What are the Risks in Accounts Payable?

 

woman at desk with stacks of paperwork

While this article spells out the risks in Accounts Payable, and we highly recommend you read about all of them, here are four risks this article will focus on:

  1. Risk of Fraud, Theft and Cybercrime
  2. Risks of the AP Process Dependent on an Internal Team
  3. Difficulty in Finding, Training & Managing Clerical Personnel
  4. Risk of Errors in the AP Process

What is Accounts Payable?

Accounts Payable is a business’ liability, it is everything the business owes to creditors on a short-term basis.
For instance, a company buys goods or services from a supplier on account, payment is not made right away; it is due in 30 days, 60 days, or even longer in some situations. The company will first send a purchase order to the supplier, after which, the supplier will deliver the goods purchased along with an invoice payable by a specific date.

Accounts Payable is recorded in the Balance Sheet under Current Liabilities. It holds the information regarding the company’s debts and obligations in a certain period.

Given its role on the financials of the company, it is important to manage this liability effectively and responsibly to ensure and maintain your credibility in paying debts.

A Closer Look at Four Key Risks in Accounts Payable

Risk #1 – Fraud, Theft and Cybercrime

When it comes to Accounts Payable, poor quality, processes, controls, and staff create opportunities for fraud, theft, and cybercrime. These erode your suppliers’ trust.

Fraud and Cybercriminal activity are carried out by individuals or small groups, internally or externally associated with the company. Accounts Payable Fraud may be done internally by employees and externally by vendors or other third parties looking to gain access to a company’s AP systems. It may be done through billing schemes where an employee produces a false invoice that makes it appear that it is from a valid supplier. Other types of fraud are check fraud, ACH fraud where fraudsters target ACH in cyberattacks, and kickback schemes.

Cybercrime over the last few years has become a much bigger problem for companies of all sizes.  According to the 2021 Association for Financial Professionals (AFP) nearly two-thirds of treasury and finance professionals believe that the COVID-19 pandemic is to blame for some of the uptick in payments fraud at their companies, and 62% of companies indicated business email compromise (BEC) continues to be the most common source of fraud attempts. Accounts Payable departments are the most susceptible to fraud: 61% of respondents report that their AP department is most often vulnerable to BEC.2

According to the results of a recent online survey conducted by the Institute of Finance and Management (IOFM) most of the Accounts Payable leaders responding indicated they believed that their organization’s risk of payment fraud has increased since the start of the pandemic due to the operational disruption: The sudden shift to remote working disrupted established processes and procedures for paying suppliers. 14% of these AP leaders surveyed fear their organization is at “significantly” higher risk of payment fraud.

One common trick is for cybercriminals to pretend to be a vendor requesting changes to bank account or wire instructions, with the company not properly verifying the changes. This is often accomplished when the criminals spoof a vendor’s email address or hack into the vendor’s email address using phishing techniques. Another trick is where the criminals pretend to be a senior employee of the company and request an urgent wire from someone senior in finance; they often find employee names and email addresses through LinkedIn.

According to the Association of Certified Fraud Examiners (ACFE), small businesses lose significant sums to fraud every year, with a median loss of $104,000, with internal control weaknesses responsible for half of the fraud cases. In addition, 2,690 real cases of occupational fraud were recorded with a median loss of $130,000 per case contributing to a total of $7 Billion. Occupational fraud are where a company’s employee, management, official, or owner defrauds the company, with three basic forms generally referred to as the Fraud Tree: corruption, asset misappropriation, and fraudulent statements.

Risk #2 – Dependency on an Internal Team

Fraud risk is not limited to outsiders — your own employees know your systems and processes best. One of the biggest risks of fraud is when employees have access to conflicting functions. Conflicting functions, such as purchase order and payment functions, should be completed by different personnel. Otherwise one person can create a purchase order and pay themselves or a partner. This is the concept known as segregation of duties.

Small firms’ AP procedures are handled by one or a few people, whereas medium and large organizations’ AP processes are handled by an AP department. A lack of segregation of duties and audit/assertions put these smaller companies at greater risk.

Consider whether someone could use the expense cycle to steal funds if segregation of duties is lacking. How? Paying fake vendors, for example. Or paying a vendor twice with the intent of stealing the second check.

Risks in the AP Process also include collusion. For instance, an internal person in charge of payment controls collaborates with an external supplier to arrange for unauthorized payments to be made to the provider. This can happen if a payment is made using duplicate or fully fake payments. The money would apparently be shared in a twisted sort of profit-sharing arrangement once the payments were received by the vendor.

When the AP process is managed by the company’s internal team, it is best to mitigate it by having an Internal Audit group to review AP transactions. This involves additional costs but may prevent collusion.

Risks to Accounts Payable #3 – Difficulty in Finding, Training & Managing Clerical Personnel

The basic AP process begins when an invoice is received. The AP clerk processes the invoice which includes matching the invoice to the purchase order and receipt or determining the appropriate general ledger (GL) account. The invoice is sent for approval as needed. The clerk arranges payment for the invoice after it has been authorized.

However, as basic as it may appear, the AP Process needs considerable supervision and personnel with the necessary skills and technical expertise to handle it properly.

Most organizations find it difficult to recruit AP professionals because of the requisite expertise and the prevalence of occupational fraud in the field. Invoice data capture, coding invoices with the right account and cost center, approving invoices, connecting invoices to purchase orders, posting payments, and most importantly, problem resolution and customer service are all activities and obligations of an AP professional.

Training from many departments is also required to advise employees of the hazards involved with the process, as well as ongoing training to better equip and manage each employee and reduce risks and errors.

Risk #4 – Errors in the AP Process

Because AP is frequently a department comprised of diverse, unconnected systems and procedures, it is where unintentional errors and blatant fraud are most likely to occur.

Invoicing systems that are very manual or rely on paper may further increase the number of errors made by AP employees.

Overpayments, underpayments, payments to the wrong entity, and other irregularities are examples of errors. Excessive invoicing mistakes might indicate a lack of controls in the procurement and accounts payable operations, which could lead to vendor disputes or risk the organization’s ability to meet short-term financial obligations.

The firm suffers financial and time losses because of AP errors.  A typical AP department has a 2% error rate, which means that if your firm disburses $10 million per year, it will cost you around $200,000.

About 70% of an AP professional’s time is usually spent on problem resolution, exception management and customer service activities. This is why quality is so important in the AP process.

Risks in Accounts Payable – Conclusion

The full-cycle AP process is an important element of a company’s operations and financials, and it requires quality and efficiency at every phase. Impact Risks associated with accounts payable may be expensive and have an impact on your vendor relationships.

Of course, no firm can eliminate all risks, but they may be detected and reduced with effective internal controls. Controls to reduce the risk of loss in the accounts payable process would involve segregation of duties, invoice approval, purchase approval, three-way matching, duplicate payment detection, data entry controls, and payment controls. Another low-cost yet effective option is AP Automation or AP Outsourcing. AP outsourcing is when you employ a third party to manage and execute your accounts payable operations, whereas AP automation is when you use third-party software to augment your accounts payable system.

There is no one-size-fits-all answer to these hazards, but there is almost certainly one that will best suit your organization and allow you to reduce the risk and avoid financial consequences.

How can IQ BackOffice Help?  Learn about our Accounts Payable service and our full range of outsourcing services.

Read More about this topic:

Pros and Cons of Outsourcing Accounts Payable

Outsourcing Accounting Processes – Does It Actually Save Money?