US Based Entities - Explanations for Non-US Vendor Validations 

Blog+2.21+Picture.jpg

In last week’s Blog Post entitled: “Table:  Non-US vs US Vendors for US Based Entities” I listed a table that showed the different forms, tax numbers as well as the different validations for the address, banking and watch lists.  Below you can find more detail about validations for Non-US Vendors for US Based Entities.  

IRS:  Legal Name and Tax ID 

Note:  Under certain scenarios for a foreign vendor that is an individual, the IRS could require a birthdate.  

 

  • Disclaimer:   I am not a Tax professional.  W-8’s can be very complex, seek advice as needed from an Accounting and/or Tax professional.  

  • Reason to Validate:  Confirms that vendor is registered with the IRS and is not fraudulent and will not result in B-Notices from the IRS due to Legal Name and Tax ID mismatches.  

  • Required Document:  IRS W-8(X) 

  • How to Validate:   

 

Other Tax Registration Numbers 

 

  • VAT (Value Added Tax) 

  • Reason to Validate:  VAT is an International Country level sales tax that your company’s tax team may need to use to reclaim VAT that is added to invoices paid.   

  • Required Document:  Invoice or Request from Vendor 

  • How to Validate:   

 

Office of Foreign Assets Control (OFAC)/Specially Designated Nationals (SDN) List 

 

  • Reason to Validate:  Vendors that appear on this list should not be setup in your vendor master file. If there is a vendor match, please notify your leadership for further action. Compliance with OFAC regulations is required for all US individuals and entities.  Failure to comply can result in both civil and criminal penalties. 

  • Required Document:  IRS W-8(X) 

  • How to Validate:   

 

Banking Details 

 

Note: The Early Warning program to verify the Bank Account Name and the Bank Account Number is not available outside of the United States as of the publish date of this blog post.  

 

  • Required Document:  Vendor Letterhead, Bank Letter or Company Branded Banking Setup Form (recommended).  I know that many International companies will have their banking included on their invoice. I do not recommend using the invoice for this purpose, but if you do, to ensure that you are not taking that information from a fictitious invoice, validate that the bank account number is the same across multiple vendor invoices.   

 

  • SWIFT/BIC Code 

  • Reason to Validate: Ensure that International ACH or Wire payments are processed successfully. Countries that do not require an IBAN will have a BIC Code or SWIFT code along with a bank account number. 

  • How to Validate:   

 

  • IBAN  

  • Reason to Validate: Ensure that International ACH or Wire payments are processed successfully. The IBAN is required for all bank accounts in the EU countries plus Norway, Switzerland, Liechtenstein and Hungary. The IBAN is made up of a code that identifies the country the account belongs to, the account holder's bank and the account number itself. 

  • How to Validate:   

  • Free –Verify with Vendor Bank.  There is no regulated validation for the IBAN.  IBAN validations are included with most third party's paid subscription plan.  

 

Address 

  • Required Document:  IRS W-8(X) or Invoice (if remit address is different) or Fully Executed Contract 

  • Reason to Validate:  Confirms that vendors are not fraudulent attempting to use addresses that do not exist.  Also reduces the potential that check payments or distributed 1042s will not be returned causing rework for the team.  Standardizes address formats in accordance with US Postal Service (US) or Universal Postal Union (Non-US). For PO Boxes, also require a street address and validate both.  

  • How to Validate:   

Now that you have all this great information to validate Non-US vendor information, protect it. Implement internal controls and best practices to reduce the potential for letting fraudulent vendors or data into your vendor master file.  Get training or the eGuide.  

Want a handy Cheat Sheet that includes the links to the validation resources?  Sign up for my mailing list below, download the Vendor Validation Reference List and share with your entire team!   

Protect the Vendor Master File from Fraud.  Keep it Clean.   

Vendor Setup & Maintenance Additional Resources:   

  • Need a Resource for Vendor Setup & Maintenance?  eGuide:  3 Step Vendor Setup and Maintenance Process eGuide to protect the vendor master file from fraud and keep it clean. www.debrarrichardson.com/training  

  • Need help cleaning the Vendor Master File?  Visit www.debrarrichardson.com/consulting 

  • Need Vendor Master File training?  Visit www.debrarrichardson.com/training  

  

#stayhappy #puttingtheapinhappy #Vendorsetup #vendormasterfile #accountspayable 

 

Table: Non-US Vendor Setups vs US Vendor Setups For US Based Entities

Your company is a US based company and you have a Non-US vendor that will be providing a service or goods, and the vendor needs to be setup in your Vendor Master File.   There are differences in forms, banking details and validations.  Here’s a quick graphic for this week.   

 

Blog18table.PNG

Be sure to check with your organization’s leadership, audit and/or legal department before making any changes to your current process. 

 

Want a handy Cheat Sheet that includes the links to the validation resources?  Sign up for my mailing list below, download the Vendor Validation Reference List and share with your entire team! 

 

Protect the Vendor Master File from Fraud.  Keep it Clean.   

