Implementing Effective Controls Over Accounts Payable

By Bob Broda, Managing Partner - Visage Solutions

Raleigh, NC

Most Accounts Payable specialists have been heavily involved with Section 404 documentation and testing for the last year. However, a significant number do not feel how any of the procedures they have put in place will hinder upper management from committing fraud. They feel all the new red tape can really prevent is a fraudulent check printing by low-level administrators. The big problems do not necessarily exist at their level, they feel there are far too many controls in place - to the point where their jobs are hindered.

 

Unfortunately these poor souls are working for companies that may not fully complying with the letter of the law. The SEC clearly states that companies need to follow an industry standard when complying with Section 404. They may think they are following the COSO Framework – the most recognized Industry Standard, however, they are most likely implementing according to a high-bread of that framework.

 

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) published their Internal Controls framework in 1992. This standard consists of five components that all must be satisfied in order for internal controls to be deemed effective:

1.      Control Environment

2.      Risk Assessment

3.      Control Activities

4.      Information and Communication

5.      Monitoring.

 

Unfortunately most companies are concentrating on risks (what can go wrong) and the controls necessary to mitigate those risks. They have spent little or no time in the most important components:

 

Control Environment.

 

No matter how many controls are put in place, if the right control environment is not established and documented, the controls will only have limited effectiveness. If the company has a poor control environment, the best control system possible will only position the company in eminent danger of fraud. On the contrary, if a strong culture of controls exists, even having a weak system of internal controls will less likely produce an environment where fraud may occur.

 

Objective Setting

 

If control objectives are not established, reviewed and agreed upon by the external auditor, then the documentation could be at too finite level of detail. Documenting all risks is not necessarily a bad thing, it could supply additional information for management to better run the business. However, it can create a level of documentation and audit trail that can severely restrict the effectiveness of the accounts payable department, without necessarily improving the companies chances of getting a positive attestation from the external auditor.

 

Monitoring

 

The controls are largely documented in excel spreadsheets which make it very difficult to monitor if the controls are working effectively. The controls themselves may have been implemented where the immediate supervisor may be effectively monitoring the controls themselves, however there has been little effort this far to centralize the monitoring process which will allow monitoring of controls across functional organizational boundaries.

 

Conclusions:

 

Unfortunately companies may have spent too much time and money attempting to document what can go wrong in the Accounts Payable process and still get a negative attestation from their external auditor determining the effectiveness of these controls. However, this situation is recoverable. They should document their control environment, get agreement on the objectives of their control activities and implement a solution that allows them to automate, centralize and monitor the controls with the objectives that:

        Prevent employees from approving checks that are fictitious or have errors

        Pre-audit each invoice before the check in written

        Prevent invoices being paid twice

        Provide management with the ability to review all documents during check approval process

        Provide a secure access method to access all A/P documents electronically.

        Provide a method to audit all invoices after the check is sent to be sure there were no inadvertent errors access approval

        Provide a method to audit transactions after the check is written to prevent any inadvertent errors.

VisageSolutions is a group of experienced operational executives focused on providing cost-effective, technology-based Sarbanes-Oxley solutions. By working carefully with their clients VisageSolutions provides customized solutions that focus on reducing the “operational cost” of sustained compliance through an optimum combination of existing and new technologies and tools, and business process integration.  See www.visagesolutions.com for more information and related links.

  


To subscribe to our newsletter. Enter your Email ID in the box below.

Newsletter conceived and designed by webdesignstudio.com
You received this email because you opted to receive this Visage Solutions Mailer through one of our valued partners or by subscribing through www.visagesolutions.com. If you believe you received this message in error or would no longer like to receive uniform periodic updates, please follow the unsubscription instructions at the bottom of this email.
Copyright © 2003 Visage Solutions, LLC.