Most companies that maintain multiple systems within their procurement and accounts payable functions often wrestle with inefficient and risky processes.
If information doesn’t flow from one system to another, employees are forced to re-enter it, which introduces the potential for mistakes. Multiple systems also make it difficult for management to see across the enterprise and gain an understanding of the organization’s supplier base and overall spending. Suppliers may exist in several databases, perhaps under slightly different names, increasing the risk of double payments.
As a result, many companies are working to reduce the number of solutions used across their organizations to handle these processes, says Amy Fong, purchase-to-pay advisory co-leader with The Hackett Group. Often, the number of solutions has multiplied as the company has grown, especially if it achieved that growth through acquisitions. Some end up saddled with as many as a dozen invoicing applications, or more. “Getting to single systems within a process is a big milestone,” she says.
The list of risks inherent in working with multiple procurement and payables systems is lengthy. To start, it makes it hard to research all suppliers. This increases the chance organizations will end up working with third parties that are not legitimate vendors—say, when an unscrupulous purchasing employee sends business to a relative—or are on watch lists, like the Treasury Department’s Office of Foreign Asset Control (OFAC) Specially Designated Nationals (SDN) List. Uncertainty around suppliers can also introduce bribery and corruption risks and compliance issues, such as satisfying the conflict minerals rules.
“There’s never going to be one uber-thing that will solve all the world’s problems.”
Henry Ijams, Founder, Paystream Advisors
Using a single system generally offers better reporting capabilities, more straightforward reconciliation, and greater ability to search for specific transactions, says Brian Rosenberg, chief executive officer of The Rosenberg Group, a consulting firm focused on process optimization. The organization also can use the controls built into the system to prevent duplicate payments. With multiple systems, those controls are no longer are effective. “You need manual workarounds, which are cumbersome, or you need to accept the exposure,” he says.
Paying Twice Ain’t Nice
The risk of duplicate payments can be even greater in shared service centers that maintain multiple systems. The employees will have multiple systems to which they can submit an invoice, Rosenberg says. “I generally don’t recommend going to a shared service center if you’re not prepared to go to a single solution.” In a decentralized environment, even if multiple solutions are in use across an enterprise, it’s likely each business unit or operation will deal with just one.
Many companies turn to spreadsheets when they maintain multiple systems and need to pull together information. While this isn’t inherently wrong, it creates more work and another opportunity for errors, says Mary Schaeffer, a consultant at advisory firm Accounts Payable Now & Tomorrow.
Another risk with multiple systems: Any changes to the rules regarding purchasing authority and approvals need to hit each system. Ensuring this happens becomes more complicated as the number of systems increases, says Mark Verbeck, chief financial officer with Coupa, a provider of procurement solutions.
Matching purchase orders to invoices also becomes trickier when the information resides in separate systems, Schaeffer says. At a minimum, it requires providing employees with access to viewing capabilities for both systems, and that typically means outfitting each employee with two computer screens.
Visibility is compromised with multiple systems. If suppliers are scattered across different vendor lists and AP solutions, it’s difficult to see aggregate spend and assess the overall risk, Verbeck says. A supplier that’s not a top 20 vendor within any single system actually may be working with many of the company’s divisions and be more important to its operations than is immediately apparent.
Vendor relationships can also suffer when suppliers must navigate multiple payment documents and procedures, says Nick Castellina, research director of business planning and execution at research firm Aberdeen Group. It becomes more difficult to exchange information and if the organization overpays or misses a payment because of the varying systems, the supplier also ends up spending time unraveling the problems.
While no procurement or payment system is fraud-proof, having multiple systems can make it easier to miss the red flags that can indicate fraudulent activity. That’s vital, since asset misappropriations accounted for 85 percent of occupational fraud cases, according to the 2014 Report to the Nations, a publication of the Association of Certified Fraud Examiners. This includes fraudulent disbursements, phony billing and payroll schemes, and mischaracterized expenses.
Moreover, working with multiple accounts payable systems can hinder public companies’ efforts to meet the requirements of the Sarbanes-Oxley Act. Section 404 of the Act requires management of publicly held companies to assess the effectiveness of their internal control structure and procedures, and for the auditor to attest to this assessment.
The Elusive End-to-End System
While the shortcomings of maintaining multiple systems within the procure-to-pay function are significant, few companies have been able to move to a single, end-to-end system. “There’s never going to be one uber-thing that will solve all the world’s problems,” says Henry Ijams, managing director and founder of Paystream Advisors. Creating such a system too often means sacrificing some capabilities, he adds.
In financial operation functions like accounts payable, for example, the focus is on getting the job done. In accounting, the focus shifts to accuracy and reporting. “It’s operational efficiency versus the accounting and reporting needs,” Schaeffer says. The tension between the two makes it difficult, albeit not impossible, to find a solution that meets all needs.
In some organizations, concerns outside the AP or finance area preclude a move to a single system, Rosenberg says. That might be the case if the change would affect how customers interact with the company.
Moreover, an explosion in new systems designed to make various processes easier is creating new alternatives for companies other than reducing the number of systems, Schaeffer says. Even when everyone agrees on the benefits of having fewer systems, those working in the trenches may want to implement a new application that will streamline a particular function. “It’s a battle,” Schaeffer says.
Reducing Risk With Multiple Systems
Given that many companies’ efforts to reduce the number of systems within their procure-to-pay functions will only go so far, management needs to take steps to reduce the risk of maintaining the solutions that remain. One is ensuring the systems talk to each other, Fong says. This increases the chances purchase orders can be easily matched against invoices and the supplier master list can feed into systems across the enterprise, reducing the risk that payment amounts are incorrect or suppliers’ names are duplicated.
Below is an excerpt from the 2014 Report to the Nations’ executive summary, categorizing asset misappropriations in terms of occupational fraud.
Occupational frauds can be classified into three primary categories: asset misappropriations, corruption, and financial statement fraud. Of these, asset misappropriations are the most common, occurring in 85% of the cases in our study, as well as the least costly, causing a median loss of $130,000.
In contrast, only 9% of cases involved financial statement fraud, but those cases had the greatest financial impact, with a median loss of $1 million.
Corruption schemes fell in the middle in terms of both frequency (37% of cases) and median loss ($200,000).
Source: 2014 Report to the Nations.
Middleware, or software that connects two separate systems, can reduce the risks inherent in working with multiple systems, Ijams says. It acts “as a control layer to manage the communication with third-party partners,” such as e-invoicing applications. Many middleware applications can also run reports that aren’t available when two systems are directly linked to each other. “It’s an important tool to monitor what’s going on with third-party systems from one place,” and provide visibility, he says.
One of the basic and most critical internal control procedures within any purchase-to-pay function is segregating duties. Employees who set up suppliers and issue purchase orders shouldn’t also be able to make the payments. While this might seem difficult to maintain when cutting the number of systems, it shouldn’t be. Most automated systems include controls to keep the person requesting a purchase from also approving its payment. “Rules can be written into the technology, so that it won’t allow the person setting up suppliers to also pay them.” Fong says.
“You can control risk by the settings,” Schaefer says. Organizations can determine the level of access to the information employees need: who can view, enter, and change data; who can only view it; and who can’t access it at all. They can set the system controls accordingly.
Where segregating duties can become more of a challenge is in share service centers or other arrangements in which employees on the same team handle many of the processes, Fong says. However, she points out this exposure doesn’t come about because of the system itself but because of the way employees are organized and work is distributed. “Having an end-to-end owner for purchase-to-pay is a best practice,” Fong says. But as organizations combine teams, they have to implement policies, as well as technology, that will ensure duties remain separated.