Vendor Setup & Maintenance Additional Resources:   

Need a Resource for Vendor Setup & Maintenance?  eGuide:  3 Step Vendor Setup and Maintenance Process eGuide to protect the vendor master file from fraud and keep it clean. www.debrarrichardson.com/training  

Vendor Maintenance Process Design:  Visit www.debrarrichardson.com/services  

Need help cleaning the Vendor Master File?  Visit www.debrarrichardson.com/services  

Need Vendor Master File training?  Visit www.debrarrichardson.com/training  

Need Accounts Payable Gifts:  Visit www.debrarrichardson.com/shop  

 

#stayhappy #puttingtheapinhappy #Vendorsetup #vendormasterfile #accountspayable #manualvendorsetup  

One Reason to Switch to a Substitute Form W-9

Blog 17 Picture.PNG

Even though the IRS keeps revising the W-9 form (the latest version dated October 2018), Accounts Payable (AP) professionals know that the form needs to be collected in order to add a new vendor or in some scenarios, to update existing vendors. And, according to a recent survey by an AP Solutions company, more than two thirds of AP professionals are validating the Legal Name and Tax ID on the W-9 by performing an IRS TIN Match.   

What’s more, vendors know the IRS Form W-9 is a requirement when they do business with a new client.  They will provide and even prepare it in advance anticipating the ask.   

So why would your company want to take advantage of the IRS acceptance to develop and use your own Substitute Form W-9? One reason - Information.  

Collect More Information  

  • Addresses – the IRS Form W-9 includes one address, the address where the 1099 will be mailed.  If there is a different remit address, a Ship From, etc a Substitute Form W-9 can capture those addresses.  This is especially beneficial if the address on the IRS Form W-9 is a PO Box, which can be a red flag for a fraudulent vendor, so you can also require and collect a physical address. 

  • Contact Information – Collecting contact information and email addresses are critical for future authentication and confirmation of changes.  Collecting on one form consolidates what can be a manual effort to search for this information on invoices, contracts, at the time of vendor setup. 

  • Diversity Information – Vendors can self-identify or indicate if they have been certified based on socioeconomic factors such as Veteran-Owned Business, etc.  This information can be used for diversity and inclusion reporting.  

  • D&B (Duns) Number – This Dun and Bradstreet number can be used for Supplier Risk monitoring during or after the vendor onboarding process.  It can also be used to identify Parent Company and it’s hierarchy.   

  • Insurance Company Information – If your vendors are required to be insured, request the insurance company information to request the Insurance Certificate.    

  • Industry Codes – Collect the Primary North American Industry Classification System Code (NAICS) or the Standard Industrial Code (SIC).  This information can be useful in reports for the Sourcing or Procurement groups.  

  • Company or Industry Specific – Do you require ISO Certification?  Add it.   

Collect the Most Updated Information 

  • Some vendors will create a W-9 on the most current version, with the current company structure.  Two years later, it’s been copied from copies and can be illegible or worse, does not reflect a name change a year before, but your contact is unaware and submits that same copy.   The back and forth when the IRS TIN Match is not successful would have been avoided with the Substitute Form W-9.   For existing vendor changes, this form can force the review of the original data collected versus a resubmit of the original IRS Form W-9 used for the original setup.   

If you already have a separate Vendor Add/Change Form that is collected along with the IRS Form W-9, consider carefully if you can combine them to one.  If your collection process for the IRS Form W-9 is separate in order to protect vendor sensitive data (Tax ID that could be SSN), then you don’t want to combine the forms.  Or if you have a vendor self-registration portal that generates a Substitute Form W-9, and maybe collects some of the additional information, keep the forms separate.    

If you decide a Substitute Form W-9 if right for you, ensure you incorporate the IRS certification requirements related to the signature, etc:  https://www.irs.gov/pub/irs-pdf/fw9.pdf.   

Now that you have all this great information in your Accounting System or ERP, protect it. Implement internal controls and best practices to reduce the potential for letting fraudulent vendors or data into your vendor master file.  Get my training or eGuide.  

Want a handy Cheat Sheet that includes the links to the validation resources?  Sign up for my mailing list below, download the Vendor Validation Reference List and share with your entire team!   

Protect the Vendor Master File from Fraud.  Keep it Clean.   

Vendor Setup & Maintenance Additional Resources:   

  

#stayhappy #puttingtheapinhappy #Vendorsetup #vendormasterfile #accountspayable

Vendor Master File: When an Existing US Based Vendor Changes Their Legal Name or Tax ID or Both

Blog #16 Image.pngVendor Master File: When an Existing US Based Vendor Changes Their Legal Name or Tax ID or Both

You receive a notification letter or email indicating that an existing vendor has either changed their Legal Name or Tax ID or both.  First, let’s take a moment to appreciate the notification.  Those in Accounts Payable (AP) know that many fire drills are due to only being notified of existing vendor changes when their invoices have not been paid. 

Second, use authentication techniques to ensure that the information received is valid and from the vendor.  This can be validating that the email domain received is not spoofed and on the vendor record, or by contacting the vendor using the contact information (email or phone) on the vendor record to confirm.

Once you have confirmed the information is real, you need to identify what changes need to be made to the vendor record in the Vendor Master File in each of those scenarios.  Let’s first look at what supporting documentation to collect.

