5 best internal controls over vendor master file

Vendor master file maintenance & audit controls

1. Supplier updates

From time to time, suppliers will notify you of changes to their details. There may be a new individual who will act as your primary contact moving forward. They may need to update their contact details or even provide a new bank account. From time to time, they may be updating their banking details.

The first thing to bear in mind is that you should never delete old data by simply overwriting it with new data in your vendor master file. Implementing internal controls over vendor master file ensures that these changes are properly documented and monitored.

It is essential to maintain a complete audit trail of all data changes in the vendor master file so that in the event of any future problems, you will be able to go back and identify precisely what data changes took place and when they were changed.

If your ERP system has fields where you can enter notes, make it clear what the previous data was.

For example, if a supplier’s primary contact is changing, you can enter the following:

• OLD Primary Contact = Jane Simons
• NEW Primary Contact = Barry Davis
• As per email sent by davis@abc.com 10/10/2021

The name of the accounts payable team member who made the update should be recorded against the note as well. This will make it easy in any future investigation to retrieve and check the supplier email requesting the name change.

Naturally, when it comes to changing supplier details in the vendor master file, particularly any sensitive data such as banking information, your accounts payable team should have undertaken a call-back verification to ensure the change is legitimate. Details of this call-back should also be recorded in the ERP. These steps are crucial parts of maintaining internal controls over vendor master file.

Click here to read about doing call-backs the right way.

2. Ongoing training

For any large accounts payable department, ensuring all the members of your team are handling and encoding data consistently in the vendor master file requires ongoing training.

Having established rules for how data should be encoded in the master vendor file, as per Part 1, you now need to ensure all staff members receive training in order to adhere to those consistent standards. Firstly, ensure that all the rules are documented in a comprehensive manual. This should be approved by the CFO, and it needs to be clear to all your team that adherence to these rules is mandatory, with consequences for repeated or deliberate deviation from them.

It is likely that refresher training will be required, at least during the first few months after these rules are implemented.

3. Monitor vendor master file audit trail

As mentioned above, it is essential that any data changes not simply overwrite old data. Maintaining a comprehensive audit trail of any data changes is an essential control. These audit trails are a key element of internal controls over vendor master file.

In line with segregation of duties principles, at least one individual who is not responsible for encoding data should be tasked with monitoring data changes. Their responsibilities should extend to verifying that records have been retained of the old data, and to double-check email records from suppliers requesting the change to ensure any changes made were valid and accurate.

4. Newly onboarded suppliers

Just as there needs to be oversight of updates to existing supplier data, there also needs to be oversight of newly onboarded suppliers in the vendor master file. Strong internal controls over vendor master file include such oversight.

An individual not responsible for encoding data should be tasked with conducting spot checks of newly onboarded suppliers. Vendor master file onboarding usually occurs once a purchase order is issued to a new vendor. When undertaking spot checks of newly onboarded suppliers, not only should the veracity of the data be checked to ensure necessary control procedures were followed, but it is also important to check that the data was encoded consistently with your internal standards.

5. Supplier communications

Ensure you have communications with your suppliers that make it clear to them what data you require from them and the format in which that data should be supplied.

For example, suppliers should make sure they supply you with their corporate name as per the ASIC register, as well as any trading names. They should clearly specify the address of their corporate headquarters if distinct from any branch you may have been dealing with.

By encouraging suppliers to provide their complete vendor data in the right format, you can make it clear to them that the payment of invoices will be expedited and won’t be subject to any unnecessary delays.

If you have a vendor portal, all supplier data should be submitted through the portal for data integrity and security purposes.

Editing your vendor master file: how can Eftsure help?

Ongoing vendor master file maintenance is a challenge that many organizations struggle with. Even once you have cleaned and standardized the data in your vendor master file, maintaining long-term data hygiene requires ongoing effort. This is where internal controls over vendor master file become essential.

All too often, a vendor needs to receive a payment long after they were initially onboarded and verified. During this interim period, malicious actors may have manipulated data or the vendor’s details may have changed. This can result in you processing a payment using incorrect or outdated information.

With eftsure, this issue is addressed by sitting on top of your accounting processes. By automating your continuous internal controls over vendor master file, each time a vendor needs paying, eftsure cross-checks their data against our up-to-date database. Anomalies can be identified immediately prior to issuing a payment.