Sunteți pe pagina 1din 24

PROCESS 5.2.

1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK
Cash may be disbursed and short pays may be resolved for goods and services never received (or in
1 Generate Invoice Payments
advance of receipt).

Cash may be disbursed and short pays may be resolved for goods and services never received (or in
2 Generate Invoice Payments
advance of receipt).

Cash may be disbursed and short pays may be resolved for goods and services never received (or in
3 Generate Invoice Payments
advance of receipt).
4 Generate Invoice Payments Misappropriations or fraudulent payments may be made.
5 Generate Invoice Payments Misappropriations or fraudulent payments may be made.

6 Generate Invoice Payments Payments may not be made timely, resulting in lost discounts and late charges.

7 Generate Invoice Payments Checks are paid in the wrong amount or to the wrong vendor.

8 Generate Invoice Payments Misappropriations or fraudulent payments may be made.

9 Generate Invoice Payments Payment may be made to the wrong person or a fraudulent/non-existent company.

10 Generate Invoice Payments Misappropriations or fraudulent payments may be made.

11 Generate Invoice Payments Misappropriations or fraudulent payments may be made.

12 Generate Invoice Payments Misappropriations or fraudulent payments may be made.


13 Generate Invoice Payments Misappropriations or fraudulent payments may be made.
14 Generate Invoice Payments Misappropriations or fraudulent payments may be made.
15 Generate Invoice Payments Misappropriations or fraudulent payments may be made.
16 Generate Invoice Payments Misappropriations or fraudulent payments may be made.

17 Generate Invoice Payments Misappropriations or fraudulent payments may be made.

Source: www.knowledgeleader.com Page 1


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK
Cash may be disbursed and short pays may be resolved for goods and services never received (or in
18 Generate Invoice Payments
advance of receipt).

Cash may be disbursed and short pays may be resolved for goods and services never received (or in
19 Generate Invoice Payments
advance of receipt).
20 Generate Invoice Payments Misappropriations or fraudulent payments may be made.
21 Generate Invoice Payments Misappropriations or fraudulent payments may be made.

Goods are received for unauthorized or invalid purchase orders and are not appropriately recorded in
22 Generate Invoice Payments
the system.

23 Generate Invoice Payments Unauthorized checks are issued.


24 Generate Invoice Payments There are misappropriations or fraudulent payments.
25 Generate Invoice Payments There are misappropriations or fraudulent payments.

26 Generate Invoice Payments There are misappropriations or fraudulent payments.

27 Generate Invoice Payments There are misappropriations or fraudulent payments.

28 Generate Invoice Payments There are misappropriations or fraudulent payments.


Invoices for goods/services are paid in advance of the due date without regard to the time value of
29 Generate Invoice Payments
money.
Invoices for goods/services are paid in advance of the due date without regard to the time value of
30 Generate Invoice Payments
money.
31 Generate Invoice Payments There are misappropriations or fraudulent payments.
32 Generate Invoice Payments There are misappropriations or fraudulent payments.
33 Generate Invoice Payments Payment discounts are not maximized.
34 Generate Invoice Payments Payment discounts are not maximized.
35 Generate Invoice Payments Payment discounts are not maximized.
Appropriate matching between invoices, receiving documents and purchase orders may not be
36 Generate Invoice Payments
performed.
37 Generate Invoice Payments There are misappropriations or fraudulent payments.

Source: www.knowledgeleader.com Page 2


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK
38 Generate Invoice Payments There are misappropriations or fraudulent payments.

39 Generate Invoice Payments There are misappropriations or fraudulent payments.

40 Initiate Purchase Orders (POs) Purchase orders, receivers and invoices are improperly processed, leading to variances.
41 Initiate Purchase Orders (POs) Purchase orders, receivers and invoices are improperly processed, leading to variances.
42 Initiate Purchase Orders (POs) An incorrect purchase order is sent to a vendor.

43 Initiate Purchase Orders (POs) Discrepancies exist between amounts on supplier invoice and supporting documents.
44 Initiate Purchase Orders (POs) An incorrect purchase order is sent to a vendor.
45 Initiate Purchase Orders (POs) An incorrect purchase order is sent to a vendor.
46 Initiate Purchase Orders (POs) An incorrect purchase order is sent to a vendor.

47 Initiate Purchase Orders (POs) An incorrect purchase order is sent to a vendor.


48 Initiate Purchase Orders (POs) Duplicate invoices are received and processed, leading to duplicate payments.
Goods are received for unauthorized or invalid purchase orders and are not appropriately recorded in
49 Initiate Purchase Orders (POs)
the system.
Employees do not complete a purchase request or an expense reimbursement is not approved by the
50 Initiate Purchase Orders (POs)
department manager.
Employees do not complete a purchase request or an expense reimbursement is not approved by the
51 Initiate Purchase Orders (POs)
department manager.
Employees do not complete a purchase request or an expense reimbursement is not approved by the
52 Initiate Purchase Orders (POs)
department manager.
53 Initiate Purchase Orders (POs) An incorrect purchase order is sent to a vendor.
54 Initiate Purchase Orders (POs) Misappropriations or fraudulent payments may be made.
Purchase order price differs from invoice price, resulting in price discrepancies that are resolved in
55 Initiate Purchase Orders (POs)
favor of the supplier.
Monitor/Check the Invoices and Report
56 Misappropriations or fraudulent payments may be made.
Discrepancies
Monitor/Check the Invoices and Report
57 Misappropriations or fraudulent payments may be made.
Discrepancies
Monitor/Check the Invoices and Report
58 Misappropriations or fraudulent payments may be made.
Discrepancies

