PROCESS 5.2.

1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)
NO. RISK CONTROL DESCRIPTION
1 A user may edit, modify or delete a matched invoice. The software/system logs user entry activity, including time stamp and entry activity.
2 A user may edit, modify or delete a matched invoice. Rights are restricted within the accounts payable user structure to limit powerful commands (batch approvals, add/del/mod/invoice, etc.).
3 A user may edit, modify or delete a matched invoice. Workflow notifications are used to report any modifications to existing suppliers' key fields, remittance info, etc.
Adjustments may be approved that are not acceptable to management; this could affect operating
4 The company has established tolerances for commodity purchases as appropriate. Receipts in excess of the tolerances may be returned to the vendor.
results adversely and result in dissatisfied vendors and/or unrecorded liabilities.
Adjustments may be approved that are not acceptable to management; this could affect operating Critical forms (e.g., check requests, adjustment forms and checks) are prenumbered and controlled. The system generates the next check number, which must
5
results adversely and result in dissatisfied vendors and/or unrecorded liabilities. match the check number in the routing code at the bottom of the check.
Adjustments may be approved that are not acceptable to management; this could affect operating
6 Only managers can review, approve and code professional services and capital invoices for payment.
results adversely and result in dissatisfied vendors and/or unrecorded liabilities.
Adjustments may be approved that are not acceptable to management; this could affect operating
7 Trends in amounts and types of adjustments are periodically analyzed.
results adversely and result in dissatisfied vendors and/or unrecorded liabilities.
Adjustments may be approved that are not acceptable to management; this could affect operating User access is designed and configured to support the segregation of duties between procurement, receiving, invoice processing, payment processing and the
8
results adversely and result in dissatisfied vendors and/or unrecorded liabilities. vendor master.
Adjustments may be approved that are not acceptable to management; this could affect operating
9 Regular reporting, investigation and follow-up on backlog of unprocessed vendor invoices, receiving reports or rejected data occurs.
results adversely and result in dissatisfied vendors and/or unrecorded liabilities.
Adjustments may be approved that are not acceptable to management; this could affect operating A currency threshold is established for checks requiring two signatures (either two manual signatures or one manual signature and one computer-generated
10
results adversely and result in dissatisfied vendors and/or unrecorded liabilities. signature).
Adjustments may be approved that are not acceptable to management; this could affect operating
11 The disbursement process is automated to generate checks based on invoice payment due date and post the appropriate accounting entries.
results adversely and result in dissatisfied vendors and/or unrecorded liabilities.
12 An adequate audit trail may not be available. All invoice batches are entered with a standard naming convention.
13 An incorrect purchase order is sent to a vendor. Purchase orders are reviewed for accuracy and approved by an officer before they are submitted by the purchasing manager (PM).
14 An incorrect purchase order is sent to a vendor. The system/software requires that all fields are completed to initiate a purchase order.
15 An incorrect purchase order is sent to a vendor. Generation of purchase orders is restricted to appropriate personnel.
16 An incorrect purchase order is sent to a vendor. Changes to purchase orders are reviewed and approved by management prior to mailing to the supplier/vendor.
17 An incorrect purchase order is sent to a vendor. The staff member who initiates the initial purchase order is responsible for comparing rates and other important information to vendor contracts.
18 An incorrect purchase order is sent to a vendor. The accounting manager reviews the PO Request Form, checks the account coding and signs off on the PO Request Form.
19 An open, unresolved invoice may not be posted by the closing deadline. The software/system tracks all open invoice issues and is reviewed by the accounts payable supervisor at the end of each month to ensure open items are cleared.
20 An open, unresolved invoice may not be posted by the closing deadline. Invoices which are held from payment due to system or processing errors are required to be resolved within a certain number of days.
21 An open, unresolved invoice may not be posted by the closing deadline. Workflow notifications are used to report any modifications to existing suppliers' key fields, remittance info, etc.
22 An open, unresolved invoice may not be posted by the closing deadline. Error messages by the system indicate greater than acceptable tolerance levels, etc.
23 An open, unresolved invoice may not be posted by the closing deadline. Invoices without purchase orders are routed to the appropriate cost center manager for resolution.
24 An open, unresolved invoice may not be posted by the closing deadline. Payments are posted prior to being released for payment.
Appropriate matching between invoices, receiving documents and purchase orders may not be
25 A limited number of suppliers are authorized for automatic release of payment. Tolerance levels are established for these vendors.
performed.

