This action might not be possible to undo. Are you sure you want to continue?
Found in SOX | Tags: Accounts Payable
The Accounts Payable process needs to be very carefully controlled. Since it involves cash disbursements, it is an area that is highly susceptible to fraud. Furthermore, duplicate payments and financial reporting errors can easily occur without proper policies, procedures, and segregation of duties. Basic internal controls needed for Accounts Payable include the following: Segregation of duties ± for instance, the same people should not have access to blank cheques, approve invoices, post journal entries and perform bank reconciliations. Internal controls should ensure that ³one person cannot do it all´ when it comes to cash disbursements. Splitting functions amongst several people means fraud would require collusion between employees±which acts as a major deterrent. In small companies these is often difficult and the temptation is to by-pass controls ± my advice is don¶t! Find a way to involve other people in the process, and mitigate the risk. New vendor set up ± this is also a segregation of duties control specific to the set up of new suppliers and vendors. Most organizations have IT systems that process accounts payables and it is extremely important that the person processing accounts payables and cheques cannot set up new vendors. System access must be secured, such that only authorized person can set up and approving a new vendors. Accounting Policies ± most accounting entries affecting an organization involve cash disbursements, so it is important to make sure that the correct account coding is done when the transaction occurs. Particularly in an organization with a high volume of accounts payable transactions, it is often very difficult to detect and correct posting errors after the fact. Best practice is to ensure that the correct general ledger account is charged at the time of the disbursement transaction. Delegation of Authority (DOA) ± in most companies the invoice approval process must follow a prescribed procedure which includes matching invoices against approved Purchase Orders, and bill of lading (for goods). The DOA should also include details pertaining to ³who and approve what within the organization, and how much´. If the AP is automated, ideally the DOA should be imbedded within the system to ensure compliance. Reconciliations ± make sure the bank reconciliation is done on a timely basis, and reviewed and approved by management. The Accounts Payable amount on the Balance Sheet should reconcile to the AP sub-ledger, which in turn should detail the $ amounts owing to each supplier, and length of time the invoice has been outstanding for payment (aging). The latter can be used to ensure that the organization is optimizing payment terms, and flag any potential issues. Best Practices for Accounts Payable SOX Testing at a minimum, include the following: Test a sample of invoices that are paid during the period. (Note - sample size depends on a number of factors including type of controls in place, materiality, but typically 25
ensure that the following as applicable. Supported by a bill of lading or other receiving document. 30. Properly approved Purchase Order Requisition and Purchase Order (general ledger account code is recommended on the PO). I hope this helps. For the invoices selected. that is aged (current. I have seen so many instances of fraud in the disbursements process ± it really needs strong controls. Disbursement has been recorded in the appropriate general ledger account with offset to Accounts Payable account. $ amounts agree with approved invoice (note ± if the invoice agrees with the PO. separate approval of the invoice is redundant). . Supplier A/P ledger. This is very important. Payment debited to the Bank and offset with a credit to AP. 60 days etc) and reviewed on a monthly basis. etc). and should be approved (evidenced by way of signature and date) by the appropriate management personnel (Controller. Also do a real time test on the system to see if there is password protection to restrict access. Please contact GFS Consulting if you have any questions or comments. Review IT system controls to determine which people are authorized to set up new vendors and ensure proper segregation of duties.transactions should be tested and reviewed at various times throughout the year). The A/P ledgers should be printed and maintained for review. Payment has been made to the supplier (copy of cheque).