Source: www.knowledgeleader.com Page 3


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK
Monitor/Check the Invoices and Report
59 Duties are not adequately segregated.
Discrepancies
Monitor/Check the Invoices and Report
60 Duties are not adequately segregated.
Discrepancies
Monitor/Check the Invoices and Report
61 There are discrepancies in vendor/supplier management.
Discrepancies

Monitor/Check the Invoices and Report


62 There are discrepancies in vendor/supplier management.
Discrepancies

Monitor/Check the Invoices and Report


63 There are discrepancies in vendor/supplier management.
Discrepancies

Monitor/Check the Invoices and Report


64 There are discrepancies in vendor/supplier management.
Discrepancies

Monitor/Check the Invoices and Report


65 There are discrepancies in vendor/supplier management.
Discrepancies
Monitor/Check the Invoices and Report
66 There are discrepancies in vendor/supplier management.
Discrepancies

Monitor/Check the Invoices and Report


67 Invoices are not properly authorized, complete, accurate and timely.
Discrepancies

Monitor/Check the Invoices and Report


68 Invoices are not properly authorized, complete, accurate and timely.
Discrepancies

Monitor/Check the Invoices and Report


69 Invoices are not properly authorized, complete, accurate and timely.
Discrepancies

Source: www.knowledgeleader.com Page 4


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK

Monitor/Check the Invoices and Report Appropriate matching between invoices, receiving documents and purchase orders may not be
70
Discrepancies performed.

Monitor/Check the Invoices and Report


71 Policies and procedures do not exist to support the accounts payable function.
Discrepancies
Monitor/Check the Invoices and Report
72 Policies and procedures do not exist to support the accounts payable function.
Discrepancies
Monitor/Check the Invoices and Report
73 Policies and procedures do not exist to support the accounts payable function.
Discrepancies
Monitor/Check the Invoices and Report
74 Policies and procedures do not exist to support the accounts payable function.
Discrepancies
Monitor/Check the Invoices and Report
75 Policies and procedures do not exist to support the accounts payable function.
Discrepancies

Monitor/Check the Invoices and Report


76 Policies and procedures do not exist to support the accounts payable function.
Discrepancies

Monitor/Check the Invoices and Report


77 Policies and procedures do not exist to support the accounts payable function.
Discrepancies

Monitor/Check the Invoices and Report


78 Duties are not adequately segregated.
Discrepancies

Monitor/Check the Invoices and Report


79 Duties are not adequately segregated.
Discrepancies

Monitor/Check the Invoices and Report


80 There is inadequate safeguarding of accounts payable documents.
Discrepancies
Monitor/Check the Invoices and Report
81 Misappropriations or fraudulent payments may be made.
Discrepancies

Monitor/Check the Invoices and Report


82 Misappropriations or fraudulent payments may be made.
Discrepancies

Monitor/Check the Invoices and Report


83 Suppliers are paid an inaccurate amount due to improper tracking of account balances.
Discrepancies

Source: www.knowledgeleader.com Page 5


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK
Monitor/Check the Invoices and Report
84 Suppliers are paid an inaccurate amount due to improper tracking of account balances.
Discrepancies

Monitor/Check the Invoices and Report


85 There are discrepancies in vendor/supplier management.
Discrepancies
Monitor/Check the Invoices and Report
86 There are discrepancies in vendor/supplier management.
Discrepancies

Monitor/Check the Invoices and Report


87 There are discrepancies in vendor/supplier management.
Discrepancies

Monitor/Check the Invoices and Report


88 There is inadequate safeguarding of accounts payable documents.
Discrepancies

Monitor/Check the Invoices and Report


89 There is inadequate safeguarding of accounts payable documents.
Discrepancies

Monitor/Check the Invoices and Report


90 Invoices are not properly authorized, complete, accurate and timely.
Discrepancies

Monitor/Check the Invoices and Report


91 Invoices are not properly authorized, complete, accurate and timely.
Discrepancies

Monitor/Check the Invoices and Report


92 Invoices are not properly authorized, complete, accurate and timely.
Discrepancies

Monitor/Check the Invoices and Report


93 There is inadequate safeguarding of accounts payable documents.
Discrepancies

Monitor/Check the Invoices and Report


94 Misappropriations or fraudulent payments may be made.
Discrepancies

Monitor/Check the Invoices and Report


95 Invoices are not properly authorized, complete, accurate and timely.
Discrepancies

Monitor/Check the Invoices and Report Unauthorized, fictitious or improper commitments or expenses may be incurred without management's
96
Discrepancies knowledge or approval.
Monitor/Check the Invoices and Report Unauthorized, fictitious or improper commitments or expenses may be incurred without management's
97
Discrepancies knowledge or approval.
Monitor/Check the Invoices and Report Unauthorized, fictitious or improper commitments or expenses may be incurred without management's
98
Discrepancies knowledge or approval.