The system/software provides for matching of purchase orders, receipts and invoices for central supply. Payment can not be processed on unmatched documents.
Appropriate matching between invoices, receiving documents and purchase orders may not be Units of measure conversion tables are used to ensure proper matching of purchase orders and invoices, as many vendors use a different unit of measure for the
26
performed. same product. Additionally, the purchasing department reviews purchase orders to ensure that the appropriate unit of measure is used.

Appropriate matching between invoices, receiving documents and purchase orders may not be
27 When matching the receiver and invoice in the system, the accounts payable clerk must enter a valid purchase order number.
performed.
Cash may be disbursed and short pays may be resolved for goods and services never received (or in
28 An accounts payable staff member compares the invoice to the open purchase order and receipt of goods or services.
advance of receipt).
Invoice approval is received at the department level. The central supply warehouse manager validates all receipts entered into the system/software at the central
Cash may be disbursed and short pays may be resolved for goods and services never received (or in
29 supply warehouse.
advance of receipt).

Cash may be disbursed and short pays may be resolved for goods and services never received (or in The duplicate payments option prevents the generation or editing of a duplicate payment number by displaying an error when a preexisting invoice number is
30
advance of receipt). entered for the same vendor during voucher creation.
Cash may be disbursed and short pays may be resolved for goods and services never received (or in
31 The company has established tolerances for commodity purchases as appropriate. Receipts in excess of the tolerances may be returned to the vendor.
advance of receipt).
Cash may be disbursed and short pays may be resolved for goods and services never received (or in Critical forms (e.g., check requests, adjustment forms and checks) are prenumbered and controlled. The system generates the next check number, which must
32
advance of receipt). match the check number in the routing code at the bottom of the check.
Printed checks are submitted with the invoice/purchase order to the controller and another officer for comparison and approval. They cannot be mailed without the
33 Checks are paid in the wrong amount or to the wrong vendor.
signature of the concerned officers.
34 Data inconsistency may exist between accounts payable and the general ledger. Accounts payable personnel periodically reconcile payments to the general ledger.
35 Data inconsistency may exist between accounts payable and the general ledger. The corporate controller reviews the accounts payable reconciliations monthly.
A monthly reconciliation of the accounts payable subledger and the general ledger balance is prepared by the concerned personnel. All variances over a certain
36 Data inconsistency may exist between accounts payable and the general ledger.
amount are explained and all non-standard journal entries are reviewed by the concerned personnel.
37 Data inconsistency may exist between accounts payable and the general ledger. Any adjustments to accounts payable are reviewed by the controller and posted to the general ledger.
38 Data inconsistency may exist between accounts payable and the general ledger. Shipments are checked against packing slips, which are signed by receiving parties and then compared to the invoices and purchase orders.
The project manager, using a chart of accounts, adds the general ledger account code to every invoice when it is paid. Before the check can be printed, this the
39 Data inconsistency may exist between accounts payable and the general ledger. general ledger code must be entered, automatically updating the general ledger. the general ledger code appearing on the invoice is then reviewed by the
concerned signing officers before the check is signed.

