LC
LedgerCraft
Back to Insights/The Three-Way Match Gap
Procurement Control

The "Three-Way Match" Gap: Why Approval Workflows Are Not Controls

Clicking "Approve" on an invoice is not a financial control. It is a gesture. True control requires the systematic, automated triangulation of three independent data points—something most SMB software cannot do.

There is a dangerous misconception in growing companies that "Approval Workflows" prevent fraud. The logic goes: "If the Marketing Manager has to click 'Approve' on every invoice over $1,000, we are safe."

This is false security. An approval workflow only answers one question: "Does the manager want this bill to be paid?" It does not answer the three questions that actually matter for financial integrity:

  • Did we order it? (Purchase Order)
  • Did we receive it? (Goods Receipt / Item Fulfillment)
  • Is the price correct? (Vendor Invoice)

This triangulation is called the Three-Way Match. Without it, you are essentially paying vendors based on the honor system.

The "Rubber Stamp" Problem

When a manager receives an email notification to approve a $5,000 invoice from a known vendor, they almost always click "Approve" without checking if the goods actually arrived or if the unit price matches the contract. This is "Rubber Stamping." It creates an audit trail of negligence, not control.

Why SMB Software Fails at Matching

Platforms like Xero, QuickBooks Online, and Bill.com are excellent at Two-Way Matching (Invoice vs. PO). They can tell you if the invoice matches the Purchase Order.

But they fail at the critical third leg: The Goods Receipt.

In these systems, there is often no native concept of a "Warehouse Receipt" or "Service Confirmation" that is linked to the finance module. The warehouse team might mark a shipment as "Received" in an inventory app (like Cin7 or Dear), but that data does not automatically block the invoice in Xero if the quantity is short.

Conceptual diagram showing the 'Broken Triangle' of procurement controls
Figure 1: The "Broken Triangle." Without the Goods Receipt link, the control collapses.

The Cost of the "Missing Link"

1. Paying for Damaged/Missing Goods

Without a hard 3-way match, you will inevitably pay for 100 units when only 90 arrived. The warehouse team knows 10 were missing, but the finance team (and the approving manager) does not. The vendor gets paid in full, and your margins bleed silently.

2. Duplicate Payments

A common fraud vector is sending a second invoice for the same PO. If your system only checks "Is there a PO?", it might let the second invoice through if the PO limit hasn't been reached. A 3-way match blocks this because there is no second "Goods Receipt" to match against.

3. Price Creep

Vendors often increase unit prices by small amounts (e.g., $1.05 instead of $1.00). A busy manager won't notice. A 3-way match system automatically flags the variance and blocks payment until a credit memo is issued.

When to Upgrade to True Procurement

You do not need NetSuite to get a 3-way match, but you do need a dedicated Procure-to-Pay (P2P) system if you are staying on Xero/QBO. Tools like ApprovalMax or Procurify can enforce this logic externally.

However, if you are processing high volumes of inventory, the manual sync between your WMS (Warehouse Management System) and your P2P tool will eventually break. This is the primary trigger for moving to a unified ERP like NetSuite or Sage Intacct, where the "Item Receipt" transaction in the warehouse is the trigger that allows the bill to be paid in finance.

Strategic Takeaway

Do not confuse "Workflow" with "Control." A workflow moves a document from person A to person B. A control prevents a document from moving unless specific data conditions are met. You need controls, not just workflows.

For more on selecting the right financial stack, see our guide on Accounting Software Selection.