Source: www.knowledgeleader.com Page 6


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK
Monitor/Check the Invoices and Report
99 There is inadequate safeguarding of accounts payable documents.
Discrepancies
Monitor/Check the Invoices and Report
100 There is inadequate safeguarding of accounts payable documents.
Discrepancies
Monitor/Check the Invoices and Report
101 There is inadequate safeguarding of accounts payable documents.
Discrepancies
Monitor/Check the Invoices and Report Goods are received for unauthorized or invalid purchase orders and are not appropriately recorded in
102
Discrepancies the system.
Monitor/Check the Invoices and Report
103 Invoices are not properly authorized, complete, accurate and timely.
Discrepancies
Monitor/Check the Invoices and Report
104 Invoices are not properly authorized, complete, accurate and timely.
Discrepancies
Monitor/Check the Invoices and Report
105 Quantities received differ from quantities billed on the invoice.
Discrepancies

Monitor/Check the Invoices and Report


106 Payment may be made to the wrong person or a fraudulent/non-existent company.
Discrepancies

Monitor/Check the Invoices and Report


107 Payment may be made to the wrong person or a fraudulent/non-existent company.
Discrepancies
Monitor/Check the Invoices and Report Payable and related accounts may be misstated because of incorrect adjustments or incorrect
108
Discrepancies reclassifications of distributed amounts.
Monitor/Check the Invoices and Report
109 Misappropriations or fraudulent payments may be made.
Discrepancies
Monitor/Check the Invoices and Report
110 Misappropriations or fraudulent payments may be made.
Discrepancies
Monitor/Check the Invoices and Report
111 There are discrepancies in vendor/supplier management.
Discrepancies

Monitor/Check the Invoices and Report


112 There are discrepancies in vendor/supplier management.
Discrepancies

Monitor/Check the Invoices and Report


113 There are discrepancies in vendor/supplier management.
Discrepancies
Monitor/Check the Invoices and Report Goods are received for unauthorized or invalid purchase orders and are not appropriately recorded in
114
Discrepancies the system.
Monitor/Check the Invoices and Report
115 Unauthorized checks are issued.
Discrepancies

Source: www.knowledgeleader.com Page 7


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK
Monitor/Check the Invoices and Report Payable and related accounts may be misstated because of incorrect adjustments or incorrect
116
Discrepancies reclassifications of distributed amounts.
Monitor/Check the Invoices and Report
117 There are discrepancies in vendor/supplier management.
Discrepancies
Monitor/Check the Invoices and Report
118 Discrepancies exist between amounts on supplier invoice and supporting documents.
Discrepancies
Monitor/Check the Invoices and Report
119 Discrepancies exist between amounts on supplier invoice and supporting documents.
Discrepancies
Monitor/Check the Invoices and Report
120 There are discrepancies in vendor/supplier management.
Discrepancies
Monitor/Check the Invoices and Report Invoices for goods/services are paid in advance of the due date without regard to the time value of
121
Discrepancies money.
Monitor/Check the Invoices and Report
122 Quantities received differ from quantities billed on the invoice.
Discrepancies
Monitor/Check the Invoices and Report
123 Detail activity may be incorrectly posted in the subsidiary ledger.
Discrepancies
Monitor/Check the Invoices and Report
124 Payment may be made to the wrong person or a fraudulent/non-existent company.
Discrepancies
Monitor/Check the Invoices and Report
125 Payment may be made to the wrong person or a fraudulent/non-existent company.
Discrepancies
Monitor/Check the Invoices and Report
126 A user may edit, modify or delete a matched invoice.
Discrepancies
Monitor/Check the Invoices and Report
127 A user may edit, modify or delete a matched invoice.
Discrepancies
Monitor/Check the Invoices and Report
128 A user may edit, modify or delete a matched invoice.
Discrepancies
Monitor/Check the Invoices and Report
129 Special terms are not taken into account.
Discrepancies
Monitor/Check the Invoices and Report
130 Special terms are not taken into account.
Discrepancies
Monitor/Check the Invoices and Report
131 Special terms are not taken into account.
Discrepancies
Monitor/Check the Invoices and Report
132 There are discrepancies in vendor/supplier management.
Discrepancies
Monitor/Check the Invoices and Report
133 An adequate audit trail may not be available.
Discrepancies

Source: www.knowledgeleader.com Page 8


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK
Monitor/Check the Invoices and Report
134 Unauthorized checks are issued.
Discrepancies
Monitor/Check the Invoices and Report
135 Unauthorized checks are issued.
Discrepancies
Monitor/Check the Invoices and Report
136 Payment may be disbursed for goods and services not received.
Discrepancies
Receive and Input Invoices into the Company’s
137 Invoices are not properly authorized, complete, accurate and timely.
Systems/Log Books
Receive and Input Invoices into the Company’s
138 Invoices are not properly authorized, complete, accurate and timely.
Systems/Log Books
Receive and Input Invoices into the Company’s
139 Invoice does not match the receiver documents.
Systems/Log Books
Receive and Input Invoices into the Company’s Appropriate matching between invoices, receiving documents and purchase orders may not be
140
Systems/Log Books performed.

Receive and Input Invoices into the Company’s


141 Invoices are not properly authorized, complete, accurate and timely.
Systems/Log Books

Receive and Input Invoices into the Company’s


142 Invoices are not properly authorized, complete, accurate and timely.
Systems/Log Books
Receive and Input Invoices into the Company’s
143 Invoices are not properly authorized, complete, accurate and timely.
Systems/Log Books
Receive and Input Invoices into the Company’s
144 Invoices are not properly authorized, complete, accurate and timely.
Systems/Log Books
Receive and Input Invoices into the Company’s
145 Invoices are not properly authorized, complete, accurate and timely.
Systems/Log Books

Receive and Input Invoices into the Company’s


146 Invoices are not properly authorized, complete, accurate and timely.
Systems/Log Books

Receive and Input Invoices into the Company’s


147 Discrepancies exist between amounts on supplier invoice and supporting documents.
Systems/Log Books
Receive and Input Invoices into the Company’s
148 An open, unresolved invoice may not be posted by the closing deadline.
Systems/Log Books