Source: www.knowledgeleader.com Page 1

 PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)
NO. RISK CONTROL DESCRIPTION
40 Data inconsistency may exist between accounts payable and the general ledger. An individual who does not process, authorize or disburse accounts payable is assigned to reconcile the accounts payable bank account each month.
41 Data inconsistency may exist between accounts payable and the general ledger. The accounts payable subsidiary ledger is reconciled with the general ledger.
42 Data inconsistency may exist between accounts payable and the general ledger. The accounts payable manager reconciles the accounts payable suspense account regularly.
43 Detail activity may be incorrectly posted in the subsidiary ledger. The general ledger accounts are posted through the system/software cross-validation rules.
44 Detail activity may be incorrectly posted in the subsidiary ledger. Documented cut-off and period-end closing procedures are adhered to.
45 Detail activity may be incorrectly posted in the subsidiary ledger. The general ledger accounts are posted through the system/software cross-validation rules.
46 Detail activity may be incorrectly posted in the subsidiary ledger. Source documentation (checks, vouchers, etc.) is perforated, voided or otherwise cancelled to prevent reuse.
47 Discrepancies exist between amounts on supplier invoice and supporting documents. Exception reporting and investigation of processed invoices that vary from purchase orders or other criteria by more than pre-established limits exist.
48 Discrepancies exist between amounts on supplier invoice and supporting documents. Checks are automatically prepared by computer based on the scheduled payment date entered when the voucher is processed.
49 Discrepancies exist between amounts on supplier invoice and supporting documents. HOLDs (Account, Funds, Invoice, Matching, Variance) are utilized for non-matching invoices.
50 Discrepancies exist between amounts on supplier invoice and supporting documents. Suppliers of goods/services are instructed to forward invoices directly to accounts payable.
51 Duplicate invoices are received and processed, leading to duplicate payments. The system closes a purchase order once goods and services are received.
52 Duplicate invoices are received and processed, leading to duplicate payments. The software/system functionality does not permit duplicate invoice numbers; unique transaction IDs are generated.
53 Duties are not adequately segregated. Limited personnel have the authority to change vendor master information, supplier terms, variances etc.
54 Duties are not adequately segregated. Roles are segregated in the system/software where individuals responsible for modifying supplier information can not process payments and invoices.
A range of disbursement numbers is entered into the system before the checks are printed. After printing the checks, the purchasing manager checks the last
55 Duties are not adequately segregated.
disbursement number of the input range with the last check printed.
A purchase authorization list is maintained that specifies the type of expenditures and limits in which individuals have authority to commit the company. These
56 Duties are not adequately segregated.
authorization criteria may be maintained manually and/or within system applications.
Employees do not complete a purchase request or an expense reimbursement is not approved by the
57 Employee expense reimbursements are approved by the employee’s manager.
department manager.
Employees do not complete a purchase request or an expense reimbursement is not approved by the The approver reviews the PO Request Form against the department’s approved budget for the year to be sure that the purchase is within the current year's
58
department manager. spending budget.
Employees do not complete a purchase request or an expense reimbursement is not approved by the Purchase requests are approved with a signature in accordance with the PO Approval Matrix. The initiator is responsible for obtaining the appropriate approval for
59
department manager. the purchase request.
Goods are received for unauthorized or invalid purchase orders and are not appropriately recorded in For all purchased goods, the invoice(s) received are routed to the initiator of the purchase for review and approval for payment processing. The initiator of the
60
the system. purchase monitors the contract for compliance, performance and costs.
Goods are received for unauthorized or invalid purchase orders and are not appropriately recorded in
61 Access to create a return order is restricted to authorized personnel.
the system.
Goods are received for unauthorized or invalid purchase orders and are not appropriately recorded in
62 Once goods arrive, appropriate personnel complete a receiving report and scan the items into the stock system timely and accurately.
the system.
Goods are received for unauthorized or invalid purchase orders and are not appropriately recorded in
63 The accounts payable specialist matches the invoice to the purchase order and transcribes the account code, department code and product number onto the invoice.
the system.
Goods are received for unauthorized or invalid purchase orders and are not appropriately recorded in Where applicable, the system performs a match between the purchase order and scanned goods received prior to release of the inventory to post in the general
64
the system. ledger.
Periodically, a report is prepared and the exceptions are analyzed and investigated by the accounts payable supervisor and reported to the accounts payable
65 Invoice does not match the receiver documents.
manager.
The appropriate authorizations are documented and maintained online for review by the accounts payable clerks. In addition, copies of authorizing signatures are
66 Invoices are not properly authorized, complete, accurate and timely.
maintained and available to the clerks in the event a signature is in question.
67 Invoices are not properly authorized, complete, accurate and timely. Upon completion of invoice entry, a clerk compares the input batch detail to the actual invoices to identify key errors.

