Four-Eyes Principle

The four-eyes principle is the requirement that significant financial decisions be reviewed and approved by at least two independent people before they are executed. The name refers to the idea that four eyes see more than two: a second reviewer catches errors and potential fraud that a single reviewer might miss or, in the case of internal fraud, might deliberately overlook.

In accounts payable, the four-eyes principle applies most directly to high-value payment approvals, new supplier setup, and changes to supplier bank details. These are the three situations where the cost of getting it wrong is highest and where a single person having unchecked authority creates the most significant fraud risk.

Where the four-eyes principle applies in AP

For invoice approval, the four-eyes principle means that invoices above a defined threshold require two approvers, not one. The threshold varies by business: a $5,000 threshold requiring dual approval might be appropriate for a business with 30 employees, while a $50,000 threshold might be the right level for a larger business with more delegated authority at the management level. The threshold should be set at the level where the cost of a fraudulent payment would be material to the business.

For vendor onboarding and bank detail changes, the four-eyes principle means that the person who enters the new supplier or updates the bank details should not be the same person who authorises the change. A second person, typically a manager, should review and approve the change before it takes effect. This is the most important application of the four-eyes principle in AP because vendor master changes directly enable payment redirection fraud.

Implementing four-eyes without creating bottlenecks

The practical concern with requiring dual approval is that it slows down the payment process if the second approver is not responsive. This is a legitimate operational concern, and it needs to be addressed through process design rather than by abandoning the control.

The most effective approach is threshold-based dual approval, where the second review requirement is triggered only for invoices above a defined amount. This means that routine, low-value invoices flow through with a single approval and are processed quickly, while high-value invoices get the additional scrutiny their risk warrants. The threshold can be adjusted over time based on the volume and value of invoices that are triggering dual approval requirements.

The four-eyes principle and AP automation

AP automation software makes the four-eyes principle easier to implement and enforce. Approval workflow rules can be configured to require two sequential approvals for invoices above a threshold, with automatic escalation if the first approver does not act within a defined time window. The system tracks who approved what and when, creating an audit trail that demonstrates the control was applied rather than bypassed.

In a manual process, requiring two approvers means two email chains, two follow-ups, and no guarantee that the second approver saw the same information as the first. In an automated process, both approvers review the same structured invoice record, the system enforces the sequence, and the audit trail is automatic. The control is both more reliable and less burdensome to administer when it is built into the workflow software.