Accounts Payable Audit

Jul 5, 2026

Try it now: upload an invoice and get the data in Excel or CSV

PDF, JPG, PNG, BMP, HEIC, TIFF

Upload your invoices

An accounts payable audit is a structured review of your invoices, payments, vendor records, and controls to confirm that every dollar leaving the company was owed, approved, and recorded in the right period. Auditors, internal or external, test a sample of transactions against supporting documents to catch errors, duplicate payments, and fraud before they compound. This guide walks through the assertions auditors test, a practical checklist, the step-by-step procedures, and how to prepare so the audit goes quickly, written for US controllers, AP managers, and bookkeepers.

What is an accounts payable audit?

An accounts payable audit is an independent check that your recorded payables are complete, accurate, properly authorized, and posted in the correct period. It samples invoices and payments, traces each one to a purchase order, receiving record, and approval, and looks for duplicates, overpayments, missing liabilities, and control gaps. The goal is assurance that AP reflects real obligations and that cash only moves for legitimate, approved bills.

An audit can be external, run by your CPA firm as part of the annual financial statement audit, or internal, run by your own finance team or an outside recovery specialist to find and recover leaked cash. Both look at the same evidence: the invoice, the PO, proof the goods or services arrived, the approval, and the payment. The difference is scope. A financial statement auditor cares whether the payables balance is fairly stated; a recovery audit hunts specifically for money that slipped through, such as duplicate payments and unclaimed credits.

What is the purpose of an accounts payable audit?

The purpose is twofold: prove the accounts payable balance is stated correctly for the financial statements, and protect cash by finding leakage and control weaknesses. A good audit surfaces overpayments, duplicate payments, ghost vendors, unrecorded liabilities, and credits you never claimed, then traces each finding back to the specific process gap that let it happen so you can close it.

For a US business, the audit doubles as a health check on the whole AP process. Recurring exceptions, slow approvals, and messy vendor data all show up in the sample. Fixing the root cause, not just the one flagged invoice, is what keeps the next audit clean and stops the same money from leaking twice.

What are the audit assertions for accounts payable?

Accounts payable auditors test five core assertions: completeness (all liabilities are recorded, none hidden), existence (recorded payables are real obligations), accuracy and valuation (amounts are correct), cutoff (invoices are booked in the right period), and rights and obligations plus authorization (the company actually owes it and someone with authority approved it). Completeness and cutoff get the most attention because understated payables overstate profit.

These assertions drive every procedure that follows. When an auditor searches for unrecorded liabilities, they are testing completeness and cutoff. When they match an invoice to a PO and receiving report, they are testing existence and accuracy. When they check who approved a payment, they are testing authorization. Knowing which assertion a step supports helps you hand over exactly the evidence the auditor needs the first time.

What is on an accounts payable audit checklist?

A standard accounts payable audit checklist runs about ten areas, from vendor master integrity to accrual completeness. Each area pairs a thing auditors verify with a red flag they hunt for. Use the table below as your self-review before the auditors arrive; clearing these items ahead of time is the single biggest driver of a fast, clean audit.

Checklist area What auditors verify Common red flag
Vendor masterNames, addresses, tax IDs, and bank details are accurate and uniqueDuplicate or ghost vendors, missing or invalid tax IDs
Three-way matchInvoice agrees to the purchase order and receiving recordPayments with no PO or no proof of receipt
ApprovalsEach invoice was approved by someone with spending authorityPayments above a limit approved by the wrong person
Duplicate paymentsSame invoice number, amount, or date was not paid twiceRepeated amounts to one vendor in a short window
CutoffInvoices are recorded in the period the goods or services arrivedLate invoices booked to the wrong month or year
Unrecorded liabilitiesPost period-end payments trace to a liability booked before closeBills paid after close that were never accrued
AccrualsReceived-not-invoiced items are accrued at period-endGoods received in December, invoice booked in January only
Credits and debitsVendor credits and debit memos are applied, not left openAged open credits the company never claimed
Segregation of dutiesDifferent people set up vendors, approve, and release paymentOne person controls the vendor, the invoice, and the payment
AP aging and reconciliationThe AP subledger ties to the general ledger and vendor statementsUnexplained reconciling items or stale open items

What are the steps in an accounts payable audit?

An accounts payable audit runs in five broad steps: plan and scope the review, gather the AP records and supporting documents, test a sample of transactions against those documents, perform analytical and cutoff procedures, then document findings and recommend fixes. Most of the work is tracing individual invoices back to the evidence that proves they were owed, approved, and paid correctly.

In planning, the auditor sets materiality and picks the transactions to test, usually a mix of the largest payments and a random sample. In fieldwork, they pull each sampled invoice and match it to the PO, the receiving report, and the approval, then confirm the payment amount and date. Analytical procedures compare this year's payables and expenses to prior periods and budgets to spot anything that looks off. Cutoff testing checks the days around period-end. Everything ends in a findings memo: what was tested, what failed, and how to fix the underlying control. The strongest teams treat that memo as a to-do list rather than a grade, and many track the fixes as part of their accounts payable KPIs.

