The hole that no-one wants to talk about in your payments system
26 June 2019 | Minutes to read: 2

The hole that no-one wants to talk about in your payments system

By Nicholas Benbow
Is your bank reconciliation overly complex and time-consuming? It may arise from a hole in your payments system that fundamentally compromises your controls over your payroll and accounts payable processes.

Quite a few years back I was on an audit of a small club. They had an active governing committee who took a vigorous interest in governing its payment controls.

At every payment cycle, creditors that were due and payable were selected and matched to invoices to be approved to pay. These in turn were batched together and a payment form was attached to the batch requiring authorisation from no less than six manual signatories (including Committee members).

The committee members were very proud of this rigorous control.

Only when the sixth signatory had authorised the payment could the accounts payable officer upload the details into the EFT payment file on the banking software and then approve the payment…which only required one password authorisation!¬† On occasion a supplier or employee would request a change to their banking details which could be directly made on the EFT system and therefore not delay the batch payment (along with its 6 authorisations for payment).

Can you spot the issue?

Organisations often spend considerable time developing control frameworks that are fundamentally compromised – in this case, the potential to modify an accounting system batch payment file upon its upload to the EFT payment file. In order to mitigate this obvious risk of fraud or error, organisations then may develop compensating controls which are time-consuming and inefficient – for instance, a 1-for-1 match check between the batch payment file and the EFT payment file. (To ensure the EFT file matches the accounting batch payment file).

Do you have this issue? How often do you find you need to journal in payments that by-passed your accounting system as part of your bank reconciliation process?

To answer this, do a quick self-diagnosis and see if your EFT system allows you to modify payment details – and not only the payment quantum –see what system limitations exist (if any) in being able to change employee or supplier banking details.

It may be be a real eye-opener.

A modifiable EFT file effectively compromises all your controls set-up in your accounting system for these very reasons. It doesn’t matter how many accounting system controls you have; when payments can be made outside this system you have a significant exposure to fraud or error.

The question is, are you comfortable with this risk?

It may be time that your EFT payment processing system was completely fused into your accounting controls – non-modifiable – and only setup to import and process payment files governed by accounting system controls.

Modern accounting systems should have the capability to synergise your payments with your accounting control systems for your payments to suppliers and employees – and at the same time substantially reduce the complexity and timeliness of your bank reconciliations and reduce your risk of fraud and error.

This became very evident to the club upon the conclusion of the audit and the reporting of our audit findings.

A William Buck expert can also help you to achieve this – feel free to reach out.





The hole that no-one wants to talk about in your payments system

Nicholas Benbow

Nicholas is a Director in our Audit and Assurance division. He specialises in accounting for complex business transactions, including acquisitions, divestments and restructures, particularly in situations where a business is primed to realise its growth potential. Nicholas works closely with companies through the IPO process, assisting with Audit and strategic advice.

Read more >
Related Insights
  • Back to Insights
  • The hole that no-one wants to talk about in your payments system
  • 2 min read