Accounts payable is usually one of the more important audit areas. Why? Risk. First, it’s easy to increase net income by not recording period-end payables. Second, many forms of theft occur in the accounts payable area.
In this post, I’ll answer questions such as, “how should we test accounts payable?” And “should I perform fraud-related expense procedures?” We’ll also take a look at common payables-related risks and how to respond to them.
Auditing Accounts Payable and Expenses — An Overview
What is a payable? It’s the amount a company owes for services rendered or goods received. Suppose the company you are auditing receives $2,000 in legal services in the last week of December 2019, but the law firm sends the related invoice in January 2020. The company owes $2,000 as of December 31, 2019. The services were provided, but the payment was not made until after the year-end. Consequently, the company should accrue (record) the $2,000 as payable at year-end.
In determining whether payables exist, I like to ask, “if the company closed down at midnight on the last day of the year, would it have a legal obligation to pay for a service or good?” If the answer is yes, then record the payable even if the invoice is received after the year-end. Was a service provided or have goods been received by year-end? If yes (and the amount has not already been paid), accrue a payable.
In this chapter, we will cover the following:
- Primary accounts payable and expense assertions
- Accounts payable and expense walkthroughs
- Directional risk for accounts payable and expenses
- Primary risks for accounts payable and expenses
- Common accounts payable and expense control deficiencies
- Risks of material misstatement for accounts payable and expenses
- Search for unrecorded liabilities
- Auditing for accounts payable and expense fraud
- Substantive procedures for accounts payable and expenses
- Typical accounts payable and expense work papers
Primary Accounts Payable and Expense Assertions
The primary relevant accounts payable and expense assertions are:
Of these assertions, I believe completeness and cutoff (for payables) and occurrence (for expenses) are usually most important. When a company records its payables and expenses by period-end, it is asserting that they are complete and that they are accounted for in the right period. Additionally, the company is implying that amounts paid are legitimate.
Accounts Payable and Expense Walkthroughs
As we perform walkthroughs of accounts payable and expenses, we are looking for understatements (though they can also be overstated as well). We are asking, “what can go wrong?” whether intentionally or by mistake?
In performing accounts payable and expense walkthroughs, ask questions such as:
- Who reconciles the accounts payable summary to the general ledger?
- Does the company use an annual expense budget?
- Are budget/expense reports provided to management or others? Who receives these reports?
- What controls ensure the recording of payables in the appropriate period?
- Who authorizes purchase orders? Are any purchases authorized by means other than a purchase order? If yes, how?
- Are purchase orders electronic or physical?
- Are purchase orders numbered?
- How does the company vet new vendors?
- Who codes invoices (specifies the expense account) and how?
- Are three-way matches performed (comparison of purchase order with the receiving document and the invoice)?
- Are paid invoices marked “paid”?
- Does the company have a purchasing policy?
- Can credit cards be used to bypass standard purchasing procedures? Who has credit cards and what are the limits? Who reviews credit card activity?
- Are bids required for certain types of purchases or dollar amounts? Who administers the bidding process and how?
- Do larger payments require multiple approvals?
- Which employees key invoices into the accounts payable module?
- Who signs checks or makes electronic payments?
- Who is on the bank signature card?
- Are signature stamps used? If yes, who has control of the signature stamps and whose signature is affixed?
- How are electronic payments made (e.g., ACH)?
- Is there adequate segregation of duties for persons:
- Approving purchases,
- Paying payables,
- Recording payables, and
- Reconciling the related bank statements
- Which persons have access to check stock and where is the check stock stored?
- Who can add vendors to the payables system?
- What are the entity’s procedures for payments of travel and entertainment expenses?
- Who reconciles the bank statements and how often?
As we ask these questions, we inspect documents (e.g., payables ledger) and make observations (e.g., who signs checks or makes electronic payments?). So, we are inquiring, inspecting, and observing.
If controls weaknesses exist, we create audit procedures to respond to them. For example, if--during the walkthrough--we see that one person prints and signs checks, records payments, and reconciles the bank statement, then we will perform fraud-related substantive procedures (more about this in a moment).
Here's a short video about risk assessment in accounts payable.
Directional Risk for Accounts Payable and Expenses
The directional risk for accounts payable and expenses is an understatement. So, perform procedures to ensure that invoices are properly included. For example, perform a search for unrecorded liabilities (see below).
