With a Secure & Free Online Audit Confirmation Solution
With a Secure & Free Online Audit Confirmation Solution
Responding to audit confirmation requests without a secure process in place can expose your company to fraud risk. Learn how Delta Air Lines and Microsoft Corporation discovered a secure and free online solution to this pervasive business problem that increased staff efficiency and eliminated the risk of fraud.
Company Profiles:
- Delta Air Lines — Delta Air Lines serves more than 160 million customers each year. Headquartered in Atlanta, Georgia, Delta employs 80,000 employees worldwide and operates a mainline fleet of more than 700 aircraft. Lewis W. Moore has been with Delta for 14 years. Lewis is currently the Manager of Accounts Payable/Accounts Receivable at Delta and responsible for the order to pay process.
- Microsoft Corporation — Microsoft is the worldwide leader in software, services and solutions that help people and businesses realize their full potential. Headquartered in Redmond, Washington, Microsoft employs 97,000 employees worldwide. Suzanne Lenzmeier has been with Microsoft for 20+ years. She is currently the North America AP Regional Process Owner at Microsoft and her responsibilities include governance and oversight of North America AP operations.
Challenge
Like many businesses today, the corporate AP staff at Delta Air Lines and Microsoft Corporation didn’t always have a secure, efficient system set up for handling external audit confirmation requests. A typical request could arrive via U.S. Mail, fax, e-mail or telephone. For example, at Delta, Lewis Moore observed that prior to switching to an online confirmation system, the company “received 300 to 400 audit confirmation requests annually, of which 95% were received by U.S. Mail.”
Prior to switching to an electronic system, neither company had a clearly established process to verify and validate the source and authenticity of the requester. Likewise, there was no secure way to ensure that the responding source from their company was authorized to do so, thus exposing the company to the potential risk of fraud and legal liability. To this day, many organizations aren’t even aware of this risk!
Needless to say, slow turnaround time in responding to requests as a result of having to verify, reconcile, and match requests to the company’s internal AR/AP record system often resulted in duplicate or even triplicate requests from a requesting auditor, which compounded the confusion of verifying a request before responding to it.
For example, at Delta, disputes and discrepancies typically generated another request from the auditor for clarification. Lewis said, “Requests would sometimes go to the wrong department and approximately 15% were duplicate requests.” In addition, the staff at Delta didn’t have an efficient way to track and access responses, especially when there were disputes and discrepancies.
As for Microsoft, back in 2009, the company decided to outsource its AP work to India, including confirmation responses. Microsoft’s Suzanne Lenzmeier noted,“We didn’t have an efficient way to get mailed requests from our Fargo office to India and finding a solution was a low priority.”
Most importantly, individuals tasked with responding to requests didn’t always understand the inherent fraud risk involved with responding to external audit confirmation requests without a secure system in place to process these requests. As a result, some accounting departments, like Suzanne’s at Microsoft, simply chose not to respond, falsely thinking this would eliminate the risk, along with the hassle of responding. However,“Do Not Respond” policies simply do not work and they do not eliminate liability. By not responding, you only keep the legitimate responses from going out and have no way of addressing fraudulent responses. In addition, employees can respond on “behalf of your company” without your knowledge, exposing your company to legal liability
Solution
Both Lewis at Delta and Suzanne at Microsoft had attended conferences, where they heard Brian Fox, CPA and founder of Confirmation.com, explain the risks of responding to requests without a secure process in place. Both Lewis and Suzanne drew the same conclusion: that they needed a secure, efficient internal audit confirmation response process that would eliminate the risk of fraud and increase their efficiency and control over the process. In short, they needed a secure online solution that would ensure the auditor making the request had been vetted and that confirmation requests were legitimate.
For example, as Suzanne commented, “At Microsoft, we didn’t have a formal policy and process in place for handling confirmation requests.” However, after attending a session led by Brian Fox , “I became acutely aware of the fraud risk and grew concerned about the liability implications, as well as protecting the company’s brand and reputation.” For efficiency reasons, Suzanne also wanted a solution that could route all requests directly to her team in India because many requests were continuing to be mailed to various Microsoft locations, including the Fargo office.
At Delta, Lewis had additional goals for switching to an online confirmation system, including reducing paper from the process and reducing or eliminating duplicate requests. Lewis already had a response policy in place as a courtesy to requestors, but wanted to ensure requests came to his — and only his — department to protect the company from fraudulent responses. He also wanted the ability to have access to historical data. The solution was Confirmation.com.
Today, Delta Air Lines and Microsoft are both In-Network Confirmation.com responders. This simply means both companies have gone through Confirmation.com’s rigorous verification process of ensuring the responding entity is the proper source and that the person set up to respond is authorized to do so. Likewise, Confirmation.com also verifies the authenticity of the audit confirmation requestor, ensuring the right people at both ends of the confirmation process are authorized to initiate and respond to requests.
Furthermore, the entire confirmation process is handled online in Confirmation.com’s secure cloud-based system. Requests can now be processed in a matter of minutes, rather than days, weeks, or months. Confusing duplicate requests are eliminated as well. And, most importantly, the opportunity for fraud is eliminated from the process.
Results
Both Lewis at Delta and Suzanne at Microsoft found that setting up Confirmation.com was quick and simple. They quickly completed the online application and set up authorized users as responders for the company. The responder is notified by email when confirmations are available to review. Now all mailed requests receive an insert with the response letting the auditor know that the company prefers to use Confirmation.com.
Both Lewis and Suzanne made the same observation
Confirmation.com eliminates fraud risk, improves user efficiency, and provides real-time control over the entire process, resulting in time savings, fewer headaches, and no more paperwork.
For more information, please visit www.contact.confirmation.com.
