Skip to content
Do you have a complete audit trail on your payment activities

Traceability and consistency contribute to security

Dec 19, 2022 1:41:26 PM

The importance of secure treasury functions cannot be underestimated. Fraud prevention – including sanctions checking – has long been one of the main drivers of change in corporate payments.

Similarly, treasury teams that rely on a bank connectivity partner for all their bank connections need to be sure that they work in a secure and reliable way. This is especially important for bank administration, where access to various accounts might need to be changed quickly or revoked instantly.

In the final blog in this series we look at the benefits of maintaining a complete audit trail of payment activities and the advantages to be gained from having a consistent payment approval workflow across business units.

For the majority of companies the answer to the question ‘Do you have a complete audit trail on your payment activities’ would be no because they are (for example) relying on calculations presented in an Excel document where there are many opportunities for data to be amended or accessed without proper authorisation. Payment details are then manually re-keyed in ERP or bank systems. And to add, also counterparty details could be changed without sufficient oversight or control.

The purpose of an audit trail is to capture the end-to-end flow of a payment covering questions such as why it was originated, the person or persons who originated it, who it was approved by, and when it was executed.

In some cases this audit will be initiated by a regulator (in the case of financial institution clients), whereas for corporates the request may come from a variety of sources including:
  • The compliance or security team as a part of a wider review of IT systems.
  • As part of an investigation into a specific payment.
  • A treasurer who wants to see who in their organisation has payment approval rights.

Having access to an audit trail, a one-click overview of current user access rights, and approval mandates is a useful tool for any corporate looking to increase both the security and efficiency of its treasury operations and identify where steps could be removed from the process as well as to inform decisions around centralising or localising these functions.

Treasurers need to ask themselves if they have gaps in their payment approval workflows and/or local discrepancies and whether they have a central - in other words, at the push of a button - overview of payment approval rights across their organisation.

It is also important to ensure that the organisational design and policies are in place around approvals within the accounts payable and receivables teams. Approval processes that have deviated from the norm are potential signs of bank account fraud or false invoicing.

To prevent false invoicing, a limited number of users should have the ability to create new payees, settlement instructions, and cash transfers. Eliminating manual handling of payment data removes many opportunities for fraud. 

Automating manual processes in invoice handling and payment processing also adds to the transparency, quality and speed of payments. Harmonised practices increase transparency and visibility, while uniform processes help to track cash outflows across the entire organisation and thus mitigate risk of both external and internal fraud.

 

The ultimate guide for achieving efficient and safe multibank cash visibility and payments

Treasury teams looking to optimise their cash management processes realise that making smart decisions requires tactical and strategic planning. However, there are a number of principles that can be applied by any business to increase the level of insight into how funds move into and out of their organisation.

That’s why we created ‘The ultimate guide for achieving efficient and safe multibank cash visibility and payments’. In this guide you’ll find questions that you can ask yourself to determine your current level of efficiency and spot the areas you might need to improve.

 

New call-to-action