Auditing: Accounts Payable / Vendor Payments

Accounts payable AuditAccounts Payable is one of the crucial area in audit. As it represents the monies owed by the organization to its creditors for supply of goods and services. Also for a fraudster who is looking to steal from the business, accounts payable is an easy target, if proper controls are not there.

Occupational fraud is a growing problem. According to ACFE’s “Report to the Nations 2016”, it is estimated that organizations loses 5% of revenues to fraud every year.

Following are the few methods, which can be used in auditing the accounts payable/vendor payments:

1. Benford Law test
Payments to vendors should be checked for conformance with benford law, to spot unusual trend in the data set. You can read more about using benford law in my previous post Benford Law in Analyzing Accounting Data.

2. Relative Size Factor (RSF) test
The Relative Size Factor test is an important tool for detecting errors. RSF test compares the top two amounts for each subset and calculates the RSF for each. The test identifies subsets where the largest amount is out of line with other amounts for that subset.

Relative Size factor = Largest record in the subset / Second largest record in the subset

3. Round Amount Payments
Most of the liabilities or payments are usually not round amounts (multiple of 100 or 1000’s). And since they also includes taxes it makes them more unusual to be round number. One can do analysis of those amounts which are multiples of hundreds, thousands or tens of thousands.

4. Same-Same-Same test
The purpose of Same-Same-Same test is to identify exact duplicates, which may indicate potential fraud. The test is called the same-same-same test regardless of how many fields are used to determine whether the records are duplicates.

5. Same-Same-Different test
Mark Nigrini states,” The same-same-different test is a powerful test for errors and fraud.” The test is called the same-same-different test regardless of how many fields are used to determine whether the records are near-duplicates. The usual test is run such that the different field is a subset field. Therefore it is looking for transactions that are linked to two different subsets.

6. Payments Without Purchase Orders test
If it is the policy of the organization to require purchase orders vendors before goods or services can be contracted, we can look for payments where there is no corresponding PO recorded. Some vendors have standing order contracts with the organization that are pre-approved so the cumbersome procurement process does not have to be done for each individual purchase.

7. Payments to vendors not in master (one time vendor)
To ensure that the organization deals with approved vendors, purchase orders and payments need to be from the vendor master file except in unusual circumstances or for low amount transactions. Payment to one time vendor without PO should be looked carefully, as it may be a potential fraudulent transaction.

8. Length of time between invoice and payment date test
This test may reveal unusually quick payments to certain vendors or slow payments that result in interest charges or early-payment discounts not taken.

9. Search for post office box
A common test is to look for the usage of postal box numbers as the mailing address of vendors. Usually legitimate vendors have physical locations and regular addresses. Vendors that use post office boxes raise red flag of potential fraud.

The above tests are not exhaustive, they are just few of the tests that you can perform to audit accounts payable. You cannot prevent 100% of the frauds from happening, but you can take steps to detect and minimize the impact of such frauds.


4 thoughts on “Auditing: Accounts Payable / Vendor Payments

  1. ITauditSecurity June 6, 2017 / 11:36 pm

    Another great post. My 4 cents….

    In addition to looking at the payments, don’t forget to look at the system. A recent vendor payment system I audited had no audit trail for changes to the vendor master. So you couldn’t tell who changed what and when, and what the previous value was.

    Also, regarding one-time vendors, make sure you check to see whether multiple payments are made to them. If so, they are NOT one-timers. Ask about them. Also explore the process for turning one-time vendors into regular vendors. Who approves? Are the proper limits set? And so on. Again, in a recent audit, one-timers were not one-timers, and no one knew why. Yikes.

    ACL has a script in their Script Hub that allows you to analyze a payment file for multiple payments over a short time period that exceed the total payment threshold but are able to bypass approvals. You set the time period and threshold. Pretty slick.

    Cheers. Mack

    Liked by 1 person

  2. ITauditSecurity June 6, 2017 / 11:38 pm

    Oops, one other thing….

    Who has edit abilities on the vendor master? While most companies don’t give people who cut checks the ability to add vendors, I found a company that gives people who cut checks the ability to edit the file. Again, all without an audit trail.

    In summary, don’t just focus on the payments themselves; look at the system configuration, too.


    • AuditMonk June 7, 2017 / 5:47 pm

      I completely agree with you, no audit is complete without looking at systems. As they form core component of today’s organizations and a slight gap in systems can have huge consequences later on.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s