What is CA Tushar Makkar known for?

CA Tushar Makkar is known for being AIR 47 in CA Final and creating India's largest audit community.

What services does CA Tushar Makkar offer?

He offers audit resources, courses, and expertise to chartered accountants.

How to Explain Procure to Pay (P2P) Process in Audit Interviews

Learn how to explain the Procure to Pay (P2P) process in audit interviews with real examples, ERP controls, three-way match, audit risks, and SAP concepts. A practical guide for CA students, articleship trainees, internal auditors, and Big 4 interview preparation.

25 May, 2026

Introduction

If you are a Chartered Accountant preparing for your next audit interview, there is one question you absolutely cannot afford to fumble — "Explain the Procure to Pay process."

This question sounds simple. But most CAs answer it like a textbook definition and leave the interviewer unimpressed. The interviewers especially in Big 4 firms, internal audit teams, and MNC finance departments are not looking for a definition. They want to know if you actually understand how money flows out of a company to pay a vendor, and where the risks and controls sit in that journey.

Let me walk you through the P2P process in a way that actually makes sense using a real example, the way you would explain it sitting across the table from an interviewer.

What is the P2P Process?

Procure to Pay, commonly written as P2P, is the complete end-to-end cycle that a company follows right from identifying the need to buy something, all the way to paying the vendor for it.
As a CA in an audit role, your job is to check whether this cycle is running with proper controls, approvals, and documentation at every step. Frauds, duplicate payments, fictitious vendors, inflated invoices all of these hide inside a poorly controlled P2P process. That is why interviewers test this so thoroughly.
In most large companies today, the entire P2P cycle runs inside an ERP system typically SAP or Oracle. This matters for audit because ERP systems enforce controls automatically.
For example, SAP will not allow a payment to be released without a cleared three-way match. When you mention ERP controls in your interview, it immediately signals real-world awareness.

The P2P Process Explained with Example

Let us take the example of a textile manufacturing company something very relevant in India where cities like Surat, Tirupur, and Ludhiana have large manufacturing setups.

Step 1 — Purchase Requisition (PR): The Process Starts on the Shop Floor

The Production Department realises that their stock of raw cotton yarn will last only for the next 15–20 days. So they raise a formal document called a Purchase Requisition (PR) and send it to the Purchase Department.
This PR mentions exactly what they need — say, 80 tonnes of organic cotton yarn of a specific specification (like 80% cotton, 20% polyester blend). This is an internal document. No vendor sees it yet.

Audit check here: Is the PR signed by an authorised person? Is there a proper approval hierarchy? Without this, anyone in a company could trigger purchasing, which opens the door to fraud.

Step 2 — Vendor Selection and Request for Quotation (RFQ)

Once the Purchase Department receives the PR, they begin the vendor selection process. They either reach out to vendors already registered in the company's Approved Vendor Master, or they go to the open market to find new suppliers.

The company evaluates vendors based on:

Past track record and delivery history
Product quality and certifications
Pricing and payment terms
Whether a long-term supply agreement already exists

In many large companies, this step also includes a Request for Quotation (RFQ), where multiple vendors submit their prices and the best one is selected.

A critical point here — new vendor onboarding itself carries controls. Before any new vendor is added to the Vendor Master, companies typically verify their GST registration, conduct KYC checks, confirm MSME status (where applicable), and validate their bank account details. Big 4 interviewers often ask specifically about this an unverified vendor in the master list is one of the most common entry points for fraud.

Audit check here: Was the vendor selection process competitive and documented? Is the vendor genuinely registered, or is it a shell entity created to siphon money? Auditors verify the vendor master list for fictitious or duplicate vendors this is a very common fraud area in India.

Step 3 — Purchase Order (PO): The First Official Commitment

Once a vendor is finalised, the Purchase Department issues a Purchase Order (PO). This is a formal document sent to the vendor saying "We agree to buy 80 tonnes of organic cotton yarn at ₹150 per kg, to be delivered by [date]."
The PO is legally binding. It captures the quantity, price, specifications, delivery date, and payment terms.

