“We’re defining e-Invoicing as a new way of sending business documents, invoices, but also purchase orders and other things between accounting systems using a secure International Network. That’s giving you a higher level of security and lowering the risk”. – Simon Foster, GM Product – eInvoicing at Xero.
“You will never eliminate risk, what you can do is mitigate it significantly. The idea and the point behind strong financial controls, though, is to make that as difficult as possible in the first instance. So most often fraud and those sorts of breaches are done because the opportunity is made available. It’s easy for people to do so they take advantage of it“. – Cassandra Scott, Director Laurus Bookkeeping, and Head of Bookkeeping – APAC ApprovalMax
Today I am sharing with you the audio from a recent webinar I hosted on behalf of Xero and Approval Max. The topic was “Tightening Your Internal Financial Controls: How to Develop and Enforce for Maximum Effectiveness”. The experts joining the session were Simon Foster GM Product – eInvoicing @ Xero and Cassandra Scott Director Laurus Bookkeeping, and Head of Bookkeeping – APAC ApprovalMax.
Some of the highlights we covered included:
- What are internal financial controls and how they work
- How to ensure that the right person has access to the financial resources and systems
- How to get around fake emails and fake websites
- Using E-invoicing for sending or receiving invoices
- Where the invoicing direct connection is going to help you is that the information is coming in straight away.
- Are there any tools or software that can help businesses with financial controls within their business?
- The importance of financial controls for small business owners.
- How to get in contact with your insurance company.
Got a packed schedule? Now you can get your CPE credits while you’re on the go! Tune in to my podcast on Earmark and earn NASBA-approved CPE or IRS-approved CE—just by listening. It’s that simple. Head to my Earmark CPE channel, register and launch the course.
Don’t miss the details at the end of this blog to learn more about Earmark CPE. Now, let’s dive into this episode! 🎧
Summary of the webinar:
- What are internal financial controls and how do they work?
- What internal financial controls are.
- Risk and fraud mitigation in a business.
- Invoicing and how it can help.
- Are you aware of businesses that have suffered from fraud as a result of inadequate financial controls?
- Overdue invoices and the changing of bank account details.
- Bank account details in Xero.
- Simple points of breach in businesses.
- Separation of duties in reducing employee fraud.
- How do you ensure that the right person has access to the financial resources and systems?
- Separation of duties, check and balance.
- Access to financial resources and systems.
- Responsibility of providers to businesses to continue to have conversations.
- Consistency in business financial documents.
- How do you get around fake emails and fake websites?
- Getting around fake emails and fake websites.
- How to identify Xero invoices and fraud.
- Have you ever used E-invoicing for sending or receiving invoices?
- AI can mimic voice control on banking apps.
- E-invoicing and e-mail invoicing.
- Where the invoicing direct connection is going to help you is that the information is coming in straight away.
- The advantage of invoicing direct connection.
- Limited partnership and e-invoicing in Xero.
- Automated processes, anti-fraud measures and financial controls.
- How to get paid for invoicing.
- Are there any tools or software that can help businesses with financial controls within their business?
- Payment processing times for larger businesses.
- Tools or software to help businesses with financial controls.
- The procurement process starts with identifying a supplier.
- The Australian ASIC and company fees.
- The second part of the process: the purchasing decision.
- Approval of invoices.
- The importance of financial controls for small business owners.
- Time is money, and financial controls are important.
- Government departments have had this for two years.
- Rigour around who is authorising and how much can be spent.
- Government requirements for businesses.
- How to get in contact with your insurance company.
- Separation of duties in a two-person business.
- Tight financial controls.
- Practical tip, register to try out Xero invoicing.
- Financial controls are an investment in your business, not a cost to your business.
Can I ask each of you to briefly introduce yourselves? Let the audience know who you are, where you’re from and what brings you to this discussion today.
Cassandra: Hi, everyone. My name is Cassandra Scott, I have just recently been appointed as the head of bookkeeping, APAC with ApprovalMax. Aside from that, I actually run my own bookkeeping practice in Brisbane. So I’m the director of Laurus Bookkeeping, a bookkeeping practice. We work with clients right around Australia and also overseas. I’ve also been a Xero Platinum Partner for a number of years, and I’ve had the privilege of sitting on the Xero partner Advisory Council, just about to head into the third year of that third or fourth year of that. So very, very privileged. I also manage and administer the bookkeepers in practice, Australia Facebook group. So I’m connected on a daily basis to over 2000 bookkeeping practice owners in Australia, which gives us some great insights into the topic that we’re talking about today.
