Select Page

Using data analytics for increased oversight of risks and controls in P2P processes

John Verver

John Verver

CPA CA, CISA, CMC

Risk management for P2P processes is especially challenging for governments. We show you how data analytics and control monitoring can make all the difference.

Effective risk management and control of vendors in the purchase-to-pay (P2P) process is a challenge for organizations in any sector. But it’s particularly difficult for local, state, and federal governments.

Public infrastructure projects, facilities maintenance, and large-scale purchasing of goods and services involve some serious financial outlays. These projects also present countless opportunities for fraud, waste, abuse, and inefficiencies.

If you’re a government finance or control manager, your job is to put controls in place that manage these risks, but:

  1. How can you be certain that all of your controls are effective?
  2. What if you completely missed some risks, and never implemented controls for them in the first place?
  3. What if there are so many controls in place that processes become slow and cumbersome, draining resources that could be used elsewhere?

Finding the right balance

The real challenge is achieving a balanced approach when it comes to P2P processes—one that’s efficient and effective, and that minimizes the chance of potential fraud, waste, abuse, and regulatory non-compliance.

Like a lot of government departments and agencies, you might manage the control process through your enterprise resource planning software (ERP) or financial applications—but this isn’t ideal. Certain ERP control settings are sometimes turned off in order to make processes quicker and easier. Or the settings that are used may not be effective in addressing some risk types.

The bottom line is that no control system is perfect. So you need to identify which transactions and activities are problematic, give those some closer examination, then fix them and implement more effective controls.

The power of data analytics

Dealing with risks and controls in P2P processes involves a wide range of different vendors, and it’s not easy—particularly when the terms of individual contracts can be varied and complex. This is where technology—specifically data analysis and continuous transaction and control monitoring—plays a huge role in helping you find those problematic transactions and activities. Here’s how:

  • Data analysis can be used to test all transactions and P2P activities against a broad range of risk, compliance, and control issues; both common ones and those that relate to specific contractual terms and regulations.
  • Once you know what you need to test, suites of analytic tests can be run as needed, or on an ongoing basis as a form of continuous monitoring.
  • Continuous monitoring provides you with timely notification of issues. Unlike the traditional approach where testing happens long after transactions took place, your risk and control specialists get notified of problems much quicker—and much sooner, so they can be addressed before they get any worse.

When used correctly, analytics-based testing and transaction monitoring can actually become a more effective and efficient form of control and compliance enforcement.

For more examples of how analytics can be applied in the fight against fraud, waste, and abuse and to explore examples of analytic tests you can start applying today, download our white paper below.

White paper

Automating Fraud Detection: The Essential Guide

You’ll learn:

  • The role of data analysis in fraud detection
  • Automation of fraud detection analytics and continuous monitoring
  • Example fraud tests for key business process areas.

Download white paper

Related Articles

Find us in Gartner MQ for IT Risk Management

Gartner names Galvanize (formerly ACL and Rsam)* a Leader in the 2019 Magic Quadrant for IT Risk Management

Learn what you should be looking for when selecting an ITRM solution.

Download the report