Control Intelligence

AI Analysis Results

Accounts Payable & 3-Way MatchProcure-to-Pay (Procurement & AP)

Back to Sub-Process
86
/ 100
Strong
Overall Sub-Process Rating
StrongControl is designed well, operating consistently, and monitored.
3 controls evaluated5 strengths identified2 gaps identified
Executive Summary

The Accounts Payable & 3-Way Match process demonstrates a strong control environment with well-designed, consistently operating, and actively monitored controls. Documentation is current, segregation of duties is enforced, and management review is evidenced. Minor opportunities for continuous improvement exist but do not represent material risk.

Strengths
  • All PO-based invoices pass a 3-way match before... is consistently executed
  • Non-PO invoices are subject to a secondary approval... is consistently executed
  • Management review is performed on a regular cadence
  • Training and awareness programs support control understanding
  • Key controls are documented in a centralized repository
Gaps
  • No automated alerting for control threshold breaches
  • Evidence of review lacks timestamp and reviewer identity
Recommendations
  1. 1Implement a workflow tool that captures reviewer identity and timestamp for all approvals
  2. 2Strengthen documentation requirements to include evidence retention standards
  3. 3Establish a quarterly monitoring schedule with documented results and sign-off
Framework Mapping
COSO 2013
Principle P10Principle P12Principle P16
SOX 404
ICFR.P2P.AP.01ICFR.P2P.AP.02ICFR.P2P.AP.03
IIA Standards 2024
IV.9.2IV.9.3

Control-Level Breakdown (3)

P2P-AP-01StrongScore: 85/100
All PO-based invoices pass a 3-way match before payment.
Key Finding

The control is well-designed and operating effectively. All PO-based invoices pass a 3-way match before payment. Evidence of consistent execution and monitoring was observed.

Recommendation

Continue current practices. Consider automating remaining manual steps to sustain the control with less effort.

Framework Tags
COSO P10ICFR.P2P.AP.01IIA IV.9.2
P2P-AP-02StrongScore: 94/100
Non-PO invoices are subject to a secondary approval workflow.
Key Finding

The control is well-designed and operating effectively. Non-PO invoices are subject to a secondary approval workflow. Evidence of consistent execution and monitoring was observed.

Recommendation

Continue current practices. Consider automating remaining manual steps to sustain the control with less effort.

Framework Tags
COSO P10COSO P12ICFR.P2P.AP.02IIA IV.9.2
P2P-AP-03AdequateScore: 82/100
Duplicate payments are prevented by system controls and reviewed via exception reports.
Key Finding

The control is in place and generally operating as intended. Duplicate payments are prevented by system controls and reviewed via exception reports. Minor documentation or timeliness gaps were noted but do not represent material risk.

Recommendation

Enhance documentation and monitoring for: duplicate payments are prevented by system controls and reviewed via exception reports. Ensure review evidence includes timestamps and reviewer identity.

Framework Tags
COSO P10COSO P16ICFR.P2P.AP.03IIA IV.9.3