For voucher processing, the voucher amount is entered on both the voucher and general ledger screens. If one of these amounts is entered incorrectly, an error
68 Invoices are not properly authorized, complete, accurate and timely. occurs. A contingency audit is performed on a regular basis to identify over/under payments. The system/software performs a check for duplicate invoice numbers.

69 Invoices are not properly authorized, complete, accurate and timely. Subsidiaries review and approve invoices before sending to accounts payable for payment, thus acknowledging receipt of goods or services.
Only original invoices are accepted by the accounts payable group for processing of payment. Faxed/emailed copies are not processed, unless specifically
70 Invoices are not properly authorized, complete, accurate and timely.
approved by the accounts payable supervisor.
Once an invoice has been approved and cleared in the system/software, access to make changes to the related invoice (without the need for a new check) is only
71 Invoices are not properly authorized, complete, accurate and timely.
granted by IT.
Department managers are responsible for the review and accuracy of all purchase requisitions that are released from their areas. They are responsible for ensuring
72 Invoices are not properly authorized, complete, accurate and timely.
that requisitions are accurate and complete.
73 Invoices are not properly authorized, complete, accurate and timely. Invoices without a purchase order that are not approved via an automated workflow must be approved by appropriate management prior to payment.
74 Invoices are not properly authorized, complete, accurate and timely. Invoices are paid after three-way match or approval of invoice.
75 Invoices are not properly authorized, complete, accurate and timely. Invoices are approved by appropriate personnel in accordance with the Authority Limit Table for proper functioning.
76 Invoices are not properly authorized, complete, accurate and timely. The concerned/appropriate personnel of each business unit periodically reviews and updates the Authority Limit Table.
Invoice approval is received at the department level. Authorized personnel within the department review the invoices and sign them, indicating that they are valid
and approved for payment. Upon receipt, invoices are date/time stamped for tracking purposes.
77 Invoices are not properly authorized, complete, accurate and timely. The accounts payable clerks review the invoices, noting that appropriate approval was obtained and that proper coding was assigned prior to entry into the system.
The system/software requires the appropriate manager (as defined by the "Approved By" list) to change the batch of goods status from pending to approved in
order for the batch to post.
Special attention will be made on the decimal point entry procedures. The system/software has been configured to display a warning message reminding users to
78 Invoices are not properly authorized, complete, accurate and timely.
input the decimal point.
79 Invoices are not properly authorized, complete, accurate and timely. All checks over a certain amount as directed by the company are copied and routed to accounts payable to match with the applicable voucher.
80 Invoices are not properly authorized, complete, accurate and timely. The invoices are coded and password protected to ensure protection of the invoices.