Source: www.knowledgeleader.com Page 9


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK
Receive and Input Invoices into the Company’s
149 An open, unresolved invoice may not be posted by the closing deadline.
Systems/Log Books
Receive and Input Invoices into the Company’s
150 Invoices are not properly authorized, complete, accurate and timely.
Systems/Log Books
Receive and Input Invoices into the Company’s
151 There is a discrepancy between the amounts on the supplier invoice and supporting documents.
Systems/Log Books

Receive and Input Invoices into the Company’s


152 There is a discrepancy between the amounts on the supplier invoice and supporting documents.
Systems/Log Books

Receive and Input Invoices into the Company’s


153 There is a discrepancy between the amounts on the supplier invoice and supporting documents.
Systems/Log Books
Receive and Input Invoices into the Company’s
154 There is a discrepancy between the amounts on the supplier invoice and supporting documents.
Systems/Log Books
Receive and Input Invoices into the Company’s Invoices may be received but never reported or reported inaccurately; this could result in a
155
Systems/Log Books misstatement of unrecorded liabilities.

Receive and Input Invoices into the Company’s Invoices may be received but never reported or reported inaccurately; this could result in a
156
Systems/Log Books misstatement of unrecorded liabilities.

Receive and Input Invoices into the Company’s Invoices may be received but never reported or reported inaccurately; this could result in a
157
Systems/Log Books misstatement of unrecorded liabilities.
Receive and Input Invoices into the Company’s
158 There is a discrepancy between the amounts on the supplier invoice and supporting documents.
Systems/Log Books
Receive and Input Invoices into the Company’s
159 Quantities received differ from quantities billed on the invoice.
Systems/Log Books
Receive and Input Invoices into the Company’s
160 Quantities received differ from quantities billed on the invoice.
Systems/Log Books
Receive and Input Invoices into the Company’s
161 An open, unresolved invoice may not be posted by the closing deadline.
Systems/Log Books
Receive and Input Invoices into the Company’s
162 An open, unresolved invoice may not be posted by the closing deadline.
Systems/Log Books
Receive and Input Invoices into the Company’s
163 Duplicate invoices are received and processed, leading to duplicate payments.
Systems/Log Books
Receive and Input Invoices into the Company’s
164 An open, unresolved invoice may not be posted by the closing deadline.
Systems/Log Books

Source: www.knowledgeleader.com Page 10


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK
Receive and Input Invoices into the Company’s
165 Invoices are not properly authorized, complete, accurate and timely.
Systems/Log Books
Receive and Input Invoices into the Company’s
166 Tax data (state and local tax [SALT], etc.) associated with an invoice is not accurate and complete.
Systems/Log Books
Reconcile the General Ledger and Check the
167 Data inconsistency may exist between accounts payable and the general ledger.
Balance Sheet
Reconcile the General Ledger and Check the
168 Data inconsistency may exist between accounts payable and the general ledger.
Balance Sheet

Reconcile the General Ledger and Check the


169 Data inconsistency may exist between accounts payable and the general ledger.
Balance Sheet

Reconcile the General Ledger and Check the


170 Data inconsistency may exist between accounts payable and the general ledger.
Balance Sheet
Reconcile the General Ledger and Check the
171 Data inconsistency may exist between accounts payable and the general ledger.
Balance Sheet

Reconcile the General Ledger and Check the


172 Data inconsistency may exist between accounts payable and the general ledger.
Balance Sheet

Reconcile the General Ledger and Check the


173 Data inconsistency may exist between accounts payable and the general ledger.
Balance Sheet
Reconcile the General Ledger and Check the Payable and related accounts may be misstated because of incorrect adjustments or incorrect
174
Balance Sheet reclassifications of distributed amounts.
Reconcile the General Ledger and Check the
175 Data inconsistency may exist between accounts payable and the general ledger.
Balance Sheet
Reconcile the General Ledger and Check the
176 Data inconsistency may exist between accounts payable and the general ledger.
Balance Sheet
Reconcile the General Ledger and Check the Goods are received for unauthorized or invalid purchase orders and are not appropriately recorded in
177
Balance Sheet the system.
Reconcile the General Ledger and Check the Adjustments may be approved that are not acceptable to management; this could affect operating
178
Balance Sheet results adversely and result in dissatisfied vendors and/or unrecorded liabilities.

Reconcile the General Ledger and Check the Adjustments may be approved that are not acceptable to management; this could affect operating
179
Balance Sheet results adversely and result in dissatisfied vendors and/or unrecorded liabilities.

Reconcile the General Ledger and Check the Adjustments may be approved that are not acceptable to management; this could affect operating
180
Balance Sheet results adversely and result in dissatisfied vendors and/or unrecorded liabilities.

