Accounts Payable Internal Control Checklist
Published: | Time to read: 7 minutes

Accounts Payable Internal Control Checklist

Matt Wald
Author:Matt Wald

An accounts payable internal control checklist allows you, as the CFO or controller of your organization, to achieve the goal of strong internal controls.

Accounts payable is one of the most vulnerable areas for fraud for any business. And errors or fat finger mistakes can cost your business money, time and embarrassment.

AP must be managed effectively. So having strong controls, proper processes and procedures, checklists and regular audits is essential.

Same Content in Video Format

We know that some people are visual learners. So we created this video with the same content as the article below it.

AP Internal Control Checklist

Here is your AP internal control checklist. Click on any of them to read more details.

Get a free consultation with an AP automation expert today!

Obligation to Pay Controls

Obligation to pay controls are your front line defense against fraud and mistakes in the AP department.

These controls ensure that the right amount gets paid to the right person or entity.

This section of the checklist can be broken down into four specific controls:

  • PO approval
  • Invoice approval
  • Three-way matching
  • Duplicate payment search

PO Approval Control

The PO purchase process provides improved accuracy in both inventory and financial management. It provides for better planning and budgeting, since funds need to be available before a PO is issued.

It’s also allows for faster delivery since POs help vendors schedule production and/or delivery when the buyer needs it.

PO approvals are a critical component of the PO process, but manual PO approval processes provide poor internal controls and can result in fraud, errors and missed opportunities.

On the other hand, automating PO approvals creates an easily auditable paper trail and provides massive efficiencies to the PO approval process.

Using AP automation, managers approve POs from anywhere in the world on any device with a single click. That’s why managers and executives love PO automation.

AP automation also provides total transparency into the approval process for each and every PO.

Invoice Approval Control


Invoices must be paid. This is relatively simple in a PO process because the PO has already been approved.

But there is no pre-approval of a non-PO invoice.

Therefore, non-PO invoices need to go through an invoice approval process within the buying organization before being paid.

Typically, the AP team will apply the appropriate accounting codes to non-PO invoices. And then they identify the invoice approver(s) based on the information on the invoice to the best of their knowledge.

This can be a complex process.

If done manually, this process is fraught with potential for errors.

Internal approval hierarchies can be based on location, invoice amount, invoice type, cost center or any other criteria. And based on these criteria they will need to go through multiple approval steps in the internal hierarchy.

But AP automation makes invoice approvals simple and 100% auditable – even in real time!

AP automation solutions like A/P One Enterprise and A/P One cloud based subscription service makes invoice approvals simple for approvers.

They will be able to see an image of actual invoices from anywhere in the world and approve them with a single click, even from home or on a mobile device.

Further, approvers get immediate insight into an invoice status from our AP automation solutions. That’s handy for those awkward moments when managers, salespeople or executives are talking to impatient vendors who want to know when they will get paid.

invoice approval

Three-way Matching Control

Two or three-way matching is a critical control to avoid fraud and mistakes in the PO process.

Matching the PO or packing slip/receipt to an invoice is a 2-way match. And matching the PO to the PO invoice and the packing slip or receipt is a 3-way match.

This control identifies any discrepancies in your purchasing documents.

But with so many details to review, 3-way matching can be a tedious process if done manually. And it is highly prone to error.

But A/P One Enterprise for enterprise-sized companies as well as A/P One AP automation for small and medium sized companies provide automated PO matching.

Our systems can automatically compare the three critical PO documents and highlight any discrepancies between them.

And, thanks to a revolutionary advance in technology called SmartMatch, PO matching is more automated and easier than ever before.

This brings massive efficiency to processing PO invoices, freeing your AP staff up to save your company money!

More importantly, it allows you as the CFO or controller to have total confidence and transparency into in this internal purchase document matching AP control.

Use our savings calculator to see how much you could save

Duplicate Payment Search

A duplicate payment search can help reduce double payments and also serves as an additional layer of protection against fraud.

But with manual AP processes duplicate payment searches are somewhere between difficult and impossible.

AP automation performs duplicate payment searches automatically. And it doesn’t just flag potential duplicate payments – it then prevents them from being processed at all.

Data Entry Controls

Data entry is the most tedious, time consuming and error-prone aspect of processing non-PO invoices.

Creating controls for data accuracy is the single most difficult item on the Accounts Payable Internal Control Checklist in a manual PO process.

But creating that control is simple when you implement AP automation.