Source: www.knowledgeleader.com Page 2

 PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)
NO. RISK CONTROL DESCRIPTION
81 Invoices are not properly authorized, complete, accurate and timely. Invoices are checked for mathematical accuracy.
Processing procedures provide for input verification of critical voucher fields (e.g., vendor, invoice amount, account coding, quantities, part number, etc.) through
82 Invoices are not properly authorized, complete, accurate and timely.
manual batch controls, edit exception reports and/or online system edits.
Invoices and new supplier requests are required to be processed by the accounts payable group within a specific number of hours of receipt of the invoice/requests
83 Invoices are not properly authorized, complete, accurate and timely.
at the corporate location.
84 Invoices are not properly authorized, complete, accurate and timely. Invoices are only entered for vendors that exist on the approved suppliers list (ASL) in the system/software.
Invoices for goods/services are paid in advance of the due date without regard to the time value of
85 Checks are released for payment based on the due date within the software/system.
money.
Invoices for goods/services are paid in advance of the due date without regard to the time value of
86 Payments within accounts payable designated as blocked are not able to be processed.
money.
Invoices for goods/services are paid in advance of the due date without regard to the time value of
87 Payments within accounts payable designated as blocked are not able to be processed.
money.
Invoices may be received but never reported or reported inaccurately; this could result in a misstatement
88 The accounts payable specialist stamps the invoice with the date that it was received once received.
of unrecorded liabilities.
The accounts payable specialist sends out a reminder before month-end close to all employees reminding them to submit all expense reports or advise on the
Invoices may be received but never reported or reported inaccurately; this could result in a misstatement
89 estimated amounts to accrue for unprocessed travel and expenses. The accounts payable specialist creates a journal entry for all unprocessed invoices and the
of unrecorded liabilities.
accounting manager reviews this journal entry for the open invoice accrual account.
Invoices may be received but never reported or reported inaccurately; this could result in a misstatement Receiving enters all receipts only against an open purchase order in the system. The purchase order receiver processing options have been configured to receive
90
of unrecorded liabilities. by purchase order.
91 Misappropriations or fraudulent payments may be made. The accounts payable supervisor reviews the Proposal for Payment Report weekly for unusual items.
92 Misappropriations or fraudulent payments may be made. Access to Auto Signature is restricted.
The bank is provided with a listing of all issued checks and amounts to compare to all checks received at the bank. The bank only pays the checks on the listing
93 Misappropriations or fraudulent payments may be made.
and matches the amounts.
The company communicates its policy to vendors informing them that it only pays for goods received. Discrepancies between quantity shipped vs. billed are short
94 Misappropriations or fraudulent payments may be made.
paid.
All checks go through a quality review after being cut and before being distributed to ensure that the amount is correct and supplier information is accurate and
95 Misappropriations or fraudulent payments may be made.
complete.
96 Misappropriations or fraudulent payments may be made. Only the accounts payable coordinator/the accounts payable concerned personnel can process manual/reprinted checks.
97 Misappropriations or fraudulent payments may be made. The manager of accounting operations reviews all checks over a certain amount.
98 Misappropriations or fraudulent payments may be made. Debit balances in the accounts payable subsidiary ledger are promptly investigated and, if necessary, refunds are obtained from vendors.
99 Misappropriations or fraudulent payments may be made. Disbursements are drawn on a zero balance account.
100 Misappropriations or fraudulent payments may be made. Voided checks are stamped "VOID" to prevent reuse and filed for subsequent inspection.
A pay system is used to electronically inform the bank of all checks issued in order to prevent payment on forged checks or stolen check stock. Access to the
101 Misappropriations or fraudulent payments may be made.
positive pay system is limited to the appropriate individuals who have been authorized by management.
102 Misappropriations or fraudulent payments may be made. Only managers can review, approve and code professional services and capital invoices for payment.
103 Misappropriations or fraudulent payments may be made. Purchase cost files are maintained and current. The company has a policy to only pay the purchase order price regardless of the price on the invoice.
104 Misappropriations or fraudulent payments may be made. Non-budgeted items exceeding a certain limit set by the company are approved by the CFO.
105 Misappropriations or fraudulent payments may be made. The corporate controller reviews the Proposal for Payment Report and supporting documentations, including invoice and approval.
106 Misappropriations or fraudulent payments may be made. Accounts payable personnel review all checks with supporting documentations.
107 Misappropriations or fraudulent payments may be made. Accounts payable personnel review all aging reports monthly for credit balances or long outstanding items and resolve any issues.
108 Misappropriations or fraudulent payments may be made. Requests for manual/quick checks are signed/approved by supervisors.
Vendor names, prices and quantities from invoices are matched to receiving documents and purchase orders by an individual independent of the purchasing and
109 Misappropriations or fraudulent payments may be made.
receiving functions. Discrepancies are resolved prior to processing.
110 Misappropriations or fraudulent payments may be made. Finance management reviews all check registers for appropriateness.
111 Misappropriations or fraudulent payments may be made. Non-budgeted items exceeding a certain limit set by the company are approved by the CFO.
112 Misappropriations or fraudulent payments may be made. For capital expenditures, the PO Request Form is reviewed, approved and signed by the department director and the department VP.
Payable and related accounts may be misstated because of incorrect adjustments or incorrect
113 Documented cut-off and period-end closing procedures are adhered to.
reclassifications of distributed amounts.
Payable and related accounts may be misstated because of incorrect adjustments or incorrect User access is designed and configured to support the segregation of duties between procurement, receiving, invoice processing, payment processing and the
114
reclassifications of distributed amounts. vendor master.
Payable and related accounts may be misstated because of incorrect adjustments or incorrect
115 Payables are not offset against receivables unless first approved by management.
reclassifications of distributed amounts.
116 Payment discounts are not maximized. The treasury/cash manager coordinates with accounts payable as necessary for discounts.
117 Payment discounts are not maximized. Special discounts can be specified on an individual invoice basis.
118 Payment discounts are not maximized. The software/system automatically takes discounts as defined in the supplier master file for each individual invoice processed.
119 Payment may be disbursed for goods and services not received. The disbursement process is automated to generate checks based on invoice payment due date and post the appropriate accounting entries.
120 Payment may be made to the wrong person or a fraudulent/non-existent company. The company utilizes a vendor certification program and inspects incoming receipts in accordance with its plan.
Critical forms (e.g., check requests, adjustment forms and checks) are prenumbered and controlled. The system generates the next check number, which must
121 Payment may be made to the wrong person or a fraudulent/non-existent company.
match the check number in the routing code at the bottom of the check.
122 Payment may be made to the wrong person or a fraudulent/non-existent company. Managers must review, approve and code professional services and capital invoices for payment.
123 Payment may be made to the wrong person or a fraudulent/non-existent company. Cost center managers are responsible for review of monthly costs.
124 Payment may be made to the wrong person or a fraudulent/non-existent company. The software/system systematically generates the journal entry upon completion of the payables check run.