Source: www.knowledgeleader.com Page 11


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)


NO. PROCESS RISK
Reconcile the General Ledger and Check the
181 Detail activity may be incorrectly posted in the subsidiary ledger.
Balance Sheet
Reconcile the General Ledger and Check the Adjustments may be approved that are not acceptable to management; this could affect operating
182
Balance Sheet results adversely and result in dissatisfied vendors and/or unrecorded liabilities.
Reconcile the General Ledger and Check the Adjustments may be approved that are not acceptable to management; this could affect operating
183
Balance Sheet results adversely and result in dissatisfied vendors and/or unrecorded liabilities.
Reconcile the General Ledger and Check the Adjustments may be approved that are not acceptable to management; this could affect operating
184
Balance Sheet results adversely and result in dissatisfied vendors and/or unrecorded liabilities.
Reconcile the General Ledger and Check the Adjustments may be approved that are not acceptable to management; this could affect operating
185
Balance Sheet results adversely and result in dissatisfied vendors and/or unrecorded liabilities.
Reconcile the General Ledger and Check the
186 Detail activity may be incorrectly posted in the subsidiary ledger.
Balance Sheet
Reconcile the General Ledger and Check the
187 Detail activity may be incorrectly posted in the subsidiary ledger.
Balance Sheet
Reconcile the General Ledger and Check the
188 An open, unresolved invoice may not be posted by the closing deadline.
Balance Sheet
Reconcile the General Ledger and Check the Adjustments may be approved that are not acceptable to management; this could affect operating
189
Balance Sheet results adversely and result in dissatisfied vendors and/or unrecorded liabilities.

Source: www.knowledgeleader.com Page 12


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION
An accounts payable staff member compares the invoice to the open purchase order and receipt of
goods or services.
Invoice approval is received at the department level. The central supply warehouse manager validates
all receipts entered into the system/software at the central supply warehouse.

The duplicate payments option prevents the generation or editing of a duplicate payment number by
displaying an error when a preexisting invoice number is entered for the same vendor during voucher
creation.
The accounts payable supervisor reviews the Proposal for Payment Report weekly for unusual items.
Access to Auto Signature is restricted.
The open voucher summary report within the system/software identifies open voucher amounts, due
dates and required pay amounts by vendor/to vendors. The system/software also provides a voucher
aging report that gives management the ability to monitor the aging of entered vouchers. Payment due
dates are calculated based on the invoice date and the terms of the invoice. Upon performing the check
run process, payments are made for all vouchers due. Accounts payable management personnel
monitor the system/software’s accounts payable reports on a regular basis.

Printed checks are submitted with the invoice/purchase order to the controller and another officer for
comparison and approval. They cannot be mailed without the signature of the concerned officers.
The bank is provided with a listing of all issued checks and amounts to compare to all checks received
at the bank. The bank only pays the checks on the listing and matches the amounts.
The company utilizes a vendor certification program and inspects incoming receipts in accordance with
its plan.
The company communicates its policy to vendors informing them that it only pays for goods received.
Discrepancies between quantity shipped vs. billed are short paid.
All checks go through a quality review after being cut and before being distributed to ensure that the
amount is correct and supplier information is accurate and complete.
Only the accounts payable coordinator/the accounts payable concerned personnel can process
manual/reprinted checks.
The manager of accounting operations reviews all checks over a certain amount.
Debit balances in the accounts payable subsidiary ledger are promptly investigated and, if necessary,
refunds are obtained from vendors.
Disbursements are drawn on a zero balance account.
Voided checks are stamped "VOID" to prevent reuse and filed for subsequent inspection.
A pay system is used to electronically inform the bank of all checks issued in order to prevent payment
on forged checks or stolen check stock. Access to the positive pay system is limited to the appropriate
individuals who have been authorized by management.

Source: www.knowledgeleader.com Page 13


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION
The company has established tolerances for commodity purchases as appropriate. Receipts in excess
of the tolerances may be returned to the vendor.
Critical forms (e.g., check requests, adjustment forms and checks) are prenumbered and controlled.
The system generates the next check number, which must match the check number in the routing code
at the bottom of the check.
Only managers can review, approve and code professional services and capital invoices for payment.
Purchase cost files are maintained and current. The company has a policy to only pay the purchase
order price regardless of the price on the invoice.
For all purchased goods, the invoice(s) received are routed to the initiator of the purchase for review
and approval for payment processing. The initiator of the purchase monitors the contract for
compliance, performance and costs.
If there are any errors on the check, the check is voided and a new check is printed after the
accounting manager’s, controller's, or assistant controller's review and approval.
The company has controls to account for all checks.
User access is designed and configured to support the segregation of duties between procurement,
receiving, invoice processing, payment processing and the vendor master.
A currency threshold is established for checks requiring two signatures (either two manual signatures or
one manual signature and one computer-generated signature).
The proper coding of invoices and automatic accounting instructions (AAIs) have been set up to
automatically recognize the appropriate accounts that are required for a specific batch transaction.
Checks are automatically prepared by computer based on the scheduled payment date entered when
the voucher is processed.
Checks are released for payment based on the due date within the software/system.

Payments within accounts payable designated as blocked are not able to be processed.
All blank checks are kept in a locked drawer where only the accounting manager, assistant controller
and controller have access.
Vouchers of physical invoices are matched with the check register.
The treasury/cash manager coordinates with accounts payable as necessary for discounts.
Special discounts can be specified on an individual invoice basis.
The software/system automatically takes discounts as defined in the supplier master file for each
individual invoice processed.
A limited number of suppliers are authorized for automatic release of payment. Tolerance levels are
established for these vendors.
All supplier payments (except petty cash disbursements) are processed through the software/system.

Source: www.knowledgeleader.com Page 14


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION
Source documentation (checks, vouchers, etc.) is perforated, voided or otherwise cancelled to prevent
reuse.
The disbursement process is automated to generate checks based on invoice payment due date and
post the appropriate accounting entries.
The concerned personnel prepare weekly, monthly and quarterly trend analyses on the volume and
percentage of variances to monitor processing integrity for continuous improvement.
Purchasing agents review an open purchase order listing on a regular basis.
Purchase orders are reviewed for accuracy and approved by an officer before they are submitted by the
purchasing manager (PM).
Exception reporting and investigation of processed invoices that vary from purchase orders or other
criteria by more than pre-established limits exist.
The system/software requires that all fields are completed to initiate a purchase order.
Generation of purchase orders is restricted to appropriate personnel.
Changes to purchase orders are reviewed and approved by management prior to mailing to the
supplier/vendor.
The staff member who initiates the initial purchase order is responsible for comparing rates and other
important information to vendor contracts.
The system closes a purchase order once goods and services are received.
Access to create a return order is restricted to authorized personnel.

