5 tips for a safer AP Process
5 TIPS FOR A SAFER AP PROCESS
Accounts Payable (AP) is one of the most attractive business processes for fraudsters to target, as it is the process where your cash actually flows out of your company. Are you in control of what happens in your AP? These tips will help you to eliminate weaknesses in the AP process and mitigate the risk of both external and internal payment fraud.
KEEP 4 EYES ON THE BALL
Whether it is a case of accepting the purchase invoices for payment or making changes to the vendor data, you need to apply the 4-eye principle for approvals. Clear segregation of duties prevents dangerous task combinations and ensures that a single person can’t, for instance, add a new invoice and also approve it for payment.
NO PO, NO PAY!
Implement a strict policy according to which invoices without a purchase order number will not get paid. Or take a step further and introduce 3-way matching with the goods received report. Make use of automation and system-level support: you can blacklist payments to countries you are not currently operating in, and only allow payments to registered creditors. And remember to include tolerance limits for automated approval, just to be sure!
CAN I SEE SOME ID, PLEASE?
The fact is that you can’t get rid of manual payments altogether. News of so-called CEO attacks and compromised e-mails have made it clear that payment orders issued via e-mail should not be accepted – at least not without verifying the identity of the person behind the request through another, secure channel, e.g. mobile verification. In addition to multi-factor authentication, pre-designed templates for manual payments in your system help to ensure the safety of these ad-hoc payments.
IS YOUR WALLET ON YOUR DESK?
While companies take many precautions to prevent fraudulent payment files from entering the payment data, the control slackens when uploading the payment files to the banks. Surprisingly often, batch files are stored in a folder on a desktop, and then loaded manually into internet banking portals. This offers many chances for internal misuse, such as changing the payment data or adding a fake payment. Modern risk policy demands implementation of a centralized payment factory solution to replace internet banking portals for file payments. You wouldn’t leave your wallet open on your desk either, would you?
WHICH IS THE ODD ONE OUT?
Keep a close eye on deviations in your payments. Your software should provide you with different filtering and prevention techniques which will stop suspicious payments before the money exits your bank accounts. Artificial intelligence and machine learning algorithms will soon help you spot the payments that don’t belong. No system is 100% safe, and it is also important to detect fraud that has already happened. Fast and automated reconciliation of your bank accounts against your general ledger account at the end of each day will help you to catch the exceptions.
EXTRA TIP: FIND THE BALANCE
Adding check points and approval rounds will increase the bureaucracy of your processes and in turn reduce the ease of use. Make sure you find the right balance – if the process and user experience is not convenient enough, people will be tempted to take shortcuts.
Published in OpusCapita Journal 2/2016. Read the whole magazine here.