For example, CoreIntegrator’s Verified Data Capture Service not only automatically captures invoice data, but that data is then verified by up to four humans, providing 99.9% accuracy of invoice data.

Whether you select CoreIntegrator’s A/P One AP automation solution designed for small to midsize companies or our Enterprise solution designed for large corporations or organizations, you can use the CoreIntegrator Data Capture Service to automatically enter and verify key AP invoice data into your system.

CoreIntegrator solutions also include Smart AP robotic process automation (RPA) that makes your accounts payable data entry far easier and more efficient.

Smart AP uses key and learned values to automatically complete data fields based on past entries. It has an autocomplete function that learns as you enter data.

So it completes the fields that Optical Character Recognition (OCR) technology or verified data capture service can not. This includes GL coding, approval paths and invoice descriptions.

After you enter data on a recurring invoice, like rent payments or utility bills, Smart AP remembers your entries and will pre-populate everything the next time that invoice arrives.

So the more data you enter, the less data entry you have to do!

Get a free consultation with an AP automation expert today!

Read our articleHow to Analyze Accounts Payable Data to Save Money

Payment Controls

By far, the most fraud-prone aspect of any AP process is payment.

And so the vast majority of AP controls fall under payment controls – the controls placed on the process of actually sending money to vendors.

There are a many factors to consider, including who pays, how payments are processed, and whether additional sign-offs are required.

In a manual AP process you will need to focus on wringing fraud out of the paper check payment process.

This includes:

  • Segregate Check Printing and Signing Duties.
  • Secure Check Storage.
  • Require Additional Check Signers for Higher Payment Amounts.
  • Ensure the person who manages the Master Vendor File is not an approver.

If these steps seem antiquated that’s because they are.

Full end to end AP automation includes automated ePayment functionality with internal controls built in.

CoreIntegrator can automatically make electronic payments by check, ACH or wire transfer. Or use virtual credit cards and receive a 1% rebate on every payment you make!? They are the safest and most fraud-resistant way to pay invoices.

Plus, ePayment systems include activity audit trails, giving you deep insight into payments both in real time as well as after the fact.

So if payment fraud should occur, you will know what happened, how it happened, and who was behind it.

Fraud Prevention Controls

It’s challenging to catch invoice fraudsters and often impossible to recover money paid to them.

So the #1 strategy for avoiding invoice fraud is to incorporate safeguards into your accounts payable process. This makes invoice fraud as difficult as possible.

There is no way to 100% protect manual processes against fraud. So, constant vigilance is the only answer. And it’s a poor one.

AP automation solutions like A/P One Enterprise and A/P One for small and medium sized businesses include AP fraud prevention already built in.

In fact, invoice fraud prevention is one of the 9 Reasons to Automate Your Accounts Payable Process.

Our AP automation solutions include extensive verification protocols to ensure that all invoices are correct, making it virtually impossible to pay duplicate or fake invoices.

Automated receipt, contract or purchase order matching? Included.

Automated vendor name verification? Included.

Automated vendor address verification? Included.

Automatic checks for duplicate invoices? Included.

Automated and digitized invoice approval means you can easily create invoice approval workflows that adhere to both GAAP principles as well as AP best practices.

Managers and other approvers can see both the invoice as well as the data around the invoice instantly.

They can easily validate and approve the invoice on any device from anywhere in the world.

CoreIntegrator AP automation solutions also highlight unknown suppliers and addresses and send alerts to appropriate managers about possible fraudulent activity.

Get a free consultation with an AP automation expert

Cloud Data Security Controls

SOC 2 compliance verification should be a requirement in your AP automation.

SOC 2 compliance means your vendor and invoice data are protected in the cloud.

Requiring SOC 2 certification puts in place well-defined policies, procedures, and practices. Doing so effectively builds trust with customers and end users about the secure nature and operation of your cloud infrastructure.

Read more about the internal controls benefits of SOC 2 compliance by clicking here.

CoreIntegrator is a SOC 2 Type II AP automation provider.

Bottom Line – Accounts Payable Internal Control Checklist

Invoice and AP fraud is on the rise. So the time to implement AP internal controls is now.

If you haven’t already, be sure to implement GAAP principles for internal control procedures. And then follow AP best practices for fraud prevention.

Finally, consider implementing AP automation. AP automation has built in fraud prevention.

So your company will not only save time and money with AP automation. It gives you a full suite of internal controls for management of risk. Including insight into what is being processed as well as who is being paid in a timely manner.

Procure to pay automation is the ultimate AP process internal control tool.

Get a free consultation with an AP automation expert today!