Source: www.knowledgeleader.com Page 3

 PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)
NO. RISK CONTROL DESCRIPTION
The open voucher summary report within the system/software identifies open voucher amounts, due dates and required pay amounts by vendor/to vendors. The
system/software also provides a voucher aging report that gives management the ability to monitor the aging of entered vouchers. Payment due dates are
125 Payments may not be made timely, resulting in lost discounts and late charges. calculated based on the invoice date and the terms of the invoice. Upon performing the check run process, payments are made for all vouchers due. Accounts
payable management personnel monitor the system/software’s accounts payable reports on a regular basis.

126 Policies and procedures do not exist to support the accounts payable function. A formal policies and procedures document exists to guide the accounts payable process.
127 Policies and procedures do not exist to support the accounts payable function. Policies and procedures are established to define approval limits and authorization requirements.
The company has a cash management policy which is clearly communicated to the accounts payable function. Such a policy is reflected in the accounts payable
128 Policies and procedures do not exist to support the accounts payable function.
system configuration.
129 Policies and procedures do not exist to support the accounts payable function. Formal procedures exist that ensure that expenditures are approved before committing funds in accordance with management directives.
130 Policies and procedures do not exist to support the accounts payable function. All contractual agreements are subject to corporate and/or legal review in accordance with local or corporate directives or guidance.
Procedures provide for review of purchase orders to ensure completeness of critical information necessary to execute purchases and subsequent receipt and
131 Policies and procedures do not exist to support the accounts payable function.
payment (e.g., vendor, prices, quantities, terms of payment, part numbers, descriptions, etc.).
132 Policies and procedures do not exist to support the accounts payable function. Procedures provide for processing of original vendor invoices only. Payments are not processed from faxed copies of invoices or vendor statements.
Purchase order price differs from invoice price, resulting in price discrepancies that are resolved in favor
133 HOLDs (Account, Funds, Invoice, Matching, Variance) are utilized for non-matching invoices.
of the supplier.
The concerned personnel prepare weekly, monthly and quarterly trend analyses on the volume and percentage of variances to monitor processing integrity for
134 Purchase orders, receivers and invoices are improperly processed, leading to variances.
continuous improvement.
135 Purchase orders, receivers and invoices are improperly processed, leading to variances. Purchasing agents review an open purchase order listing on a regular basis.
136 Quantities received differ from quantities billed on the invoice. The company has established tolerances for commodity purchases as appropriate. Receipts in excess of the tolerances may be returned to the vendor.
137 Quantities received differ from quantities billed on the invoice. Payment stubs detailing invoice payments, discounts taken and short pay are provided with the checks.
138 Quantities received differ from quantities billed on the invoice. HOLDs (Account, Funds, Invoice, Matching, Variance) are utilized for non-matching invoices.
A tolerable limit above the purchase order per-unit cost is accepted to minimize minor cost variances (e.g., tax calculations). These items are reviewed by
139 Quantities received differ from quantities billed on the invoice.
management for appropriateness.
140 Special terms are not taken into account. The treasury/cash management manager coordinates with accounts payable as necessary for discounts.
141 Special terms are not taken into account. Special discounts can be specified on an individual invoice basis.
142 Special terms are not taken into account. The software/system automatically takes discounts as defined in the supplier master file for each individual invoice processed.
143 Suppliers are paid an inaccurate amount due to improper tracking of account balances. A system link is set up for contra accounts to track payables and receivables associated with the same supplier.
Debit memos are logged in the software/system and associated with the appropriate supplier, allowing the software/system to show only the net amount due to that
144 Suppliers are paid an inaccurate amount due to improper tracking of account balances. supplier.