Heather: We’re privileged to have you here, Cassandra, thank you. Over to you, Simon.
Simon: Thanks, Heather. And thanks, Cass. Great to be here. So my name’s Simon Foster. I’m the GM Product – eInvoicing at Xero. I’ve been at Xero now a little over two years. Prior to that I actually ran our small business myself, which was one of the first Xero add-ons called Shoeboxed Australia now Squirrel Street. So certainly have experience over an extended period of time working with partners working with small businesses, and you know, the challenges of small business, particularly around financial controls. You know that when it’s your own money, you want to be very careful with it. And yeah, excited to be here to talk about how we can help make it better for everyone in Australia and New Zealand.
Let’s unpack what we mean by internal financial controls.
Cassandra: Yeah, look, I think it’s a really great question. And there’s a lot of different perspectives around what internal financial controls are. They’re actually a subset of probably a larger group of functions within a business that are around safeguarding your financial resources. So ultimately, if you’ve got financial controls in place, it’s around safeguarding your financial resources. And that’s sort of scopes out into a number of different areas. You know, we look at things like segregation of duties, authorisations and approvals, financial reporting and record keeping physical security. We talk about IT security and data integrity. We talk about budgeting and financial planning internal audits, things like training and education, and also compliance with legal and regulatory requirements. Now, they all actually form an internal financial control or a set of internal financial controls in a business. And when we’re talking about it in the context of risk and fraud mitigation, not that they don’t work independently, they actually work cumulatively with each other to provide the best outcomes for the business. So when I talk about internal financial controls, it actually covers all of those elements within a practice or a business.
Anything else to add there?
Simon: Yeah, as I say, so we’re here also talking about e-Invoicing and how I can help and you might have seen some stuff around it being more secure. And it’s stopping things like fraud. But it’s really important to understand that you still need financial control everything Cassandra just said is really important. What e-Invoicing does is reduce the risk of some kinds of fraud. But reducing, it doesn’t mean removing it. And yet, that’s a really important thing to do. And I know, for a lot of small businesses, like myself, when I was running one, you hear this and you glaze over. But when we think physical security, you put locks on your doors, you have insurance, you might have a burglar alarm, you have to think about, okay, where do I put my cash register, because we think this is exactly the same sort of stuff applied to your electronic records.
Cassandra: I think the key point there, Simon, is that you will never eliminate risk, what you can do is mitigate it significantly. So it really doesn’t matter what practices you have in place, there will still always be the opportunity for somebody to choose to breach that. The idea and the point behind strong financial controls, though, is to make that as difficult as possible in the first instance. So most often fraud and and those sorts of breaches are done because the opportunity is made available, it’s easy for people to do so they take advantage of it. It’s also often people that are closest to you within your business that actually undertake those activities. But what you can do with good financial controls is actually minimise that, but also have checks and balances in place so that if it does occur, it’s actually surfaced at the beginning, not at the end, where a lot of the damage of fraud is actually undertaken. And what we hear about often in the press, with significant, you know, criminal cases and things like that.
Heather: Yeah, yeah. And so that the person committing it thinks that they’re going to be caught. So it’s kind of deters them from from doing that. What are we going to do is run a poll. So let’s see if I can do this, it’s running. Okay. Hopefully, can people let me know that they can see it? And the question is, yes, I can see votes coming in. Are you aware of businesses that suffered from fraud as a result of inadequate financial controls? So please vote on that. And then we’ll just have a quick, quick talk about it. Oh, looks like the numbers are sitting at 80% of people are aware of businesses, we’ve got 75% of people have voted. Anyone else like to vote jump in there and vote, see if we can get it to 80%? Few more people probably need five more people to vote, and we get it up there. If not, it’s okay, almost there, one person. Okay. But I’ll end the poll there. And so that is sitting at 82%. Share results. So if that’s okay, so I think now that you will see the results, what are your thoughts on that Cass and Simon: 82% of people have seen fraud and 18% haven’t seen fraud?
Cassandra: Not unsurprising, from my perspective. Yeah. And I think it’s a lot more prevalent out there than perhaps a lot of people are aware of, because they don’t have the checks and balances in place to identify it.
Heather: Yeah, absolutely. So you, Cassandra, you work closely with a lot of businesses.
Have you seen real-life examples where the lack of separation of duties has actually led to fraud?
