Accounts Payable Audit Checklist

Jul 11, 2026

Try it now: upload an invoice and get the data in Excel or CSV

PDF, JPG, PNG, BMP, HEIC, TIFF

Upload your invoices

An accounts payable audit is where weak controls, duplicate payments, and unrecorded liabilities come to light, and it goes far smoother when you have prepared the evidence before the auditor asks. This checklist covers what an internal or external AP audit actually tests, the procedures behind each step, and the documents a controller should have ready.

It applies whether you are running an internal review of your own AP process or getting ready for the payables section of an external financial statement audit. The assertions and procedures are similar; the difference is that an internal audit focuses on control health while the external auditor is testing whether the payables balance is fairly stated.

How do you audit accounts payable?

You audit accounts payable by testing whether recorded payables are real, complete, valued correctly, and recorded in the right period, then evaluating the controls around vendor setup, approval, and payment. The core procedures are the search for unrecorded liabilities, vouching invoices to purchase orders and receiving reports, reconciling vendor statements, testing cutoff, and reviewing segregation of duties. Completeness is the assertion that gets the most attention, because the main risk with payables is understatement rather than overstatement.

The rest of this guide walks the checklist in the order an audit usually runs: reconcile and tie out the balance, test completeness, test the individual transactions, then evaluate the controls and tax documentation.

The accounts payable audit checklist

Have these items ready before the audit starts. Each maps to a specific assertion or control the auditor will test, and having the evidence assembled is the single biggest thing that shortens fieldwork.

Checklist itemWhat to prepareWhy it matters
AP subledger to GL reconciliationPeriod-end AP aging that ties to the general ledger control account, with reconciling items explainedProves the balance is complete and accurate before any detail testing begins
Search for unrecorded liabilitiesComplete cash disbursements register for the weeks after period-end, plus the supporting invoicesTests completeness, the key payables assertion
Three-way match evidencePurchase orders, receiving reports, and vendor invoices for sampled transactionsSupports existence, occurrence, and accuracy of recorded bills
Approval and authorization trailDocumented approvals showing who authorized each invoice and paymentConfirms payments were valid and properly authorized
Vendor master reviewRecent vendor additions and changes, with independent validation of new vendorsSurfaces ghost vendors and unauthorized bank-detail changes
Duplicate payment checkReport of potential duplicates by vendor, amount, and invoice numberIdentifies overpayments and skimming schemes
Cutoff testing supportInvoice dates, receiving dates, and posting dates around the period-endConfirms liabilities land in the correct period
1099 and W-9 documentationSigned W-9 forms and the 1099 vendor listSupports tax reporting compliance and vendor legitimacy

What are the audit procedures for accounts payable?

The main audit procedures for accounts payable are the search for unrecorded liabilities, vouching sampled invoices to purchase orders and receiving reports, reconciling vendor statements to the AP ledger, testing period-end cutoff, and reviewing segregation of duties over vendor setup and payment. Auditors combine substantive tests of the balance with tests of the controls that produced it. The weight given to each depends on how much the auditor plans to rely on your internal controls.

What is a search for unrecorded liabilities?

A search for unrecorded liabilities is the procedure auditors use to confirm that payables are complete by examining what was paid after the period ended. The auditor obtains the cash disbursements listing for the weeks following the balance-sheet date, picks a dollar threshold, and reviews subsequent payments above it along with their invoices. If a January payment covers goods received in December, that liability belonged in the prior period and should have been accrued.

This is the most important test for payables because the risk is understatement. A company that wants to look healthier can simply not record an invoice it has received, so the auditor looks past the ledger to the payments and open purchase orders that reveal a liability the books left out. Reviewing open POs at year-end catches goods and services received but not yet invoiced.

What is the completeness assertion for accounts payable?

The completeness assertion for accounts payable states that all payables that should be recorded are recorded, with nothing left off the books. Under PCAOB standards, completeness is one of the financial statement assertions management makes about the accounts, and for payables it is the most relevant one. The concern is that understated payables overstate income and equity, so the audit is built to detect missing liabilities rather than fictitious ones.

Because completeness is the priority, when auditors use confirmations for payables they often confirm a list of active vendors, including those showing a zero balance, rather than only the amounts already in the ledger. Confirming a vendor the books show as owing nothing is exactly how a missing invoice gets found.

What audit assertions are tested for accounts payable?

Auditors test the same set of assertions for payables that they test for any balance, weighted toward completeness. The table below maps each assertion to the payables question it answers and the procedure that tests it.

