It is quite common in smaller organizations to ignore controls over the purchasing function and rely completely on the controls over vendor invoice approval and check disbursements. However, assigning proper roles over approving new vendors in the accounting system is a key control in the disbursements and payables cycle. There is a greater risk of fraudulent disbursements in these organizations because the person who approves vendors in the accounting system in many cases also approves invoices for payment to these vendors. This leaves the organization wide open for common disbursement schemes such as shell companies and personal purchases using company funds. In a shell company scheme the employee sets up a new vendor for a fictitious company they control and then approve invoice payments to this company. Personal purchases with company funds are perpetrated when the employee adds new vendors who provide the employee with personal goods or services and the employee subsequently approves invoice payments to these vendors to cover personal expenses. The person who is authorized to approve new vendors should be restricted from approving invoices. Vendor setup forms or requests can be used to document the addition and approval of new vendors to the vendor master file or list. Establishing proper access privileges in the accounting system can facilitate this process by preventing unauthorized additions, deletions or modifications. Many times the accounting system can not be configured to restrict access to the appropriate user roles. In that case it will be necessary to have the person who approves new vendors periodically review the master vendor file or list to determine that the person who approves invoices has not added any unauthorized vendors to the list. For this to be effective, the review should incorporate the built-in audit trail features in off-the-shelf accounting systems to determine what additions, deletions or modifications may have been made and subsequently concealed. For more tips on improving efficiency and reducing risk, signup for the Controlzkit newsletter here.
Segration of Duties Over Vendor Approval
Sep 17th 2009