P2P Internal Controls for Education

February 2, 2017 Chris Doxey

In my work in the procure to pay (P2P) internal controls field across several industries, I have seen several common themes. You’ll recognize some of these control themes below. I’ve specified how they apply to education and have recommended solutions to consider.

Industry expert Chris Doxey shares insight into internal controls for the P2P process in education

Control themes:

  • General
  • Theft, collusion, and kick-backs
  • Fictitious suppliers
  • P-cards, T&E and petty cash


  • If there is a lack of attention to internal controls, there is a risk of fraud. Sometimes roles and responsibilities for internal controls are not clearly defined.
  • Universally, the three critical controls are: 1) Segregation of Duties (SoD), 2) Delegation of Authority (DOA) and 3) System Access. These controls are critical within the education industry.


  • Clearly communicate internal control policies, programs, and responsibilities. This includes routine P2P process testing with a focus on high-risk areas.
  • Establish a code of conduct and ethics training program to coincide with your internal controls program.

Theft, collusion, and kickbacks

  • Collusion and kickbacks occur when suppliers offer special pricing or deals to university personnel with the promise of an incentive such as tickets to an event, gift cards, free conference passes, or even offers of a book deal or speaking engagement.
  • University personnel may order excessive goods for personal use.


  • Establish a supplier selection process with requirements for approved contracts, requisitions, and purchase orders.
  • Ensure that a service level agreement (SLA) process is in place for all suppliers.
  • Establish a supplier management review (SMR) process to check the performance of all suppliers.
  • Lastly, review key contracts to determine if there are pricing anomalies.

Key Point: Suppliers with a number of large credits may indicate a problem with pricing.

Fictitious suppliers and phony invoices


  • Implement supplier master controls which include W9s, W8s, TIN matching, and compliance screening.
  • Cross-check the master vendor file (MVF) against HR's employee file. This ensures no employee is posing as a supplier. Check names, address, phone number, and bank account.
  • Perform background checks for all employees.

P-cards, T&E, and petty cash

  • There may be personal or non-university purchases, or “out of policy purchases” on a P-card.
  • In some cases, a seminar or conference that is paid directly by the hosting organization to the university speaker may be submitted again for reimbursement. The university has no way of knowing that those expenses were already paid by another organization.
  • Many universities and schools still use petty cash system which creates a big temptation for theft.


  • Communicate P-card and T&E policies and implement training programs.
  • Establish a P-card and T&E Administrator for each program and institute mandatory cardholder agreements.
  • Replace outdated petty cash systems with P-cards. This reduces reconciliation nightmares caused by reconciling cash and the never ending stream of “IOUs” and will enhance productivity and improve internal controls in the P2P process.
  • Use automated systems and approval processes wherever possible.

The solutions recommended in this blog will provide you with the tools needed to enhance your P2P controls within your university or school.

About the Author

Chris Doxey

Chris Doxey, CAPP, CCSA, CICA is an independent management consultant providing Internal Controls and Business Process Best Practice Solutions. She has extensive experience in procurement, accounts payable, internal auditing, internal controls, Sarbanes-Oxley compliance, payroll, logistics, financial systems strategy, and financial integration at Digital, Compaq, Hewlett Packard, MCI, APEX Analytix, and Business Strategy, Inc. She was recruited to assist MCI (formally WorldCom) recover from their internal control challenges. She has a bachelor's degree in English, a bachelor's in accounting, a master's in business administration, and a graduate certificate in project management. Chris has written numerous articles and published two handbooks: AP Leadership Skills and Implementing a Controls Self Assessment Program for Your Accounts Payable Department.

Follow on Linkedin Visit Website More Content by Chris Doxey
Case Study: New Orleans College Prep
Case Study: New Orleans College Prep

Learn how New Orleans College Prep automated the P2P process with Nvoicepay and Coupa to generate significa...

Guide for Evaluating Electronic Payment Solutions
Guide for Evaluating Electronic Payment Solutions

Use this guide and accompanying evaluation checklist to determine the right ePayments solution for your com...


Book a
Live Demo

First Name
Last Name
Thank you!
Error - something went wrong!