How do auditors test for duplicate and fraudulent payments?

Auditors run the full payment file for repeats: the same vendor, invoice number, amount, and date, plus fuzzy matches where an invoice number was keyed slightly differently. Duplicate payments alone are estimated at roughly 0.8 to 2 percent of total spend, so even a clean-looking AP function usually has some. For fraud, they look for ghost vendors, invoices just under approval limits, and vendor bank details that changed right before a payment.

Duplicate and ghost-vendor schemes are among the most common findings, and both trace back to fixable control gaps rather than one-off mistakes. Duplicates usually come from paying off both a PDF and an emailed copy of the same bill, or from a vendor set up twice under slightly different names. Checks remain the most fraud-prone payment method by a wide margin, so auditors pay extra attention to check runs. The durable fix is catching duplicates at entry, before the payment goes out, which is exactly what a disciplined intake process and our guide to preventing duplicate invoice payments and preventing invoice fraud lay out.

What is cutoff testing in accounts payable?

Cutoff testing confirms that invoices are recorded in the period the goods or services were actually received, not whenever the paperwork happened to arrive. Auditors take a list of payments made just after the period-end date and a list of the last invoices booked before it, then check that each one landed in the correct month or year. It is how they catch understated payables.

The reason cutoff gets so much scrutiny is that pushing a December bill into January makes the current period look more profitable than it was. Auditors specifically search for unrecorded liabilities by reviewing post-close payments and asking whether the underlying goods arrived before close. If they did, the expense and the payable belong in the earlier period. Clean received-not-invoiced accruals, backed by receiving records, are the best defense, and they lean directly on the discipline covered in our accounts payable process walkthrough.

How often should you audit accounts payable?

Most US businesses get a full external accounts payable audit once a year as part of the annual financial statement audit, and run lighter internal reviews monthly or quarterly. An annual cadence is also wise before any major change, such as switching ERP systems or restructuring the AP team, because those transitions are where controls slip and duplicates creep in.

Monthly self-reviews do not need to be a formal audit. Reconciling the AP subledger to the general ledger, scanning the aging for stale open items and unapplied credits, and spot-checking a handful of large payments each month catches most issues while they are still small. Teams that do this rarely get surprised at year-end, because the annual audit just confirms what their own reviews already cleaned up.

How do you prepare for an accounts payable audit?

Prepare by getting your records organized and reconciled before the auditor asks. Have the AP aging tied to the general ledger, vendor statements reconciled, and a clean, indexed set of invoices with their matching purchase orders, receiving records, and approvals ready to pull. The faster you can hand over the evidence for a sampled transaction, the shorter and cheaper the audit.

The single biggest time sink in an audit is finding the supporting document for a given payment. If invoices live as loose PDFs and paper, every sample request turns into a search. Storing each invoice as structured, searchable data, linked to its approval and payment, turns a multi-day evidence hunt into a lookup. That is where clean capture pays off: pulling the vendor, invoice number, dates, totals, and full line items into your system at intake with invoice data extraction software means the audit trail is already built when the auditor arrives.

How does automation help you pass an accounts payable audit?

Automation strengthens the exact controls auditors test. Capturing invoices accurately at intake removes the manual keying errors that cause duplicates and misposted amounts, enforces the three-way match, and builds a timestamped audit trail linking every invoice to its approval and payment. Auditors can then trace a sample in seconds instead of hours, and there is far less to find.

The mechanics matter. When you upload a bill and get the vendor, document number, dates, totals, and line-item detail back as structured data, duplicate detection can flag a repeat before payment, coding is consistent, and nothing gets booked to the wrong period because the capture date is recorded. That same clean intake handles invoices, vendor credits, and debit memos in one batch, which is why teams pair invoice data capture with broader accounts payable automation and cut invoice data entry to near zero. It also keeps credits and debit memos from aging out unapplied; our explainer on the difference between a credit memo and a debit memo covers how each one moves your payable, and matching them cleanly ties back to three-way matching and monthly invoice reconciliation. Once invoices are approved, a payments platform such as autopayables.com releases only the approved amount with the segregation of duties auditors want to see, and matching bills to their orders is far easier when purchase orders live in a system like purchaseorders.io.

The takeaway for accounts payable teams

An accounts payable audit is not a test to fear, it is a map of where cash and control are leaking. It checks that your payables are complete, real, accurate, approved, and booked in the right period, and it almost always finds duplicate payments, unclaimed credits, or a vendor master that needs cleaning. Every finding points to a specific gap you can close.

The teams that breeze through audits share one habit: they capture invoices cleanly at intake and reconcile as they go, so the audit trail is already built and the aging is already clean. Do that, review your own AP monthly, and the annual audit becomes a formality that confirms what you already knew, while the money that used to leak stays in the business.