Some internal controls are so easy, you’d be fired if you didn’t get them right… am I wrong! And this is one of them. Supplier Due Diligence. It’s so easy right. Each time, you have a new supplier, you have to get whoever it is that has access to your supplier database to check if they exist, check if they are not on any PEP list, OFAC list, check that their VAT number is correct.
It’s one of those nice and easy ones.
But here’s the thing. First of all, it’s boring. Checking. So unless you’ve got an amazingly switched on person in Accounts Payable, they aren’t got to check everything.
Secondly, how do you know what IT is up to? I mean you make sure that only one person has access to create suppliers. But how do you know for sure that they don’t temporarily give someone access? Or that there wasn’t a supplier added to your SAP system through a data fix rather than a user interface?
What if someone in IT creates a customized SAP transaction code for creating supplies and gives people access to that?
There are many loopholes. When there is a will there is a way.
So if you really want to make sure that your supplier database is clean, you need to screen it regularly and get alerts when someone adds something strange to it.
And this cannot be done manually because it’s too boring. So you need to do it automatically.
So don’t get in trouble for not noticing the obvious. AuditZOOM can help you to regularly and automatically screen your supplier database, sending you alerts if anything strange appears, be it temporarily.
Click below to download our free eBook and we can guarantee it will help you become a recognised leader by starting the transformation of internal control and internal audit!