Forms to Request

  • New W-9 or W-8X Form

    • May also request:

    • New Banking ACH Form, if paid by direct deposit

    • State Certificate / Articles of Incorporation

    • Insurance Certificate

    • Diversity Certification Updates

    • Copy of Invoice or Contract, if Remit Address is different than W-9/W-8

Validations to Perform

  • IRS TIN Match – Verify new Legal Name + Tax ID combination matches

  • The IRS can take a significant amount of time to update their records. If it is not a match, request the IRS Form 147c from the vendor.  This form is issued by the IRS to the vendor with the recognized Legal Name and Tax ID, and can be used as support for the update in the vendor master file.  

  • OFAC/SDN – Vendor and Bank Name are not on exclusion list(s)

  • As Needed

    • Banking Details – Verify new details and/or new account name

    • Secretary of State – Verify Business Registration

    • Insurance Carrier – Verify Change of Name (if applicable)

Now that you have validated the documentation, changes can be made in the Vendor Master File based on the scenario.   

Changes to Vendor Record in Vendor Master File

  • Changes to Vendor Legal NameUpdate existing vendor record with new Legal Name.  Since the Legal Name on the vendor record must match the Legal Name on the invoices when posting, the vendor will need to update the Legal Name on all future invoices.  Purchase Orders should update with the new Legal Name automatically.

  • Changes to Vendor Tax IDInactivate existing vendor record and create a new vendor record with the new Tax ID.  Why? Tax reporting is linked to the Tax ID, and any historical activity linked to the Tax ID on the existing vendor record should remain intact for reporting and auditing purposes.  If there are any open Purchase Orders, work with the vendor and Procurement team to determine if they will need to be closed and reopened using the new vendor record.  Future Purchase Orders and invoices will need to use the new Vendor ID.

  • Changes to Vendor Legal Name and Tax IDInactivate existing vendor record and create a new vendor record with the new Legal Name and Tax ID.  This is really a new company.  The vendor will need to update all future invoices with the new Legal Name and new Vendor ID.  If there are any open Purchase Orders, work with the vendor and Procurement team to determine if they will need to be closed and reopened using the new vendor record.  Future Purchase Orders and invoices will need to use the new Vendor ID.

Don’t forget to send a confirmation to the vendor after the change is made in the vendor file.  For more detail see blog post Send a Notification to Vendors After Updates in the Vendor Master File.

Want a handy Cheat Sheet that includes the links to the validation resources?  Sign up for my mailing list below, download the Vendor Validation Reference List and share with your entire team! Today is the last day to sign up and be entered in the February 1, 2019 drawing to win a Putting the AP in hAPpy coffee mug.

Protect the Vendor Master File from Fraud.  Keep it Clean. 

Vendor Setup & Maintenance Additional Resources: 

 

#stayhappy #puttingtheapinhappy #Vendorsetup #vendormasterfile #accountspayable

SMBs - Privately Held with Less Than 100 Employees?

Blog #15 Image.png

So have you thought about it?

Is 5% of your annual revenue an acceptable risk of doing business?  I posed this question in my last blog “SMBs - Why You Need a Certified Fraud Examiner (CFE) and a Fraud Risk Management Program”.

Five percent is the estimated average loss for the defrauded companies examined in the 2018 ACFE Report to the Nations.   Other findings in the Report:

  • 42% of reported cases in the Report involved privately held companies

  • Of companies with less than 100 employees, 29% of frauds are perpetrated by an owner or executive, i.e.: Highly Trusted Employee.

Small Business Owner, if you are privately held and have fewer than 100 employees, this blog is for you.

Let me help you help yourself

My career passion as a Certified Fraud Examiner is to use my special training and resources to help small business owners evaluate the fraud risk in their businesses and to take steps to mitigate that risk.  Part of that risk evaluation revolves around two common elements:  Environment and Employees.

Work Environment Awareness

Work environment is a phrase we have all heard and used.  It broadly refers to the physical, social and psychological elements surrounding us in our workplace.  Intangible elements to the work environment can have a direct impact on your level of fraud risk. 

Yes or No:  Does senior management exhibit and encourage ethical behavior. Be honest! 

Yes or No:  Does management meet productivity goals easily without some challenge? 

Yes or No:  Are duties related to authorization, custody of assets, and recording or reporting transactions segregated?

Small Business Owner, if you answered “No” to any of those questions, you are exposed to fraud risk.

Employee Awareness

What I’m getting at is employees are complicated creatures.  It may be more difficult to get inside their brains than you think, but having that understanding can make a huge difference in your ability to reduce the exposure to fraud risk in your business.

True or False:  Employee morale is irrelevant to fraud risk.

True or False:  Employee off-the-clock behavior is their business, not mine.

True or False:  Employees are afraid to deliver bad news to supervisors or management.

Small Business Owner, if you answered “True” to any of those questions, you are exposed to fraud risk.

The Fraud Triangle

These questions are intended to make you consider your business in terms of the Fraud Triangle. https://www.allbusiness.com/the-fraud-triangle-and-what-you-can-do-about-it-4968017-1.html  There are many variations of the Triangle, but the original model was developed by famed criminologist Donald R. Cressey.  He sought to illustrate the three key elements typically present when fraud occurs.  Those elements are Rationalization, Perceived Pressure, and Perceived Opportunity.  Depending on how you answered those questions, you may have varying degrees of fraud risk.

 
SMBs - Privately Held with Less a Than 100 Employees?
 