145 Tax data (state and local tax [SALT], etc.) associated with an invoice is not accurate and complete. Tax data is captured at point of entry.
The system/software automatically assigns a unique vendor number based on the configuration of next numbers. It does not allow a duplicate number to be
146 There are discrepancies in vendor/supplier management.
assigned.
A designated accounts payable clerk reviews vendor transmittal requests and supporting documentation (e.g., business cards, invoices, etc.) to determine the
validity of the vendor. A designated clerk is authorized to create the vendor master record following the review for validity. Following the creation of the vendor
147 There are discrepancies in vendor/supplier management.
record, a vendor change report is generated and compared to the original transmittal by another lead accounts payable clerk to ensure data accuracy. The vendor
change report and original transmittal are maintained for periodic review by a supervisor.
A vendor transmittal request is submitted by an authorized party to change the status of the vendor to HOLD. The authorized accounts payable clerk facilitates the
148 There are discrepancies in vendor/supplier management.
change in the system and notes the reason for the hold. The general accounting manager monitors and approves vendor hold transactions.
The system/software requires a payment to be issued against a valid vendor/supplier within the system.
149 There are discrepancies in vendor/supplier management.
150 There are discrepancies in vendor/supplier management. The company utilizes a vendor performance program which monitors product quantity, delivery performance, order quality and order fill rates.
151 There are discrepancies in vendor/supplier management. Accounts payable access to vendor master files is restricted to select data fields (address, phone, terms, etc.).
152 There are discrepancies in vendor/supplier management. Federal tax ID numbers are required for all suppliers.
153 There are discrepancies in vendor/supplier management. Duplicate federal tax ID numbers/vendors or supplier ID numbers are investigated by the accounts payable clerk.
When a new supplier is entered, the system/software performs a check against the existing supplier master to confirm that the new request does not match a
154 There are discrepancies in vendor/supplier management.
supplier already in the system. It will present an on-screen alert message if a duplicate is found.
155 There are discrepancies in vendor/supplier management. The vendor listing is maintained in a vendor master file to ensure all vendors are valid vendors.
If the vendor is not included in the company’s vendor master file, then the accounts payable specialist fills out a New Vendor Form and sends the New Vendor Form
156 There are discrepancies in vendor/supplier management.
together with the invoice package to the accounting manager for review and approval.
157 There are discrepancies in vendor/supplier management. The vendor master file is reviewed on an annual basis by the accounting manager to ensure only valid vendors are in active status.
All supplier information in the vendor master file is appropriately captured as per the laws/regulations, circulars, etc. of a specific region (example: 1099 series
158 There are discrepancies in vendor/supplier management.
reporting).
159 There are discrepancies in vendor/supplier management. Suppliers are established within the software's system upon finalization of procurement procedures.
160 There are discrepancies in vendor/supplier management. Standardized supplier setup forms with all required data fields are used.
161 There are misappropriations or fraudulent payments. The company has controls to account for all checks.
User access is designed and configured to support the segregation of duties between procurement, receiving, invoice processing, payment processing and the
162 There are misappropriations or fraudulent payments.
vendor master.
A currency threshold is established for checks requiring two signatures (either two manual signatures or one manual signature and one computer-generated
163 There are misappropriations or fraudulent payments.
signature).
The proper coding of invoices and automatic accounting instructions (AAIs) have been set up to automatically recognize the appropriate accounts that are required
164 There are misappropriations or fraudulent payments.
for a specific batch transaction.

