Article
Reading time :
10 min

What controls should be in place before approving a supplier invoice?

Published on :

February 23, 2026

Contributors

Most invoice approval problems are not discovered at the approval step. They surface three weeks later, during a supplier dispute, a month-end close, or an audit review. By then, the payment has cleared, the error has settled into the books, and correcting it requires time, negotiation, and a credit note that may take months to arrive.

The root cause is almost always the same: the controls that should have run before approval either didn't run at all, ran on a sample, or relied on a manual check that was skipped under time pressure. Finance teams that validate invoices after ERP entry spend 5 to 10 times more effort correcting errors than teams that intercept them at the approval gate.

This article defines exactly which controls need to be in place before a supplier invoice is approved, and why automating them at the pre-payment stage is the only method that holds at scale.

Why the approval moment is the right control point

Every supplier invoice follows the same journey: it arrives, it gets processed, it gets paid. The critical question is where in that journey the verification happens. Most organizations validate invoices either inside the ERP (post-entry) or during month-end reconciliation (post-payment). Both are too late.

The logic is straightforward. Once an invoice enters the ERP, it becomes part of the accounting record. Correcting an error at that stage requires a reversal entry, a supplier communication, and a credit note process, all of which consume finance team time and delay resolution by weeks. Once an invoice is paid, the leverage disappears entirely. The supplier has the money; recovering it depends on their goodwill and your legal standing.

The approval moment, the instant before a payment is authorized, is the last point at which an error can be stopped at zero cost. No reversal, no credit note, no recovery process. Just a flagged invoice and a supplier contact to request a correction.

This is what pre-decision control means in practice: positioning every check between document receipt and payment approval, so that the CFO or finance manager who signs off on a payment run is approving data that has already been verified, not hoping it is correct.

The seven controls that must run before invoice approval

Each of the following controls addresses a distinct failure mode. Together, they form the complete pre-approval verification layer that finance teams need to approve payments with confidence rather than anxiety.

1. Document authenticity and quality check

Before any business logic can run, the invoice must be a valid, readable document from a legitimate source. This means verifying that:

  • The document is a genuine invoice, not a delivery note, statement, or quote mislabeled as an invoice
  • All mandatory fields are present: supplier name, VAT number, invoice number, invoice date, due date, line items with unit prices and quantities, total amount
  • The file is readable, not a corrupted scan, an image with unextractable text, or a password-protected PDF
  • The sender's email domain matches the supplier's registered communication address

These checks sound basic. In high-volume environments, they routinely surface a meaningful percentage of unusable documents, documents that would enter the ERP as incomplete records and create downstream accounting problems if not caught at intake.

Document verification at intake is the foundation on which every subsequent control depends. Without it, validation logic runs on unreliable inputs.

2. Supplier identity verification

An invoice is only as trustworthy as the entity that issued it. Before approval, the supplier identity must be confirmed against the registered vendor master:

  • Supplier name matches the vendor database record
  • VAT/SIRET number is consistent with the registered supplier file
  • New suppliers, never previously invoiced, are flagged for explicit human validation before any payment proceeds

The new-supplier flag is particularly important. Fraudulent invoice schemes frequently exploit the moment of onboarding a new vendor, when teams are less familiar with the contact's billing patterns and more likely to approve a first invoice without scrutiny.

3. IBAN and banking detail verification

This is the highest-stakes single check in the pre-approval sequence. Supplier banking detail fraud, where a fraudulent communication triggers a payment to a criminal account, is among the most financially severe invoice fraud vectors, with recovery rates low once a wire has cleared.

The control is specific: compare the banking details on the incoming invoice against the verified record in the vendor master. Any discrepancy, a changed IBAN, a new sort code, a different account name, must be flagged and routed for human review before the invoice enters any payment queue.

40% of businesses were affected by payment fraud in 2023, according to the Association of Certified Fraud Examiners. The IBAN change is consistently one of the most common methods. An automated check that runs on 100% of invoices in real time is the only reliable defense, manual spot-checking at scale misses too many.

4. Duplicate detection

Duplicate invoices generate overpayments through a mechanism that is simple, frequent, and often invisible: the same invoice gets paid twice. This happens when a supplier re-sends an unpaid invoice with a slightly modified reference, when the same document arrives in multiple inboxes within a group structure, or when an invoice submitted during a system migration gets reprocessed.