If you are experiencing a twinge of concern, I’d like to talk with you.  My Risk Assessment Evaluation and Annual Fraud Prevention Check Up looks into these and other areas of your business to help you evaluate your vulnerabilities.  The resulting report moves a step further offering ways to improve internal controls and other hints.

Eye rollers and sceptics!  I want to talk with you too!  What are your questions? Challenge me.  Contact me at lindaaccttax@yahoo.com and tell me what’s on your mind.

What Will She Come Up With Next?

In my next blog, I’ll discuss the Key Employee and other Very Trusted Employees, and we’ll see how they have a unique relationship to the Fraud Triangle.  What could go wrong?

Linda Stacey, CFE, Guest Blogger

Linda Stacey, CFE, Guest Blogger

Linda has over 20 years’ experience in general ledger accounting, accounts payable, accounts receivable and cash management with a focus on small and medium-sized companies.  

Linda has a Master’s Degree in Accounting and is a Certified Fraud Examiner. 

Connect with Linda on LinkedIn

Comment

Linda Stacey

Linda has over 20 years’ experience in general ledger accounting, accounts payable, accounts receivable and cash management with a focus on small and medium-sized companies. She has seen first-hand the challenges small business owners have in protecting themselves from fraud – from external threats as well as threats from within their own organizations.

Her calling as a Certified Fraud Examiner (CFE) stems from wanting to guide business owners through the process of protecting their business assets from unnecessary loss from fraud. Her common-sense approach to internal controls is meant to give business owners cost-effective peace of mind.

Linda has a Master’s Degree in Accounting and is a Certified Fraud Examiner. She adds this specialty to her menu of services and looks forward to providing her unique perspective to her clients as they evaluate their business processes.

She has lived in the Tulsa area for over 25 years.

2 Processes You Can Implement Today To Protect Sensitive Vendor Data from Non-Vendor Maintenance Employees

Vendor Setup and Maintenance

 Whether you have one or ten Vendor Maintenance employees , whether vendor maintenance is in Procurement or Accounts Payable (AP) or under the same Global Process team, or whether you have a manual process or a global vendor portal, restricting access to sensitive vendor data should be on your radar.  There are two processes that the Vendor Maintenance team can implement today to protect vendor sensitive data without intervention from the IT or Systems group. Still printing 1099s? Very timely.

 What is Considered Sensitive Vendor Data in the Vendor Master File?

  •  Tax ID – Can either be the Employer Identification Number (EIN), the Social Security Number (SSN) or a Foreign Tax Identification Number (TIN).  Both the Social Security Number and Foreign Tax Identification Number can be assigned to an individual, and as such they are considered sensitive personal information. Since some accounting systems have one field for either tax identification number, the Tax ID should still be considered sensitive personal information. 

  • Banking Details – Many companies include banking details on their invoices (especially International vendors) because the accounts that AP sends payments to is a “deposit only” account.  That is not always the case.  Many Individuals, Single Member LLCs do not have “deposit only” accounts, so banking details should still be considered sensitive personal information. 

  •  Birth Date – In specific scenarios, the IRS requires the collection of a birthdate for Foreign Individuals.  Birthdates are considered sensitive personal data that should only be collected for regulatory requirements. Go to www.irs.gov for more information. 

 Two Ways to Protect Sensitive Vendor Data  

  1. Secure Print - Depending on the purchasing, invoicing and vendor setup and maintenance processes, collecting vendor supporting documentation comes with the added risk of that documentation including sensitive data.   If your current process requires that supporting documentation to be printed, and secure print is available on your printer, enable that functionality.  Sensitive data will then be printed only when the user arrives at the printer to key in the code, preventing the document from sitting in the print tray for unintentional eyes of other employees innocently retrieving their print job. 

  2.  Desk Audit – Now that the document is printed it goes back with the user to their desk, or does it? If it does, it needs to be protected from view of those that do not need to see it.  The purpose of the desk audit is to randomly check desks, printers, any common areas to ensure that employees are always in the mindset of security and protecting sensitive data by discarding (locked shredder) or securing those documents after use. No documents with sensitive data should remain on the employees desk once it has been processed or after they leave for the day. In addition to vendor sensitive data, also include employee sensitive data, passwords, any data that can threaten security.   

    • Schedule the desk audits randomly after business hours, and at recurring intervals such as monthly.  Write up a formal process and guidelines, then work with your team to walk through expectations, including a review process for infractions.  You can make it more palatable by tying team member recognition or rewards for low or no incidents.   Soon, protecting sensitive data will be second nature for your employees.

These are two process changes that do not involve IT to help protect vendor sensitive data. Remember to reach out to your leadership and/or your audit group prior to making any process changes.

Episode 14 of thePutting the AP in hAPpy” Podcast will include two extra ways to protect your vendor sensitive data that involve the IT team. Also, you want to listen if you have Non-Vendor Maintenance employees collecting vendor supporting documentation to submit to Vendor Maintenance. What do you think those employees are doing with the documents after they submit to Vendor Maintenance? Hint, they are not safely disposing of that data. The episode will be published on Sunday, January 20, 2019.

Want a handy Cheat Sheet that includes the links to the validation resources?  Sign up for my mailing list below, download the Vendor Validation Reference List and share with your entire team! Sign up by January 31, 2019 and be entered to the drawing to win a Putting the AP in hAPpy coffee mug.

