The best accounting software for small business in Australia is routinely presented to auditors as evidence that financial controls are in place. The assumption embedded in this presentation is that a modern platform with an approval workflow and an audit trail satisfies audit requirements for AP governance. In practice, auditors look at something different from what finance teams expect them to look at - and the gap between what the platform records and what the auditor needs is where most AP audit findings originate.
What finance teams assume auditors want vs what auditors actually examine
Assumption | Reality |
|---|---|
Auditors want to see that invoices were approved | Auditors want to see that the right person approved, with the right authority, for the right reason |
An audit trail in the platform satisfies the evidence requirement | The audit trail needs to capture supplier data at approval, not just the approval event |
Fast, automated processing demonstrates strong controls | Speed is irrelevant - what matters is what the workflow verifies before processing |
Integration with Xero or MYOB confirms data integrity | Integration confirms data transfer - it does not confirm data accuracy at source |
Approval software means approvals are controlled | Approval software means approvals are recorded - controlled requires that the platform enforces authority limits |
The position: automation satisfies the audit trail requirement but not the audit control requirement
Finance teams are not wrong that audit trails matter. They are wrong about what an adequate audit trail looks like, and wrong about what additional evidence auditors need beyond the trail.
An external auditor reviewing a Melbourne professional services firm’s AP records for the financial year found the following in their Xero-integrated approval workflow: every bill had an approval event recorded, showing a user name and a timestamp. The auditor asked four questions. First: could the person who approved bills also enter them? Yes - no segregation was enforced. Second: were any bills approved above the authority limits documented in the firm’s internal finance policy? The finance team could not answer because the policy thresholds were not reflected in the platform. Third: what was the supplier’s bank account at the time each bill was approved? The audit trail did not capture this. Fourth: had any bills been processed without matching purchase orders where POs were required by policy? There was no tracking.
The auditor’s findings: four control gaps, none of which the approval platform addressed. The platform had been presented as evidence of strong AP controls. It was evidence of a workflow. Those are different things.
Why this gap persists between what platforms provide and what auditors need
The market for AP automation tools primarily addresses an efficiency problem: how to process invoices faster with less manual effort. The control layer - what auditors care about - is secondary in most vendor marketing and, in many platforms, secondary in the actual product design.
This creates a structural mismatch. Finance teams adopt a tool that makes their workflow faster and uses the presence of an audit trail as evidence of governance. The audit trail confirms processing activity. It does not confirm:
That the person who approved had authority to approve that value
That the supplier’s identity and bank details were verified before approval
That the invoice was not a duplicate of a previously paid bill
That the approval could not be bypassed by any user with sufficient system access
These are the questions auditors ask. They are the questions that determine whether the platform represents a genuine control or a more efficient version of an uncontrolled process.
The counterargument: modern platforms have all these controls built in
The counterargument is that this article is outdated - modern AP automation platforms include supplier validation, approval thresholds, duplicate detection, and full audit trails as standard features.
This is true of some platforms. It is not true of most of the ones Australian SMBs actually adopt. The most commonly used combination in Australian SMB - Dext for extraction, Xero or MYOB for the ledger, and native approval workflows - addresses none of the four gap areas above. The most common third-party addition, ApprovalMax, addresses approval workflow governance but not supplier validation or duplicate detection.
For a finance team to genuinely satisfy audit requirements for AP governance, the platform needs to address the full picture: validation before routing, conditional approval by authority level, exception handling before ledger publication, and an audit trail that captures supplier data at approval. This combination exists in purpose-built platforms. It is not the default configuration of the most common Australian SMB tool stack.
What auditors actually look for in an AP governance review
Based on standard audit practice for Australian SMBs, the key AP audit procedures involve:
Segregation of duties test: Are the invoice entry, approval, and payment functions performed by different individuals? Can the system prevent someone from approving their own entries?
Authority compliance test: For a sample of approved invoices, was each approved by someone with documented authority for that value? This requires both a written authority matrix and evidence that the workflow enforced it.
Supplier verification evidence: For high-value or new suppliers, is there evidence that bank details were verified before payment? If the audit trail does not capture this, the auditor may request separate verification records.
Completeness and cut-off: Were all invoices for the period processed within the period? Are there invoices dated in one period that were approved and published in another without adequate explanation?