Cassandra: Absolutely. And both of it has actually been with clients of mine. You know, a number of years ago, we had a client we were working with and kept getting overdue notices through from their, one of their supplies, accounts departments. And, you know, we’d have had everything reconciled, were pretty adamant that the bills that they were saying were outstanding had actually been paid. And we had all of the bank trails around that. When we continue to push this back to the company. One day, we actually happened to bond somebody who wasn’t their standard day-to-day accounts, person who we’d been dealing with. It was somebody else and we started having the conversation in there going well hang on a sec. This is weird. We’re starting to have a lot of these phone calls. It turns out that their accounts person was going into the accounting software was changing the banking details on the invoices. was receiving the payments into their bank account, and then going back into the accounting system. And marking those invoices as paid from, I think it was a Directors Loan Account from for some reason. So the owners of the business whenever identifying that there were these outstanding amounts. And it wasn’t until a customer of the business bought that to the fore. Another situation that we had not that many years ago with another client was around the changing of bank account details on in Xero. And they’d received an invoice from one of their suppliers that said, hey, our bank account data hasn’t changed. My client was using an offshore service provider to do their day-to-day bookkeeping, that hadn’t removed the access to contact bank account admin from their user credentialing. So this person thought that they were doing the right thing jumped in changed the banking details, because, you know, they’d been told that they had changed on the documentation, and seven and a half $1,000. Later, once the payment had been made, and the suppliers ringing saying, Well, I’ve got the remittance advice. I got that two days ago, but there’s nothing hit the bank account, we discovered what had happened. So, again, you know, these are really really simple things and simple points of breach in businesses that make it very, very easy. And this is where we talk about these sorts of controls. And this, the systems and you know, products like ApprovalMax that can actually help mitigate those risks.
Heather: Yeah, absolutely. And the person can do it in like a matter of like 90 seconds, make that change, but they wouldn’t break into a house and steal a handbag. And it is just a very important situation that we are aware of. So I’d like to explain. We’ve talked about the separation of duties, but let’s explain the concept of separation of duties. And its importance in reducing employee fraud in financial control.
Let’s talk about that separation of duties.
Cassandra: Simon do you want to grip that one? Uh, no, I’m happy to jump in.
Simon: Oh, no, I was just going to add. What occurs to me as we’re having this conversation is a lot of the broader conversation in the marketplace is about hackers in hoodies. And that’s what you say much. Both of the examples that Sandra gave there had nothing to do with hackers. That can be solved with what you’re about to talk about, which is simple controls and simple things that you can do as a business-driven attack against where most fraud comes from, which is, unfortunately, internal, or partners, or people having access to systems.
Cassandra: Absolutely. And when we talk about separation of duties, it’s I know, there’s probably a lot of bookkeepers and accountants on the call today, and I suspect a large number of business owners as well. And the fundamental principles of bookkeeping and accounting is debits and credits, it’s a double-entry system, there’s two parts to it. And each part has to offset and be checked and balanced against something else to ensure that it’s in place. That’s fundamentally what we’re talking about with separation of duties that no one person is wholly responsible for all elements in a procurement or financial management process that, at some point in there, there’s another check and balance against some sort of authoritative data to confirm that what is occurring is legitimate and shouldn’t be occurring and is in with, with the parameters that that have been set down by the business. The simplest one that we often come across. And we talk about this with business owners regularly is the person that’s entering the bills into their accounting system shouldn’t be the person that’s actually facilitating the payment of those invoices. Because that immediately puts the that person in a position where they could actually choose to be a bad actor within that business. And, you know, breach the trust and confidentiality and all of those sorts of things that business owners take. Whether it’s somebody working within your business or a provider to your business, they’re really, really simple things. So separation is it’s a check and balance by an independent party against an independent data source.
How do you ensure that the right person has access to the financial resources and systems?
Simon: My own experience of that running a business was, you know, who has access to your bank account that most online banking systems do give you the ability control that one of the things we struggled with was online banking and being able to give other people access while still allowing one person to be able to control and so we’ve chosen a credit union. They just they couldn’t do it. So you know, you have to change to the Big Four and have to get it and they do have the systems to do it. And we work with our bookkeeper actually to set up the processes and do all that type of stuff. And, again, you know, for a lot of business owners, it’s not something they think about. And it’s somewhere where advisors, accountants and bookkeepers can really help small business owners make good decisions and protect themselves.
