Posts Tagged ‘Security’

The AP Vendor File- is it secure?

Monday, April 5th, 2010

CFO’s of major corporations or small one’s alike don’t need anything else to worry about these days. However one often overlooked area of corporate finance is the safety and integrity of the file that lists all of the approved vendors you have in accounts payable.

Why should you be concerned?  Changes to the accounts payable (AP) vendor file that are not monitored and verified can lead to corporate fraud.

One fundamental financial control that organizations have is commonly called the three way match.  In the finance and accounting world this means that a company’s purchase order is agreed to a vendor’s invoice which is in turn agreed to an employee’s receipt (acknowledgement) of goods or services from the vendor.

Organizations where edits to the AP vendor file are not monitored and verified leave themselves vulnerable to the creation of fictitious vendors which could lead to theft from the organization.

Consider the scenario where an employee that is cognizant of this weak control in the organization sets up a bank account with a name similar or the same to one of your main suppliers.  A change in the AP vendor file of the payment address for the vendor will allow this person to abscond with payments due to that vendor.  This can occur even if the company is enforcing the three-way-match.  Alternatively, a malicious employee need not be that crafty and can divert funds directly to another routing and account number combination.  In cases where collusion takes place, employees can create fake PO’s to fake companies and siphon off small amounts of money over the long term.

Most sophisticated systems allow for changes to the vendor file to be printed and audited.  Are you enforcing this important control?  Consider the segregation of duties.  Ensure that this report is reviewed by a person outside of the Procure to Pay cycle.