A note on Advance Payments: In Indian manufacturing, it is common for vendors especially smaller suppliers to request an advance payment before dispatching goods. This is an important exception to the standard P2P flow. When an advance is involved, additional controls apply: the advance must be separately approved, tracked in the books as a prepayment, and adjusted against the final invoice once goods are received. Auditors specifically look for unadjusted advances, which can be a sign of misappropriation.

Audit check here: Is the PO approved by someone with the correct authority level? Most companies have a Delegation of Authority (DoA) policy

For example, orders below ₹5 lakhs can be approved by a Manager, but above ₹50 lakhs needs a Director's sign-off. Auditors check this. In SAP, the system enforces these approval thresholds automatically through a Release Strategy.

Step 4 — Goods Receipt Note (GRN): Verifying What Actually Arrived

The vendor delivers the goods. The company's stores or warehouse team physically checks the material against the PO. They verify:

Is the quantity correct? (80 tonnes ordered, 80 tonnes received?)
Does the quality match the specification mentioned in the PO?
Is the delivery on time?

If everything checks out, a Goods Receipt Note (GRN) is prepared. If the specification does not match say, the yarn received has a different composition than what was ordered the goods are rejected or a discrepancy is flagged.

Audit check here: Is the GRN prepared by someone independent from the person who raised the PO? This is called Segregation of Duties — one of the most important internal controls. In SAP, the GRN is posted as a MIGO transaction, which automatically updates inventory and creates an accounting entry, creating a clean audit trail.

Step 5 — Invoice Processing and the Three-Way Match

The vendor then sends an invoice asking for payment. Before the Accounts Department processes this payment, they perform what is called a Three-Way Match — this is probably the most important concept in the entire P2P cycle for audit purposes.

The three-way match verifies that:

Purchase Order — What did we agree to buy?
Goods Receipt Note (GRN) — What did we actually receive?
Vendor Invoice — What is the vendor asking us to pay?

All three must match within an acceptable tolerance. If the vendor's invoice shows ₹15,00,000 but the PO value was ₹12,00,000 — the invoice goes on hold until the discrepancy is resolved.

What happens when there is a mismatch? The Accounts Payable team raises the discrepancy with the vendor. The resolution typically comes in one of three ways — the vendor issues a revised invoice correcting the amount, raises a credit note for the excess billed, or the Purchase team raises a PO amendment if the higher amount is genuinely justified. The invoice is only released for payment once this is closed.

This one control prevents most overpayment and fraud risks in the P2P cycle. In ERP systems like SAP (using MIRO transaction) and Oracle, the three-way match is performed automatically the system blocks payment if there is a mismatch beyond the allowed tolerance.

Step 6 — Payment Release

Once the three-way match is cleared and all approvals are in place, the Accounts Payable team schedules the payment as per the agreed payment terms say, 30 days from the invoice date (Net 30).
Payment can be made via NEFT, RTGS, or cheque, depending on the company's policy. In SAP, payments are processed through the F110 Automatic Payment Run, which batches vendor payments and posts accounting entries simultaneously.

Audit check here: Are payments going only to the vendor's registered bank account? Auditors check for any sudden changes in vendor bank details just before a large payment — a classic sign of payment fraud. In well-controlled companies, any change to vendor bank details requires independent verification and a secondary approval before it takes effect.

Key Audit Risks in the P2P Process You Must Know

As a CA, mentioning these risks in your interview will immediately set you apart:

Fictitious vendors — Payments made to non-existent suppliers created to siphon funds
Duplicate payments — The same invoice paid twice, often exploited in companies with weak invoice tracking
Maverick buying — Purchases made without following the proper PO process, bypassing controls entirely
Inflated invoices — Vendor bills for more than what was delivered or agreed
Weak segregation of duties — Same person raising the PO and approving the payment
Unadjusted advance payments — Advances paid to vendors that are never recovered or offset against invoices
Unauthorised vendor bank account changes — A favourite tactic in payment fraud, where attackers modify bank details just before a large payment

Many practical control gaps discussed in vendor management, segregation of duties, and payment approvals are areas explored in depth through the Master Blaster of Internal Audit, especially from a real-company audit perspective.

