Accounts Payable Controls Checklist for Your Next Internal Audit

Accounts payable controls checklist

Internal controls are standard practices and procedures that reduce the risk of error and fraud and help ensure compliance with regulations. They’re necessary for every company and are usually implemented across all departments. Internal controls are an especially important part of accounts payable optimization, as the AP department has significant control over an organization’s funds. Without proper controls, your company can face a substantial risk of loss.

It’s a good idea to perform an internal accounts payable audit at least annually, as part of your year-end reporting procedures. You’ll want to follow some best practices, including detailed planning of what data you’ll need to collect during the audit, choosing the right team members to get involved, documenting your results, and making sure to effectively follow up on any control issues that are identified.

1. Obligation to Pay Controls

Obligation to pay controls help your company immediately identify potential issues in the acquisition and payment process. These controls ensure that payments are made only for goods received or services rendered.

Purchase Order Approval

A department generates a purchase order within the business as a request for goods or services. The document details the vendor name, goods or services requested, and purchase price. Purchase orders should require approval from an authorized party before sending the request to the vendor.

Authorization of the purchase order ensures that spending is controlled and that the organization only pays for necessary goods and services. However, some companies allow the requesting individual or department to generate and send purchase orders under a specific dollar amount without approval.

Invoice Approval

After the delivery of goods and services, an invoice is received from the vendor. It should be reviewed for legitimacy and accuracy, and then approved for payment. Verifying receiving reports and vendor contracts may be necessary to certify that invoices are valid. Approving invoices before processing the payment decreases the risk of financial loss due to fraud or error.

Three-Way Matching

Three-way matching refers to the process of comparing three purchasing documents: purchase orders, receiving reports, and invoices. These documents should contain the same supplier name, purchase order number, item names or services, and pricing. Three-way matching immediately highlights discrepancies, which may indicate fraud, supplier errors, or potential overpayments.

Duplicate Search

Customers and vendors encounter large volumes of invoices daily, so receiving or entering the same invoice more than once is not uncommon. Your AP team should check the invoice files before entering an invoice to ensure that it hasn’t already been paid, or entered and approved for payment. Searching for duplicates reduces the number of overpayments made to vendors.

2. Data Entry Controls

When entering invoices received from suppliers, companies can put one of two types of data entry controls in place to safeguard against errors and fraud. Accounts payable automation can assist with the implementation of these controls by using AI to read and enter invoices into your AP system automatically, eliminating manual data entry errors.

Record Prior to Approval

Immediately upon receipt of the invoice, your AP team enters the transaction into the system. This type of data entry control prioritizes prompt payment over accuracy and approval, and is most appropriate for invoices that have corresponding purchase orders.

Record After Approval

Conversely, your AP team may enter invoices into the system after approval. Entry after approval prioritizes accuracy, occurrence, and authorization over prompt payment.

3. Payment Controls

The final step in the acquisition and payment process is the actual issuance of the payment. Payment controls, as outlined below, relate to the handling of manual checks. However, using an electronic payment system can eliminate many of the fraud risks associated with manual checks.

Segregation of Duties

At least two individuals should be involved in check issuance. One person should be responsible for preparing the checks and one for signing them. Two reviews of the check run allow for last-minute error detection and fraud prevention. The segregation of duties within the AP process is very important when it comes to reducing errors and fraud related to invoice payments.

Check Number Sequence Tracking

Each check must have a check number, which the preparer should note during the check preparation process. Verifying check sequence numbers allows the organization to determine if a payment has not been received or deposited by the vendor, or if any checks are missing from secure storage. Undeposited or missing checks can be an indication of fraud or error.

Manual and Double Check-Signing Requirements

Requiring a manual signature rather than a computerized signature or stamp decreases the likelihood that unauthorized personnel will be able to issue fraudulent or erroneous payments. Additionally, many companies require a second signature on checks over a specific amount to further increase the security of payments.

Secure Storage of Checks

The AP department should store blank checks in a secure location, such as a locked cabinet or safe, separate from the check number sequence log. Unsecured checks are subject to theft, and therefore fraud. Secure storage of company checks prevents financial loss due to unauthorized payments.

4. Fraud Controls

Implementing the above controls to a manual accounts payable process is possible but labor-intensive. An automated accounts payable system provides an efficient method of implementing AP controls that can save significant time, increase accuracy, prevent fraud, and facilitate internal audits.

During an audit of accounts payable controls, an automated AP system can verify that invoices have authorization, perform a three-way match, and search for duplicate invoices. Accounts payable automation can even support data entry controls if the software is equipped with AI to read and record transactions from uploaded invoices. The system can alert your AP team to an unexpected break in the check number sequence or even complete the payment process on the company’s behalf.

Taking Data Security Controls a Step Further

Before implementing accounts payable process automation, choosing a third-party service provider that has earned a SOC2 compliance certificate can increase the security of your company’s data.

SOC2 compliance certificates are achieved through an audit of the effectiveness and security of a vendor’s customer data security practices. The audit tests five standard trust principles: security, availability, processing integrity, confidentiality, and privacy. Making sure that your software provider complies with SOC2 standards helps safeguard your company’s internal accounts payable data.


Why are internal controls important for accounts payable optimization?

Internal controls reduce risk, ensure compliance, and protect funds.

What are key controls for accounts payable?

Key controls include purchase order approval, invoice approval, three-way matching, duplicate search, data entry controls, segregation of duties, check number tracking, and secure storage.

Why perform an annual internal accounts payable audit?

An annual audit identifies control issues, ensures compliance, and mitigates financial risk.

How does automation enhance accounts payable controls?

Automation improves accuracy, reduces errors and fraud, increases efficiency, and facilitates internal audits.

Why choose a SOC2 compliant service provider for accounts payable automation?

SOC2 compliance enhances data security through effective customer data practices.

  • Get the latest blogs from Mesh by subscribing to our newsletter

Manage Your Payments With Full Control & Visibility

Take Control of Your Spend
Manage Your Payments With Full Control & Visibility