Protect the Vendor Master File from Fraud.  Keep it Clean. 

Vendor Setup & Maintenance Additional Resources: 

 

#stayhappy #puttingtheapinhappy #Vendorsetup #vendormasterfile #accountspayable

SMBs - Why You Need a Certified Fraud Examiner (CFE) and a Fraud Risk Management Program

Fraud Risk

Fraud Risk

I love telling people what my career passion is.

“You’re a Certified FROG Examiner?” 

No, FRAUD Examiner.  Big difference.  I wouldn’t know the first thing about frogs.  Fraud, however, is a different story.

“What’s a Fraud Examiner?”

The Association of Certified Fraud Examiners tells us on its website that a CFE is an expert in fraud prevention, detection and deterrence.  “CFEs,” it says, “are trained to identify the warning signs and red flags that indicate evidence of fraud and fraud risk.”

“Never heard of it.” 

That’s OK. I get that a lot.

The ACFE was established in 1988 by Joseph T. Wells, accountant-turned FBI agent. It has grown to nearly 85,000 members world-wide and is the largest anti-fraud organization and fraud education/training source in the world.

The CFE has a skill set setting it apart from other professionals such as CPAs. Like CPAs, they must pass a rigorous test, but the CFE test combines four unique disciplines:

  • Fraud Prevention and Deterrence

  • Financial Transactions and Fraud Schemes

  • Investigation

  • Law

This unique focus has become my niche.

“That must be for really big companies.”

Yes and no.

We’ve all heard about the big corporate frauds.  Forbes listed the Top 10 Biggest Frauds in Recent US History.  On that list are Enron. Lehman Brothers. WorldCom. Fannie Mae. HealthSouth. Tyco.

Municipalities and even small towns were everyone knows each other can fall victim to fraud.  Have you seen the 2017 documentary “All the Queen’s Horses”?  It tells the story of how the city comptroller embezzled $53 million dollars from the small town of Dixon, Illinois, over a period of 20 years.  How is that even possible?  She was an employee in a small office with insufficient internal controls, and no one questioned her because she was highly trusted by the mayor of the town.  

By the way, coming in at #2 on that Forbes list was Bernard Madoff, the brilliant Ponzi scheme architect and destroyer of lives.  He, too, was a well-trusted friend and family member, but Madoff had no qualms about making off with their money either.  Don’t get me started.

Sadly in fraud cases, it’s often the most trusted individual in the organization that is in the best position to commit fraud.

“Well, my small business is safe.”

I sincerely hope so. 

The ACFE puts out an annual report to present its analysis of occupational fraud cases.  In its 2018 Report to the Nations, its study considered 2,690 cases investigated by participating CFEs between January 2016 and October 2017.  The Association admits its data is imperfect.  Data only includes information from reporting CFEs and excludes undetected or unreported fraud. 

With those limitations in mind, here are a few of its findings:

  • 42% of reported cases involved privately held companies

  • 29% involved publicly traded companies

  • 28% of defrauded companies have <100 employees

  • 22% have 100 – 999 employees

  • The Average Loss suffered by these defrauded companies was an average of 5% of their annual revenue

I ask you, Small Business Owner, what is 5% of your annual revenue?  Is that an acceptable risk of doing business?

Unfortunately, small companies are especially vulnerable for a few reasons.  Mainly, small business owners think they don’t have the resources to put proper controls into place.  The 2018 Report discovered that of the companies with <100 employees, 42% of those frauds resulted from lack of internal controls, and 29% are perpetrated by an owner/executive, such as a highly trusted employee.

“That’s just great.  What am I supposed to do now?”

Don’t panic, but move forward in finding a solution.  Let me help you.  I’m a CFE with the special training to evaluate fraud risk.  

My core services include:

  • Personalized Risk Assessment Evaluation.  I will outline your level of fraud risk at the process-level so you can see the exactly where there are opportunities for loss.

  • Evaluation Report and Recommended Solutions.  I will clearly illustrate the Evaluation results and offer step-by-step suggestions to improve internal controls.

Additional services include:

  • Implementation Assistance.   Some of my recommendations will be changes you can manage on your own.  Some may require coordination with your staff to put in place.  I can educate and work with your employees to get you up and running. 

  • Annual Fraud Prevention Check Up.  How did you do with the implementation?  That’s what we’ll find out during your Check Up.  I will perform another Fraud Risk Evaluation with another Evaluation Report and Recommendations. 

Contact Linda at lindaaccttax@yahoo.com to schedule an initial call through January 31st and get a discount code for 25% off of the Fraud Risk Assessment.

Would you like to hear more detail about a Fraud Risk Management Program? Listen to the Putting the AP in hAPpy Podcast Episode 13: SMBs – What a Fraud Risk Management Program Can Look Like For You.

Linda Stacey, CFE, Guest Blogger

Linda Stacey, CFE, Guest Blogger

Linda has over 20 years’ experience in general ledger accounting, accounts payable, accounts receivable and cash management with a focus on small and medium-sized companies.  

Linda has a Master’s Degree in Accounting and is a Certified Fraud Examiner. 

Connect with Linda on LinkedIn

Comment

Linda Stacey

Linda has over 20 years’ experience in general ledger accounting, accounts payable, accounts receivable and cash management with a focus on small and medium-sized companies. She has seen first-hand the challenges small business owners have in protecting themselves from fraud – from external threats as well as threats from within their own organizations.

