In the accounting profession nothing seems to generate more anxiety than the topic of internal controls. For the “finance-challenged”, internal controls are processes, practices and procedures designed to prevent fraud and ensure that a company’s financial reports are fair and accurate representations of the economic activities and value of the company. For the record, the subject of internal controls is very broad and deep an area of study unto its own (my trusty Keyso and Weygandt’s Intermediate Accounting textbook barely mentions internal controls in the index). What brought internal controls out of the droll area of accounting practice and into the public eye were headline accounting scandals such as Enron and Worldcom that involved significant accounting fraud and resulted in material misrepresentation of the company’s financial reports. This lead to sweeping legislation in the form of the Sarbanes-Oxley Act of 2002 in an effort to restore the investing public’s faith in financial reporting.
While accounting fraud can happen almost anywhere and by anyone—from “padding” expense reports, fudging depreciation schedules, capitalizing items that should be recorded as ordinary expenses to misrepresenting revenue—arguably, the accounts payable process can be one of the more vulnerable to dishonest employees. An obvious case is creating a fake invoice and then making a payment to the “vendor” who happens to be the dishonest employee or an accomplice. This situation is easily remedied by something called “segregation of duties”—i.e. the person who enters the invoice into the accounting system should be a different person than the one who actually cuts the check. However as companies get larger and more complex, these kinds of process controls become harder to enforce. In addition, companies will want to incorporate controls and approvals further up the value chain and throughout the “procure to pay” process. This is the design principle behind SAP Business ByDesign. Its process orientation give companies the flexibility to apply process controls as widely and stringently as required.
Let’s take the “fake vendor” issue. Your company can use Business ByDesign’s controls to limit employees to ordering goods or services from only pre-approved vendors. This vendor data is stored in the system and is the source of the vendor list from which an employee selects to make a self-service purchase via the system’s shopping cart. Another type of control is making sure the employee’s supervisor checks and approves the purchase before a purchase order is issued to the vendor.
The Process Flows Seamlessly into Accounting.
Accountants have their own internal controls and verification checks. For example, when the vendor sends an invoice, the accounts payable person will check the system for an approved PO and once they verify it exists, they need to ensure the goods or services have been received to their satisfaction. They use Business ByDesign’s approval workflow to contact the ordering employee and receive an OK to pay (there’s nothing worse than paying a vendor who hasn’t delivered—all leverage is lost with the outbound payment!). Once received, the AP person will queue up the invoice for either the next check or electronic payment run. Perhaps the real beauty of Business ByDesign is the system’s document flow which captures the entire process in one convenient and intuitive view from purchase request to approval, purchase order issuance, goods receipt, approval to pay, payment, accounting journal entries and who made them. This helps ensure that every employee follows the company’s policies and that the data is available to anyone who needs to verify that proper procedures and internal controls exist. From the controller and CFO to external auditors, everyone can clearly see a well-documented audit trail and that good internal controls have been followed. The best part is the accounting staff can relax–at least for a little while!