Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Don’t like risk? Stopgambling in youraccounts payableand start to takesystematic control.Presented by Mitzi Mitchell      ...
AgendaCompany and Payables Environment OverviewRisk Program HighlightCase Study #1 Payment ApprovalCase Study #2 3-Way Mat...
Company OverviewHeadquarter: Bellevue, WACustomers: 30 millionCoverage: USA and PRLargest 4G NetworkValue Plans           ...
Payables Environment Overview No. of countries serviced: 1 with some Euro transactions Main P2P technologies used:      ...
Risk Program Highlight                                            COSO Cube -                                             ...
P2P Risk Objectives                                                Tiered Control                                         ...
Controls Definition                                            Examples                                                   ...
Case#1- Payment and VendorApproval       No consistent approval requirements           throughout the enterprise for      ...
Case#1-Solution                              Broadly distributed approval                             authority implemente...
Case#2- 3 Way MatchExceptions, Long Approval Time              • Aged, large $ and volume of 3 way match                ex...
Case#2-Solution                                                                  Outstanding open                         ...
Case #3 – Out-of-Pocket Expenses           Large $ spend on personal card. Evasion of vendor            setup approval, PO...
Case#3-Solution                         Policy change to                          Monthly Systematic triggers             ...
Case Study #4 – DuplicatePayments/Duplicate Invoices                  Duplicate Payments          Automation/Policy/Proces...
Case#4 Solution Using recovery audit                                         Systematic prevention                        ...
Case #5 – Fraud MonitoringProgram       Unusual transactions within T&E system. High ranking        employees sharing pass...
Case #5 Solution                              Lowered credit line for all T&E Concur Reporting.         corporate card hol...
Lessons Learned                                          No sure fire                                            way to   ...
Contact information:425-383-5933qin.mitchell@t-mobile.comThank you!
Upcoming SlideShare
Loading in …5
×

Don’t like risk? Stop gambling in your accounts payable and start to take systematic control

142 views

Published on

To be SOX compliant and for the purposes of internal audit you need to look at risk from a process perspective. You need to ensure your process is controlled and compliant. Mitzi Mitchell will share how to reduce risk to achieve systematic control of the highest P2P risk areas, including:

- Three-way matching errors
- Ensuring approval limits are correct and monitoring approval authority changes
- Minimising employee fraud (using Concur’s T & E tool)
- Avoiding duplicate payments (using APEX Analytics' audit recovery tool)
- Ensuring users in the process are following the rules to ensure compliance

Published in: Education
  • Be the first to comment

  • Be the first to like this

Don’t like risk? Stop gambling in your accounts payable and start to take systematic control