Employee expense reimbursements are approved by the employee’s manager.


The approver reviews the PO Request Form against the department’s approved budget for the year to
be sure that the purchase is within the current year's spending budget.
Purchase requests are approved with a signature in accordance with the PO Approval Matrix. The
initiator is responsible for obtaining the appropriate approval for the purchase request.
The accounting manager reviews the PO Request Form, checks the account coding and signs off on
the PO Request Form.
Non-budgeted items exceeding a certain limit set by the company are approved by the CFO.
HOLDs (Account, Funds, Invoice, Matching, Variance) are utilized for non-matching invoices.
The corporate controller reviews the Proposal for Payment Report and supporting documentations,
including invoice and approval.
Accounts payable personnel review all checks with supporting documentations.
Accounts payable personnel review all aging reports monthly for credit balances or long outstanding
items and resolve any issues.

Source: www.knowledgeleader.com Page 15


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION
Limited personnel have the authority to change vendor master information, supplier terms, variances
etc.
Roles are segregated in the system/software where individuals responsible for modifying supplier
information can not process payments and invoices.
The system/software automatically assigns a unique vendor number based on the configuration of next
numbers. It does not allow a duplicate number to be assigned.
A designated accounts payable clerk reviews vendor transmittal requests and supporting
documentation (e.g., business cards, invoices, etc.) to determine the validity of the vendor. A
designated clerk is authorized to create the vendor master record following the review for validity.
Following the creation of the vendor record, a vendor change report is generated and compared to the
original transmittal by another lead accounts payable clerk to ensure data accuracy. The vendor change
report and original transmittal are maintained for periodic review by a supervisor.
A vendor transmittal request is submitted by an authorized party to change the status of the vendor to
HOLD. The authorized accounts payable clerk facilitates the change in the system and notes the
reason for the hold. The general accounting manager monitors and approves vendor hold transactions.

The system/software requires a payment to be issued against a valid vendor/supplier within the system.

The company utilizes a vendor performance program which monitors product quantity, delivery
performance, order quality and order fill rates.
Accounts payable access to vendor master files is restricted to select data fields (address, phone,
terms, etc.).
The appropriate authorizations are documented and maintained online for review by the accounts
payable clerks. In addition, copies of authorizing signatures are maintained and available to the clerks
in the event a signature is in question.
Upon completion of invoice entry, a clerk compares the input batch detail to the actual invoices to
identify key errors.
For voucher processing, the voucher amount is entered on both the voucher and general ledger
screens. If one of these amounts is entered incorrectly, an error occurs. A contingency audit is
performed on a regular basis to identify over/under payments. The system/software performs a check
for duplicate invoice numbers.

Source: www.knowledgeleader.com Page 16


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION

The system/software provides for matching of purchase orders, receipts and invoices for central supply.
Payment can not be processed on unmatched documents.
Units of measure conversion tables are used to ensure proper matching of purchase orders and
invoices, as many vendors use a different unit of measure for the same product. Additionally, the
purchasing department reviews purchase orders to ensure that the appropriate unit of measure is used.

A formal policies and procedures document exists to guide the accounts payable process.

Policies and procedures are established to define approval limits and authorization requirements.
The company has a cash management policy which is clearly communicated to the accounts payable
function. Such a policy is reflected in the accounts payable system configuration.
Formal procedures exist that ensure that expenditures are approved before committing funds in
accordance with management directives.
All contractual agreements are subject to corporate and/or legal review in accordance with local or
corporate directives or guidance.
Procedures provide for review of purchase orders to ensure completeness of critical information
necessary to execute purchases and subsequent receipt and payment (e.g., vendor, prices, quantities,
terms of payment, part numbers, descriptions, etc.).
Procedures provide for processing of original vendor invoices only. Payments are not processed from
faxed copies of invoices or vendor statements.
A range of disbursement numbers is entered into the system before the checks are printed. After
printing the checks, the purchasing manager checks the last disbursement number of the input range
with the last check printed.
A purchase authorization list is maintained that specifies the type of expenditures and limits in which
individuals have authority to commit the company. These authorization criteria may be maintained
manually and/or within system applications.

All accounts payable-related documents are kept in a secure facility in the purchase manager's office.

Requests for manual/quick checks are signed/approved by supervisors.

Vendor names, prices and quantities from invoices are matched to receiving documents and purchase
orders by an individual independent of the purchasing and receiving functions. Discrepancies are
resolved prior to processing.
A system link is set up for contra accounts to track payables and receivables associated with the same
supplier.

Source: www.knowledgeleader.com Page 17


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION
Debit memos are logged in the software/system and associated with the appropriate supplier, allowing
the software/system to show only the net amount due to that supplier.

Federal tax ID numbers are required for all suppliers.


Duplicate federal tax ID numbers/vendors or supplier ID numbers are investigated by the accounts
payable clerk.
When a new supplier is entered, the system/software performs a check against the existing supplier
master to confirm that the new request does not match a supplier already in the system. It will present
an on-screen alert message if a duplicate is found.
All invoices received are maintained by the accounts payable group indefinitely (a certain number of
years onsite followed by maintenance in an offsite facility).