How to Answer This in an Interview

When the interviewer says, "Walk me through the Procure to Pay process," use this structure:

Start with a one-line definition — "P2P is the end-to-end process from identifying a purchase need to making payment to the vendor."
Walk through the 6 steps — briefly, in sequence. Do not skip vendor onboarding controls and advance payments — most candidates miss both.
Connect it to audit — mention three-way match, segregation of duties, and delegation of authority.
Give an example — use a manufacturing company. Ground your answer in something real.
Mention ERP — reference SAP transactions like MIGO, MIRO, and F110. It immediately signals practical awareness.

For CA students preparing for audit interviews and real client assignments, concepts like three-way match, ERP controls, and audit documentation become much clearer when studied practically through the Master Blaster of Statutory Audit.

Quick Tips for Your Audit Interview

Do not just memorise the steps. Understand why each control exists every step in P2P is designed to prevent a specific fraud or error.
Know the key terms: Purchase Requisition, Purchase Order, GRN, Three-Way Match, Vendor Master, Delegation of Authority, Advance Payment.
Three-Way Match is the single most important concept be ready to explain it with numbers and name all three documents.
Segregation of Duties is the second most tested concept know why the person raising the PO should never be the same person approving the payment.
Be ready for the follow-up: "What red flags would you look for in a P2P audit?" Cover fictitious vendors, duplicate invoices, unadjusted advances, and last-minute vendor bank account changes.

Final Thought

The P2P process is not just a theoretical concept. Every manufacturing company, FMCG firm, IT company, or bank in India runs this cycle every single day. As a CA going into an audit role, understanding where the money flows and where it can leak is what makes you valuable on Day 1.
The next time an interviewer asks you about P2P, do not just recite the steps. Tell them the story. Take them through a real example. Show them the controls. Mention the ERP system. Talk about advance payments and vendor onboarding. That depth is what will get you the job.

Reference Links

How to Do Internal Audit Step-by-Step Process

How to Do Statutory Audit
How to Explain Order to Cash (O2C) Process in Audit Interviews

Frequently Asked Questions

1. What is the Procure to Pay (P2P) process in audit?
Ans. The Procure to Pay (P2P) process is the complete cycle from raising a purchase requirement to making payment to the vendor. In audit, the P2P cycle is reviewed to verify internal controls, approvals, vendor authenticity, invoice matching, and fraud prevention mechanisms.

2. Why is the three-way match important in the P2P process?
Ans. The three-way match is one of the most important controls in the Procure to Pay process. It compares the Purchase Order (PO), Goods Receipt Note (GRN), and Vendor Invoice before payment is released. This helps prevent duplicate payments, inflated invoices, and unauthorized purchases.

3. What are the common audit risks in the Procure to Pay cycle?
Ans. Common audit risks in the P2P cycle include fictitious vendors, duplicate invoices, unauthorized payments, weak segregation of duties, unadjusted advance payments, and fraudulent vendor bank account changes. Auditors specifically test these areas during internal audit and statutory audit procedures.

4. How should CA students explain the P2P process in audit interviews?
Ans. CA students should explain the P2P process step-by-step using a practical business example. A strong interview answer should cover Purchase Requisition (PR), Purchase Order (PO), Goods Receipt Note (GRN), three-way match, payment controls, ERP systems like SAP, and related audit risks.

Disclaimer: All images, company names, logos, and financial figures used in this content are purely for representative and educational purposes only. The information presented does not depict any real company data, actual financial records, or factual business transactions.