Cassandra: Yeah, look, it’s actually really scary as a provider to small businesses, Simon, how often the business owner will say to me, or I hear about other peers in the industry turn around and say, are the business owners just happy to give me their login details to their internet banking. Or here, I’ll just give you my access credentials, you can go in and pay those bills for me. It’s like, hell, no, that’s actually not going to happen. And we stepped through and explained the risks. And often, you know, it’s just this light bulb moment goes on to go, Ah, I didn’t even think of that. And, you know, we live in this bubble on a day to day basis. So this is something that’s foreign Centre for us, but a lot of business owners don’t think about it, because that’s not the world that they live in. So I think there’s a responsibility to us, as providers, to businesses to continue to have these conversations with them. So that they can be as informed as possible around what their business risks.
Heather: And I think within terms of the bank, too, if I can clarify. When you’ve got the bank, someone has the password access to enter the information, and then you can have someone come in and approve the information. And I would normally try and make that the business owner or the business, highly responsible person in the business to do that. Whoever was uploading the data, that was all they can do, they couldn’t do anything further. And yeah, and that’s possible with banks, and you want to make sure your bank offers that.
Cassandra: And sometimes it’s a bit of tough love for businesses as well. You know, they’ll kick and scream and say, Well, why can’t you and it’s just like, I’m not putting my registration or my licence and my reputation at risk. So you know, we really get quite strong and pushing back, and it is a bit of tough love for them. But I’ve yet to have any of them really, you know, said no, I don’t want to do it.
Heather: There are sleepless nights when you have access to a big bank account is not something that you want. It’s not, it doesn’t never, never sits easy with me. So I’m interested to go on and ask the question.
Why is ensuring consistency in the structure, appearance and format of business, and financial documents important?
Cassandra: I’m happy to jump in again, Simon. Like I think we’ve become very familiar with the way documents are laid out. And there’s a standard way. And, you know, as bookkeepers, particularly in other advisors, where we’re working with the same documents over and over again. So the consistency around it means that when something is abnormal, it tends to become a little bit more obvious. The flip side of that, too, is it can also lead to complacency. So whilst I think from a business issuing documents out to their, their customer base, it’s important to have a standardisation so that if anything deviates, it can potentially be a red flag. I think as a business owner receiving those documents, you’ve got also got to be aware of the complacency by seeing something that’s that’s the same thing over and over again. And again, it’s about not Oh, yep, that looks like the same. I’ve seen it before. I’ll just process that without, again, putting those checks and balances in place. So yeah, they’re great. And it’s important that we try and standardise that it doesn’t replace the need for diligence. And, and checking is as part of the processes that we’re undertaking.
Heather: Yeah, absolutely.
Anything else you’d like to add there?
Simon: Yeah, I was gonna say you’re seeing this in other things and advice you’re getting around fake emails and fake websites. And there’s unfortunately been instances of a Xero invoice. And that being a fake site, people try and direct you there. So it’s the same type of thing that making it look like something else. And you do need to have your wits about you to be able to identify when that’s happening. And then, as we’ve been talking about for quite some time, things like multifactor, like getting an authorisation through another tool. And you might notice that the Xero multifactor app actually moves the Yes button around is not in the same place every time. Try and make sure that actually you and you’re actually doing it and you don’t get into a habit. I’m in a habit of always pushing Yes. And yeah, it’s really important. It’s crossing my sort of trying to deal with human behaviour and what makes our life easier. And the converse of that, of course, is as we’re trying to make apps very easy. For people to use, we’re training you to do the opposite of what you need to do for financial controls, make it easy for your customers to pay you, right. But equally, you want to make sure they have financial controls, because that’s a risk to you as well, if they don’t have them. It’s a challenging area. And it’s nice that there are apps around like ApprovalMax that can help.
Heather: And I was actually listening to a podcast yesterday. And it was saying there’s now AI that can mimic my voice. So any one of you has a podcast or a webinar like us out there, they need to shut down any ability to do voice control on banking apps, because AI can mimic it, which is they only need like 30 minutes of podcast audio or webinar audio. So another area to shut down after they’ve been pushing voice control on us. I’d like to encourage anyone if they have any questions to pop them in the chat area. And I’d like to move to I think Simon’s favourite conversation. Let’s start talking about e-Invoicing. And we’ll launch a poll on E invoicing. So see what there it is. Hopefully, you can see that poll can get you to vote on that. Have you ever used e-Invoicing for sending or receiving invoices all of this looks a lot more different to the last poll. So was sitting at was sitting actually very balanced? Look at that. 50/50? I’m shocked. Excellent. Excellent. Well, thank you for voting there. Almost 50/50 in the voting of Yes, they’ve used it, and No, they haven’t used it.
