110 likes | 207 Views
Best in Class Controls for AP. The Institute of Financial Operations Indiana – Southern Illinois Chapter June 15, 2011 Sherry DePew. About The Speaker. Sherry DePew, Vice President of Account Management for Lavante 14 years at Boise Cascade, Director of Global Shared Services
E N D
Best in Class Controls for AP The Institute of Financial Operations Indiana – Southern Illinois Chapter June 15, 2011 Sherry DePew
About The Speaker • Sherry DePew, Vice President of Account Management for Lavante • 14 years at Boise Cascade, Director of Global Shared Services • President and founding member of Idaho IAPP Chapter • President: Oracle/PeopleSoft Accounts Payable Product User Group • President Oracle Supplier Relationship Management User Group • Co-founder and Board member of Oracle • Featured AP and P2P writer and blogger for several on-line resources
Agenda • Segregation of Duties • Benefit of Segregation of Duties • Financial System Access Controls • Electronic Data Management (EDM) • ACH/EFT vs. Check • New Vendor’s • Vendor Changes • Purchase to Pay Control Continuum
Controls - Segregation of Duties • Persons establishing vendors should not write,process or approve PO’s, receipts or invoices. • Persons making changes to vendor data should not write, process or approve PO’s, receipts or invoices. • Persons with access to add or change vendor information should not handle payments of any type. • Persons with authority to request a check or payment should not approve, sign or handle payments. • The person(s) issuing checks should not not reconcile bank accounts. • Ensure reconciling of accounts is done by different people within cost centers. • Establish a separate post office box for returned checks. • Replace your company name and address on disbursement envelopes with a simple post office box number.
Benefits of Segregation of Duties One of the most difficult & complex set of controls to implement, monitor and manage. • Mitigates Risk of Deliberate Fraud • Mitigates Risk of legitimate errors • Mitigates Cost of Corrective Action • Organization’s Reputation for Integrity and Quality Enhanced
Controls - Financial System Access Control of Security Object Privileges Control of Multiple Security Profiles Access to add users and change their security profiles • Screens • Pages • Read vs. Change Access
Controls - Data Management (EDM) • Controls for the Tracking and Storage of Electronic Documents • Controls Often Reside in Enterprise Departments Responsible for Emails, Documents & Files • Purchase to Pay workflow with Images and Approvals • Make sure that images of approvals, exceptions and original documents can be accessed for External Audit and SOX Control Testing
Controls - ACH/EFT vs. Paper Checks • Mitigate Risk for Paper Checks • Positive Pay • Reverse Positive Pay • Check Stock Handling • Void Check Process • Mitigate Risk for ACH or EFT • Handling of file sent to Bank, Clearing House or Outsource Provider • Access and Protection of payment file • Bank Account Design • Funding Process
Controls – Establishing/On-Boarding a New Vendor • Most Critical Control for Fraud Prevention • IRS TIN - Name Consistency • Verify Name and TIN against IRS data • OFAC and FTO Checks • Check vendors against OFAC / FTO list and other lists • Utilize 3rd Party Databases • Add D&B Numbers • Add SIC or NAICS codes • Add Credit Information • Obtain W-9 or Substitute • Obtain Minority Owned Business, Women Owned Business status, etc.
Controls – Vendor Changes • Same or Greater Risk than On-Boarding a New Vendor • Vendors Must be Participative in Changes • Controls that are no longer effective • Banks Accounts Changes (Treasury?) • Merging Vendors • Vendor Name Changes
Controls – Purchase to Pay Control Continuum Procurement Accounting AP is Part of a Continuous Procure to Pay Cycle With A Great Potential for Risk. Separation of Duties Should Look Across the Entire Cycle Vendor File Management Check Requests Goods Receipt Invoice Processing