Her calling as a Certified Fraud Examiner (CFE) stems from wanting to guide business owners through the process of protecting their business assets from unnecessary loss from fraud. Her common-sense approach to internal controls is meant to give business owners cost-effective peace of mind.

Linda has a Master’s Degree in Accounting and is a Certified Fraud Examiner. She adds this specialty to her menu of services and looks forward to providing her unique perspective to her clients as they evaluate their business processes.

She has lived in the Tulsa area for over 25 years.

Why You May Need a Manual Vendor Process with Your Vendor Self-Registration Portal

After months, leadership finally approved your business case to implement a vendor portal for the vendor setup and maintenance process.  The vendor portal project and related tasks were hard and took longer than expected (they always do), but you got through it.  You have a way for your vendors to login and self-register or update their existing information.  The vendor portal provides vendor authentication, handles all validations, approvals are captured, and it’s integrated into your Accounting System/ERP so the vendor data flows in touchless by your vendor maintenance team.  The last thing you want to think about is retaining or adding a manual vendor process.  Why may you need one?  GDPR. 

 GDPR

The EU General Data Protection Regulation (GDPR) was passed on April 14, 2016 and enforcement began on May 25, 2018.  The regulation provides individuals in European Economic Area (EEA) countries the right to consent to use of their personal data.  The law is complex, and each organization needs to interpret the law and its effect on their vendor maintenance processes and systems to remain compliant.   For more information on GDPR click here  for the European Commission website or here for their Data Protection infographic for small businesses. 

Here is why it may matter for your vendor portal. Vendor self-registration portals typically require an internal team member such Procurement to start the vendor onboarding process by creating the vendor record and adding the first name, last name and email address of the vendor contact.  This personal data will be used to send the invitation to the vendor to complete the registration. 

What can this mean for your vendor portal?  

  • Require functionality to determine, or allow the user to self-identify at first login, if they are in one of the affected countries and if yes, have them view your privacy policy and give them the option to unsubscribe/be removed from the portal. 

     

  • If the user unsubscribed and they are the vendor, such as with an individual, the vendor record may need to be removed from the portal. 

     

  • For those vendors that unsubscribed, to avoid collecting personal data via the vendor portal, future changes may need to be submitted and processed using a manual vendor process. 

 

Manual Vendor Process

If your organization’s solution to GDPR is also to create a manual vendor process, or if you are still using a manual or partial manual vendor process, here are some tips to avoid fraud and keep the vendor master file clean:

  • Require a Vendor Setup Form be completed in full by the vendor.  Require the W-9, insurance information (if an insurance certificate is required) and banking details if payment will be made by ACH.

  • Create and brand a Banking Details form to submit banking details.  Require signature, Tax ID and if a change, either the old banking details or the last three deposit dates and amounts as authentication. 

  • Implement authentication techniques to ensure the supporting documentation collected is valid and came from the vendor. 

  • Provide your Vendor Maintenance team with a checklist or reference list to ensure applicable validations are performed prior to adding the vendor to the vendor master file.

  • Once the vendor setup is complete, send the vendor a Welcome Packet that includes all the required information to do business with your company such as their vendor id, what to include on their invoices and how to submit, etc. 

  • Validate any change requests with the vendor and once the vendor change is complete send the vendor a confirmation of the change.

Be sure to check with your organization’s leadership, audit and/or legal department before making any changes to your current process.

Check out Episode 12 of the Putting the AP in hAPpy Podcast “What Role Can P-Cards Play to Avoid Fraud in Your Vendor Master File” to see how P-Cards may be a solution to a manual vendor process. It will be published on Sunday, January 6th.

Want a handy Cheat Sheet that includes the links to the validation resources?  Sign up for my mailing list below, download the Vendor Validation Reference List and share with your entire team!

Protect the Vendor Master File from Fraud.  Keep it Clean. 

Vendor Setup & Maintenance Additional Resources: 

 

#stayhappy #puttingtheapinhappy #Vendorsetup #vendormasterfile #accountspayable #manualvendorsetup

Urgent Vendor Setup? Here’s How to Protect Your Vendor Master File

Urgent vendor setups are a common scenario in Accounts Payable (AP), especially for Non-PO spend when the request for the vendor setup is not triggered until the invoice is received.  Combine that with month-end or year-end when those forgotten invoices make their way over to AP at the same time, and the potential for fraud can increase. 

 There are two ways urgent vendor requests can be handled: 

One: Same Vendor Setup Process, and hurry.

 Handling urgent new vendor setups when your current vendor setup process is still followed, only expedited, can and should be planned for.  When I was an AP Sr. Manager for a Fortune 15 company over Global Vendor Maintenance, I had one or two team members (one per large ERP) assigned to daily urgent vendor setups.  I expected urgent requests to come in, and they did.  My next level up and my peers knew who to reach out to if I was not available and it worked well.  Same setup process, expedited.  I would also recommend that a report or log be maintained to track who and why these requests are coming in as expedited.  What is measured improves and identifying any internal team members that continue to submit urgent requests signals a training or a meeting to reduce that behavior. 

 Two: Disregard Vendor Setup Process, and hurry.