What do you think about these voting results?
Simon: Yet, that’s nice to see all the work we’ve been doing over the last few years that people are paying attention. I think it’s worth explaining what it is. So were defining e-Invoicing as a new way of sending business documents, and invoices, but also purchase orders and other things between accounting systems using a secure International Network. And so what does that mean? That means if you’re if you buy from Bunnings, and a lot of businesses in Australia and New Zealand buy from Bunnings, you can receive those bills directly into draft bills in Xero. And it’s coming in directly, it’s not coming in via email, you don’t have to go download something and put it in. And so that’s giving you a higher level of security, lowering the risk, as we discussed earlier. And removing your necessity to the data entry on it to the point that Cassandra just talks about though without things looking the same. One of our challenges is this data is going, the information is going in in a structured way with all the line items and so forth directly into a Xero draft bill, which means everything looks the same. So one of the things we’ve been doing is making sure that the PDF is being attached in there as well. But again, reiterating that point financial controls remain very important.
Cassandra: I think Bunnings is a classic example, to Simon. So I know a lot of businesses will issue out the Bunnings cards to a number of different employees, I think their PowerPass cards here in Australia. And this is where not necessarily just relying on a single point of technology to solve problems or mitigate risk is really important. Because you don’t know who’s using that card and just going into Bunnings and buying whatever it is that they need. And those invoices are all going into your accounting software. And there’s you know, tends to be an assumption that if it’s in the accounting software, and it’s come through the e-Invoicing interface, then it’s good to go. You need the checks and balances still around, the legitimacy of those purchases and the legitimacy of those expenses. And is the person buying it authorised to actually make those purchases?, is the purchase that they’re making within certain financial parameters that have been set down by the business? You know, should somebody in the business have a level of authorisation depending on the value of the procurement that’s actually being made. So e-Invoicing is a great subset of the whole control. But it still doesn’t mitigate the risks that are there of poor financial management processes. And this is where tools like ApprovalMax can actually start to jump in and really help with that. You know, we can look at matching up the expense that’s been incurred against unauthorised purchase order, or before even with the invoicing format, before it goes into the accounting system. It’s reviewed by somebody who has the authority to review and approve it, to see whether or not yes, that is a legitimate expense for the business. Yes, we’ve bought what we expected to and what we’ve paid or what we’re going to be paying what we expected to. So there’s often books of prices and things like like that, that need to be considered as well. So that’s even one of the simplest steps that you can take with e-Invoicing sitting there as a facilitator of that.
Simon: Yeah, absolutely. And where the e-Invoicing direct connection is going to help you is that because the information is coming in straightaway, we’re working at the moment to try and get it directly after point of sale. So you’re seeing that as soon as transactions have happened, and you’ve got detailed data about what was purchased not there’s been a purchase from Bunnings. And this amount. You can do all these things and detect the fraud faster, but it doesn’t change, you have to have the processes in place.
Cassandra: Yep. Great. And the advantage to have the e-Invoicing and the immediacy of of it is that it is immediate. So you know, historically, we would sort of scrape the Bunnings receipts off of the floor of the tradies unit, and they could be six months old. And you’d be going back to the trainee, and particularly in a job management environment, you’re going well, what the heck have you bought? Why are you buying this? And they’d go, I’ve got no idea that was six months ago, three cases of beer and 20 jobs, they’d have no idea. So again, you’re you’re risking the financial viability of a business by not having, you know, the immediacy of that information. E-Invoicing supports that. And then you’ve got your checks and balances in place as well. So it’s a holistic perspective that we need to take around financial controls.
Simon: And that, of course, is what my whole business did was deal with those little receipts. And other than and all those challenges. And if you are having this conversation with your clients is frequently in that case, they’re not reclaiming the GST either, because they’re losing the receipts, and they’re losing their stuff. So investing in these processes is not just about stopping fraud, it might actually increase the amount you can reclaim and really help those businesses with their cash flow.
Heather: Yeah, yeah, it’s very much about cash flow. And so I’d like to ask you, Simon, is the e-Invoicing only for big businesses? And someone has actually mentioned that their limited partnership and e-Invoicing is not available for limited partnerships currently in Xero.