A rigorous pre-approval duplicate check cross-references each incoming invoice against:

  • The full invoice history for the same supplier
  • Amount + date combinations within a configurable window
  • Reference number variants (INV-2024-01 and INV2024-001 both matching the same underlying document)
  • Cross-entity submissions in multi-entity environments

The detection window must extend beyond the current period. Duplicates submitted across month boundaries are among the most commonly missed, and the most embarrassing to discover during audit.

5. Three-way matching against PO and delivery records

For any purchase that followed a formal procurement process, with a purchase order and a goods receipt, the invoice must be reconciled against both documents before payment is approved. Three-way matching verifies that what was ordered, what was delivered, and what is being invoiced tell the same story.

Discrepancies that three-way matching intercepts include:

  • Unit prices on the invoice that exceed the PO rate
  • Quantities invoiced above quantities delivered or received
  • Line items present on the invoice but absent from the delivery record
  • Invoice dates outside the contracted service period

Jinchan Group multiplied its anomaly detection rate by 5x after automating this control. Before automation, matching covered only a fraction of incoming documents, the rest passed through on the assumption that if the supplier had invoiced it, the delivery had occurred. That assumption, it turned out, was wrong often enough to matter.

For a detailed look at how automated 3-way matching works at scale, see our article on AI-powered 3-way matching and payment traceability.

6. Price compliance against negotiated contracts or catalogs

Even when a delivery has been correctly made and accurately documented, the invoice can still overcharge relative to the agreed terms. Price drift against negotiated contracts is the most financially significant and most underdiagnosed source of overpayment, because no single invoice reveals it. The pattern only becomes visible across many invoices from the same supplier over time.

The pre-approval price check compares each invoice line against the applicable contract rate, catalog price, or mercuriale. Discrepancies above a defined threshold, whether expressed as a percentage or absolute amount, generate a flag before the invoice reaches the payment queue.

Vivason stopped €180,000 in annual overpayments through this single control. The billing was not fraudulent, it was drift, accumulating at fractions of a percent across hundreds of supplier lines. Systematic comparison at 100% coverage made it visible. The supplier billing control agent in Phacet runs this check automatically on every document.

7. Approval threshold routing and authorization verification

Not every invoice should follow the same approval path, and not every approver should have authority over every invoice amount. Before a payment is released, the system must confirm that:

  • The invoice amount falls within the approval authority of the person who signed off
  • Invoices above defined thresholds have been escalated to the appropriate approver level
  • Multi-signatory requirements for high-value payments have been met

This control creates the documented authorization trail that auditors and internal governance teams require. An invoice approved by someone without the authority to authorize that amount is not just a process failure, it is a compliance issue. A complete audit trail that logs every approval decision, by whom and at what level, closes this gap automatically.

Why manual pre-approval checklists break down at scale

Every finance team knows these controls exist. Many have documented them in approval policies or internal SOPs. The problem is not the checklist, it is the execution at volume.

A team processing 50 invoices per month can run through a manual pre-approval checklist reliably. A team processing 500 can manage with discipline and time. A team processing 2,000, or a group with multiple entities each receiving their own invoice streams, cannot maintain consistent manual execution of seven controls across every document, every cycle.

Three things happen when volume outpaces manual capacity:

Controls get compressed. The IBAN check happens on new suppliers but gets skipped on known ones, on the assumption that established relationships are safe. Duplicate detection relies on reviewer memory rather than systematic history search. Price compliance is checked on high-value invoices but not on routine smaller amounts.

Sampling replaces coverage. Rather than checking every invoice, teams check a proportion and extrapolate. As covered in our article on preventing supplier overpayments, sampling leaves 80% of invoices unchecked at a 20% sampling rate, creating exactly the blind spots that overpayments and fraud exploit.

Month-end pressure overrides controls. The approval deadline creates a perverse incentive: clearing the invoice queue matters more than running full checks on every document. Controls that add time get skipped; approvals happen on trust rather than verified data.

The human-in-the-loop model that systematic pre-approval control enables is the inverse of this: automation runs all seven checks on every invoice automatically, humans review only the exceptions that automation flags. The review burden drops from processing 100% of documents to deciding on fewer than 5%.

