Five Procure-To-Pay Risks Every CFO Needs To Manage
February 09, 2017 by David Griffiths, CEO
The buck stops with the CFO. A key part of their role is to maintain a robust risk management strategy to safeguard the corporate wallet, and be prepared to challenge their finance and audit teams to achieve this aim. In the procure-to-pay function these risks can be costly, from substantial overspend depleting working capital to the serious financial and reputational damage of fraud. Over the last few years I have seen several Procure-to-Pay (P2P) risks that CFOs often are not aware of, but really should be. These include:
1. Dangerous Workflow Mind-set
Most P2P teams will operate a workflow system that enables invoice approval and processing by routing the approval requests automatically. The risk lies with the users. A scanned invoice requiring approval is often at low resolution and reduced size, sometimes black and white and viewed on a mobile device, with little actual detail that allows the approver to identify any problems. In addition, the volume of approval requests and reminders may prompt some managers to unquestioningly approve invoices without due oversight, especially if they are low value. Workflow is essential to expediting the P2P process, but it should be subject to extra scrutiny with additional control to check this part of the process.
2. Report Blindness
In the last 10 years there has been a proliferation of business intelligence tools and new technologies that the finance function use, which has created a whirlwind of reports and dashboards. The paradox is that all this information and data being generated is obscuring the view of what matters most when it comes to risk assessment. This can open up P2P processes to abuse.
3. Contracting Out Control
Outsourcing some or all of the P2P process to a third party service provider in a foreign country is an increasingly popular option for organizations looking to reduce costs. However, this does increase risk significantly by not allowing immediate oversight into errors and abuse that can have a financial impact. To compensate the provider will normally offer only a few additional reports and a lot of trust. For any busy international business this is just not sufficient.
4. Processing invoices faster
Three-way matching has been around for decades and is the most common internal control process in the procure-to-pay cycle. The problem is the financial environment is now very different necessitating dealing with suppliers from around the world and processing invoices at increasingly faster speeds. This means organizations that rely predominantly on three-way matching are most certainly not doing enough to protect their corporate spend. It is increasingly easy to circumvent, intentionally or unintentionally, whether this simple process is automated or manual.
5. Increasing Complexity
I have been working with P2P teams since 2002 and have seen a dramatic increase in complexity around P2P processes with many finance teams having to manage six or seven different ways just to get invoice related information into an ERP system. Combined with the likelihood that most of these invoices are paid in three or four different ways just at a time where there are fewer people has meant increasing risk.
All of these risks can be lessened with an intelligent automated control that is used by your financial HQ which sits over workflow, that analyses all invoice related information at whatever speed of processing and provides clear actionable insight.