best in class controls for ap
DESCRIPTION
Best in Class Controls for AP. The Institute of Financial Operations Indiana – Southern Illinois Chapter June 15, 2011 Sherry DePew. About The Speaker. Sherry DePew, Vice President of Account Management for Lavante 14 years at Boise Cascade, Director of Global Shared Services - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Best in Class Controls for AP](https://reader035.vdocuments.net/reader035/viewer/2022070405/56813d08550346895da6b387/html5/thumbnails/1.jpg)
Best in Class Controls for AP
The Institute of Financial OperationsIndiana – Southern Illinois Chapter
June 15, 2011Sherry DePew
![Page 2: Best in Class Controls for AP](https://reader035.vdocuments.net/reader035/viewer/2022070405/56813d08550346895da6b387/html5/thumbnails/2.jpg)
About The Speaker
Sherry DePew, Vice President of Account Management for Lavante
• 14 years at Boise Cascade, Director of Global Shared Services
• President and founding member of Idaho IAPP Chapter
• President: Oracle/PeopleSoft Accounts Payable Product User Group
• President Oracle Supplier Relationship Management User Group
• Co-founder and Board member of Oracle
• Featured AP and P2P writer and blogger for several on-line resources
![Page 3: Best in Class Controls for AP](https://reader035.vdocuments.net/reader035/viewer/2022070405/56813d08550346895da6b387/html5/thumbnails/3.jpg)
Agenda
Segregation of DutiesBenefit of Segregation of DutiesFinancial System Access ControlsElectronic Data Management (EDM)ACH/EFT vs. CheckNew Vendor’sVendor ChangesPurchase to Pay Control Continuum
![Page 4: Best in Class Controls for AP](https://reader035.vdocuments.net/reader035/viewer/2022070405/56813d08550346895da6b387/html5/thumbnails/4.jpg)
Controls - Segregation of Duties
• Persons establishing vendors should not write, process or approve PO’s, receipts or invoices.
• Persons making changes to vendor data should not write, process or approve PO’s, receipts or invoices.
• Persons with access to add or change vendor information should not handle payments of any type.
• Persons with authority to request a check or payment should not approve, sign or handle payments.
• The person(s) issuing checks should not not reconcile bank accounts.
• Ensure reconciling of accounts is done by different people within cost centers.
• Establish a separate post office box for returned checks. • Replace your company name and address on disbursement
envelopes with a simple post office box number.
![Page 5: Best in Class Controls for AP](https://reader035.vdocuments.net/reader035/viewer/2022070405/56813d08550346895da6b387/html5/thumbnails/5.jpg)
Benefits of Segregation of Duties
One of the most difficult & complex set of controls to implement, monitor and manage.
Mitigates Risk of Deliberate FraudMitigates Risk of legitimate errorsMitigates Cost of Corrective ActionOrganization’s Reputation for Integrity and Quality Enhanced
![Page 6: Best in Class Controls for AP](https://reader035.vdocuments.net/reader035/viewer/2022070405/56813d08550346895da6b387/html5/thumbnails/6.jpg)
Control of Security Object Privileges
Screens
Pages
Read vs. Change Access
Control of Multiple Security Profiles
Access to add users and change their security profiles
Controls - Financial System Access
![Page 7: Best in Class Controls for AP](https://reader035.vdocuments.net/reader035/viewer/2022070405/56813d08550346895da6b387/html5/thumbnails/7.jpg)
Controls for the Tracking and Storage of Electronic DocumentsControls Often Reside in Enterprise Departments Responsible for Emails, Documents & FilesPurchase to Pay workflow with Images and ApprovalsMake sure that images of approvals, exceptions and original documents can be accessed for External Audit and SOX Control Testing
Controls - Data Management (EDM)
![Page 8: Best in Class Controls for AP](https://reader035.vdocuments.net/reader035/viewer/2022070405/56813d08550346895da6b387/html5/thumbnails/8.jpg)
Controls - ACH/EFT vs. Paper Checks
Mitigate Risk for Paper Checks• Positive Pay
• Reverse Positive Pay
• Check Stock Handling
• Void Check Process
Mitigate Risk for ACH or EFT• Handling of file sent to Bank, Clearing House or Outsource Provider
• Access and Protection of payment file
• Bank Account Design
• Funding Process
![Page 9: Best in Class Controls for AP](https://reader035.vdocuments.net/reader035/viewer/2022070405/56813d08550346895da6b387/html5/thumbnails/9.jpg)
Controls – Establishing/On-Boarding a New Vendor
Most Critical Control for Fraud Prevention
• IRS TIN - Name Consistency• Verify Name and TIN against IRS data
• OFAC and FTO Checks• Check vendors against OFAC / FTO list and other lists
• Utilize 3rd Party Databases• Add D&B Numbers
• Add SIC or NAICS codes
• Add Credit Information
• Obtain W-9 or Substitute
• Obtain Minority Owned Business, Women Owned Business status, etc.
![Page 10: Best in Class Controls for AP](https://reader035.vdocuments.net/reader035/viewer/2022070405/56813d08550346895da6b387/html5/thumbnails/10.jpg)
Controls – Vendor Changes
Same or Greater Risk than On-Boarding a New Vendor
Vendors Must be Participative in Changes• Controls that are no longer effective
• Banks Accounts Changes (Treasury?)
• Merging Vendors
• Vendor Name Changes
![Page 11: Best in Class Controls for AP](https://reader035.vdocuments.net/reader035/viewer/2022070405/56813d08550346895da6b387/html5/thumbnails/11.jpg)
Controls – Purchase to Pay Control Continuum
Procurement
InvoiceProcessing
Accounting
CheckRequests
Vendor FileManagement
GoodsReceipt
AP is Part of a ContinuousProcure to Pay Cycle WithA Great Potential for Risk.Separation of Duties Should Look Across the Entire Cycle