Standard Operating Procedure: Accounts Payable (AP) Audit

This Standard Operating Procedure (SOP) outlines the systematic audit process for the Accounts Payable function to ensure financial integrity, verify internal controls, and prevent fraudulent disbursements. This audit is designed to validate the accuracy of ledger entries, the validity of vendor relationships, and compliance with company procurement and payment policies. Regular execution of this audit is essential for maintaining accurate financial reporting and optimizing cash flow management.

1. Documentation and Vendor Verification

• Vendor Master File Review: Verify that every vendor in the system has a valid W-9 or W-8BEN on file.
• Duplicate Vendor Check: Audit the Master Vendor File for duplicate entries or multiple profiles for the same legal entity.
• Authorization Verification: Ensure that new vendor setup requests were approved by an authorized manager independent of the AP processing team.
• Inactive Vendors: Identify and flag vendors with no activity for more than 12–18 months for deactivation.

2. Invoice Processing and Approval Audit

• Three-Way Match Verification: Select a random sample of invoices and confirm the existence of a matching Purchase Order (PO), Receiving Report (or Proof of Delivery), and the Vendor Invoice.
• Approval Authority: Verify that the invoice approval matches the authorized signature/digital workflow limits established in the company’s Delegation of Authority (DOA) matrix.
• Coding Accuracy: Audit a subset of invoices to confirm that General Ledger (GL) coding aligns with the nature of the expense and the departmental budget.
• Sales Tax Compliance: Verify that sales/use tax is being calculated, accrued, or exempted correctly based on the vendor’s tax nexus and location.

3. Payment Integrity and Disbursement Controls

• Duplicate Payment Check: Run a system report to identify payments with identical invoice numbers, amounts, or dates to prevent double-funding.
• Voided/Cancelled Payments: Review the audit trail for any voided payments to ensure they were authorized and that the original invoice was properly adjusted in the system.
• Unauthorized Payment Methods: Verify that no payments were made via unapproved methods (e.g., personal credit cards, non-standard wire transfers).
• Segregation of Duties: Confirm that the person who sets up a new vendor is not the same person who processes invoices or issues payments.

4. Reconciliation and Period-End Close

• Statement Reconciliation: Randomly select 5-10 vendor statements and reconcile them against the aging report to ensure no missing invoices or unexplained credits exist.
• Aging Analysis: Review the AP Aging Report for debit balances (which may indicate overpayments or open credits) and long-outstanding invoices that require investigation.
• Accruals Review: Verify that all significant liabilities incurred but not yet invoiced have been properly accrued during the month-end closing process.

Pro Tips & Pitfalls

• Pro Tip: Leverage Data Analytics. Use VLOOKUP and Pivot Tables in Excel (or dedicated audit software) to automate the identification of duplicate payments by comparing invoice numbers and amounts across the fiscal year.
• Pro Tip: Audit the Audit Trail. Look for manual overrides in your ERP system; these are high-risk areas where internal controls are most frequently bypassed.
• Pitfall: The "Rush" Trap. Avoid the common mistake of ignoring documentation requirements for "emergency" or "rush" payments. Every payment, regardless of urgency, requires a paper trail.
• Pitfall: Ignoring Small Balances. Auditors often ignore small debit balances. These can accumulate to significant sums and often represent unapplied credits that the company is failing to reclaim.

Frequently Asked Questions (FAQ)

Q: How frequently should an AP audit be conducted? A: A full-scale audit should be performed annually. However, performing "spot checks" on a monthly or quarterly basis is highly recommended to catch systemic errors before they become significant financial risks.

Q: What is the most common finding during an AP audit? A: The most frequent finding is usually "duplicate payments" caused by vendors submitting the same invoice in different formats (e.g., PDF vs. physical mail) or internal processing errors.

Q: What should I do if I find a fraudulent transaction during the audit? A: Immediately escalate the finding to the Controller or CFO. Do not attempt to confront the vendor or the employee involved until an official internal investigation plan has been established by legal or executive leadership.