9 mins read

Accounts Payable Fraud

Why Every Company Needs a Security Audit Trail

by Yooz the 11.29.2022

security audit trail

Remember that feeling of dread which seems to take over just when it's time to get things for the tax return? We've all experienced it in some form, especially when things have fallen behind (for whatever reason) and now there is a looming deadline for matching a particular purchase from months ago with the correct bank or credit card statement, having to assign amounts to a particular project or expense category, or making sure not to double-book items. Perhaps even unearthing an unpaid invoice in the process. When you're not caught up - or even if you are - having well-ordered documentation every step of the way helps. A lot.


This situation isn't much different for a business in any industry, where accounting departments or accounts payable teams are constantly processing reams of expense reports, vendor invoices, and other documents. If anything, for them, being behind causes all sorts of reporting issues and greatly increases the risk of error and accounts payable fraud. And, when you consider the handling of hundreds or thousands of expense reports and invoices, not catching faulty or outright bad ones does more than upset management. It can have a direct and substantial impact on the company's bottom line. And the potential for damage is significant. 


Although the problem of accounts payable fraud and errors always existed, the pandemic clearly exacerbated it and increased the need for continuous internal auditing capability. Indeed, market researcher Ardent Partners warns that this exposure is only going to increase, stating “Fraudsters aren't going away and the attacks will continue."


For this reason alone, having a digital security audit trail is a priority.


CTA-UK-Webinar-Epayables 2022


Automation as the key to capturing every detail


Despite the idea of an audit trail being an important concept with highly practical implications, many companies lack any kind of capable audit trail capability. Creating this capability through AP automation can benefit a company in multiple ways, from greatly reducing risk throughout the Accounts Payable (AP) process to improving operations. 


Consider, having a digitalized accounts payable process in place means that your software system automatically logs every interaction with any document, including as many details as possible. The goal of this activity is two-fold: firsts to automatically and immediately flag (and therefore catch) documents that don't pass muster, and second to both log and preserve these interactions for future actions (such as checks and audits) by specific authorized users. Even better, if your software platform is cloud-based, the user can access this information from anywhere at any time. Because it offers such a huge benefit, let's make that cloud assumption!


Once these digital bits of the audit trail (including detailed timestamps) have been securely stored in the cloud, "going to the archive" becomes an instant affair. Searching for document information and tracking its entire path through the accounting workflow is as easy as performing an internet search in a browser. This record/track ability provided through automation ensures that errors and risks such as paying a fraudulent invoice or expense report are significantly reduced. At the same time, the business knows that it can meet and offer proof of compliance and operations integrity.


In fact, just having a digital audit trail in place can even reduce the chance of being questioned or audited down the road.



Capturing every detail


Let's review some additional examples of how having a digital security audit trail in place benefits the company.


First, companies that intelligently automate their Accounts Payable (AP) process see their exception rate drop from one in four to one in ten invoices, as well as see instances of outright fraud or duplicate payments go down significantly. This is primarily thanks to smart matching and access control as illustrated in the following workflow:


  • When an invoice arrives, it is captured regardless of the original format, the relevant data points are extracted, and the information is securely stored as an electronic record in the cloud. If the invoice (or document) came in on paper, the original can now be shredded.
  • The invoice information is checked. In the case of Yooz, two- or three-way matching is used to ensure that the incoming data is an exact match with the purchase order (PO) or other documents on file. Once matched, a balance check, a tax amount check (if any), and an expense account check are performed.
  • Only users with login credentials in an organization or company can access documents stored in the cloud. Authorized users can see the record history, including who has accessed it, who has approved it, and its current location in the workflow process.
  • Permission access can be controlled according to the dollar amount and / or sensitivity of the record, so only approved employees will be able to virtually “touch” the document.
  • Once the record is in the automated system, it becomes part of an efficient and powerful digital invoice workflow. From capture and data extraction through proper routing for approval to finally payment, the goal is to enable straight-through electronic processing that requires little to no human intervention. 
  • In the final step, the transaction and matching document information is exported to and reconciled with the company's financial or ERP system.


Second, logging every electronic record, relevant click, and keystroke when an invoice or expense report is handled also means a huge drop in staff time (and frustration) spent on looking for documents instead of being better put to use elsewhere. These employees can then put their skills to use in other, more strategic areas. In addition, the now easily accessible digital business information serves as a reference source to improve service, strengthen communication between buyers and suppliers, or helps to make strategic decisions (such as a performance analysis to improve operations).


Third, Making Tax Digital, the multi-step plan designed to bring His Majesty's Revenue & Customers (HMRC) and all businesses into the digital age, requires businesses to submit digital tax returns to the government (using MTD-compatible software). Businesses must also keep digitally linked records and accounts to manage their VAT records. Eventually all businesses (including sole proprietorships) will need to comply.


Fourth, having a digital security audit trail helps to counter and prevent errors and fraud. When you consider that PwC's Global Economic Crime Survey 2022 estimated that nearly two in three UK companies (64%) have fallen victim to fraud in the last two years and, as first stated such attacks are expected to continue, any countermeasure is key.


How a digital audit trail counters payment fraud


Because the benefits of having a complete, easily accessible database are clearer than the idea of countering payment fraud, let's explore that a bit further. Specifically, while technology is a fascinating and beneficial tool its important to remember that an increased use of various technology platforms also creates a higher IT and data security risk, more exposure to (now global) fraudsters, and as a result a greater chance of a data or security breach event. This became a clear (and existing) problem thanks to the increase in remote operations and virtual work resulting from pandemic stay-at-home mandates. Massive financial hits came on top of the already well-known flaws inherent in expense reports.


Many of those massive financial hits owed to the pandemic and WFH mandates come on top of the already well-known flaws inherent in expense reports. When the American GBTA Foundation and German booking platform HRS looked at expense reports back in 2015, they found that almost one in five contained errors. This in turn resulted in an additional 18 minutes and 2 in additional staff costs per report to correct those errors in order to meet compliance requirements. 


Wouldn't it be nice, then, if a security audit trail application powered by the latest advances in technology was smart enough to preemptively check and, where possible, verify or match vendors, account and routing numbers, invoice and PO numbers, amounts, and other crucial details to weed out error and fraud? Not only for the sake of being accurate but to avoid this type of circumstance?


Especially when you consider that every day hackers are also hard at work honing their skills to keep up with the changes in technology.


What does all this mean for you?


Without question having a security audit trail will benefit you (and not just because it will become mandatory). After all, while it might be easy to submit an incorrect expense report or invoice, having an automated process creates a digital audit trail that will catch and record it - maintaining security throughout the entire invoice process - will pay off over and over again.


You don't have to be an accountant or auditor to think that's a good idea!


CTA-UK  Private Demo