We have been examining best practices in the accounts payable process to mitigate mistakes and fraud for the last several months in our Mitigate Mistakes & Fraud: Creating an Accounts Payable Process series. Our previous blog, Mitigate Mistakes & Fraud: Creating an A/P Process for Legitimate & Accurate Disbursements - Part III, outlined how a well-defined disbursements process should address both who is eligible to be paid and how payments will be made. In this last part of the series, we’ll look at creating an A/P process to safeguard your business.
The need for it is serious and immediate. David Finkel, writing for Inc.com in February 2020, states, “According to the Association of Certified Fraud Examiners . . . small businesses with less than 100 employees lost twice as much ($200,000-plus) per fraud attempt than their larger counterparts. Which is likely due to the fact that internal control weaknesses were responsible for nearly half of all fraud attempts.” And mistakes, though forgivable and understandable, can be expensive. These mistakes can set your business back in ways that aren’t always immediately clear, and create irreparable damage.
The vendor management and disbursement process outlined in these blogs is not a “one-size-fits-all” proposition for any organization. How your organization is structured, how technology is integrated, how many staff are deployed in financial processes, the capabilities of the accounting software and systems and the realities of cash flow management will all need to be considered in designing processes that minimize mistakes and provide the best defenses against fraud.
But any set of processes put in place will only maximize their effectiveness if a robust system of continuous monitoring and auditing of these processes is also implemented and prioritized. Monitoring the A/P process must include setting up safeguards too. Consider the following:
-
- Dual authentication. Dual authentication for access to online accounts including email. Protecting sensitive data cannot be overlooked as a safeguard against fraud. Take steps to ensure anyone with access to, or attempted access to any of your email systems or online accounts can gain access only by providing 2-factor authentication.
- Providing awareness training to staff. This training can include tips on how to detect fraudulent transactions and schemes and how to report suspicious activity, whether it be in the use of internal systems or coming from external sources.
- Protecting access to sensitive financial data. Any employee or contractor who will have access to internal systems or external accounts, such as email, bank accounts, online bill pay, online purchasing accounts, customer databases, vendor databases, credit card processing systems or accounting systems should be provided access using only a 2-factor authentication login process. Further, access for users should be set up with clear user roles and permissions that provide only the level of access required to perform the duties authorized and required of the user.
- Insisting on complete transparency of all financial transactions. Businesses should establish clear guidelines on when and how dual signatures for cash disbursements will be required and when and how dual authorization will be established for any electronic forms of payment. Financial transparency should also include monthly reconciliation of all financial accounts with reconciliation reports and account statements provided to senior management for sign-off.
Establishing a comprehensive Accounts Payable process with effective internal controls may seem to be a time consuming and tedious undertaking for your business. But, once this strategic investment of time and effort is complete, implemented and regularly monitored, your organization will be in a much better position to identify the irregularities in the A/P process that could result in mistakes or fraud. Remember, the criminal is looking for the easiest opening to manipulate your staff and your processes to steal from your company. Even one successful operation on their part will encourage more attempts. We are ready to assist you in building solid walls of defense to safeguard the business you have worked hard to build. Contact us today!