Source: www.knowledgeleader.com Page 4

 PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)
NO. RISK CONTROL DESCRIPTION
165 There are misappropriations or fraudulent payments. Checks are automatically prepared by computer based on the scheduled payment date entered when the voucher is processed.
166 There are misappropriations or fraudulent payments. All blank checks are kept in a locked drawer where only the accounting manager, assistant controller and controller have access.
167 There are misappropriations or fraudulent payments. Vouchers of physical invoices are matched with the check register.
168 There are misappropriations or fraudulent payments. All supplier payments (except petty cash disbursements) are processed through the software/system.
169 There are misappropriations or fraudulent payments. Source documentation (checks, vouchers, etc.) is perforated, voided or otherwise cancelled to prevent reuse.
170 There are misappropriations or fraudulent payments. The disbursement process is automated to generate checks based on invoice payment due date and post the appropriate accounting entries.
171 There is a discrepancy between the amounts on the supplier invoice and supporting documents. The company has established tolerances for commodity purchases, as appropriate receipts in excess of the tolerances may be returned to the vendor.
Critical forms (e.g., check requests, adjustment forms and checks) are prenumbered and controlled. The system generates the next check number, which must
172 There is a discrepancy between the amounts on the supplier invoice and supporting documents.
match the check number in the routing code at the bottom of the check.
173 There is a discrepancy between the amounts on the supplier invoice and supporting documents. Trends in amounts and types of adjustments are periodically analyzed.
174 There is a discrepancy between the amounts on the supplier invoice and supporting documents. Purchase cost files are maintained and current. The company has a policy to only pay the purchase order price, regardless of the price on the invoice.
175 There is a discrepancy between the amounts on the supplier invoice and supporting documents. Regular reporting, investigation, and follow-up on backlog of unprocessed vendor invoices, receiving reports, or rejected data is conducted.
176 There is inadequate safeguarding of accounts payable documents. All accounts payable-related documents are kept in a secure facility in the purchase manager's office.
All invoices received are maintained by the accounts payable group indefinitely (a certain number of years onsite followed by maintenance in an offsite facility).
177 There is inadequate safeguarding of accounts payable documents.

All vendor/supplier request forms are maintained after they have been entered into the system/software. Electronic versions are maintained in the online facility and
178 There is inadequate safeguarding of accounts payable documents.
printed versions are maintained onsite by the corporate accounts payable group.
Receipt of a good or service is logged on the associated purchase order in the software/system, which is referenced at the time of payment approval.
179 There is inadequate safeguarding of accounts payable documents.
180 There is inadequate safeguarding of accounts payable documents. Management performs a review of accruals at month end and a checklist is signed off by the reviewer.
181 There is inadequate safeguarding of accounts payable documents. Corporate accountants email all applicable departments requesting support for all accruals or credits to be booked for the current month.
182 There is inadequate safeguarding of accounts payable documents. Accounts payable clerks regularly send out notifications to all accountants informing them of any invoices over $X that have not been processed in accounts payable.
If there are any errors on the check, the check is voided and a new check is printed after the accounting manager’s, controller's, or assistant controller's review and
183 Unauthorized checks are issued.
approval.
184 Unauthorized checks are issued. All blank checks are kept in a locked drawer where only the accounting manager, assistant controller and controller have access.
185 Unauthorized checks are issued. Electronic signatures/authorization stamps are appropriately secured.
186 Unauthorized checks are issued. Source documentation (checks, vouchers, etc.) is perforated, voided or otherwise cancelled to prevent reuse.
Unauthorized, fictitious or improper commitments or expenses may be incurred without management's Purchase commitments are made on the basis of authorized requisitions from user departments, established contracts, established inventory reorder points or work
187
knowledge or approval. order material requirements.
Unauthorized, fictitious or improper commitments or expenses may be incurred without management's
188 The system automatically sorts invoices by their payment due date to ensure proper issuance by the accounts payable department.
knowledge or approval.
Unauthorized, fictitious or improper commitments or expenses may be incurred without management's
189 Actual expenditures are compared to budget regularly; management reviews and approves significant variances.
knowledge or approval.

Source: www.knowledgeleader.com Page 5