potential risks and likely management responses?

Risk 1

Inefficient or ineffective procedures will hinder our ability to pay debts in a timely and correct fashion.

Potential impact

  • Insufficient supporting documentary evidence for all transactions and balances which increases the risk of fraud and/or late payments which in turn could result in late payment interest and debt recovery costs.
  • All transactions are not processed or not processed correctly resulting in incorrect information being produced and impacting on cash flow.
  • Transactions are not recorded on a timely basis, or in the correct period, resulting in poor working capital management.
  • Inaccurate balances leading to disputes by creditors, delays in payments and/or unnecessary recovery action taken.
  • Inappropriate access to the accounts payable system

Potential response

  • Formalised policies and procedures are in place that includes minimum information requirements to support purchase orders raised.
  • Documentation raised for manual purchases are physically filed and retained.
  • All purchases and supporting orders and invoices are automatically archived in the organisation’s accounting system.
  • A formal, approved document retention policy is in place which includes purchases and payables documentation.
  • An order acknowledgment is sent to the supplier as confirmation of the purchase order and corresponding payable balance.
  • The accounting system will not allow a transaction to be posted more than once.
  • Invoices must be matched to supporting documentation (e.g. goods receipt notes or purchase orders) before they are processed.
  • Where a manual process exists, purchase invoices are posted in the accounting system daily.
  • Purchases and corresponding entries to accounts payable are recorded in the general ledger automatically from the data held on the original purchase order.
  • The accounting system automatically processes the transaction in the appropriate period according to the date of the invoice.
  • Statements received are checked to the customers account.
  • The accounts payable team will agree and tick off all debit amounts from bank statements to the relevant customer account.
  • The accounts payable ageing report is reviewed by the accounts payable team on a weekly basis and is formally reviewed and signed off by senior management.
  • Analytical procedures are performed (weekly, monthly, or yearly etc.) using comparative data, reconciliation or other analysis, and are reviewed and signed off by management.
  • Non-standard journal entries are reviewed and approved by a member of senior management prior to posting.
  • Creditor Ledger Reconciliations are performed.
  • Adequate separation of duties has been established.
  • Cheques payments requests are passed with the supporting documentation to an authorised signatory for review and signing.
  • Bank reconciliations are performed on at least a monthly basis.
  • Periodic review of a sample of invoices raised where the company is both a customer and a supplier to determine whether netting off occurs.
  • Clear communication that netting off is not permitted.
  • Regular standard exception reports are produced and reviewed.
  • Access reports are produced and reviewed.
  • A joiners/leavers/movers process is in place to ensure that access privileges are appropriate and are removed for staff leaving the organisation or updated to reflect changes in job roles.

Risk 2

Inappropriate or invalid payments will impact our financial performance and ability to monitor budgets effectively.

Potential impact

  • Unauthorised orders are placed leading to budget overspend.
  • Fraudulent/inaccurate payments are made.
  • Payment runs are erroneous or not authorised.
  • Fraudulent supplier accounts set-up/amendments.
  • Fraudulent invoices received for items not ordered or received.

Potential response

  • Delegated authorities list in place (expenditure limits).
  • Segregation of duties (between raising order/checking goods received/invoice payment).
  • Three way matching prior to payment (order/goods received note/invoice).
  • Verification of suppliers prior to payment.
  • Requirement for cheque payments to have a second signatory.
  • Price checks undertaken to agreed contract prices.
  • Authorised signatories/ e-signatures list in place.
  • Process in place to review and approve a payment run prior to payments being made.
  • Access to payment files is protected to prevent manipulation.
  • Reconciliations exception reports are produced and reviewed.
  • New supplier approval forms/ e-forms are completed and authorised prior to new suppliers being input.
  • Control of changes to supplier accounts taking place.
  • Purge redundant supplier accounts.
  • Fraud awareness training for all staff.
  • Verification of VAT numbers on invoices.
  • Process for reporting and investigating erroneous/suspicious invoices and claiming refunds/credits where appropriate.

Risk 3

Delays or payments that are untimely will damage our business reputation and may lead to misconceptions regarding financial performance

Potential impact

  • Late payments are made, incurring penalties.
  • Non-compliance with Public Sector Late Payments Act 1998.

 Potential response

  • Monitoring of payments and aged creditors.
  • Monitoring of payments by finance department.
(Visited 41 times, 1 visits today)
Share this:

Written by 

One thought on “Accounts payable”

Leave a Reply

Your email address will not be published. Required fields are marked *