Corporate Risks In Your Procure To Pay Process

Assessing risk is a key activity for any business leader and whilst many businesses have established corporate risk analysis processes, we often see that the procure to pay process is largely underserved in that risk analysis. In order to help businesses get a better understanding of the inherent risks involved in the procure to pay process – which can largely be mitigated with effective procure to pay solutions, we take a deep dive into the different risks that each organisation faces as part of their procure to pay process.

procure to pay risk areas

Our team of procure to pay experts have identified 4 key risk areas related to your procure to pay process:

1. Transactional Risks – risks related to processing invoices
2. Contractual Risks – risks related to the contracts you put in place with your suppliers
3. Tax/Regulatory Compliance Risks – risks related to your ability to comply with relevant tax and/or regulator requirements
4. Operational Risks – risks that impact your general operations

Let’s break down each of these in turn.

Transactional Risks

Transactional risks include the potential impact of errors in the way that you process your suppliers invoices, specifically this covers things like:

• Processing duplicate invoices – paying the same invoice twice
• Processing fraudulent Invoices – paying an invoice that shouldn’t be paid
• Incorrectly capturing invoice data – paying a supplier incorrectly due to a data capture error
• Late payments – the likelihood that you pay your suppliers late due to your invoice processing operations
• Invoice dispute resolution errors – the likelihood that disputed invoices are incorrectly processed or identified.

Contractual Risks

Contractual risks covers all the risks within your contract lifecycle process and the impact that they can have on your business. Specifically, this covers areas like:

• Contract terms – the risk of unfavourable, unfit for purpose and/or potentially damaging contract terms being agreed to without a proper contract risk assessment undertaken
• Contract documentation going missing – vital contract documentation not being available centrally for review when required
• Contract approvals – contracts being approved by unauthorised employees
• Contract expiry – the risk of contracts unknowingly coming to an end which could impact service availability and/or pricing.
• Contract monitoring and assurance – the risk that a suppliers fundamental risk profile has changed in a way that materially impacts the contract (seen often during the pandemic) without being picked up and that suppliers are not performing as per contract terms.
• Conflict of interest – the risk that corporate spend decisions are made without a clear assessment of any internal or external conflict of interests
• Supplier non-compliance – the risk that key compliance documentation that you require your suppliers to hold either expires or not effectively audited. This can compliance areas such as:
  • Environmental, social and governance requirements (ESG)
  • Modern slavery
  • Insurance
  • Industry accreditations
  • Industry assessments

Tax/Regulatory Compliance Risks

Tax or regulatory compliance risks cover the risks that you are unable to comply with relevant tax submissions or laws due to issues with your data incurred during your procure to pay process. Whilst there are a huge range of different regulations for different countries a few example risks for Australia include:

• Contractor vs employee – the risk that you do not correctly identify suppliers who should, in accordance with Australian tax laws, be employees.
• ABN Checks – the risk that required documentation to identify whether a supplier is registered for GST has been collected and reviewed prior to payment
• BAS and Company Tax – the risk that corporate spend is incorrectly coded impacting your ability to produce and the accuracy of your Business Activity Statement and Company tax filing.
• Payment Times Reporting – the risk that you are not able to adhere to Australian government Payment times reporting requirements for small businesses due to incomplete/poor data.
• Tax invoice validation – the risk that you process an invoice that doesn’t meet ATO guidelines on what a valid tax invoice is.

Operational Risks

Operational risks refer to the risks that your procure to pay process has on your everyday business operations ranging from where you spend your money to business continuity. Specifically it covers risks like:

• Maverick Spending – the risk that there is unauthorised corporate spend for goods/services that the company may not need.
• Spend approval – the risk that you are unable to demonstrate approval of corporate spend for goods/services in adherence to your financial policies and procedures.
• Damaging supplier relationships – the risk that supplier relationships are damaged due to issues in your procure to pay processes. This could include factors such as:
  • Late, delayed or missing invoice payments to your suppliers
  • Your are deemed to have a high cost to service by your suppliers due to manual follow-up processes for orders or invoices
  • Orders being missed or incorrect due to manual ordering processes
• Business disruption – the risk  that your core procure to pay business operations are disrupted due to key staff leaving who hold key, manual process knowledge.
• Supplier continuity – the risk that critical supplier operations disrupted through unforeseen circumstances (like the global pandemic) impacting core business operations.

how can businesses assess the risk across their procure to pay operations?

Utilising these risk areas you can conduct a risk assessment across your procure to pay operations, identifying the likelihood and impact of each risk occurring. Although it is currently a relatively manual process its an excellent way to identify and then seek to mitigate the risks within your procure to pay process.