Don’t like risk? Stop gambling in your accounts payable and start to take systematic control
1 like227 views
The document outlines a risk management program for T-Mobile's accounts payable process, highlighting case studies related to payment approvals, 3-way match exceptions, out-of-pocket expenses, duplicate payments, and fraud monitoring. It emphasizes the implementation of systematic controls, automation, and policy changes to mitigate risks and improve efficiency in financial operations. Key solutions include establishing consistent approval requirements, utilizing automation tools, and conducting thorough audits to prevent fraudulent activities.
Don’t like risk? Stop gambling in your accounts payable and start to take systematic control
- 1. Don’t like risk? Stop gambling in your accounts payable and start to take systematic control. Presented by Mitzi Mitchell 11/7/2012 1
- 2. Agenda Company and Payables Environment Overview Risk Program Highlight Case Study #1 Payment Approval Case Study #2 3-Way Match Exceptions and Long Approval Time Case Study #3 Out-of-Pocket Expenses Case Study #4 Duplicate Payments/Invoices Case Study #5 Fraud Monitoring Program Confidential and Proprietary Information of T-Mobile USA 2
- 3. Company Overview Headquarter: Bellevue, WA Customers: 30 million Coverage: USA and PR Largest 4G Network Value Plans Confidential and Proprietary Information of T-Mobile USA 3
- 4. Payables Environment Overview No. of countries serviced: 1 with some Euro transactions Main P2P technologies used: OCR IBM Filenet “Doculink”, EDI, ERS in SAP, ACH & Merchant Card through JPMC Xign, Expenses & Travel through Concur Duplicate analysis through APEX Main ERP: SAP Volume of Annual AP Invoices: 500K paper, 1 million electronic invoices # of vendors – 40K, # of employees – 36K $16B in annual payment One thing we are most proud of: We employ best practices for duplicate prevention. External recovery audits are now standard operations. Confidential and Proprietary Information of T-Mobile USA 4
- 5. Risk Program Highlight COSO Cube - Internal Controls Framework Supporting Fraud Leverage Internal Third Party Customers Analytics Vendors Control Cover AP, Monthly TE&C, Design Treasury & Evaluation Scorecard Others Testing Dept Risk Supports Gap Program Training Remediation Confidential and Proprietary Information of T-Mobile USA 5
- 6. P2P Risk Objectives Tiered Control Structure All transactions are Obtain most recorded and economical value out SOX/BUS Controls reflected on financial of the P2P process. statement correctly. (operations) Key Controls Prevent fraud- no Maintain cash flow fraudulent vendor, objectives. employees , invoices, (operations) expenses etc. Operational Controls Do not over pay, Pay correct amount, double pay, or pay for pay correct vendor. goods or services not yet delivered. Confidential and Proprietary Information of T-Mobile USA 6
- 7. Controls Definition Examples Segregation of duties System validation Apply to all 3 way match Can be consistently transactions/process performed and in scope to achieve monitored Invoice entry rules the objective Invoice Post Audit Approval of PO and invoices and vendor setup T&E, Corporate Card, Signing Authority Policies Evidence of Expense Audit Can be preventative performance need be or detective retained Confidential and Proprietary Information of T-Mobile USA 7
- 8. Case#1- Payment and Vendor Approval No consistent approval requirements throughout the enterprise for invoices and vendors Automation/ Policy/Process Change/ Outsource Cost, Enterprise Impact, Buy-In. Confidential and Proprietary Information of T-Mobile USA 8
- 9. Case#1-Solution Broadly distributed approval authority implemented through HR system. Manual approval validation where not automated. Approval Authority Policy Systematic feed of SAP HR data to all expenses, PO, Vendor Setup Policy invoice processing systems. Manual approval validation for vendor setup. Vendor Approval Workflow – to come Confidential and Proprietary Information of T-Mobile USA 9
- 10. Case#2- 3 Way Match Exceptions, Long Approval Time • Aged, large $ and volume of 3 way match exceptions. Goods receipt are not Issue performed. • Long approval timing for non-PO invoices. • Automation/Policy/Process Options Change/Outsource • Audience size, resource availability, Challenges approach. Confidential and Proprietary Information of T-Mobile USA 10
- 11. Case#2-Solution Outstanding open Require POs for all EDI – payables communication purchases, switch Large volume, high $ for unmatched items. vendor set up and vendors targeted first. Dedicated contacts from approval timing. each business segment. SLA involved. Confidential and Proprietary Information of T-Mobile USA 11
- 12. Case #3 – Out-of-Pocket Expenses Large $ spend on personal card. Evasion of vendor setup approval, PO/Invoice approval requirement. Loss of credit card rebate. Policy/Automation/Outsourcing/Process Resistance against enforcement . Culture that allows local decisions and flexibility. Ownership for enforcement can not be decided. Confidential and Proprietary Information of T-Mobile USA 12
- 13. Case#3-Solution Policy change to Monthly Systematic triggers mandate corporate communication for implemented for card usage vs. large $ out-of- high $ out-of-pocket personal card pocket spend expenses. usage. employees. Confidential and Proprietary Information of T-Mobile USA 13
- 14. Case Study #4 – Duplicate Payments/Duplicate Invoices Duplicate Payments Automation/Policy/Process/Outsource Labor intensive Confidential and Proprietary Information of T-Mobile USA 14
- 15. Case#4 Solution Using recovery audit Systematic prevention Implemented invoice firms. Implemented for SAP invoice numbering convention. five year duplicate posting. Implemented daily payment review and manual review for statement audit. (First APEX First Strike for possible duplicates. and second tier) additional review. Confidential and Proprietary Information of T-Mobile USA 15
- 16. Case #5 – Fraud Monitoring Program Unusual transactions within T&E system. High ranking employees sharing passwords with Administrative Assistant. Possible fake receipts. No process in place to evaluate vendor risks. Automation, Policy, Process, Outsource Data mining expertise needed. Multiple databases. Customer service vs. enforcer mentality. Labor intensive analysis with no guarantee of results. No control over vendor contract or relationship. Large volume of results for analysis. Confidential and Proprietary Information of T-Mobile USA 16
- 17. Case #5 Solution Lowered credit line for all T&E Concur Reporting. corporate card holders. T&E: 100% audit on all AA JPMC Level 3 Activities expenses. Periodic review of Reporting. T&E database for fraud. Provided enterprise management expenses AP: Periodic vendor/employee approval training. match exercise. APEX First Strike Analytics Periodic vendor risk analysis Vendor Risk Analysis. using APEX First Strike Confidential and Proprietary Information of T-Mobile USA 17
- 18. Lessons Learned No sure fire way to address Risk Strategies each situation *Automation of approval or workflow processes Resource *Policy changes priority is always an issue *Process, personnel changes *Training Consultant vs. Cop? Confidential and Proprietary Information of T-Mobile USA 18