Accounts Payable & 3-Way Match
Invoice receipt, 3-way match (PO + receiver + invoice), exception handling, and payment release.
Sub-Process Score
86/ 100
Strong24/25 responses received
Control Objectives (3)
P2P-AP-01
COSO P10ICFR.P2P.AP.01IIA IV.9.2
All PO-based invoices pass a 3-way match before payment.
Risk: Payment for goods/services not received or at wrong price.
Assessment Questions (3)
- 013-way match (PO, GR, invoice) is system-enforced.
- 02Tolerance thresholds for price/quantity variance are documented and approved.
- 03Matching exceptions are worked and aged.
P2P-AP-02
COSO P10COSO P12ICFR.P2P.AP.02IIA IV.9.2
Non-PO invoices are subject to a secondary approval workflow.
Risk: Non-PO spend bypasses procurement controls.
Assessment Questions (2)
- 01Non-PO invoices route through workflow approval based on DOA.
- 02% of non-PO spend is tracked and reported to management.
P2P-AP-03
COSO P10COSO P16ICFR.P2P.AP.03IIA IV.9.3
Duplicate payments are prevented by system controls and reviewed via exception reports.
Risk: Duplicate payments waste cash and may indicate fraud.
Assessment Questions (2)
- 01ERP blocks duplicate invoice numbers per vendor.
- 02Quarterly duplicate-payment audit is performed.