All vendor/supplier request forms are maintained after they have been entered into the
system/software. Electronic versions are maintained in the online facility and printed versions are
maintained onsite by the corporate accounts payable group.
Subsidiaries review and approve invoices before sending to accounts payable for payment, thus
acknowledging receipt of goods or services.
Only original invoices are accepted by the accounts payable group for processing of payment.
Faxed/emailed copies are not processed, unless specifically approved by the accounts payable
supervisor.
Once an invoice has been approved and cleared in the system/software, access to make changes to
the related invoice (without the need for a new check) is only granted by IT.
Receipt of a good or service is logged on the associated purchase order in the software/system, which
is referenced at the time of payment approval.

Finance management reviews all check registers for appropriateness.

Department managers are responsible for the review and accuracy of all purchase requisitions that are
released from their areas. They are responsible for ensuring that requisitions are accurate and
complete.
Purchase commitments are made on the basis of authorized requisitions from user departments,
established contracts, established inventory reorder points or work order material requirements.
The system automatically sorts invoices by their payment due date to ensure proper issuance by the
accounts payable department.
Actual expenditures are compared to budget regularly; management reviews and approves significant
variances.

Source: www.knowledgeleader.com Page 18


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION
Management performs a review of accruals at month end and a checklist is signed off by the reviewer.
Corporate accountants email all applicable departments requesting support for all accruals or credits to
be booked for the current month.
Accounts payable clerks regularly send out notifications to all accountants informing them of any
invoices over $X that have not been processed in accounts payable.
Once goods arrive, appropriate personnel complete a receiving report and scan the items into the stock
system timely and accurately.
Invoices without a purchase order that are not approved via an automated workflow must be approved
by appropriate management prior to payment.
Invoices are paid after three-way match or approval of invoice.
The company has established tolerances for commodity purchases as appropriate. Receipts in excess
of the tolerances may be returned to the vendor.
Critical forms (e.g., check requests, adjustment forms and checks) are prenumbered and controlled.
The system generates the next check number, which must match the check number in the routing code
at the bottom of the check.

Managers must review, approve and code professional services and capital invoices for payment.

Documented cut-off and period-end closing procedures are adhered to.

Non-budgeted items exceeding a certain limit set by the company are approved by the CFO.
For capital expenditures, the PO Request Form is reviewed, approved and signed by the department
director and the department VP.
The vendor listing is maintained in a vendor master file to ensure all vendors are valid vendors.

If the vendor is not included in the company’s vendor master file, then the accounts payable specialist
fills out a New Vendor Form and sends the New Vendor Form together with the invoice package to the
accounting manager for review and approval.
The vendor master file is reviewed on an annual basis by the accounting manager to ensure only valid
vendors are in active status.
The accounts payable specialist matches the invoice to the purchase order and transcribes the account
code, department code and product number onto the invoice.
All blank checks are kept in a locked drawer where only the accounting manager, assistant controller
and controller have access.

Source: www.knowledgeleader.com Page 19


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION
User access is designed and configured to support the segregation of duties between procurement,
receiving, invoice processing, payment processing and the vendor master.
All supplier information in the vendor master file is appropriately captured as per the laws/regulations,
circulars, etc. of a specific region (example: 1099 series reporting).
Checks are automatically prepared by computer based on the scheduled payment date entered when
the voucher is processed.
HOLDs (Account, Funds, Invoice, Matching, Variance) are utilized for non-matching invoices.

Suppliers are established within the software's system upon finalization of procurement procedures.

Payments within accounts payable designated as blocked are not able to be processed.

Payment stubs detailing invoice payments, discounts taken and short pay are provided with the checks.

The general ledger accounts are posted through the system/software cross-validation rules.

Cost center managers are responsible for review of monthly costs.


The software/system systematically generates the journal entry upon completion of the payables check
run.
The software/system logs user entry activity, including time stamp and entry activity.
Rights are restricted within the accounts payable user structure to limit powerful commands (batch
approvals, add/del/mod/invoice, etc.).
Workflow notifications are used to report any modifications to existing suppliers' key fields, remittance
info, etc.
The treasury/cash management manager coordinates with accounts payable as necessary for
discounts.
Special discounts can be specified on an individual invoice basis.
The software/system automatically takes discounts as defined in the supplier master file for each
individual invoice processed.
Standardized supplier setup forms with all required data fields are used.

All invoice batches are entered with a standard naming convention.

Source: www.knowledgeleader.com Page 20


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION
Electronic signatures/authorization stamps are appropriately secured.
Source documentation (checks, vouchers, etc.) is perforated, voided or otherwise cancelled to prevent
reuse.
The disbursement process is automated to generate checks based on invoice payment due date and
post the appropriate accounting entries.
Invoices are approved by appropriate personnel in accordance with the Authority Limit Table for proper
functioning.
The concerned/appropriate personnel of each business unit periodically reviews and updates the
Authority Limit Table.
Periodically, a report is prepared and the exceptions are analyzed and investigated by the accounts
payable supervisor and reported to the accounts payable manager.
When matching the receiver and invoice in the system, the accounts payable clerk must enter a valid
purchase order number.
Invoice approval is received at the department level. Authorized personnel within the department review
the invoices and sign them, indicating that they are valid and approved for payment. Upon receipt,
invoices are date/time stamped for tracking purposes.
The accounts payable clerks review the invoices, noting that appropriate approval was obtained and
that proper coding was assigned prior to entry into the system. The system/software requires the
appropriate manager (as defined by the "Approved By" list) to change the batch of goods status from
pending to approved in order for the batch to post.
Special attention will be made on the decimal point entry procedures. The system/software has been
configured to display a warning message reminding users to input the decimal point.
All checks over a certain amount as directed by the company are copied and routed to accounts
payable to match with the applicable voucher.
The invoices are coded and password protected to ensure protection of the invoices.

