What is a material weakness in accounting?

A material weakness is a deficiency in internal control over financial reporting (ICFR) that creates a reasonable possibility that a material misstatement in the financial statements will not be prevented or detected on a timely basis. Material weaknesses must be disclosed in SEC filings and typically trigger remediation requirements.

What percentage of material weaknesses are related to IT systems?

33% of material weaknesses identified in 2023 IPO filings were related to IT systems and controls, according to KPMG's 2024 IPO Material Weakness Study. Material weaknesses from IT, software, security, and access issues have steadily increased from 2021 to 2024.

Can accounts payable errors cause a material weakness?

Yes. AP processing errors — including duplicate payments, unrecorded liabilities, incorrect accruals, and misclassified expenses — can individually or in aggregate constitute a material misstatement. If the internal controls around AP are insufficient to prevent or detect such errors, auditors may classify this as a material weakness.

How does AP automation help prevent material weaknesses?

AI-powered AP automation prevents material weaknesses by enforcing consistent controls at every step: automated invoice capture eliminates data entry errors, 3-way matching catches pricing and quantity discrepancies before payment, duplicate detection prevents double payments, and full audit trails provide the documentation that auditors require for SOX compliance.

140 Restatements and Counting: Why Your AP Software Is a Material Weakness Risk

Q: How many companies had financial restatements in 2024?

140 public companies issued financial restatements in the first 10 months of 2024, according to Ideagen Audit Analytics data reported by CFO Brew. This represents a 9-year high for material 'Big R' restatements and a 7% year-over-year increase.

Q: Did Bill.com disclose a material weakness?

Yes. In May 2023, BILL Holdings disclosed a material weakness in internal control over financial reporting related to information systems and applications within the quote-to-cash process. Ernst & Young identified insufficient documentation and evidence for Sarbanes-Oxley compliance, requiring the company to amend its 2022 10-K and multiple 10-Q filings.

140 public companies issued corrected financial statements in the first 10 months of 2024. That's a 9-year high for material restatements — the kind that force companies to pull back previously filed numbers and tell investors the books were wrong. If you're a CFO, controller, or audit committee member, this should concern you — because accounts payable is one of the most common sources of the internal control failures driving these numbers.

The Numbers Are Getting Worse, Not Better

According to Ideagen Audit Analytics data reported by CFO Brew, 140 "Big R" restatements were filed in the first ten months of 2024, up from 122 in the same period of 2023 — a 7% year-over-year increase. That figure is more than double what it was four years ago. The trend line is not ambiguous.

These are not minor reclassifications or immaterial corrections. Big R restatements mean the previously issued financial statements can no longer be relied upon. They trigger SEC scrutiny, audit committee investigations, and — in many cases — shareholder lawsuits.

The pipeline of future restatements looks equally grim. KPMG's 2024 IPO Material Weakness Study found that 44% of companies that went public in 2023 disclosed material weaknesses in their initial SEC filings. 42% reported material weaknesses in their first 10-K or 10-Q after going public. Across all public filers, Moss Adams analysis of SEC EDGAR data shows a 15% adverse assessment rate in 2024 — meaning roughly one in seven companies that filed an internal control assessment disclosed at least one material weakness.

Sandy Peters of the CFA Institute put it plainly: "Restatements tell you something about company management, and about a company's internal controls."

She's right. And what the 2024 data tells us is that internal controls are failing at scale.

Where the Weaknesses Live

KPMG's study breaks down the most common categories of material weakness in IPO filings, and the pattern is consistent year over year:

Lack of documentation, policies, and procedures — the most frequently cited category. Companies simply cannot demonstrate to auditors that controls exist, are designed properly, and operate effectively.
Lack of accounting resources or expertise — understaffed finance teams making judgment calls without adequate review.
IT, software, security, and access issues — 33% of all material weaknesses in 2023 IPO filings, and this category has been rising steadily from 2021 through 2024. Systems that lack proper access controls, produce unreliable data, or fail to maintain audit trails are now the fastest-growing source of control failures.
Lack of segregation of duties — the same person who enters invoices also approves payments, or the same system admin who configures workflows also processes transactions.
Inadequate disclosure controls — errors that make it through to the financial statements because no one reviewed them with sufficient rigor.

The process areas with the highest concentration of material weaknesses are financial close and reporting, the overall control environment, IT systems, nonroutine or complex transactions, and revenue recognition. Notice how many of those intersect with accounts payable.

Accounts Payable: Ground Zero for Control Failures

AP doesn't get the same attention as revenue recognition in audit planning, but it should. The characteristics that make AP a breeding ground for material weaknesses are structural:

High transaction volume creates a massive error surface area. A mid-market company processes thousands of invoices per month. Each one involves vendor identification, GL coding, amount validation, tax treatment, period allocation, and payment timing. Every manual touchpoint is an opportunity for misstatement.

