CPD Accredited Webinar: Statement Reconciliation - Optimisation tips you need to get maximum value - Thursday 23rd May - 2:00 PM (GMT) l 9:00 AM (ET)

Why your existing supplier risk controls are no longer sufficient

With a large amount of money passing through the procure-to-pay (P2P) cycle each month – for many organisations this is the second-largest cash outflow, surpassed only by payroll, the temptation to fraudsters and the potential for errors are large.

A large amount of money passes through the procure-to-pay (P2P) cycle each month, the temptation to fraudsters and the potential for errors are huge. For many organisations this is the second-largest cash outflow, surpassed only by payroll.

To protect supplier payments and organisational spend, putting sufficient controls in place to protect your P2P cycle is of vital importance. Risk exposure to the value of 0.1% to 0.5% (1) of supplier spend is common, and is a clear indication that all is not well – that the P2P controls in place are not sufficient.

The change that will most significantly improve the protection in your P2P cycle is to shift your focus from invoice-oriented controls to vendor-oriented controls. Tackling risks at the earliest opportunity, as close to their source (suppliers) as possible, leads to more risks being detected, earlier.

The majority of survey responders (2) see value in increasing their supplier checking regime:

Continue Your Risk-Protection Journey

Most organisations have already implemented risk controls at one or more points in the P2P cycle: automation of invoice data capture, 3-way matching by the ERP, confirmation of payee checking by the payment system, and of course, audits. These controls do help in vendor risk management, but they are no longer sufficient.

Whilst these checks remain valid and should continue, they are operational and transaction-oriented. There’s nothing wrong with this. Indeed, FISCAL has helped organisations check their transactions for years – forensically analysing invoices to find otherwise hidden risks. This regularly produces hundreds of thousands of £/€/$ of risks detected and prevented from being paid, for our customers each year. But this is the first step, not the last.

Moving To Supplier-Oriented Controls

Digital transformation and automation, shared service centres and outsourcing, coupled with higher transaction throughput volumes with fewer Finance staff have led to a change in the P2P risk profile.

Suppliers are the central entity in the P2P cycle, and they are the ultimate source of third party risks: contracts are with suppliers, invoices and credit notes, and most of your AP team’s time-consuming queries – all come from suppliers.

Only looking at transactions is searching for the symptoms of supplier-related problems. Problems that in all likelihood arose earlier in the P2P cycle. This established approach does not adapt to the changes in risk profile, nor does it scale up effectively.

Continuous, forensic-level supplier analysis should be your next step towards best-in-class P2P risk protection and management.

Remove dormant suppliers

Firstly, you should identify and remove dormant suppliers from your master supplier file. Dormant suppliers – those that you have not transacted with for 12-18 months, are a major source of subsequent invoice issues – they do not adhere to your requirements or process. And dormant suppliers are a common source of fraud – bogus suppliers hiding on your approved supplier list, sleeping, silently waiting – sometimes for years, until the time is right to commit fraud.

Complete thorough analysis

Secondly, you should link your transaction/invoice analysis to your supplier analysis for thorough vendor risk detection. Identify and correlate invoice errors and queries with the suppliers that generate the most. Your options are then to “re-educate” the supplier on your invoice acceptance criteria, or to replace the troublesome supplier with another.

A smaller number of suppliers, particularly inactive suppliers, is risk protection best practice, a view supported by The Hackett Group (3):

The benefits of focusing on supplier risks

Reorienting your primary risk detection focus to suppliers and reducing the size of your master supplier file leads to:

  • Reduced risk of fraud from inactive suppliers.
  • Procure-to-pay processing time reducing – lowering the cost to process each supplier invoice.
  • Fewer overpayments made – that would require recovery at a later date.
  • Non-compliant suppliers identified before new transactions with them occur.

The one step you should take is the step up to supplier-oriented risk detection. With regular supplier master data analysis and cleansing, and forensic-level invoice analysis conducted as a related, constituent part of a supplier-oriented risk detection strategy, you will benefit from stronger risk protection and assurance.


  • Risks detected during FISCAL Technologies proof of concept customer data analysis
  • PPN 2022 report “Supplier risk management in procure-to-pay” available here.
  • The Hackett Group report “Purchase-to-Pay Performance Study Results”

Share This


For further information or to request a demo:

Would you like to know more about what FISCAL can do for you? Contact us at:
[email protected] or call +44 (0) 845 680 1905







Want to know more about FISCAL Technologies?

We’d love to show you our solutions in action!