Expectations to disregard or postpone your vendor setup process because there is a deadline (need a purchase order, invoice overdue, etc) is problematic.  In my previous role, these urgent requests come in with no supporting documentation and the expectation was to overlook our normal process and add the vendor to the vendor master file.  There is no one to blame here, the vendor and many times the internal team member that had the relationship with the vendor, had no idea what AP’s authentication and validation processes were and assumed that they can be disregarded in urgent situations.  We know better.  We know that fraudulent vendors cost US businesses every day with data breaches and misdirected payments.  Yet, you still have this critical purchase order or payment that needs to be made and you are not able to push back.

 So now what? 

Listed below are the minimum required documentation and validations to setup a new vendor in your vendor master file to protect your company from fraud and reduce the risk of penalties from regulatory agencies.  Read below for how to handle if you are not able to follow your new vendor setup process: 

 

  • IRS W-9 or IRS W-8 for the IRS Tin Check and/or Tax-Exempt Organization Tool

    •  No – W-9 or W-8? Start backup withholding with the first payment.  Communicate to the vendor or internal team member submitting that this will occur if you don’t receive the IRS W-9 or W-8 and the potential of withholding will more than likely be enough incentive for the vendor to submit the W-8 or W-9. 

    •  If the Vendor indicated that they are a Charitable Organization, you need the Legal Name and Tax ID to use the IRS Tax-Exempt Organization Search Tool to verify the vendor is registered with the IRS as tax-exempt.  Set them up as a regular vendor until you receive the W-9. 

     

  • OFAC/SDN Check

    • At a minimum do an OFAC/SDN check since you don’t need any supporting documentation for this check.  Make sure you have the Legal Name and not the DBA. 

    • Search by the Legal Name and if the vendor appears on this list do not set them up in your vendor master file and notify leadership. 

    • Search the vendor Bank Name if the vendor will receive ACH payments. 

     

  • If payment by ACH:  Verify Banking Information to Avoid EFT Returns

    •  Collect the banking data and validate the ABA Routing#/Swift/BIC or the IBAN format for foreign banks.  To reduce the potential for fraud and protect what is considered sensitive data, confirm that the banking data came from the vendor when received. Verify the banking data then reach out to the vendor to verify the banking information received. 

     

  • Address

    •  Validate with USPS or Postal Union (Intl) to confirm that vendor is not fraudulent and using an address that does not exist.  Critical if the vendor will receive payment via check since you don’t want the check returned.

     

  • System for Award Management (SAM)

    •  Governments are prohibited from awarding contracts to contractor entities that are on this exclusion list.  If you are a Government, search using the vendor legal name.

 Include any additional validations or collect any documents that may be specific to your company or industry for vendor setup, and check with leadership and/or as needed.

Have a vendor self-registration portal? Great.  This information can still be useful for those scenarios where the vendor has opted out of the portal (can you say GDPR?), or if the vendor is not in a position to log on register yet.  Also, make sure you are reviewing all authentication, validation and management recommendations to fill any gaps in your vendor portal solution.

Want a handy Cheat Sheet that includes the links to the validation resources?  Sign up for my mailing list below, download the Vendor Validation Reference List and share with your entire team!

 Protect the Vendor Master File from Fraud.  Keep it Clean. 

Vendor Setup & Maintenance Additional Resources: 

 #stayhappy #puttingtheapinhappy #Vendorsetup #vendormasterfile #accountspayable

Is Your Accounts Payable Team Still Taking Live Phone Calls from Vendors?

The human voice, the oldest and most effective interaction, is being used by phishers to solicit sensitive information via live phone calls.  This social engineering tactic is sometimes called “Vishing” where emotional triggers, a sense of urgency, etc. are used to play on human vulnerabilities.  Combine that with the user, in this case, the AP Customer Service member, being the weakest link in any security system, and a basis for eliminating live phone calls can be made. 

In IOFM’s “Benchmarks: Accounts Payable Customer Service,” November 2013, it was not a question of whether Accounts Payable (AP) teams were talking live phone calls, but how many FTEs, which team members the calls were routed, how many were vendor vs employee, etc.   Fast forward to May 2018, where a question on AP customer service efficiency to IOFM Advisory Panelists met with responses revealing a trend toward eliminating phone calls in favor of vendor portals, CRM tools, email and ticketing systems. 

Now the intent is not meant to degrade support to our vendors and internal customers.  The intent is to provide great customer service using a communication method that protects both the vendor and the company from potential fraud. 

If your AP team is no longer taking calls, great.  Reply in the comments how long ago, and what method is being used to receive inquiries. 

If your AP team is still taking calls, make sure you have techniques in place that can authenticate callers. Recommended:   

  1. Authenticate each external call, vendor and employee, before discussing any vendor invoice or account information. Require that the vendor provide at least two pieces of information that a fraudster would not know, such as an invoice number and a PO number, etc.   For the employee, require that they provide two pieces of information such as their cubicle number or their next level up. 

  2.  Give the AP team members a reference for authentication.  The reference makes it easier for the AP team members to remember what information can be used to authenticate the caller. It is helpful if different combinations of elements can be used to authenticate.  Also, it can increase the potential that the AP team members will comply with the policy.  Don’t forget to include a short script to be used to explain the reason for the authentication and how to end the call when the authentication is not successful.  This reference should be treated as confidential and not be shared with anyone outside of the AP team.  

