Internal Controls

We Are Procure to Pay Internal Control Experts

Business Strategy will review your existing controls when we perform a Procure to Pay Risk Assessment. We will also provide you with best practices that will help you implement a controls self-assessment process and provide a foundation of the internal controls program required by Sarbanes-Oxley Act Section 404.

We have provided some examples of our Procure to Pay Internal Controls expertise for you. Take a look below for the key controls for your Vendor Master, Invoice Processing, and Disbursement Processes.

Vendor Master Controls:

Since the accounts payable function is responsible for the proper disbursement of funds to the correct vendor, accounts payable professionals should ensure that the vendor has been validated before set-up on the vendor master.

  • Segregation of duties controls are exercised when granting system access to the vendor master.
  • All vendors require a W-9 prior to set-up on the vendor master.
  • In some cases a vendor profile form is required. (i.e. global vendors)
  • Vendors are screened against Office of Foreign Asset Control (OFAC) and other government watch lists or according to company policy.
  • Inactive vendors are flagged or purged on an annual basis atleast every 13-15 months.
  • Changes to the vendor master are accurate and reported for audit purposes.
  • Address of vendor is validated as accurate and reported for audit purposes.
  • Updates to employees on the vendor master are accurate and complete.
  • Electronic Data Interchange (EDI) vendors are properly set up and appropriately validated.
  • There are standard vendor naming conventions.
  • Duplicate vendor remit to addresses are reviewed with appropriate action taken.

Invoice Processing Controls:

The accounts payable function is responsible for the timely and accurate processing of invoices adhering to the internal controls listed below:

  • Segregation of duties controls are exercised when granting system access to invoice processing functionality.
  • Vendor is paid once and only once.
  • Discounts are taken if appropriately approved.
  • Vendor invoice is paid upon validation with goods received and purchase order. Blocked three-way match exceptions are not processed and are monitored by Accounts Payable for clearing.
  • Vendor is paid at the appropriate price in accordance with the terms and conditions of the contract.
  • Payments to contract labor vendors do not exceed the authorized amount.
  • Purchases are authorized and in accordance with the company's approval levels. Third party support (invoices/contracts) is sent directly to Accounts Payable.
  • Interface, EDI, and spreadsheet upload transactions are accurately and completely transmitted to the Enterprise Resource Planning (ERP) system.
  • Transaction is accurately reflected in the general ledger; Accounts Payable reconciliations for aging and clearing accounts are promptly performed and reviewed in a timely fashion.
  • Invoices are processed according to invoice payment terms.
  • EDI transactions are accurate and completely recorded in the organization’s ERP system.

Disbursement Controls:

Along with payroll, accounts payable represents the largest percentage of disbursements within a company. It is critical to adhere to the following internal process controls to detect and prevent fraud within a timely manner.

  • Check requests should be routed to the appropriate personnel for review prior to payment release.
  • For audit purposes, disbursement activities should be traceable to the general ledger and bank statement.
  • Approved purchase orders, receiving transactions, and invoices must support requests for payment.
  • Vendor discounts should be taken according to company policy.
  • Disbursements must be recorded in the period the payment was made.
  • Expenses must be properly and accurately recorded in the accounting records during the period in which the liability was incurred.
  • Blank checks should be properly stored and safeguarded in a secure area.
  • Ensure proper accounting for void or canceled checks.
  • Specific limits of signed authority must be established for bank accounts.
  • Banking and disbursement information must be safeguarded from loss or destruction.
  • Checking accounts must be provided with a “match pay”, “positive pay”, or “positive payee” control that permit a preview of checks presented to the bank for payment.
  • Check requests are used for the proper purpose and are limited in value.
  • Ensure that the Automated Clearing House (ACH) network accounts have debit blocking capabilities to ensure that no unauthorized debits can be placed.

We will also provide you with best practices that will help you implement a controls self-assessment process.

Internal Controls Services

  • Contract Compliance
  • Vendor Master File
  • Invoice Processing
  • Manual Check Processing
  • Clearing Account Reconciliation
  • Disbursement
  • Account Reconciliations
  • Segregation of Duties
  • Delegation of Authority
  • System Access Controls