Accounts payable controls are used to mitigate the risk of losses in the payables function. Payables controls are aggregated into three general categories, which are verifying the obligation of the business to pay, entering the payables data into the computer system, and paying suppliers. The controls are as follows:
Obligation to Pay Controls
The verification of obligation to pay can be accomplished through one of several possible controls. They are:
Invoice approval. The person in a position to authorize payment signifies his or her approval of a supplier invoice. However, this is actually a relatively weak control if the approver only sees the supplier invoice, since there is no way to tell if the goods or services were received, or if the prices being charged were what the company originally agreed to. The approver may also want to know which general ledger account will be charged. Consequently, it is better to have the payables staff first assemble the supplier invoice, authorizing purchase order, and receiving documentation into a packet, and then stamp the invoice with a signature block that includes the account number to be charged, and then have the approver review it. This approach gives reviewers a very complete set of information to work with.
Purchase order approval. The purchasing department issues a purchase order for every purchase made. By doing so, the purchasing staff is, in essence, approving all expenditures before they have been made, which may prevent some expenditures from ever occurring. Since this control entails a considerable amount of work by the purchasing staff, they will likely ask employees to request items on a formal purchase requisition form.
Complete a three-way match. The payables staff matches the supplier invoice to the related purchase order and proof of receipt before authorizing payment. This approach supersedes the need for individual invoice approval, since approval is based on the purchase order instead. It is also better than approving only based on the purchase order, since it also verifies receipt of the goods. However, it is also painfully slow and can break down if there is missing paperwork.
Manual duplicate payment search. A computerized payables system conducts an automatic search for duplicate invoice numbers. This is a much more difficult endeavor in an entirely manual accounting system. In this case, the payables clerk can search through the vendor file and unpaid invoices file to see if an invoice just received from a supplier has already been paid. In many situations, the volume of incoming supplier invoices makes this so difficult that the payable staff abandons any attempt to identify duplicate invoices, and simply accepts that it will occasionally pay for such items.
Data Entry Controls
There are several ways to ensure that all supplier invoices have been entered in the accounts payable system, though these controls have varying degrees of success. The controls are:
Record after approval. This control forces the accounts payable staff to verify the approval of every invoice before entering it into the system.
Record prior to approval. This control places greater priority on paying suppliers than it does on obtaining authorizations to pay, since every invoice received is recorded in the payables system at once. This control works best where purchase orders have already been used to authorize a purchase.
Adopt an invoice numbering guideline. Perhaps the largest problem in the area of payables data entry is duplicate payments. This would not appear to be a problem, since most companies use accounting software that automatically detects duplicate invoices and prevents duplicate payments. However, there can be inconsistency in how invoice numbers are recorded. For example, do you record invoice number 0000078234 with the leading zeros or without them? If the same invoice is presented to the payables staff twice, and it is recorded as 0000078234 one time and 78234 the next time, the system will not flag them as being duplicate invoices. The same problem arises with dashes in an invoice number; an invoice number of 1234-999 could be recorded as 1234-999 or as 1234999.
Match to budget in financial statements. If a supplier invoice was incorrectly charged to the wrong department, it is possible that a department manager perusing the financial statements would detect a disparity between the amount charged and the budget, and so would bring the issue to the attention of the accounting department.
The bulk of the controls noted below pertain to payment by check, since that is still the predominant form of payment. The controls are:
Split check printing and signing. One person should prepare checks, and a different person should sign them. By doing so, there is a cross-check on the issuance of cash.
Store all checks in a locked location. Unused check stock should always be stored in a locked location. Otherwise, checks can be stolen and fraudulently filled out and cashed. This means that any signature plates or stamps should also be stored in a locked location.
Track the sequence of check numbers used. Maintain a log in which are listed the range of check numbers used during a check run. This is useful for determining if any checks in storage might be missing. This log should not be kept with the stored checks, since someone could steal the log at the same time they steal checks.
Require manual check signing. A company can require that all checks be signed. This is actually a relatively weak control, since few check signers delve into why checks are being issued, and rarely question the amounts paid. If a company chooses to use a signature plate or stamp instead, then it is much more important to have a strong purchase order system; the purchasing staff becomes the de facto approvers of invoices by issuing purchase orders earlier in the payables process flow.
Require an additional check signer. If the amount of a check exceeds a certain amount, require a second check signer. This control supposedly gives multiple senior-level people the chance to stop making a payment. In reality, it is more likely to only introduce another step into the payment process without really strengthening the control environment.