The New Approach To Risk Protection

Written by Ray Welsh

We talk a lot about risks in Accounts Payable; in the procure-to-pay cycle. Quite rightly, too – there are a lot of them. But have you ever had a chance to stop and think about where these risks come from, and how you could prevent them in the future?

AP and P2P teams are often caught in the trap of having too little time to look at preventative measures because they’re fighting fires. But FISCAL is a company involved in detecting risks and helping customers prevent them from occurring in the future, and we think about this a lot.

The Old Game

Originally, the approach to detecting risks was to look for duplicate invoices. Firstly, with an audit, and more recently looking for these before the next payment run – a much more effective control. Then AP teams started using specialist tools to help them find duplicates, and more risks were detected.

This worked well. It still does, to a limited extent. However, for many reasons, duplicate and near-duplicate invoices still find their way onto your AP ledger. Even with the rudimentary checking taking place in your ERP system, AP automation, or payment systems, and with the manual controls your AP team have, some of these incorrect invoices always slip through and get paid. Then you’ve got a messy and time-consuming task to reclaim these overpayments from your suppliers. That’s if you do eventually discover these overpayments. Not everybody does.

But then something changed

Then new types of issues started appearing. One of these emerging risks, which is caused by business email compromise – a cybersecurity problem, is an increase in bank mandate fraud. Another growing issue is supplier fraud, where a supplier, or somebody impersonating a supplier, sends false invoices that appear legitimate enough to pass through basic controls and get paid.

In these, and with many other new types of risk, the invoice is not the problem; it is a symptom of problems – or risks, elsewhere in your procure-to-pay environment.

The New Approach 

Analysing and monitoring suppliers and the transactions you have with them – as a whole, is the only effective way to detect the broad range of risks now present in the P2P cycle.

Bringing supplier monitoring and transaction monitoring together into one P2P-specific risk detection solution will always outperform either of these single approaches. Connections between invoice exceptions and suppliers become more visible, and patterns of exceptions around suppliers emerge over time.

Building a 3600 view of your risks – looking both inside and outside your organisation for indicators of risk (sanctions and poor ESG performance will only be found outside your organisation, for example), and checking supplier details ahead of processing their invoices, helps to proactively reduce the number of issues that occur, and future-proofs your risk detection and prevention controls.

FISCAL Technologies would be very happy to talk to you in more depth about the topics mentioned in this blog, please contact us using the details at the bottom of the page.


Subscribe and get the latest expert advice, practical tips, and useful risk and compliance information delivered straight to your inbox