OutflowDesk
Sign inStart free trial
Back to blog
· OutflowDesk Team

How to set up bill approval workflows

A practical guide to designing bill approval workflows that prevent fraud and overspending without slowing the business down — thresholds, routing rules, segregation of duties, and the audit trail.

approval workflows
internal controls
accounts payable

A bill approval workflow is the control that decides whether money leaves the company. Get it too loose and you invite duplicate payments, fraud, and budget overruns. Get it too tight and approvers drown in notifications, bottleneck the close, and start rubber-stamping everything just to clear their inbox. The goal is a workflow that catches the bills that matter and waves through the ones that don't.

Here is how to design one that holds up.

Start with the question every control answers

Before you draw a single routing rule, decide what you are actually trying to prevent. Most AP approval workflows exist to guard against three things:

  1. Unauthorized spend — money going out that nobody with budget authority signed off on.
  2. Fraud — fake vendors, inflated invoices, or a single person who can both create and pay a bill.
  3. Error — duplicate invoices, wrong amounts, or miscoded expenses hitting the wrong account.

Every rule you add should map to one of these. If a rule does not reduce one of these risks, it is just friction.

Tier approvals by amount

The single most useful rule is an amount threshold. Small, routine bills should clear with minimal ceremony; large ones should get more eyes. A simple, defensible structure:

  • Under $500 — auto-approve once coded, or single approval by the AP clerk's manager.
  • $500 to $5,000 — department manager approval.
  • $5,000 to $25,000 — department manager plus finance.
  • Over $25,000 — add the controller or CFO.

The exact numbers depend on your size and risk appetite, but the principle is constant: the dollar amount should drive the number of approvers. A $120 software renewal and a $60,000 contractor invoice should not travel the same path.

Route by vendor and department, not just amount

Amount alone misses context. Layer in two more dimensions:

  • By department or class. Route a marketing bill to the marketing lead and an engineering bill to the engineering lead. This puts approval in the hands of the person who actually knows whether the work happened, and it keeps spending accountable to the budget owner.
  • By vendor. Flag new or unrecognized vendors for extra scrutiny. A first-time vendor on a five-figure invoice is one of the classic fraud signatures, so it deserves a second look even if the amount alone would not trigger one.

When you map rules to the GL accounts and classes already in QuickBooks, routing stays consistent with how you report — no parallel taxonomy to maintain.

Enforce segregation of duties

This is the control auditors care about most, and the one small teams most often skip. The person who enters a bill should not be the same person who approves and pays it. If one individual can create a vendor, raise an invoice against it, approve it, and release payment, you have no real control at all.

You do not need a large team to achieve this. Even with three people you can split the roles: one captures and codes, one approves, and one releases the payment file to the bank. The software should enforce this — an approver should never be able to approve their own submission.

Keep approvers in their lane (and out of their inbox)

A workflow fails the moment approvers stop reading what they sign. Protect their attention:

  • Only route what needs them. If a manager only needs to see bills over $5,000 for their department, do not copy them on everything.
  • Give them the bill, not a link to log in. Approvers should see the vendor, amount, coding, and the source document in the approval request itself — ideally actionable from email — so the decision takes seconds.
  • Set escalation and out-of-office fallbacks. If an approver is unavailable for three days, the bill should escalate rather than silently stall and blow a due date.

Speed and control are not opposites here. A focused approver who sees five relevant bills a week reviews them properly. An overwhelmed one who sees fifty approves them all blind.

Make the trail immutable

An approval is only worth as much as your ability to prove it later. Every step — who submitted, who approved, when, what the amount and coding were at the time, and any edits — should be written to an immutable audit trail. "Immutable" is the operative word: if an approval record can be edited after the fact, it is evidence of nothing.

This pays off in three places: year-end audits, fraud investigations, and the simple internal question of "who approved this?" six months later. A clean, exportable trail turns all three from a scramble into a download.

A sane default to start from

If you are setting this up for the first time, this configuration covers most small businesses:

  • Auto-approve coded bills under $500.
  • Single department-manager approval from $500 to $5,000.
  • Manager plus finance from $5,000 to $25,000.
  • Add the CFO above $25,000.
  • Always require a second approver for first-time vendors.
  • Never let a submitter approve their own bill.
  • Log everything to an immutable trail.

Tune the thresholds to your numbers, then revisit them quarterly as volume grows.

Bringing it together

Good bill approval workflows are layered: amount thresholds decide how many approvers, vendor and department rules decide which ones, segregation of duties keeps any single person from owning the whole chain, and an immutable audit trail proves it all happened. OutflowDesk lets you build these multi-step chains on top of your QuickBooks Online data and signs them off from email or the dashboard — so the right bills get scrutiny and the routine ones keep moving.