  1. 1. Don’t like risk? Stopgambling in youraccounts payableand start to takesystematic control.Presented by Mitzi Mitchell 11/7/2012 1
  2. 2. AgendaCompany and Payables Environment OverviewRisk Program HighlightCase Study #1 Payment ApprovalCase Study #2 3-Way Match Exceptions and Long Approval TimeCase Study #3 Out-of-Pocket ExpensesCase Study #4 Duplicate Payments/InvoicesCase Study #5 Fraud Monitoring Program Confidential and Proprietary Information of T-Mobile USA 2
  3. 3. Company OverviewHeadquarter: Bellevue, WACustomers: 30 millionCoverage: USA and PRLargest 4G NetworkValue Plans Confidential and Proprietary Information of T-Mobile USA 3
  4. 4. Payables Environment Overview No. of countries serviced: 1 with some Euro transactions Main P2P technologies used: OCR IBM Filenet “Doculink”, EDI, ERS in SAP, ACH & Merchant Card through JPMC Xign, Expenses & Travel through Concur Duplicate analysis through APEX Main ERP: SAP Volume of Annual AP Invoices: 500K paper, 1 million electronic invoices # of vendors – 40K, # of employees – 36K $16B in annual payment One thing we are most proud of: We employ best practices for duplicate prevention. External recovery audits are now standard operations. Confidential and Proprietary Information of T-Mobile USA 4
  5. 5. Risk Program Highlight COSO Cube - Internal Controls FrameworkSupporting Fraud Leverage Internal Third PartyCustomers Analytics Vendors Control Cover AP, Monthly TE&C, Design Treasury &Evaluation Scorecard Others Testing Dept Risk Supports Gap Program Training Remediation Confidential and Proprietary Information of T-Mobile USA 5
  6. 6. P2P Risk Objectives Tiered Control Structure All transactions are Obtain most recorded and economical value out SOX/BUS Controlsreflected on financial of the P2P process. statement correctly. (operations) Key Controls Prevent fraud- no Maintain cash flow fraudulent vendor, objectives.employees , invoices, (operations) expenses etc. Operational Controls Do not over pay,Pay correct amount, double pay, or pay forpay correct vendor. goods or services not yet delivered. Confidential and Proprietary Information of T-Mobile USA 6
  7. 7. Controls Definition Examples Segregation of duties System validation Apply to all 3 way match Can be consistently transactions/process performed and in scope to achieve monitored Invoice entry rules the objective Invoice Post Audit Approval of PO and invoices and vendor setup T&E, Corporate Card, Signing Authority Policies Evidence of Expense Audit Can be preventative performance need be or detective retained Confidential and Proprietary Information of T-Mobile USA 7
  8. 8. Case#1- Payment and VendorApproval No consistent approval requirements throughout the enterprise for invoices and vendors Automation/ Policy/Process Change/ Outsource Cost, Enterprise Impact, Buy-In. Confidential and Proprietary Information of T-Mobile USA 8
  9. 9. Case#1-Solution Broadly distributed approval authority implemented through HR system. Manual approval validation where not automated. Approval Authority Policy Systematic feed of SAP HR data to all expenses, PO, Vendor Setup Policy invoice processing systems. Manual approval validation for vendor setup. Vendor Approval Workflow – to come Confidential and Proprietary Information of T-Mobile USA 9
  10. 10. Case#2- 3 Way MatchExceptions, Long Approval Time • Aged, large $ and volume of 3 way match exceptions. Goods receipt are not Issue performed. • Long approval timing for non-PO invoices. • Automation/Policy/Process Options Change/Outsource • Audience size, resource availability, Challenges approach. Confidential and Proprietary Information of T-Mobile USA 10
  11. 11. Case#2-Solution Outstanding open Require POs for all EDI – payables communication purchases, switchLarge volume, high $ for unmatched items. vendor set up andvendors targeted first. Dedicated contacts from approval timing. each business segment. SLA involved. Confidential and Proprietary Information of T-Mobile USA 11
  12. 12. Case #3 – Out-of-Pocket Expenses Large $ spend on personal card. Evasion of vendor setup approval, PO/Invoice approval requirement. Loss of credit card rebate. Policy/Automation/Outsourcing/Process Resistance against enforcement . Culture that allows local decisions and flexibility. Ownership for enforcement can not be decided. Confidential and Proprietary Information of T-Mobile USA 12
  13. 13. Case#3-Solution Policy change to Monthly Systematic triggers mandate corporate communication for implemented for card usage vs. large $ out-of- high $ out-of-pocket personal card pocket spend expenses. usage. employees. Confidential and Proprietary Information of T-Mobile USA 13
  14. 14. Case Study #4 – DuplicatePayments/Duplicate Invoices Duplicate Payments Automation/Policy/Process/Outsource Labor intensive Confidential and Proprietary Information of T-Mobile USA 14
  15. 15. Case#4 Solution Using recovery audit Systematic prevention Implemented invoice firms. Implemented for SAP invoice numbering convention. five year duplicate posting. Implemented daily payment review and manual review forstatement audit. (First APEX First Strike for possible duplicates. and second tier) additional review. Confidential and Proprietary Information of T-Mobile USA 15
  16. 16. Case #5 – Fraud MonitoringProgram Unusual transactions within T&E system. High ranking employees sharing passwords with Administrative Assistant. Possible fake receipts. No process in place to evaluate vendor risks. Automation, Policy, Process, Outsource Data mining expertise needed. Multiple databases. Customer service vs. enforcer mentality. Labor intensive analysis with no guarantee of results. No control over vendor contract or relationship. Large volume of results for analysis. Confidential and Proprietary Information of T-Mobile USA 16
  17. 17. Case #5 Solution Lowered credit line for all T&E Concur Reporting. corporate card holders. T&E: 100% audit on all AA JPMC Level 3 Activities expenses. Periodic review of Reporting. T&E database for fraud. Provided enterprise management expenses AP: Periodic vendor/employee approval training. match exercise.APEX First Strike Analytics Periodic vendor risk analysis Vendor Risk Analysis. using APEX First Strike Confidential and Proprietary Information of T-Mobile USA 17
  18. 18. Lessons Learned No sure fire way to address Risk Strategies each situation*Automation of approval orworkflow processes Resource*Policy changes priority is always an issue*Process, personnel changes*Training Consultant vs. Cop? Confidential and Proprietary Information of T-Mobile USA 18
  19. 19. Contact information:425-383-5933qin.mitchell@t-mobile.comThank you!

×