Can you explain if e-Invoicing is only for big businesses?
Simon: Okay, so maybe I’ll deal with the limited partnership question first. So what we’ve done in order to make it simple to register, is we have automated processes, we have some anti fraud measures of our own, and yes, some financial controls of our own. And unfortunately, that means there are certain situations where we can’t do automatic registrations for particular entity types. We are working on a way to try and change that. But I can’t go into detail about our rationale for that, for obvious reasons. It’s fraud. But I would just say, you do have an option, there are some add ons that will do manual KYC and also offering invoicing. So that’s one of the reasons we have an ecosystem. So you have some choice in how you approach in terms of it just being for beginners, I think we’ve spent most of our time talking about how it’s for small businesses. The example there are obviously a Bunnings. So e-Invoicing is both about you being able to send your invoices to your customers. It’s only for business to business transactions, it doesn’t involve consumers. So if you’re a retail store, it’s not going to have value for issuing invoices, it will on supply side, if you’re buying from Bunnings, if you’re buying from BOC gas, and there are new businesses coming online all the time that can send to you and it’s going to help you with efficiency. Where it’s going to help with if you’re selling to large businesses, is if you look at what some of them unfortunately are doing right now is they’re trying to make their business more efficient by making the small business or the small businesses advisor do more work. And that might be as preposterous as saying you must issue your invoice in a particular font. We’ve run into that. But it can also be about saying, Well, you need to figure out whether it’s a purchase order, or attend a number or extra bits and pieces. And what we’re trying to do in working actually with large businesses, and the Australian and New Zealand government’s is standardise some of that and make it much easier for you to send those e-Invoices to large businesses and of course, get paid. And part of the challenge is they tend to have financial controls. If you’re a large publicly listed business, you’re getting a lot of attention about whether you have them or not. They have dedicated teams that look at this. And it’s about being able to provide them enough information that you’re meeting their financial controls.
Cassandra: Like yeah, Australia is actually going through or has just finished a review around payment processing times for larger businesses. And one of the big issues that we did surface, I was part of that discussion with with Xero and also Treasury, one of the big issues that was surfaced was that larger businesses are actually moving a lot of their administrative functions now on to the customers of their businesses, to access portals to upload data to, you know, make, review and check and balance. But it’s not actually being seen in shortening payment terms. That’s a really interesting and larger conversation than this session, I think, Simon, so definitely.
Heather: A big conversation, that portal, maybe it’s a sort of a hashtag vent conversation.
Cassandra: But I think the point though, is between smaller businesses, there is the opportunity to reduce payment terms, because we’re often a lot more agile, we’re not sort of turning the big boat, that larger businesses do smaller businesses can be more agile, and they can leverage off of this to streamline process, both as a customer and a supplier.
Heather: And I know that when Xero initially released the e-Invoicing, it wouldn’t work for my business. And it has it is now, my business type is now eligible. So if you haven’t visited it for a while, go in and check it out and see if it’s now working for you.
Simon: I was gonna say we’ve also been working with like, I call them our peers. So we’ve worked with Intuit making sure that we can send between our systems and there is some similarity in the way we work. We’ve actually done demos together with them, you don’t often see the software providers working together in that way. But we do it here. And so that means you can send and receive to people using other types of software, we would obviously love to have 100% of the market. But yeah, that’s not going to happen.
Heather: My experience to that is when it comes to security, the software’s work nicely together like they speak. Like they try and work it nicely together. So it’s good to hear that. So I’d like to move on and ask.
Are there any tools or software that can help businesses with financial controls?
