5 best internal controls over vendor master file
Internal controls over vendor master file keep your data secure with clear rules, audit trails, and consistent oversight for long-term data integrity
So, you have just onboarded a new supplier.
You’ve been diligent and verified all their details prior to setting them up in your Vendor Master File or ERP. You have checked their ABN and GST status. You’ve even undertaken a call-back to ensure the bank account information they provided you is accurate.
Job done…right? WRONG.
All you have done is verify that the information provided by your supplier was accurate at a single point in time.
But, as we know, things change.
When it comes to ensuring that all the supplier data in your Vendor Master File or ERP system is consistently accurate over a protracted period of time, it is essential to embrace continuous data verification.
In this blog we will explore the differences between Point-in-Time (PIT) verification and continuous verification, why the latter is critical for any Accounts Payable (AP) function and how eftsure helps you achieve continuous data integrity without creating unnecessary extra work for your busy AP team.
In a fast-paced, digital world, it is no longer effective to rely on traditional Point-in-Time (PIT) approaches to supplier data integrity.
After all, circumstances are changing so rapidly. What was correct yesterday, may not be correct tomorrow. A modern approach to mitigating risk must be able to accommodate continuous changes.
The modern corporate environment can see supplier circumstances change frequently. Whether they are engaged in mergers, corporate restructuring, or simply changing banking providers, verifying supplier data is not a one-time effort.
Achieving and maintaining supplier data integrity over time requires an iterative approach. In other words, it must be done on a continual basis rather that at one specific point in time.
No organisation can afford to assume they have accurate and up-to-date data in their Vendor Master File or ERP if they are solely reliant on PIT verifications that were conducted in the past.
The key question for any CFO or AP manager is this: How long does a ‘point in time’ actually last?
You may verify and onboard a supplier today. However, the goods or services the supplier commits to provide your organisation may take weeks or months to fulfil. It may then take several more weeks for the invoices for those goods or services to be sent to your AP team. These invoices may then have payment terms of 30 days.
In other words, months may have passed between the time the supplier was verified and onboarded until the time a payment is actually being sent to them.
The challenge can be even greater when it comes to long-term suppliers. You may find yourself processing invoices for suppliers who were onboarded years ago.
The longer the time lapse between supplier onboarding and when payment occurs, the greater the risk that the supplier data will be inaccurate or out of date.
During this long interval, not only can supplier’s details change, they may also be subjected to nefarious acts. Cyber-criminals or malicious insiders may have used this long interval to manipulate the data in the Vendor Master File or ERP in order to initiate a payment redirection scam.
This is why more organisations are realising that best-practice risk mitigation requires continuous supplier verifications.
Continuous verification is about achieving data integrity at one point-in-time, and then being able to maintain that level of integrity on an ongoing basis, despite a dynamic set of circumstances.
Many AP functions have extensive policies and procedures to ensure that new suppliers are onboarded correctly by verifying all their information, including bank account details. While that’s great, once the supplier has been onboarded, you also need a mechanism that can alert you to any changes in any of that information. This is crucial to ensuring you achieve data integrity over time.
At the heart of continuous verifications are two elements:
The challenge for AP teams is that you are usually reliant on suppliers to advise you that their details have changed. All too often suppliers neglect to inform you before it’s too late.
One way to address this challenge is to maintain open channels of communication with your suppliers, and regularly remind them of the importance of notifying you every time any of their information changes. When suppliers understand that incorrect or outdated information may result in delays to their invoices being paid, they will be more motivated to ensure they keep you informed of any relevant changes.
Another problem is that too many AP teams remain overly reliant on manual controls. Achieving continuous verifications would require them to conduct call-backs to verify supplier banking data every time a payment being processed. Such an approach is not practical or feasible for busy AP staff. They simply do not have the resources to be able to call every supplier every time an invoice needs to be paid. Such as approach would render the AP function irredeemably inefficient.
What’s needed is an automated solution that can help AP teams identify outdated or incorrect supplier data, without compromising operational efficiency.
Eftsure enables AP teams to achieve continuous verification of supplier data, without the need to conduct manual call-backs every time you are processing a payment to that supplier.
Our unique database comprises over 2 million Australian organisations. With eftsure sitting on top of your accounting processes, you can be confident that the supplier banking data you are using to process outgoing payments remains accurate and up to date, even if the supplier was onboarded years earlier.
Furthermore, eftsure’s integrations with government agencies allows you to automatically ensure that other critical supplier information, such as ABN and GST status, remains accurate over time.
For a full demonstration of how eftsure can help your AP team achieve continuous data integrity, contact us today.
Internal controls over vendor master file keep your data secure with clear rules, audit trails, and consistent oversight for long-term data integrity
The vendor master data cleansing process is a critical activity every AP team should periodically undertake to stop payment errors and fraud.
Establishing vendor master file best practices is the first step to cleaning your how your supplier data should be handled and maintained.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.