Introduction
The Procurement to Pay (P2P) process is a fundamental part of business operations, ensuring that an organization efficiently procures goods and services while maintaining compliance and cost control. An ideal P2P process streamlines operations, enhances supplier relationships, minimizes risks, and ensures transparency. This blog post will explore each sub-process, highlight key controls, risks, required documentation, and industry-specific variations.
Requisitioning: Initiating the Purchase
Process Overview
A purchase requisition (PR) is raised by a department needing goods or services. This document acts as an internal request for approval before procurement. This is like a grocery list we prepare in our household before going to Walmart or Carrefour.
Key Elements
Below are the key element of this sub-process
- Requester Information: Who is making the request?
- Item Details: Description, quantity, specifications
- Justification: Business need or project requirement
- Budget Check: Available funds
- Approval Workflow: Managerial and finance team approvals
Internal Controls
As an Internal Auditor or business leader, following internal controls should be in place for purchase requisition
- Authorization Matrix: Define who can raise and approve PRs based on financial thresholds.
- Segregation of Duties (SoD): Ensuring that the requester is not the same person approving.
- Budgetary Controls: PR should align with allocated budgets.
Risks and Mitigations
In a nutshell, below are the key risks and mitigation strategies
| Risk | Mitigation |
|---|---|
| Unauthorized purchases | Pre-approved vendor list and budget approvals |
| Duplicate requests | System validation for duplicate PRs |
Industry Variations
- Manufacturing: High volume of raw material requests requiring demand forecasting.
- Healthcare: Compliance with medical regulations for procurement of drugs and equipment.
- Retail: Seasonal purchase planning to meet demand fluctuations.
Supplier Selection and Purchase Order Creation
Process Overview
Once the PR is approved, procurement teams identify suppliers and generate a Purchase Order (PO). Identification of supplier might sound easy but it is not. It requires deep knowledge of new vendors, supplier’s rate, market trends, geographical changes, policies and regulations etc. In any organization, procurement team along with the requisitioner hunt for the potential supplier who can fulfill their requirement.
Key Elements
Below are the key element in this sub-process
- Supplier Evaluation: Quality, pricing, reliability, past performance
- RFQ (Request for Quotation): Comparing quotations from vendors
- PO Issuance: Legally binding order to the selected supplier
Internal Controls
As an Internal auditor or business leader, following internal control should be in place for vendor finalization
- Vendor Due Diligence: Background checks, financial stability review
- Competitive Bidding: Ensure fair supplier selection
- Contract Management: Clearly define terms, delivery timelines, penalties for non-compliance
Risks and Mitigations
| Risk | Mitigation |
|---|---|
| Supplier fraud | Vendor verification and history tracking |
| Price manipulation | Multiple quotations and approvals before vendor selection |
Industry Variations
- IT Services: Long-term vendor contracts due to specialized service needs.
- Construction: Multiple suppliers for different materials and subcontracting needs.
- Government Sector: Strict procurement laws requiring transparent tenders.
Goods Receipt and Inspection
Process Overview
Once the supplier delivers the goods, the receiving department checks for quality and quantity before accepting them. There might or might not be a situation where duty for acceptance of goods or services is segregated. Now, once the quality check is done, Good Receipt Note (GRN) is generated or updated so that there is a acknowledgement that somebody from the organization received the goods/ services.
Key Elements
Below are the key elements in this sub-process
- Inspection Checklist: Condition, quantity, specifications match PO
- Goods Receipt Note (GRN): Acknowledges receipt of items
- Rejection Process: Handling damaged or non-compliant goods
Internal Controls
As an internal auditor or business leader, below are the key internal controls in the good receipt and inspection phase
- Quality Assurance: Independent verification of received goods
- Three-Way Matching: PR, PO, and GRN reconciliation before payment
- Return Policy: Clear protocols for rejected goods
Risks and Mitigations
| Risk | Mitigation |
|---|---|
| Receiving incorrect goods | Strict inspection protocols |
| Accepting damaged goods | Independent quality checks |
Industry Variations
- Pharmaceuticals: Regulatory compliance on storage and handling
- Retail: Bulk deliveries and warehouse logistics coordination
- Automobile: Critical component quality checks before production integration
Invoice Processing and Payment Approval
Process Overview
The supplier submits an invoice for payment. The invoice undergoes verification before payment is released. Here, role of finance and accounts team is more. Sometimes, accounts payable can be a separate function responsible for processing of invoices.
Key Elements
Below are the key elements in this sub-process
- Invoice Matching: Matching invoice with PO and GRN
- Approval Workflow: Financial team authorization
- Payment Scheduling: Aligning with cash flow policies
Internal Controls
Following internal controls are crucial in this phase
- Automated Invoice Processing: Reduces human error
- Fraud Detection: Spotting duplicate or inflated invoices
- Payment Terms Management: Ensuring adherence to agreed terms
Risks and Mitigations
| Risk | Mitigation |
|---|---|
| Duplicate payments | Automated invoice reconciliation |
| Payment delays | Efficient approval workflow |
Industry Variations
- Manufacturing: High-volume transactions requiring automated payment cycles.
- Retail: Vendor discounting for early payments.
- Service Industry: Contract-based milestone payments.
Payment Execution and Reporting
Process Overview
After approval, the finance team processes the payment to the supplier and records the transaction. Now, payment execution can happen via cash, cheque or direct bank transfer. This all depends on the size, nature and location of the company or organization.
Key Elements
Below are the key elements in this area
- Payment Modes: Bank transfer, credit card, checks
- Compliance Checks: Anti-money laundering and tax deductions
- Financial Reporting: Accounting entries and reconciliation
Internal Controls
Following internal controls should be implemented to ensure transparency and adequacy in the effectiveness of the process
- Dual Authorization: Payment approval by multiple stakeholders
- Reconciliation Procedures: Regular audits to match payments with records
- Supplier Master Data Management: Prevent unauthorized payments
Risks and Mitigations
| Risk | Mitigation |
|---|---|
| Payment fraud | Dual authentication and audits |
| Cash flow mismanagement | Payment scheduling and forecasting |
Industry Variations
- Healthcare: Strict vendor compliance for medical supply payments.
- E-commerce: Automated payment processing for multiple suppliers.
- Construction: Milestone-based payments for ongoing projects.
Fraud Risk Assessment in P2P process
Fraud risks in the Procurement to Pay (P2P) process include unauthorized purchases, supplier collusion, invoice fraud, and duplicate payments. Organizations should implement preventive and detective controls, such as vendor due diligence, automated invoice matching, dual payment authorization, and regular audits to mitigate fraud risks.
Technology solutions like AI-driven anomaly detection and blockchain for contract transparency can further enhance fraud prevention strategies.
Conclusion
An effective Procurement to Pay (P2P) process enhances operational efficiency, ensures compliance, and strengthens supplier relationships. While the fundamental steps remain the same across industries, variations exist in supplier selection, payment structures, and regulatory compliance. Leveraging automation and strong internal controls helps organizations minimize risks and improve procurement effectiveness.
![[IFRS 15] Contract Assets & Liabilities A Decision Tree Approach](https://govarix.io/wp-content/uploads/2025/02/IFRS-15-Contract-Assets-Liabilities-A-Decision-Tree-Approach.png)
