The E-invoicing Checklist: ensure controllability [part 15]

October 1, 2012  |  Electronic Invoicing, Publications

How do I stay in control? A difficult but very important question when discussing electronic invoicing. We will give you the answer in this 15th of the E-invoicing Checklist series, but it isn’t clear-cut. Sorry. This is because the EU e-invoicing legislation is based on principles rather than specific requirements. The easiest answer is to stay in control using business controls. But there is more than meets the eye…

Basic: business controls

This model forms the basis for ensuring controllability (integrity, authenticity, legibility and reliable audit trail) in the new era of e-invoicing starting in 2013. It is suitable for organisations with very transparent and/or easily verifiable processes. These need to be structured because tax audits principally rely on being in control on internal processes. The nature of the organisation determines the nature and extent of any audit (cost-effectiveness).

Examples of organisations that can use this model for their control approach are:

  • Organisations that are so small and so simple to the nature of their business operations and administrative processes (e.g.: single contractors, micro SME’s and small SME’s) that an accountant/intermediary/tax inspector can quickly guarantee the accuracy of the transactions.
    TIP: By verifying the billing information against journal entries and payment data, (very) small organisations can meet the fiscal conditions to stay in control (authenticity, integrity, legibility, reliable audit trail) in many cases. For this purpose you can rely on most of the respected financial software applications.
  • Companies which must comply with internal audit requirements due to other legal obligations and are regularly subject to internal and/or external audits. Examples are: companies that are subject to the US Sarbanes Oxley requirements or companies in heavily regulated sectors, such as BASEL.

Some points of interests for somewhat larger/complex organisations (in addition to using financial software):

  • Links between invoices, financial data and (archived) bookkeeping information.
  • General security practices should be followed: audit trail, completeness, accuracy, security, authenticity, integrity.
  • Extra attention should be paid to proper archiving and/or correct reproduction of invoices.
  • Presence of documents in the field of process flows and integrated ICT, including version control. This allows accountants to understand the processes of application during the creation of invoice data, generating the invoice, sending or provisioning of the invoice and archiving the invoice.
  • Audit trails of all steps in the process should preferably be carefully maintained.
  • Manual processes must be properly documented and traces of relevant process steps and changes should be maintained during the archive period.
  • With automated processes, relevant checks should be built in to be able to reproduce the invoice during the archive period.

Extended: more complex situations and organisations

This model applies to larger and more complex organisations where invoices are exchanged in a more automated way. Business partners often have a stable relationship and have made detailed technical agreements on how the invoice data is to be exchanged between both parties.

The emphasis of controllability is placed on the exchange process between business partners(even though the new EU VAT Directive puts the emphasis on the format of the invoice instead of the process) to assess compliance with regard to audit trail, completeness, accuracy, security, authenticity and integrity. The following aspects are important in the control of an advanced (read: more or less automated) exchange of data:

  • General security practices should be followed: audit trail, completeness, accuracy, security, authenticity and integrity.
  • Extra attention should be paid to safely archiving invoices or to the correct reproduction of invoices.
  • If structured data is exchanged between parties, they must agree in advance what processes and controls should be involved in the exchange of data (invoice). This requires an exchange agreement setting out the minimum standards that trading parties will use.
  • Every step of the process for sending or making the invoice available has to be able to be controlled by a combination of transport technologies and process controls.
  • Both you and your customer (or third parties acting on their behalf) should be able to reproduce the invoice or make it available.
  • Specific measures need to be taken with regard to versions of software and systems that are used for e-invoicing, e-billing and the exchange of invoice data, including the available associated documentation.
  • Documents relating to process flows and ICT, including version control should be present to allow auditors to understand what application processes were used during the several process steps in e-invoicing.
  • Shortcomings in the end-to-end chain can be overcome by using concise summaries that display periodic summaries of exchanged invoices. Such a list can then be used by the IRS/external/internal auditors, to easily check whether messages between the two parties have been correctly exchanged.

Advanced: outsourcing

In this model, the billing process is outsourced to a trusted third party: a service provider in the field of e-billing and e-invoicing, also known as Billing Service Providers (including online invoicing apps, financial institutions, banks and payment service providers).

BSPs provide a broad selection of reliable services, combined with technical controls and a secure centralized environment. They facilitate a wide variety of processes, requirements and guaranties on their behalf.

Outsourcing processes and services are facilitated based on a contract. You, your customers and suppliers are not released from the applicable administrative and legal obligations to stay in control, and ensure the main requirements: authenticity, integrity, legibility and a reliable audit trail because of this contract.

It is therefore important to pay attention to the agreement and the general terms and conditions of that third party. This trusted third party should ensure you and your trading partners that you remain in control.

Topics covered in a contract should at least include: accessibility, reliability, privacy policy, security policy, interoperability, archiving, switching between service providers, liability and dispute settlement.

Visit for more info and to get your own personalised version of the E-invoicing Checklist for free.

Previously published articles in this series:
New series: The E-invoicing Checklist [part 1]
The E-invoicing Checklist: Manual [part 2]
The E-invoicing Checklist: Current EU e-invoicing basics [part 3]
The E-invoicing Checklist: The new EU E-invoicing Directive [part 4]
The E-invoicing Checklist: content – tax requirements [part 5]
The E-invoicing Checklist: content of the simple invoice [part 6]
The E-invoicing Checklist: content clarity and comprehensibility [part 7]
The E-invoicing Checklist: content payment instructions [part 8]
The E-invoicing Checklist: create your invoice [part 9]
The E-invoicing Checklist: It’s issuing time! [part 10]
The E-invoicing Checklist: receiving invoices [part 11]
The E-invoicing Checklist: verify your data [part 12]
The E-invoicing Checklist: manage your master data [deel 13]
The E-invoicing Checklist: let’s archive [deel 14]

Related posts

Comments are closed.