Manual data entry produces inconsistent GL coding, wrong amounts, and missed accruals. When a clerk keys in an invoice and assigns it to the wrong expense account, that error flows through to the trial balance. Multiply that by hundreds of invoices, and the aggregate misstatement can be material.

Duplicate payments are endemic. Companies lose up to $12,000 per month on undetected duplicate payments — same vendor, same amount, slightly different invoice number format. Without automated detection that goes beyond simple invoice number matching, these duplicates persist unnoticed until the vendor calls or the auditor finds them.

Without 3-way matching, price drift and quantity mismatches go undetected. If no one is systematically comparing the invoice to the purchase order to the goods receipt, the company pays whatever the vendor bills. Overcharges accumulate. Quantity discrepancies create inventory and COGS misstatements.

Prepaid amortization errors create misstatements that compound across periods. A 12-month software subscription recorded entirely in one period instead of being amortized monthly creates an overstatement in one quarter and understatements in the next three. Manual tracking in spreadsheets is where these errors originate — and where they hide.

Month-end sync failures between AP software and the ERP create reconciliation gaps. When the subledger doesn't agree with the general ledger, someone has to manually investigate and adjust. That process is error-prone, time-consuming, and often poorly documented — exactly the conditions auditors flag as control deficiencies.

APQC benchmarking data reinforces the scale of the problem: bottom-quartile organizations process invoices at $12.88 per invoice with 17.4-day cycle times. That's 17 days of manual touchpoints where errors can enter the system, compound, and go undetected before payment.

Even the AP Vendors Can't Get It Right

In May 2023, BILL Holdings — the company behind Bill.com, one of the most widely used AP platforms — disclosed a material weakness in its own internal control over financial reporting. The weakness was related to information systems and applications within the quote-to-cash process. Ernst & Young flagged insufficient documentation and evidence for Sarbanes-Oxley compliance. The company had to amend its 2022 Form 10-K and multiple quarterly reports.

Read that again: the company that sells AP automation to thousands of businesses couldn't maintain clean internal controls over its own financial reporting.

That's not an indictment of automation. It's an indictment of the kind of automation that relies on manual processes, bolt-on integrations, and insufficient audit trails. If your AP platform doesn't enforce controls natively — if it depends on humans to document, verify, and reconcile — then it's not a control. It's a workflow with the same risks as a spreadsheet, dressed up with a better UI.

What Actually Prevents Material Weaknesses in AP

Preventing material weaknesses in accounts payable isn't about adding more reviewers or running more reports. It's about designing controls into the transaction flow so errors cannot propagate. Five controls matter:

Automated invoice capture with field-level validation. Every field on the invoice — vendor name, amount, line items, tax, GL code — is extracted and validated against master data before a human touches it. This eliminates the data entry errors that seed misstatements.
Real-time 3-way matching against POs and receipts. Discrepancies between what was ordered, what was received, and what was invoiced are flagged at the point of entry — not discovered during the audit. Price variances, quantity mismatches, and unauthorized charges are caught before payment, not after.
AI-powered duplicate detection across vendors, amounts, dates, and line items. Effective duplicate detection doesn't rely solely on invoice numbers (which vendors format inconsistently). It cross-references multiple data points to catch duplicates that simple matching rules miss.
Bidirectional ERP sync with full audit trails. Every transaction, approval, and modification is logged and synchronized with the general ledger in real time. Month-end reconciliation becomes a verification step, not a discovery process. Auditors get the documentation trail they need without a separate preparation effort.
Prepaid amortization that works natively. Amortization schedules are generated automatically from invoice data, allocated across the correct periods, and posted to the GL without manual journal entries or spreadsheet tracking. No more compounding period errors from forgotten or miscalculated amortization.

Cadel was built around these five controls. Every invoice is verified against multiple sources before it touches your general ledger. The audit trail is automatic, complete, and immutable. Your auditors review clean books, not a remediation project.

The Cost of Getting It Wrong

A material weakness disclosure is not just a compliance event — it's a business event. Research consistently shows that companies disclosing material weaknesses experience measurable stock price declines upon announcement. Audit fees increase 20-50% as the external auditor expands testing scope and increases substantive procedures. Remediation takes one to two years on average, consuming finance team bandwidth that should be spent on analysis and planning. And the reputational signal to investors is unambiguous: management cannot be trusted with the basics of financial reporting.

A restatement is worse. It means the damage has already been done — the wrong numbers were published, investors made decisions on flawed data, and the company's credibility takes a hit that lingers for years.

Prevention costs a fraction of remediation. The controls exist. The technology exists. The question is whether your current AP process implements them — or just assumes someone is checking.

If your AP process relies on manual matching, broken ERP syncs, or software that can't even pass its own SOX audit — it's time to evaluate whether your tooling is a control or a risk. Talk to us.

#compliance#SOX#material-weakness#restatements#internal-controls#AP-automation