Accounts Payable News^®

Take Control

All Finance Managers know that internal controls are a necessity to the organisation’s governance, operations and information systems in relation to:

• Reliability and integrity of financial and operational information
• Effectiveness and efficiency of operations.
• Safeguarding of assets.
• Compliance with laws, regulations  and contracts

Types of internal controls :

• Preventative
• Detective
• Directive
• Monitoring

Within the finance department the following processes and procedures should be second nature to all staff:

Preventative:

These prevent undesirable effects from occurring for example:-

Approvals

Before payment is made, a supplier invoice should be checked and approved by the person who placed the original order to ensure it shows: the correct goods, the correct quantity and correct price (including any agreed discounts).  This can be tracked by use of Purchase Order Numbers given to the supplier before invoice is sent.

Authorisation

• Cheques and electronic payments should be correctly authorised
• All fixed asset purchases up to a value of £[1,000] require authorisation by a Director
• All fixed asset purchases over and above £[1,000] require authorisation by two Directors

Verification

• Ownership of assets is verified by documentation: eg contract, lease agreement, purchase invoice
• Sales commission is verified by supporting documentation: eg Purchase Order or signed contract

Segregation of Duties

• The person recording bank transactions should not perform the bank reconciliation
• The director authorising capital expenditure should not update the fixed assets register
• A salesman should not be able to change standing data files for prices or commission rates

Safeguarding Assets (Physical Controls)

• Cash and cheques are locked in the safe
• All fixed assets are security-tagged
• There is restricted staff access to the computer file server room
• Periodic stock counts

Processing Controls

• Batch totals (completeness, accuracy)
• Unique ref no., invoice no (completeness, accuracy)
• Numerical sequence checks
• Exception reports

Computer Controls

• Location of server
• Passwords
• Restricted program access
• System software maintenance - restricted access, access logs
• Time-out

Detection

Detects events after they occur

Reconciliations

• Bank reconciliations
• Supplier statement reconciliations

Inter-company/group balance reconciliations

Fixed assets register to accounting system

Review of Operating Performance

• Management accounts - budget to actual
• Analytical review
• Ratio analysis

Directive:

Encourage desirable behaviour (contract terms, incentives)

• Policies and procedures manuals
• Recruitment controls - background checks, references, evidence of qualifications
• Quarterly visits to all locations/sites

Monitoring Controls

• Monthly management reporting
• Duplicate Payment Software

Computer Assisted Auditing Techniques (CAATs)

There is no mystique about using a computer to help with auditing - for example, most systems allow data to be manipulated in various ways and extracted into an ad hoc report.  For instance, a complete list of debtor balances could be filtered so that only a list of those over their credit limits was printed out.

Even if reporting capabilities are limited, the data can usually be exported directly into a spreadsheet package and then analysed.Using the search facility is much quicker that searching through print-outs by hand.  This offsets the so called “loss of audit trail” to a significant extent.

There are a variety of packages specially designed either to ease the auditing task itself or to carry out audit interrogations of computerised data automatically

Uses of audit packages:

• Identify trends, pinpoint exceptions and potential areas of concern
• Locate errors and potential fraud by comparing and analysing files according to end user criteria
• Recalculate and verify balances
• Identify control issues and ensure compliance with standards
• Age and analyse accounts receivable, payables or any other time-sensitive transactions
• Recover expenses or lost revenues by testing for duplicate payments, gaps in invoice numbers or unbilled services
• Test for unauthorised employee/supplier relationships
• Automate repetitive tasks by creating custom applications or batches
• Concentrate skilled manual resources on the investigation of results rather than on the extraction of information

Duplicate Payment Finder is particularly appropriate for substantive payment transactions.  It puts you, the Finance Professional in charge of duplicate payment detection, prevention and monitoring.

Maintaining efficiency within Accounts Payable

A primary lesson from the financial failure and collapse of numerous organizations is that good governance, risk management, and internal controls are essential to corporate success and longevity. Because of its unique and objective perspective, in-depth organizational knowledge, and application of sound audit and consulting principles, a well functioning, fully resourced and independent internal audit activity is well positioned to provide valuable support and assurance to an organization and its oversight entities.

Review of the accounting and internal control systems

The establishment of adequate accounting and internal control systems is often  the responsibility of management and the directors which demands proper attention on a continuous basis.  Often, internal audit is assigned specific responsibility for reviewing the design of the systems, monitoring their operation and recommending improvements thereto
Management is responsible for establishing and maintaining a system of internal controls within an organization. Internal controls are those structures, activities, processes, and systems which help management effectively mitigate the risks to an organization's achievement of objectives. Management is charged with this responsibility on behalf of the organization's stakeholders and is held accountable for this responsibility by an oversight body (e.g. board of directors, audit committee, elected representatives).

Examination of financial and operating information

This may include review of the means used to identify, measure, classify and report such information and specific enquiry into individual items including detailed testing of transactions, balances and procedures.
Review of the economy, efficiency and effectiveness of operations including non-financial controls of an organisation. 
Operational audit will look at ways of working, for instance they will examine how information is exchanged between different departments.  This may simply be a review of office layout or it may be the type of work and how it's distributed.

Review of compliance with laws, regulations and other external requirements

A cornerstone of strong governance; internal auditing bridges the gap between management and the board, assesses the ethical climate and the effectiveness and efficiency of operations, and serves as an organization's safety net for compliance with rules, regulations, and overall best business practices.

Management is responsible for establishing and maintaining a system of internal controls within an organization. Internal controls are those structures, activities, processes, and systems which help management effectively mitigate the risks to an organization's achievement of objectives. Management is charged with this responsibility on behalf of the organization's stakeholders and is held accountable for this responsibility by an oversight body (e.g. board of directors, audit committee, elected representatives).

A dedicated, independent and effective internal audit activity assists both management and the oversight body (e.g. the board, audit committee) in fulfilling their responsibilities by bringing a systematic disciplined approach to assessing the effectiveness of the design and execution of the system of internal controls and risk management processes. The objective assessment of internal controls and risk management processes by the internal audit activity provides management, the oversight body, and external stakeholders with independent assurance that the organization's risks have been appropriately mitigated. Because internal auditors are experts in understanding organizational risks and internal controls available to mitigate these risks, they assist management in understanding these topics and provide recommendations for improvements.

Organizations which do not have an internal audit function are therefore missing out on the valuable benefits that professional internal auditors provide. In addition, they are also running the risk of relying on management who may not be in the best position to provide skilled, independent, and objective opinions on internal controls.

Some organizations assign internal auditing on a part-time basis to an existing staff member who has other responsibilities. When this occurs, the person does not have the professional internal audit training or experience necessary for optimal effectiveness. Such organizations run the risk of poorly performed audits and reviews, and this individual, who may be relatively junior in the organization, may lack the organizational status and stature to achieve positive results. In this environment, high-risk processes may not be identified for reviews and serious internal control deficiencies may be overlooked.