Cassandra: Well, isn’t that why we’re all here because ApprovalMax can actually do that. And is has been specifically designed to do that. So if we look at the totality of the procurement process, it starts by identifying a supplier, you potentially raise a purchase order you receive the goods, you receive the invoice for the goods, and ultimately you need to pay the person who supplied them. So there’s a number of points along that that procurement chain that can be controlled. To provide you with a risk mitigation strategy around around these things. The first one is at the supplier level is short and simple. Is your supplier validated? Are you getting an invoice from you know, supplier, dodge man, dodge woman who, you know is hoping that that you’ll pay it just because you’re so busy. And I think we’ve all been exposed to the I know we’ve just registered some trademarks in our business. And you know, five days later, you’re starting to get emails and invoices from all of these trademark registration services. The Australian ASIC and company fees is another one that we see regularly. And then there’s always the Rural Fire Brigade magazine, the police magazine and I think the rescue services magazine that you’ll always see those sorts of invoices coming through that they’re trying to take advantage of lacks financial control. So having an approved sub-suppliers list in the first instance is one way of many mitigating that. The second part of the process is potentially around the purchasing or the decision to acquire goods and services within the business who is making the decision and what are the the authorities around that and again, ApprovalMax has the ability for you to raise purchase orders with approvals delegations around them to process invoices that won’t move into your accounting system until there are approvals delegations around them. And they can be set at different levels. So within a business you could be looking at, you know, the admin person might be okay to approve the office works invoice. But if it’s over $5,000, you might want to elevate that up to the principal of the business or to the accountant or the CFO or somebody else within the supply chain in the business who’s who’s got that authority. So it’s again, it’s about assessing where your risk points are in the business and mapping these out and looking at the solutions that actually come into to support that. You know, things like payment processes are the details on the invoice as soon as the details that are on your PLU approved supplier record for instance, you know, banking details and Simon you’ve already mentioned that with you know, the changes on the on email intercepts for those that aren’t using any The invoice framework, that’s a really, really high risk and high profile area at the moment. So having the checks and balances in place that allow you to do that, you know, it’s simple things like are the is what you’re being charged what you were quoted for in the first instance. And that’s something that we see a lot in ApprovalMax, has got the ability to do that invoice matching against a validated purchase order. So your purchase orders for $1,000, your invoices for $2,000, it’s not going to go through the pipeline, until somebody’s reviewed that and said, well hang on a sec wise is our cost now suddenly double what we were expecting it to be? There may be valid reasons for that. Absolutely. And there might need to be some amendments, but it’s stopping it before it gets into the accounting system. And before it gets paid. And, you know, in my experience, once you’ve been once you’ve overpaid your supplier, it’s often a really, really difficult conversation to recruit those funds or have that. And even if you’re able to do that there’s the time imposter that’s associated with our, I’ve got to call them, yes, they’re going to pay me now I’ve got to send them my banking details and the whole workflow around it just takes time. Time is money. We’re talking about financial controls, we don’t want to be wasting and spending money on things we don’t need to if we can bring systems in that support them much more cleanly.
Simon: What I love about this is that this is something large businesses have been doing for a long time, they’ll be using terms like master data record, and so forth. And what you get with ecosystem apps and with ApprovalMax, is that becomes accessible to small businesses and small businesses, advisors in a way that hasn’t been possible. When you go back, certainly when I started my business in 2010, this just wasn’t available. And that is terrific for small businesses, for small business owners to be able to have that control and manage their cash flow. And it’s great to say really?
Cassandra: Yeah, and you’re absolutely right. So many government departments have had this implies two years. So I started working with government, probably in the early 1990s, with very manual financial management processes, their computer systems were quite archaic. But as somebody working in a business environment where we were spending money, I had to undergo training on their procurement processes. So I couldn’t actually order anything, or delegate anything until I’d receive the training on that. When I did that training, it was they had simple procurement and complex procurement. So it was all driven by dollar values and the complexity and you know, how many tenders you could go out to and all of those sorts of things. But I was actually legally liable. If something went wrong there, this wasn’t just an internal, you know, you’ll get smacked on the fingers. I was legally and criminally liable for that. Now, I know in small businesses, that’s not necessarily going to be happening. But the same principles should apply. We should have some rigour around who’s authorising what the levels of authorisation are, how much can be spent. As part of a tight, tight financial control. I just see too many businesses spending money unnecessarily, you know, landscaping client that I was talking about earlier, every man and his dog had a Bunnings card, and they would sometimes doing two or three trips a day to Bunnings on one project. And the value of the purchase was $5. So it’s not just what’s being drawn out of the business, from a fraudulent perspective, but it’s also about you know, how you met maximising your workflow opportunities and your human resources around it as well. It’s a huge discussion, and there’s so many different arms to it.
Heather: That’s a lot of Bunnings sausages.
Cassandra: Sounds a lot of adding sausages. Yes, three screws and a, you know, a hacksaw blade.
Heather: Yeah. I’m interested to know you have touched on government.
Are there any requirements businesses need to follow regarding financial controls when dealing with governments and non-for-profits?