Duplicate payment test: Were any invoices paid twice in the audit period? This is typically tested through data analysis on the bill list, looking for same-supplier, same-amount combinations.
The practical implication: what your platform needs to be able to show an auditor
A finance team preparing for external audit with an AP automation platform should be able to produce:
A written, current authority matrix showing who can approve what value, with sign-off by a director
Approval records that show both the approval event and the supplier data at the point of approval
Evidence that value-based thresholds are enforced by the workflow, not just by policy
A record of any exceptions - invoices that required escalation, were flagged for review, or were rejected - showing how each was resolved
Confirmation that the approval step cannot be bypassed by any user without logging that action
If the platform cannot generate items 2, 3, or 4 from the system record, the finance team will be compiling this evidence manually from email records, which is the scenario that creates audit delay and findings.
What the best accounting software does and what it cannot do for audit purposes
The accounting software - Xero or MYOB - provides accurate financial records and reporting. It provides the ledger trail that auditors rely on for financial statement purposes. What it does not provide is the AP governance evidence listed above.
The governance evidence requires a workflow layer above the accounting software that captures supplier data at approval, enforces authority limits by value, and provides a complete exception log. These are the functions that transform accounting software from a record-keeping tool into a governance platform.
Pulsify’s validation and exception review captures the supplier data that auditors need at the point of invoice receipt and approval - not as a separate report, but as part of the approval record that feeds directly into the AP automation audit trail.
Checklist: will your AP platform satisfy an auditor’s requirements?
Does the audit trail capture the supplier’s bank details at the point of approval?
Does the workflow enforce approval authority limits by value inside the system?
Is segregation of duties enforced in the platform, not just documented in policy?
Is there a log of all exceptions - flagged invoices, escalations, rejections - with resolution records?
Is there evidence of supplier verification for new or changed suppliers?
Is the audit trail tamper-resistant (entries cannot be edited after the fact)?
Can the authority matrix be produced as a current, signed document?
Who this most directly applies to
Scenario | Priority action |
|---|---|
Business preparing for first external audit | Review platform against checklist above before audit fieldwork begins |
Business that received AP control findings in last audit | Address the specific finding with platform configuration or process change |
CFO relying on platform audit trail as primary evidence | Verify that the audit trail captures supplier data, not just approval events |
Accountant preparing client financials for audit | Confirm client’s AP platform generates the evidence above, or plan to supplement manually |
FAQ
What do auditors check when reviewing accounts payable?
Auditors test AP for completeness (all invoices recorded), accuracy (amounts and coding correct), cut-off (right period), and controls (right people approved with the right authority). The controls test is where AP automation platforms are most often found insufficient - not because the platform is poorly designed, but because the specific control functions auditors check are not present or not evidenced in the audit trail.
Does having an audit trail in AP software mean your AP is audit-ready?
An audit trail in AP software is necessary but not sufficient for audit readiness. The audit trail needs to capture supplier data at the point of approval (not just the approval event), reflect that authority limits were enforced, and show that segregation of duties was maintained. Most basic audit trails record who approved what and when. Auditors need more than that.
What is the most common AP audit finding for Australian small businesses?
The most common finding is lack of segregation of duties - the same person entering, approving, and paying invoices without independent review. The second most common is approval thresholds that exist in policy but are not enforced by the system or evidenced in the records. Both are addressable through workflow configuration, not just process improvement.
How should a finance team prepare AP documentation for an external audit?
Before audit fieldwork: produce the current authority matrix as a signed document, confirm that approval records in the system reflect the matrix, and identify any invoices approved outside the matrix (by value or by role) that will require explanation. If the platform’s audit trail does not capture supplier data at approval, compile this evidence from email records for the high-value invoice sample the auditor is likely to test.
What best accounting software for Australian small business satisfies audit requirements for AP?
No single accounting software satisfies all AP audit requirements without additional workflow configuration. Xero and MYOB provide the financial records auditors need for the ledger. AP governance - supplier verification evidence, authority enforcement, and complete audit trail with supplier data - requires a workflow layer above the accounting software. The right combination is the best accounting software for your financial management needs plus a dedicated AP tool for the control evidence auditors require.
Sources: ASIC financial reporting and audit · ATO record-keeping requirements