Primary Risks for Accounts Payable and Expenses
The primary risks for accounts payable and expenses are:
- Accounts payable and expenses are intentionally understated
- Payments are made to inappropriate vendors
- Duplicate payments are made to vendors
Common Accounts Payable and Expense Control Deficiencies
In smaller entities, it is common to have the following control deficiencies:
- One person performs two or more of the following:
- Approves purchases,
- Enters invoices in the accounts payable system,
- Issues checks or makes electronic payments,
- Reconciles the accounts payable bank account,
- Adds new vendors to the accounts payable system
- A second person does not review payments before issuance
- No one performs surprise audits of accounts payable and expenses
- Bidding procedures are weak or absent
- No one reconciles the accounts payable detail to the general ledger
- New vendors are not vetted for appropriateness
- The company does not create a budget
- No one compares expenses to the budget
- Electronic payments can be made by one person (with no second-person approval or involvement)
- The bank account is not reconciled on a timely basis
- When bank accounts are reconciled, no one examines the canceled checks for appropriate payees (the dollar amount on the bank statement is agreed to the general ledger but no one compares the payee name on the cleared check to the vendor name in the general ledger)
When segregation of duties is lacking, consider whether someone can use the expense cycle to steal funds. How? By making payments to fictitious vendors, for example. Or intentionally paying a vendor twice--and then stealing the second check. (See the section titled Auditing for Accounts Payable and Expense Fraud below.)
Risks of Material Misstatement for Accounts Payable and Expenses
In smaller engagements, I usually assess control risk at high for each assertion. When I assess control risk at less than high, I have to test controls to support the lower risk assessment. Therefore, assessing risks at high is usually more efficient (than testing controls).
When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (control risk X inherent risk = risk of material misstatement). The assertions that concern me the most are completeness, occurrence, and cutoff. So my RMM for these assertions is usually moderate to high.
My response to higher risk assessments is to perform certain substantive procedures: namely, a search for unrecorded liabilities and detailed expense analyses. The particular expense accounts that I examine are often the result of my preliminary planning analytics.
Here's a short video about responding to identified risks with substantive procedures. I explain how linkage (connecting risk assessment with substantive procedures) works in the accounts payable area.
Search for Unrecorded Liabilities
How does one perform a search for unrecorded liabilities? Use these steps:
- Obtain a complete check register for the period subsequent to your audit period
- Pick a dollar threshold ($10,000) for the examination of subsequent payments
- Examine the subsequent payments (above the threshold) and related invoices to determine if the payables are suitably included or excluded from the period-end accounts payable detail
- Inquire about any unrecorded invoices
As the RMM for completeness increases, vouch payments at a lower dollar threshold.
How should you perform a detailed analysis of expense accounts? First, compare your expenses to budget—if the entity has one—or to prior year balances. If you note any significant variances (that can’t be explained), then obtain a detail of those particular expense accounts and investigate the cause.
Theft can occur in numerous ways—such as fictitious vendors or duplicate payments. If control weaknesses are present, consider performing fraud-related procedures. When fraud-related control weaknesses exist, assess the RMM for the occurrence assertion at high. Why? There is a risk that the expense (the occurrence) is fraudulent.
So, how should you respond to such risks?
Auditing for Accounts Payable and Expense Fraud
An example of a fraud-related test is one for duplicate payments. How?
- Obtain a check register in Excel
- Sort by the vendor
- Scan the check register for payments made to the same vendor for the same amount
- Inquire about payments made to the same vendor for the same amount
In a duplicate payment fraud, the thief intentionally pays an invoice twice. He steals the second check and converts it to cash.
This is just one example of expense fraud. There are dozens of such schemes.
Substantive Procedures for Accounts Payable and Expenses
My customary audit tests are as follows:
- Vouch subsequent payments to invoices using the steps listed above (in Search for Unrecorded Liabilities)
- Compare expenses to budget and examine any unexplained variances
- When control weaknesses are present, design and perform fraud detection procedures
If there are going concern issues, you may need to examine the aged payables listing. Why? Management can fraudulently shorten invoice due dates. Doing so makes the company appear more current. For example, suppose the business has three unpaid invoices totaling $1.3 million that were due over ninety days ago. The company changes the due dates in the accounts payable system, causing the invoices to appear as though they were due just thirty days ago. Now the aged payables listing looks better than it would have.
Typical Accounts Payable and Expense Work Papers
My accounts payable and expense work papers usually include the following:
- An understanding of internal controls as they relate to accounts payable and expenses
- Risk assessment of accounts payable and expenses at the assertion level
- Documentation of any accounts payable and expense control deficiencies
- Accounts payable and expense audit program
- An aged accounts payable detail at period-end
- A search for unrecorded liabilities work paper
- Budget to actual expense reports and, if unexpected variances are noted, a detailed analysis of those accounts
- Fraud-related expense work papers (if significant control weaknesses are present)
So, now you know the why and how of auditing accounts payable and expenses.
In some entities such as governments, payroll makes up over 50% of total expenses. Consequently, knowing how to audit payroll expenses is of great importance. My next post is titled The Why and How of Auditing Payroll. So, stay tuned.
See my prior posts in The Why and How of Auditing.