Invoices are checked for mathematical accuracy.

Processing procedures provide for input verification of critical voucher fields (e.g., vendor, invoice
amount, account coding, quantities, part number, etc.) through manual batch controls, edit exception
reports and/or online system edits.

Suppliers of goods/services are instructed to forward invoices directly to accounts payable.


The software/system tracks all open invoice issues and is reviewed by the accounts payable supervisor
at the end of each month to ensure open items are cleared.

Source: www.knowledgeleader.com Page 21


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION
Invoices which are held from payment due to system or processing errors are required to be resolved
within a certain number of days.
Invoices and new supplier requests are required to be processed by the accounts payable group within
a specific number of hours of receipt of the invoice/requests at the corporate location.
The company has established tolerances for commodity purchases, as appropriate receipts in excess
of the tolerances may be returned to the vendor.
Critical forms (e.g., check requests, adjustment forms and checks) are prenumbered and controlled.
The system generates the next check number, which must match the check number in the routing code
at the bottom of the check.

Trends in amounts and types of adjustments are periodically analyzed.


Purchase cost files are maintained and current. The company has a policy to only pay the purchase
order price, regardless of the price on the invoice.
The accounts payable specialist stamps the invoice with the date that it was received once received.

The accounts payable specialist sends out a reminder before month-end close to all employees
reminding them to submit all expense reports or advise on the estimated amounts to accrue for
unprocessed travel and expenses. The accounts payable specialist creates a journal entry for all
unprocessed invoices and the accounting manager reviews this journal entry for the open invoice
accrual account.
Receiving enters all receipts only against an open purchase order in the system. The purchase order
receiver processing options have been configured to receive by purchase order.
Regular reporting, investigation, and follow-up on backlog of unprocessed vendor invoices, receiving
reports, or rejected data is conducted.
HOLDs (Account, Funds, Invoice, Matching, Variance) are utilized for non-matching invoices.
A tolerable limit above the purchase order per-unit cost is accepted to minimize minor cost variances
(e.g., tax calculations). These items are reviewed by management for appropriateness.
Workflow notifications are used to report any modifications to existing suppliers' key fields, remittance
info, etc.
Error messages by the system indicate greater than acceptable tolerance levels, etc.
The software/system functionality does not permit duplicate invoice numbers; unique transaction IDs
are generated.
Invoices without purchase orders are routed to the appropriate cost center manager for resolution.

Source: www.knowledgeleader.com Page 22


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION
Invoices are only entered for vendors that exist on the approved suppliers list (ASL) in the
system/software.
Tax data is captured at point of entry.

Accounts payable personnel periodically reconcile payments to the general ledger.

The corporate controller reviews the accounts payable reconciliations monthly.

A monthly reconciliation of the accounts payable subledger and the general ledger balance is prepared
by the concerned personnel. All variances over a certain amount are explained and all non-standard
journal entries are reviewed by the concerned personnel.

Any adjustments to accounts payable are reviewed by the controller and posted to the general ledger.
Shipments are checked against packing slips, which are signed by receiving parties and then compared
to the invoices and purchase orders.
The project manager, using a chart of accounts, adds the general ledger account code to every invoice
when it is paid. Before the check can be printed, this the general ledger code must be entered,
automatically updating the general ledger. the general ledger code appearing on the invoice is then
reviewed by the concerned signing officers before the check is signed.
An individual who does not process, authorize or disburse accounts payable is assigned to reconcile
the accounts payable bank account each month.
Payables are not offset against receivables unless first approved by management.

The accounts payable subsidiary ledger is reconciled with the general ledger.

The accounts payable manager reconciles the accounts payable suspense account regularly.
Where applicable, the system performs a match between the purchase order and scanned goods
received prior to release of the inventory to post in the general ledger.
The company has established tolerances for commodity purchases as appropriate. Receipts in excess
of the tolerances may be returned to the vendor.
Critical forms (e.g., check requests, adjustment forms and checks) are prenumbered and controlled.
The system generates the next check number, which must match the check number in the routing code
at the bottom of the check.

Only managers can review, approve and code professional services and capital invoices for payment.

Source: www.knowledgeleader.com Page 23


PROCESS 5.2.1: PROCESS ACOUNTS PAYABLE RISK AND CONTROL MATRIX (RCM)

CONTROL DESCRIPTION
Documented cut-off and period-end closing procedures are adhered to.

Trends in amounts and types of adjustments are periodically analyzed.


User access is designed and configured to support the segregation of duties between procurement,
receiving, invoice processing, payment processing and the vendor master.
Regular reporting, investigation and follow-up on backlog of unprocessed vendor invoices, receiving
reports or rejected data occurs.
A currency threshold is established for checks requiring two signatures (either two manual signatures or
one manual signature and one computer-generated signature).
The general ledger accounts are posted through the system/software cross-validation rules.
Source documentation (checks, vouchers, etc.) is perforated, voided or otherwise cancelled to prevent
reuse.
Payments are posted prior to being released for payment.
The disbursement process is automated to generate checks based on invoice payment due date and
post the appropriate accounting entries.

Source: www.knowledgeleader.com Page 24