Executive Brief

Source‑to‑Pay (S2P) is the end‑to‑end chain that turns business needs into paid, recorded, and audited outcomes: sourcing and contracting → catalogs and purchase requests → purchase orders → receipt of goods/services → invoicing → payment and accounting. Within that chain, Procure‑to‑Pay (P2P) is the high‑volume execution core (from request to payment).

In most organizations no single function can—or should—“own” S2P outright. Procurement steers process design and supplier outcomes, Finance sets policy and control standards and manages cash effects, Business units validate the need and confirm that goods were delivered or services were rendered, Global Business Services / Accounts Payable executes, and IT maintains platforms and data integration. The CFO is accountable for orchestrating these roles so each transaction advances three goals at once:

• Value creation: Are we buying the right thing, at the right total cost and service level?
• Cash discipline: Are payment terms and payment timing aligned to liquidity plans? (For clarity: Days Payable Outstanding (DPO) is the average number of days a company takes to pay its suppliers.)
• Risk and control: Are approvals, three‑way matching, and audit evidence reliable and consistently applied?

Regulatory trends (for example, national moves toward electronic invoicing and digital reporting) vary by jurisdiction and timeline. They are not universally mandatory today, but they are moving the market toward machine‑readable invoices, better data quality, and faster reporting. Treat them as a design signal—not the headline. The headline is simpler: design S2P to be reliable, transparent, and cash‑aware, regardless of which mandates apply this year.

Friction Points (where accountability breaks down)

1. Unclear ownership at the hand‑offs. Procurement designs a compliant process; Finance publishes a policy; Business units click “approve”—yet no forum owns the combined outcome (value, cash, and risk). Result: great policies, uneven behaviour.
2. Business units as “rubber‑stamp” approvers. The real role is larger: justify the demand, confirm delivery or service acceptance, and own budget alignment—especially for indirect spend (e.g., marketing, travel, consulting). Three‑way match (purchase order ↔ goods or service receipt ↔ invoice) confirms documentation; it does not prove the service achieved the intended outcome.
3. Data defects that multiply exceptions. Duplicated vendors, unverified bank details, inconsistent tax information, and poorly governed catalogues create price/quantity mismatches and late receipts—driving rework and delaying payment.
4. Control drift. Workarounds (email approvals, blanket purchase orders without consumption controls, ad‑hoc tolerance changes) erode segregation of duties and auditability.
5. Project mindset without stabilization. Teams “go live,” then move on. Without a stabilization phase (hypercare, exception huddles, evidence packs, and ownership of metrics), exception queues grow and confidence falls.
6. Technology without standard work. Automating a broken flow only makes the breakage faster. Touchless or “straight‑through” processing works after policies, data standards, and receipt discipline are clear.

Emerging Finance Models (what leading CFOs are now doing)

1) CFO‑orchestrated accountability (shared ownership, single forum).
Create a Design Authority chaired by Finance with Procurement, Business units, Accounts Payable, IT, Internal Audit and any other relevant stakeholder / function at the table. The forum owns one policy set, one data standard, and one metric pack. Keep the roles explicit:

• Procurement: end‑to‑end S2P design, supplier performance, contract and catalogue integrity.
• Finance: policy (approval thresholds, matching rules, tolerances), control design, working‑capital targets, and payment governance.
• Business units: demand justification, service acceptance or delivery confirmation, and budget accountability.
• Accounts Payable / Global Business Services: execution quality (first‑pass match rate, exception turnaround, on‑time payment).
• IT: platform reliability, integration, access and role design.
• Internal Audit / Risk: continuous control monitoring and independent testing.

2) A practical transformation cycle—with options.
Improvement does not have to be a big‑bang “transformation.” Choose the path that fits your risk and urgency:

• Fit–gap and design (always do this): Map the current flow. Identify where policy breaks, where data is inconsistent, and where approvals or receipts stall.
• Transition and stabilization (right‑size the change): If systems or policies change, plan a hypercare window with daily exception huddles, supplier communications, and clear “break‑glass” controls for urgent payments.
• Continuous improvement (pick a method, make it visible):
  • Lean and Six Sigma (Define–Measure–Analyze–Improve–Control): excellent when you need disciplined problem‑solving on cycle time and defects.
  • Plan–Do–Check–Act (PDCA): a lightweight loop for steady, incremental experiments.
  • Kaizen events: focused, short bursts to remove a known bottleneck (for example, late service receipts).
  • Theory of Constraints: identify the single biggest constraint (for example, approval latency) and redesign around it before optimizing elsewhere.
  • Agile sprints with Objectives and Key Results (OKRs): time‑boxed improvements tied to measurable outcomes (for example, “increase touchless invoice rate from 35% to 50% in two sprints”).
    No method is obligatory. What is obligatory is a visible, repeatable cycle with owners, targets, and evidence.

3) A simple, shared metric spine (plain‑language KPIs).
Publish a small set that every function understands and can influence:

• Value: percentage of spend under contract; on‑contract price adherence; supplier performance to service‑level agreement.
• Cash: Days Payable Outstanding (DPO); percentage of invoices paid on the agreed due date; early‑payment discount capture where the return exceeds cost of capital.
• Risk and control: percentage of invoices matched on first pass; percentage of invoices covered by three‑way match; exception rate per one thousand invoices; duplicate‑payment rate; number of segregation‑of‑duties violations resolved.
• Delivery and experience: median time from purchase request to purchase order; median time from goods or service receipt to invoice approval; dispute aging; supplier portal adoption.