How Phacet automates the pre-approval control layer

Phacet's platform sits between your supplier inbox and your ERP, running the complete pre-approval control sequence on every incoming document before it reaches any payment queue.

The process runs in four stages.

Stage 1 — Intake.

The platform connects to your accounting mailbox via OAuth (Gmail or Outlook), detects incoming supplier documents in real time, and performs OCR extraction to produce machine-readable invoice data: supplier identity, line items, prices, quantities, dates, and banking details.

Stage 2 — Seven-control validation.

Each document passes through the complete pre-approval sequence automatically: document quality, supplier identity, IBAN verification, duplicate detection, three-way matching, price compliance, and threshold routing. This runs on 100% of documents, every cycle, without exceptions for known suppliers or low-value amounts.

Stage 3 — Exception routing.

Documents that pass all controls are forwarded to the ERP and approval queue automatically, with validated, pre-filled data. Documents that trigger a flag, fewer than 5% of total volume for most Phacet clients, enter a structured review queue with the specific control that triggered the flag, the relevant reference data, and the context needed to resolve the issue in seconds rather than minutes.

Stage 4 — Audit trail.

Every control outcome is logged: which check ran, what the result was, whether a flag was raised, and what decision was made on flagged items. The complete record is available for CAC audits, internal reviews, and governance reporting.

The result is what Phacet clients describe as decision-grade data: information they can approve with confidence rather than qualify with "I hope this is right."

Astotel reduced its invoice error rate from 7% to 2% using this architecture across its hotel portfolio. Read the Astotel case study for the full implementation detail.

La Nouvelle Garde, managing 14 restaurant locations, eliminated the 1,794-email backlog that accumulated during vacation periods, replacing a reactive inbox triage with systematic pre-validation that runs continuously. See how in the La Nouvelle Garde case study.

For teams evaluating how this fits their specific workflow, Phacet's accounts payable automation platform is designed to connect to existing ERP environments rather than replace them, validated data flows into whichever system manages your payment runs.

What exception-based invoice approval looks like in practice

The shift from manual pre-approval review to exception-based approval changes what the finance team actually does, and how long it takes.

In a manual model, a finance manager reviewing 200 invoices per month for approval spends time on every document: opening the PDF, checking the supplier, verifying the amount, confirming the entity, looking up the contract rate. At 10–15 minutes per document, 200 invoices consume 33–50 hours of monthly review time.

In an exception-based model, 95% of those invoices, the ones that passed all seven automated controls, require no human review. They arrive in the ERP already validated, ready for final payment authorization. The finance manager reviews the 5–10 invoices that were flagged, with the specific issue identified, the reference data surfaced, and the resolution options clear. Total review time: 30–60 minutes per month.

The hours freed from invoice review do not disappear, they shift to higher-value work: supplier relationship management, cash flow planning, audit preparation, and the strategic analysis that finance teams are hired to do but rarely find time for.

This is what accounts payable automation delivers when it is built around the pre-approval control layer rather than post-ERP reconciliation: not faster processing of the same broken workflow, but a fundamentally different relationship between the finance team and the approval moment.

FAQ

What controls should run before approving a supplier invoice?

Seven controls should run before any supplier invoice reaches payment approval: document authenticity and quality check, supplier identity verification, IBAN and banking detail verification against the vendor master, duplicate detection across invoice history, three-way matching against POs and delivery records, price compliance against negotiated contracts or catalogs, and approval threshold routing to confirm the approver has the authority to sign off on the invoice amount.

Why is it important to run invoice controls before payment, not after?

Controls that run before payment can stop an error or fraud attempt at zero cost — the invoice is flagged, held, and corrected before money moves. Controls that run after payment require supplier contact, credit note negotiation, and recovery timelines that can extend weeks or months. In fraud cases involving IBAN changes, post-payment recovery may be impossible if funds have already been transferred to a criminal account.

What is the difference between invoice approval and invoice validation?

Invoice validation is the process of checking that an invoice is correct, that it accurately reflects what was ordered, delivered, and agreed. Invoice approval is the authorization decision: confirming that a validated invoice should be paid, by whom, and when. Approval without prior validation means authorizing payment on unverified data. Effective finance controls run validation first and allow approval only on validated outputs.

