PO vs. Non-PO Invoice Risks — Why Maverick Spend Creates Undetectable Leakage

A non-PO invoice is a vendor bill that enters AP without a matching purchase order. The service was authorized informally — via email, phone call, or verbal approval — and the first time AP sees it is when the invoice arrives.

Non-PO invoices bypass every standard AP control. There is no PO to match against. There is no goods receipt. There is no pre-approved amount. AP’s only options are to reject the invoice (causing a payment delay for work already performed), seek retroactive approval (adding processing time), or approve it based on manager confirmation (skipping validation entirely).

Most mid-market companies process 15–30% of their invoices without a PO. For services categories specifically, non-PO rates are often 30–50% because services are frequently authorized informally by operational staff.

When an invoice has no PO, the ERP cannot perform any matching. The invoice amount is taken at face value. This creates three leakage pathways:

1. Rate is unknown. Without a PO that references a contracted rate, AP has no system-level benchmark for the amount. If the vendor charges $150/hour and the contract (if one exists) says $125/hour, nobody sees the discrepancy.

2. Scope is unknown. Without a PO that defines the authorized work, AP cannot determine whether the invoiced services were within scope. Additional charges, expanded hours, and scope-creep line items all pass without scrutiny.

3. Authorization is retroactive. When AP seeks approval after the fact, the approver faces a binary choice: approve or reject. Rejecting means the vendor does not get paid for work that was already performed, creating a vendor-relationship problem. In practice, retroactive approvals almost always pass.

Non-PO invoices have a leakage rate approximately 2–3× higher than PO-backed invoices. If your overall services spend leakage rate is 2%, your non-PO services spend leakage rate is typically 4–6%.

For a company with $5M in services spend and 30% non-PO rate, the exposure is: $1.5M in non-PO spend × 5% leakage rate = $75,000 annually in undetectable margin drift from non-PO invoices alone.

Process fix (immediate): Implement a “no PO, no pay” policy with one exception path requiring CFO signature. Communicate to vendors: “effective [date], we will not process invoices without a PO number.” Most companies that implement this reduce non-PO spend by 60–80% within 90 days.

Validation fix (ongoing): For invoices that must be processed without a PO (genuine emergencies), add a contract-term validation step: compare the invoice against the vendor’s contract rate card before approval. FynFlo can validate non-PO invoices against contracts even without a PO reference.

FynFlo is a proprietary AI-native invoice validation product of ValueXPA.

• Indirect Spend Visibility — Why Finance Teams Cannot See Where Services Money Goes
• AP Audit vs. Invoice Validation — What Actually Works?
• Approved Service Invoices: Billing Errors
• Vendor Payment Automation Managed Services

What percentage of invoices are typically non-PO?

For mid-market companies, 15–40% of total AP volume, with services categories having the highest rates.

Should I enforce 100% PO coverage?

Target 80–90% coverage with a defined exception path for the remaining 10–20%.

How does non-PO spend create undetectable leakage?

Without a PO, there is no baseline for the ERP to match against. If the vendor invoices 10% above the agreed rate, no system check flags it.