4) “Comply‑by‑design,” not “chase every mandate.”
As electronic invoicing and digital reporting spread, build structured data, standard approvals, and evidence trails into the everyday flow. That way, when a country you operate in tightens requirements, you adapt configuration—not the whole process.

5) Prevention first, then automation.

• Prevention: guided buying and catalog coverage; purchase order first; clear receipt responsibilities in business units (who signs off that services were actually delivered).
• Automation: electronic invoicing channels, document capture and validation, three‑way match with sensible tolerances, duplicate‑invoice detection, and payment scheduling aligned to cash plans.
• Assurance: centralized vendor‑master changes with two‑person approval, bank‑detail verification, and audit logs for approvals and tolerance changes.

Reader note — quick definitions used above

• Three‑way match: automatic check that the purchase order, the goods or service receipt, and the invoice agree before payment.
• Touchless or straight‑through processing: an invoice that meets all rules and posts for payment without human intervention.
• Segregation of duties: no single user can request goods or services, approve the purchase, and release the payment.

Governance Levers

To make Source-to-Pay (S2P) accountable across functions, CFOs need governance levers that go beyond policy documents and project charters. These levers ensure accountability translates into day-to-day behaviour:

1. Design Authority Forum
   • A standing governance group chaired by Finance, with Procurement, Business Units, Accounts Payable, Information Technology, Internal Audit and any other critical functions represented.
   • Mandate: approve any changes to policy, process, or technology.
   • Output: one authoritative version of the S2P design, metrics, and controls.
2. Policy Spine with Business Ownership
   • Finance publishes clear, principle-based policies: approval thresholds, matching rules, tolerance levels.
   • Business Units formally own demand justification and service acceptance (not just goods receipt). This prevents “rubber-stamp approvals” and ensures spend is tied to delivery.
3. Integrated Data Standards
   • Centralized vendor master, consistent coding structures, and validated payment terms across entities.
   • IT maintains integration integrity; Internal Audit tests for control drift.
4. Control Stack by Layer
   • Prevention: guided buying, catalogue coverage, mandatory purchase orders.
   • Detection: duplicate invoice checks, anomaly alerts, segregation of duties monitoring.
   • Response: clear escalation routes, “break-glass” approvals only with CFO sign-off, and monthly audit packs.

Strategic Actions

First 90 days: Stabilization and Visibility

• Map S2P from source to payment; identify failure points.
• Publish baseline metrics: first-pass invoice match rate, exception volume, approval cycle time, payment timing…
• Launch a hypercare rhythm (daily management & reporting cadence): daily exception reviews, weekly supplier dispute checks, and monthly CFO dashboarding.

Next 180 days: Standardization and Continuous Cycle

• Stand up the Design Authority forum with named accountable leads.
• Deploy one improvement cycle method (Lean and Six Sigma, Plan-Do-Check-Act, or Kaizen)—selected for fit and transparency.
• Embed “service acceptance” accountability in Business Units for indirect spend.
• Strengthen fraud prevention: tighten vendor onboarding controls, enforce two-person vendor bank change approvals, and pilot anomaly detection tools.
• Align payment run scheduling with cash flow plans to actively manage Days Payable Outstanding (DPO).

Beyond 180 days: Continuous Improvement and Assurance

• Run quarterly improvement cycles, publishing results to the Design Authority.
• Link S2P metrics to strategic finance dashboards so that working capital, compliance, and supplier performance are visible at board level.
• Expand automation only where policies and data standards are proven stable.
• Conduct Internal Audit “sprints” on the highest-risk areas—duplicate payments, vendor master changes, and indirect services.

Leadership Outlook

For CFOs, the lesson is clear: transformation is not obligatory, accountability is. Whether the path is a major system redesign or a set of incremental Kaizen improvements, the CFO must ensure three outcomes:

• Value is justified: every euro, dollar, or pound spent aligns with strategy, is approved by the right budget owner, and results in delivered goods or services.
• Cash is disciplined: payment terms are respected, Days Payable Outstanding (DPO) is actively managed, and early payment decisions are made with capital cost in mind.
• Risk is controlled: approvals, matching, and audit trails work consistently, and fraud or compliance failures are caught early.

The governance levers and improvement cycles described here turn S2P from a project to a management system—one that balances Finance, Procurement, and Business Unit roles while keeping the CFO in the orchestrator’s chair.

References

• Association of Certified Fraud Examiners (ACFE) — Report to the Nations 2024, findings on vendor and accounts payable fraud risks.
• European Commission — VAT in the Digital Age (ViDA), adopted March 11, 2025; signals shift toward structured electronic invoicing and near real-time reporting.
• Service-Public France — Official e-invoicing rollout plan (2026–2027, phased by company size).
• KPMG Germany — Guidance on readiness for B2B e-invoicing (receive capability required from 2025).
• Polish Ministry of Finance (KSeF) — Mandatory structured invoicing, phased from 2026.
• American Society for Quality (ASQ) — Continuous improvement methodologies: Lean and Six Sigma (DMAIC), Plan-Do-Check-Act, Kaizen.
• Gartner / Deloitte — Guidance on Source-to-Pay operating models and shared ownership between Finance, Procurement, and Business Units.