← Briefs
audit automationcontrols testingAI tools

Three-way match in auditing

Scott Newcomer 5 min read

In the world of audit, three-way matching sounds simple enough. Some discussions at the IIA International Conference 2025 in Toronto put three-way matching at the center of AI demonstrations. Match the purchase order, invoice, and receiving report to ensure everything lines up before money changes hands. It's a foundational control that protects organizations from overpayments, fraud, or just plain errors.

But from what I've seen, three-way match across real systems knows a dirty secret: this stuff gets messy fast.

Whether you're a first-year auditor doing walk-throughs or a CAE building automated workflows, it's worth digging into:

  • What three-way match really looks like in practice
  • Why it's more complicated than it sounds
  • What to watch out for when trying to automate it

Let's break it down.

What is three-way matching?

Three-way matching (3WM) is a standard internal control used to verify that:

  • What was ordered (Purchase Order or "PO")
  • What was received (Receiving Report or "RR")
  • What was billed (Vendor Invoice)

All match before the organization approves payment.

It helps ensure:

  • The vendor didn't bill for more than they delivered
  • The delivery aligns with what was actually ordered
  • Payments are only made for goods or services truly received

What makes 3WM so complicated in real life?

1. The data lives in silos

Each leg of the match usually lives in a different system:

  • POs in the ERP or procurement system
  • Receipts in a warehouse or logistics system
  • Invoices from an AP inbox or third-party portal

None of these systems were designed to talk nicely to each other. Getting clean data into a single view is half the battle. This is something I am sure you all are keenly aware of.

2. The fields don't always match cleanly

Even when you get all three data sets:

  • PO numbers might be mistyped
  • Units may differ (e.g., 1 box = 12 items)
  • Dates may not align due to delays in receiving or invoicing

These mismatches don't always mean fraud, but they do require judgment, and that's where automation gets tricky. You need a system to configure and pull levers to get data into a comparable format.

3. Partial deliveries and split invoices

Often, vendors ship partial orders or bill separately for taxes, freight, or services. That creates:

  • Multiple invoices per PO
  • Receipts split across days
  • Line-level complexity

A simple "does everything match 1-to-1?" won't cut it.

4. Exceptions are the norm

Three-way matching isn't a perfect triangle. Exceptions and resolving them are baked into the process:

  • Approving payment before receipt in urgent cases
  • Blanket POs that cover recurring services
  • Manual overrides with approvals

An audit team needs to understand not just the match, but the context and control handling around exceptions.

Automating 3WM: What to consider

If you're thinking of building automated audit tests or tools around three-way match, good. This is a great candidate for automation.

But you'll want to keep a few things in mind:

1. Start with clear definitions

Decide what "match" means for your environment:

  • Is an exact unit/price match required?
  • Can you round for currency or quantity tolerance?
  • What's the threshold for escalation?

You can't automate judgment without defining the rules first. You can do this in Kansaro.

2. Normalize the data

Before matching, the data needs to be:

  • Cleaned (no blanks, invalid types)
  • Standardized (consistent units and date formats)
  • Mapped (fields aligned across systems)

This is where data prep eats 80% of the effort. And yes, this is exactly what Kansaro was built to make easier.

3. Log exceptions clearly

You won't get 100% matches. And that's okay.

What matters is building a system where:

  • Non-matches are flagged
  • Exceptions are categorized
  • Reason codes (e.g., partial delivery, tax difference) are tracked
  • Workflow is built for resolution, not just review

Automation should help surface risk and not bury it in false positives.

4. Don't reinvent the wheel

If your audit shop already has access to:

  • ERP APIs
  • Procurement system exports
  • OCR for invoice extraction

Use what's already there. Don't build from scratch when you can orchestrate a workflow across systems.

This is where AI tools like Kansaro shine by handling messy documents, matching fields intelligently, and pulling everything into a coherent audit workpaper you can trust.

Final Word: Match for meaning, not just math

Three-way match isn't about lining up numbers in a spreadsheet. It's about ensuring control that what was intended to be purchased was actually received and paid for, and any deviations were handled properly.

Whether you're performing substantive tests or building internal audit automation, the core principle stays the same: focus on what matters.

And if you're ready to move beyond PDFs and pivot tables, Kansaro helps auditors automate tedious evidence matching, flag exceptions, and prepare complete, AI-powered workpapers while keeping you in control.

Want to see how Kansaro handles matching logic for audit workpapers? Join the waitlist or reach out to me (scott@kansaro.com) for a demo.

← Briefs
audit automationcontrols testingAI tools

Experience auditing nirvana

Join the waitlist

Be the first to know when the personal plan becomes available. We'll notify you as soon as spots open up.