Up until the last decade or so, audits were just about the worst thing that could happen to you in accounts payable. Whether it was the IRS, your accounting firm, your bank, or just your internal team doing the auditing, you knew that on top of your regular job, you’d have to log additional hours digging through boxes of paper or calling up files from your data warehouse to give the auditors whatever documents they wanted to see, for as long as the audit lasted.
But what if audits were no big deal, or something you could even look forward to? Sound too good to be true? Maybe not. With cloud technology for procure-to-pay automation and electronic payments, not only is an audit not the worst thing that can happen to you, it can actually be a good thing.
While most companies automate primarily to streamline procurement and accounts payable, better and easier audits turn out to be a nice unexpected benefit. With today’s payment automation software, you can simply give auditors a log in and password and let them pull all the reports they want. They don’t even have to sit in your office. They can see contracts, invoices, payments, and remittance data.
There’s so much more data available, and it’s so much easier to get at that they can spend most of their time doing analysis instead of hunting for information. If you’re working with smart people who audit a lot of businesses, you’re likely to get some very valuable insights and recommendations out of the process.
Are auditors really okay with this? Yes, as long as these solutions comply with the relevant requirements such as SOX, PCI, OFAC, etc., which most do. In fact, auditors have come to prefer electronic records. The whole business of auditing is becoming much more strategic, and as firms seek to differentiate themselves on specialized capabilities, being able to easily get their eyes on all the data they want frees them up to find new ways to add value.
This is a big shift from the way audits used to be. Years ago you basically had the Big Eight, who did the lion’s share of audit work for US corporations for most of the last century. The focus then was mainly on making sure companies were following all the rules and regulations. The work was very expensive, and a lot of the reason was the time it took to mine the information manually. They would sit in your office for weeks at a time, and then go away and come back with a big report and tell you what you did wrong.
Toward the end of the century, we started to see more technology applied to accounting, and that sped things up a little bit. Still, on-premise systems had about a 13-month visibility timeframe and then you’d have to export the data to a warehouse for storage. So, if an auditor needed something from month 14, you would have to go find it and pull it back. Depending on how big the report was, that could take a week or more.
Around that time, there were also a lot of mergers, and the big eight turned into the big six and then the big five. But what really changed audit was the Enron debacle. For one thing, the big five turned into the big four with the demise of Enron’s auditors, Arthur Anderson.
And new regulations such as Sarbanes-Oxley were put in place that made audits much tougher. It was no longer just “do debits match credits” but a lot more in-depth in terms of separation of duties—who does what. Now you've got to be able to prove who did what in the process so that no one person has too much control over payments such that they could be essentially cooking the books or stealing.
You also have to prove the safety and security of what you do, for example protecting credit card numbers and personal information, and safeguarding all the information you've got within your systems.
Nowadays there are many different firms popping up that are trying to do even more for their clients. So, not only do they do an audit, but they might also have a software consulting division that could refer you to a specific ERP system or electronic payments provider.
For example, I sit on a school board in St. Louis and our auditors have a forensic division that comes and talks to us from time to time about fraud prevention. They've actually got a team that goes and sits in parking lots at businesses and tries to hack into their systems. Five or ten years ago it would have been highly unusual to see an accounting or audit firm doing that.
The landscape has changed quite a bit. The new audit is not to just scrutinize your numbers and make sure your annual report is accurate, but also to partner with you to help you streamline your processes. If they can refer in a third party that makes your company run better, it makes their job easier next year, and opens the door for even more value-added services. Without those value adds, audits are pretty standard practice. There’s a risk it will become a commoditized service and sooner or later people will look for someone who can do it cheaper.
The prevalence of cloud-based solutions is really what’s supporting this new breed of auditor. All that information they used to hunt for is readily available in the cloud for at least seven years, or longer if you want it.
There's a lot of good that comes out of this information. Demonstrating compliance with government guidelines is now table stakes. A good auditor will also make sure there are no holes in your organization that could be costing you money. So, it's not just, "Here's your audit report. Here’s what you did wrong." It's, "Here's your audit report. Here are three or four things you guys can work on." The results aren't just problems. They're problems with a solution.
In the days when you had to take your auditor back to a wall of file cabinets to start digging, people looked at audits as more of a headache than a strategic function, but that has changed. With cloud procure-to-pay and payment solutions, you can give internal and external auditors all the data they need with very little effort.
While no one wants to have the IRS knocking on their door every other year, even that doesn’t have to be as onerous as it once was. When you automate procure-to-pay and payments, your people have more bandwidth to do strategic work. The same goes for people who are reviewing your information. The more readily available it is, the more time they've got to dig into it to offer you solutions that can benefit your organization. That’s a pretty good by-product of automation, even if that wasn’t your original motivation.