AssertionThe question it answersHow it is tested
CompletenessAre all payables recorded?Search for unrecorded liabilities, vendor statement reconciliation, open PO review
Existence and occurrenceDo the recorded payables represent real obligations?Vouch invoices to POs and receiving reports
Valuation and accuracyAre the amounts correct?Recalculate invoices, check three-way match amounts and terms
CutoffAre payables in the right period?Test invoice and receiving dates around period-end
Rights and obligationsAre these genuinely the company's liabilities?Trace to authorized purchases and contracts
Presentation and classificationAre payables shown and disclosed correctly?Review classification of trade vs non-trade payables and related-party items

PCAOB standards group these assertions and fold accuracy and cutoff into valuation and completeness, while AICPA guidance breaks accuracy, cutoff, and classification out as separate transaction-level assertions. The testing is the same either way; only the labeling differs.

What is the three-way match in accounts payable?

The three-way match compares the purchase order, the receiving report, and the supplier invoice before a bill is approved for payment. The quantities and prices on all three have to agree, which confirms the company ordered the goods, actually received them, and was billed the agreed amount. During an audit, vouching a sampled invoice back to its PO and receiving report is how the auditor supports the existence and accuracy of that recorded bill. Capturing full line-item detail, not just the invoice total, is what makes the match possible, which is one reason teams move to automated line-item extraction ahead of an audit.

What are the internal controls for accounts payable?

The core internal controls for accounts payable are segregation of duties, authorization limits, vendor master governance, and duplicate-payment prevention. The Committee of Sponsoring Organizations framework, which the SEC and PCAOB endorse for evaluating controls under Sarbanes-Oxley Section 404, is the backbone most companies use to document these. The single most important control is segregation of duties: no one person should be able to set up a vendor, approve an invoice, and release the payment.

What is segregation of duties in accounts payable?

Segregation of duties in accounts payable means splitting vendor setup, invoice approval, and payment execution across different people so no individual controls a payment end to end. When one person can create a vendor and pay it, they can create a fictitious supplier and route money to themselves. Separating those steps, and keeping vendor approval independent of AP processing, is what prevents that. Part of good vendor governance is validating each new vendor independently, checking the tax ID and address and confirming no vendor bank account matches an employee's, alongside a signed W-9 and a current certificate of insurance on file where the contract requires one.

What are common red flags in an accounts payable audit?

Common red flags are duplicate payments, ghost vendors, missing approvals, and invoices engineered to slip under approval thresholds. Each has a recognizable pattern an auditor or a data review can catch.

  • Invoice splitting. One large purchase broken into several smaller invoices, each sized to fall below the amount that would trigger senior approval. It is only visible when you aggregate by vendor and date.
  • Ghost or phantom vendors. A fictitious supplier on the approved list. Warning signs include a P.O. box address, a missing tax ID, a profile created and approved by the same employee, or multiple vendors sharing one bank account.
  • Duplicate payments. The same invoice paid twice, sometimes deliberately, with the second payment redirected. A duplicate report by vendor, amount, and invoice number surfaces these.
  • Suspicious change requests. Bank-detail changes requested by email, round-number invoices with no line items, out-of-sequence invoice numbers, and vague descriptions like "consulting" or "miscellaneous."

These matter because the losses are real. The Association of Certified Fraud Examiners, in its 2024 Report to the Nations, found organizations lose an estimated 5 percent of annual revenue to occupational fraud, with a median loss of $145,000 per case, and asset misappropriation, which includes billing schemes, appears in 89 percent of cases.

How do you prepare for an accounts payable audit?

Prepare by reconciling the AP subledger to the general ledger, assembling the three-way match evidence for recent transactions, running a duplicate-payment check, reviewing recent vendor master changes, and confirming your 1099 documentation is complete. Collect a signed Form W-9 from every reportable vendor before their first payment so year-end reporting is accurate. Note that for tax years beginning after 2025 the Form 1099-NEC filing threshold rose from $600 to $2,000, and backup withholding of 24 percent applies when a vendor fails to provide a valid taxpayer identification number.

The audit also goes faster when the underlying data is clean. Manual keying is where duplicate invoice numbers, transposed amounts, and missing line items creep in, and APQC benchmarks show the cost gap it creates: bottom-quartile organizations spend $10 or more to process a single invoice while top-quartile performers spend $2.07 or less. Reducing manual entry with accounts payable automation software tightens both the numbers and the audit trail, and it pairs naturally with the broader controls covered in our guide to accounts payable internal controls.

Internal audit versus external audit

An internal AP audit is a review your own team or internal auditors run to check that controls are working and to catch errors and fraud early. An external audit is performed by an independent CPA firm testing whether the payables balance is fairly stated as part of the financial statements. Both use the procedures above, but the internal audit is continuous and control-focused while the external audit is periodic and opinion-focused. Running your own internal checks throughout the year is the surest way to make the external audit a formality rather than a scramble.

Last updated July 2026.