Simon: So often, I think we hinted at it earlier, that when you’re sending the I’ll tell you things that you have to include on your invoices, and that’s so they can meet their financial control requirements. And so, in particular, putting your bank account in what they’re doing is mapping out against the record they have already and saying hasn’t changed, and then they’re going to contact you about it and they’ll frequently even though they’re not using it to pay you, they want to approve an invoice if they aren’t bank account details on it, because they want to do that matching and checking. But otherwise, there’s nothing I guess from a legal requirement perspective. They’re, I think, saying under there was something we discussed before about insurance where it helps to be able to document all this stuff.
Cassandra: Insurance is really interesting. And I’ve come across this when I’ve been putting in my annual declaration for my business insurance and business insurance and also management liability insurance. And I suspect most business owners would have this level of coverage as well. But one of the questions that’s been asked is when I’m with our bill paying, do we have separation of duties in our business? Now, the business is only a two person business, we’ve got staff, but the only people that deal with the money are basically myself and my husband doesn’t even know how to log into Xero. But it was a really valid question, because it makes you think about well, if I, you know, how do I explain to the insurance company that I’m the only person that’s actually going to be paying bills? And is that actually right, even in a business of my size? Because technically, it’s an entity in its own right, and I’m a director of the entity and I, you know, I’m aware the responsibility of it. But should we have a check and balance in place? I was easily able to explain it, because, you know, we are so small, but you start to talk about businesses that maybe are mum and dad businesses but have the admin clock that’s working in there. And that responsibility is delegated to the admin clerk or the internal bookkeeper or the or the internal accountant? What risk? Are you putting yourself out from an insurance perspective? If somebody does actually undertake something fraudulent? Are you going to be covered from an insurance perspective? And perhaps that’s a question in the PDF documents as you’re sending them out? That is easy. Yep, yep, yep, tick, tick, tick, tick, tick, I just need to get my insurance premium in place. But when it actually, you know, the tie hits the ground on this one, are you going to be covered? So just have a think about that as well. And maybe go back and review your business insurance management, liability insurance, and also your cyber insurance documents as well to see whether tight financial controls are one of the things that your insurance company is actually asking about?
Heather: Absolutely, thank you for that. Thank you for that. Now, we’re moving towards the end of the session today, and you’ve shared so much great information with us. I will pop your LinkedIn link in the chat area, so they can directly get in contact with you that way. But if you can share one practical tip that will be sensational.
Can you share one practical tip that you’d like people to take away from the session? And how can people get in contact with you?
Cassandra: Simon, I’ll let you go on this one first.
Simon: Cool. So first thing is if you want to try out e-Invoicing you need to register. And so you can find information and I think it might be going to chat or in the follow-up here, you can go on to Xero Central and find out how to register. The other thing is we now have the ability to send the Xero subscription bills over invoicing. So no something people have been asking for for a very long time. And so there’s an easy way for you to experience this. And check that out. And then obviously apply financial controls to it in terms of getting in touch LinkedIn is definitely the best way to reach out to me. And more generally, you can reach out to your account manager as on Xero partner.
Heather: Excellent. You spoke just as I managed to get everything in there. And I think Eloise is putting some links, more resources and links into that chat area. So while Eloise does that, I would like to thank our wonderful speakers. I’d like to thank the audience for attending. I hope you found that session really informative. Thank you, everyone, for attending this webinar, tightening your internal financial controls, and how to develop and enforce them for maximum effectiveness. And this session was presented by ApprovalMax and Xero, a copy of the webinar.
Cassandra: Can I just jump in really quickly? Sorry, to cut you, you were talking about insights and opportunities here. The one thing I’d like to stress to people is if you’re looking at tools to come in and mitigate risk in your business, see them as an investment in your business, not a cost to your business. And I really can’t stress that enough because the cost of allowing fraud and opening those doors that people can walk through and be bad actors within your business is going to be far more significant and at times will be catastrophic. Not just from a business perspective but from a health and human well-being perspective. So anybody that’s considering this tools like ApprovalMax are awesome. Have a look at it, but don’t see it just as a cost look at as look at it as an investment in giving you peace of mind at night when you’re sleeping. That was one of the points that you made earlier. It’s about sleeping soundly. So I did just want to highlight that.
Heather: Absolutely anything else you’d like to say. No? That’s fine. Now the financial controls are in place. It, it is a really emotional issue for many people. So it’s really important that you think about all the options for controlling this. Thank you so much Cassandra and Simon for sharing your insights with us. I’d like everyone to encourage everyone to connect with our speakers. Thank you so much again.
Simon: Thank you.
Cassandra: Thanks for having us, Heather.
Earmark CPE is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org.