How does three-way matching support pre-approval invoice control?

Three-way matching reconciles the purchase order, delivery note, and supplier invoice before payment is authorized. It confirms that what was ordered matches what was delivered, and that what is being invoiced corresponds to what was actually received. Discrepancies, quantity variances, price overruns, items billed but not delivered, surface as flags before the invoice proceeds to the payment queue.

Can all seven pre-approval controls be automated?

Yes. All seven controls can be automated and run on 100% of incoming invoices in real time. Phacet automates the full pre-approval sequence, from document quality checking through IBAN verification, duplicate detection, three-way matching, and price compliance, with automatic routing based on approval thresholds. Human review applies only to the sub-5% of documents that carry flags requiring judgment, not to the clean majority.

What happens when an invoice fails a pre-approval control?

A failed control generates a flag that routes the invoice to a structured exception queue rather than the payment approval workflow. The reviewer sees the specific check that failed, the reference data involved, and the resolution options, approve the exception, reject the invoice, or request a corrected document from the supplier. Every decision is logged in the audit trail for governance and compliance purposes.

How long does it take to implement automated pre-approval controls?

Most Phacet deployments reach operational readiness within 2–4 weeks. The first week covers inbox connection and vendor master import. Weeks two through four calibrate validation rules against real invoice traffic, price tolerances, duplicate detection windows, approval thresholds. After the calibration period, automatic validation accuracy exceeds 95%, with fewer than 5% of documents requiring human review.

Do automated pre-approval controls work in multi-entity environments?

Yes. Phacet's pre-approval validation includes entity assignment verification, confirming that each invoice is routed to the correct legal entity before it enters the ERP. In group structures with holding companies, subsidiaries, or multiple locations, entity routing errors are a significant source of cost misallocation and consolidation problems. Automated entity validation eliminates this class of error at intake, before it reaches any ERP or payment system.

Approval should mean something

When a finance manager approves a payment run, that approval should carry weight, not because it is the last step in a process, but because every invoice in the run has already passed a defined set of controls. The approval is confirmation, not a first-pass check.

That confidence is not achievable through manual review at scale. It requires a pre-approval control layer that runs automatically, covers 100% of documents, and surfaces only the exceptions that genuinely need human judgment.

Astotel's error rate dropped from 7% to 2%. Vivason prevented €180,000 in annual overpayments. Jinchan multiplied its anomaly detection by 5x. Each of these outcomes came from the same structural shift: controls moved before the approval moment, not after it.

If your team's current answer to "what controls run before invoice approval?" is "we check what we have time for," that is the gap Phacet closes. Book a demo to see the pre-approval control layer in action against your invoice volumes.

Latest Resources

Blog
February 23, 2026

What controls should be in place before approving a supplier invoice?

What controls should run before approving a supplier invoice? From IBAN verification to 3-way matching, 7 pre-approval checks that prevent overpayments, fraud and errors before payment is authorized.
Blog
February 23, 2026

How companies prevent supplier overpayments without relying on invoice sampling

Invoice sampling leaves 80% of supplier invoices unchecked. Learn how companies prevent supplier overpayments systematically, with 100% pre-payment validation instead of periodic spot-checks. Real results: €180K prevented, error rates from 7% to 2%.
Blog
February 23, 2026

Supplier invoice validation software: how finance teams can validate every invoice before payment

80% of invoices go unchecked with manual sampling. Learn how supplier invoice validation software catches pricing errors, duplicates and IBAN fraud before payment, not after. Real results from Vivason, Astotel and Jinchan.

Unlock your AI potential

Go further with your financial workflows — with AI built around your needs.

Book a demo
logo phacet
Shaping AI for businesses
Platform
Steps to get started
Solution
Integrations
Security and Compliance
Changelog
Company
Careers
Newsletter
About Phacet
Help
Contact Us
Support
Trust Center
Phacet Help Center

The data collected on this website through forms is collected so that we can contact you and let you know about our products, and will be used exclusively for this purpose. For further information on the management of your personal data and your rights, please consult our Privacy Policy.
Brand & Website by KLIMB.

© 2025 Phacet Labs - All Rights Reserved - Designed by KLIMB.
Legal NoticePrivacy PolicyCookies Policy