Spreadsheet-based invoice approval tracking is a record-keeping tool presented as a control. The spreadsheet records what happened after the fact. It does not prevent an invoice from being paid without an entry. It does not flag a changed bank detail before the approval. It does not enforce that the right person approved the right amount. For businesses where those controls don’t matter - very small volumes, stable suppliers, single approver - that is often fine. The problem appears when any of those conditions changes and the spreadsheet stays in place.
The Hobart food distributor
A financial controller at a Hobart food distribution business used a shared Google Sheet for invoice approvals for four years. It worked until the business opened a second warehouse in Launceston. Invoices now arrived from two locations, two sets of suppliers, and two approvers who didn’t always communicate in time.
Within six months the Google Sheet had diverged into two separate sheets that didn’t reconcile with each other. Approvals were being confirmed by email and never recorded in either sheet. When the year-end audit required evidence of who had approved specific invoices and when, the finance team spent three weeks manually compiling email records going back twelve months - a process that was both labour-intensive and incomplete, because some approval emails had been deleted or couldn’t be found in shared inboxes.
The problem wasn’t disorganisation. The spreadsheet was adequate for one location and one approval chain. It wasn’t designed to scale to two. No spreadsheet is.
What are the three specific gaps in spreadsheet-based approvals?
Audit trail integrity is the most consequential gap. A spreadsheet can be edited by anyone with access. Dates can be changed, approval entries can be backdated, and rows can be deleted. For most day-to-day purposes this is irrelevant - teams aren’t routinely manipulating approval records. But when a disputed invoice or fraud investigation requires evidence of who approved what and when, a spreadsheet entry is not a reliable record. A system-generated audit trail that cannot be modified after the fact provides a different quality of evidence - one that satisfies auditors without requiring the finance team to prove that the record was never altered.
Bank detail verification is the gap with the highest financial stakes. A spreadsheet tracks the approval decision - it records that an invoice was approved. It does not capture what bank details appeared on the invoice at the point of approval. When a fraudulent invoice arrives with substituted bank details, the spreadsheet records that it was approved, not that the details differed from the historical record. This is why payment redirection fraud, which cost Australian businesses AU$152.6 million in 2024 according to the ACCC, works specifically against spreadsheet-managed AP processes: the approval happens with no automated verification of the detail that matters most.
Coding consistency is the third gap. Spreadsheet approval tracking does not enforce coding rules. Structuring a proper delegation of authority is the foundation that a platform can then enforce. The person entering the invoice into Xero or MYOB makes the coding decision independently each time, with no reference to the chart of accounts mapping decided for the same supplier the previous month. Inconsistent coding accumulates across reconciliation periods and distorts category reporting in ways that are difficult to detect and correct without significant rework.
The cost comparison most businesses skip
The standard framing of the spreadsheet-versus-platform comparison focuses on the subscription cost of a dedicated platform as an addition to the current cost base. This misses the existing cost of the manual process.
The ATO and Deloitte Access Economics estimate the cost per invoice for a manually handled PDF at AU$27.67. At 40 invoices per week, the annual processing cost is approximately AU$57,000 - before error correction or fraud exposure. A bookkeeper spending two hours per week maintaining the approval spreadsheet and following up on missing entries is spending more than 100 hours per year on administration that a structured platform handles automatically.
The fraud scenario changes the calculation entirely. A single payment redirection event costs far more than years of platform subscription. The spreadsheet-based approval process provides no protection against this risk. The historical record shows what was approved. It does not record whether the payment details were verified.
When spreadsheet-based tracking remains adequate
For businesses with fewer than 15 invoices per week, a single approver who processes all invoices personally, and a stable supplier base where the controller has direct knowledge of every vendor, a spreadsheet with a documented manual verification process often works. The controls are informal but manageable at that scale.
The signal that the spreadsheet has become inadequate is usually one of three things: the finance team is spending significant time maintaining it rather than reviewing invoices; an auditor has noted the approval record as insufficient; or a payment error has occurred that the spreadsheet didn’t catch. Any of these is the right time to move to a structured platform - before the next incident, not after it.
Sources: ACCC - Targeting Scams Report 2024 · ATO - Record-keeping requirements for business
Further reading: How to Build an Audit-Ready Approval Matrix · Why Delegation of Authority Matters More Than Automation Speed · Best AP Automation Software Australia 2026