  3.  Monitor to ensure authentication is being followed by AP Team members.  Listen randomly in supervisory mode if your phone system has that feature.  Or consider recording calls and auditing weekly.  Follow-up with as needed with team members where needed and include in performance reviews if possible.  This is one area where it may be done in the beginning, however, as time passes or during busy times (like month-end or year-end) it is easy to skip to increase productivity.  What is measured improves. 

 Authentication is one of four controls to recommended to combat “Vishing”.  See Putting the AP in hAPpy Podcast Episode 2: Social Engineering: Four Internal Controls to Combat Vishing and Protect the Vendor Master File from Fraud) for a more detailed discussion and the additional controls.

Also, join me in Episode 10 of the Putting the AP in hAPpy Podcast where I interview Jason Widmann, a Director of AP, and how he developed a new tool to reduce both live calls and emails on the highest volume pain point with AP inquiries – fielding questions on the status of invoices.  And since he is from AP, he developed the cloud based software with three key elements in mind to make it easier for AP teams to implement.  Tune in to find out what they are.  The episode will be published on Monday, December 24th on www.debrarrichardson.com/podcasts and on iTunes and Google Play. 

Vendor Setup & Maintenance Additional Resources: 

 

#stayhappy #puttingtheapinhappy #Vendorsetup #vendormasterfile #accountspayable

7 Validations Using the Data from the IRS W-9 Form

You require and successfully collected the W-9.  Are you performing the recommended validations?  

To avoid fraud in the vendor master file, validations need to be done to confirm the vendor is real and that data submitted for changes to any existing vendors is real.  This is especially true for those Accounts Payable Vendor Maintenance teams that receive these requests and supporting documentation from internal team members, since authentication of how the data was received (crook.com?) may not be available. 

Here are two key results in the vendor master file that can come from validation of data on the IRS W-9:

  1. Ensure compliance with regulatory agencies, policies and laws where non-compliance can result in significant fines and civil and criminal penalties.

  2. Ensure that there are no duplicate vendors that can result in duplicate payments and be an indicator of fraudulent vendors existing in your vendor master file.

For those teams that have a vendor self-registration portal, great, but read on to see if there are any recommended IRS W-9 validations that may be missing in your current portal.   

 IRS W-9 Form Validations (see below to get links to all validation resources):

  • Legal Name & Tax ID

    • IRS Tin MatchUse Legal Name and Tax ID combination to verify match with IRS records to reduce potential for interest and penalties resulting from data mismatches.

    • IRS Exempt Organization For Non-Profit VendorsAfter IRS TIN Match, use Legal Name and Tax ID combination to verify that the vendor is registered as a tax-exempt organization.

    • Duplicate Vendor Check in Accounting System/ERPSearch by Legal Name and Tax ID, and across all vendor master files if you have multiple Accounting Systems/ERPs. Duplicate vendors = duplicate payments.

    • System of Award Management (SAM)For Government Entities Only – Search by Legal Name.  Governments are prohibited from Awarding Contracts to entities that are on their exclusion list.   

    • OFAC/Specially Designated Nationals (SDN) List Search by Legal Name.  Vendors that appear in search results should not be setup in the vendor master file as US entities are prohibited from doing business with these vendors.  Notify leadership as there should be a formal process to verify any match.

  •  Vendor Address

  • USPS – Verify that addresses are real and standardized for error-free delivery.  Includes both US and Non-US addresses for all mail that will be handled by USPS.

  • Universal Postal Union – Verify that addresses are real and standardized for error-free delivery.  Mail initiated outside of the US for Non-US address delivery.

As normal, review these recommendations with your leadership and/or auditing team and adjust based on your Accounting system/ERP or 3rd Party systems for your company processes and your industry. 

Feel free to comment below if there are additional validations using the IRS W-9 form that you or your team does to ensure that real vendors and real vendor data is updated in the vendor master file.  

Listen to my Podcast Episode 9 that will review validation recommendations for Banking Details, Invoices, and Contracts/SOWs and Authenticated Emails.  The podcast will be published on Monday, December 17, 2018 here:  www.debrarrichardson/podcasts.

Want a handy Cheat Sheet that includes the links to the validation resources?  Sign up for my mailing list below, download the Vendor Validation Reference List and share with your entire team!

 

Vendor Setup & Maintenance Additional Resources: 

 

#stayhappy #puttingtheapinhappy #vendorsetup #vendormasterfile #accountspayable

It’s Time to Clean Your Vendor Master file

When I was an Accounts Payable Manager responsible over 140,000+ vendors across 5-7 ERPs, December was go-time.  Actually, go-time started in September/October when the IRS issued Publication 1220, and we identified what changes needed to be made to the ERPs to comply with that year’s IRS 1099-MISC form and Fire System updates.  By December all the system updates and testing were done, and reality began to set in because (thanks IRS) almost 25,000 1099-MISC forms needed to be accurately generated and distributed to reportable vendors by January 31st.  Yes, all 1099-MISC forms (not just Box 7) were distributed and filed by January 31st.

The same was also true for State reporting. The past few years the States have been making changes to filing requirements, due dates and their participation in the IRS Combined State and Federal 1099 Filing program. 

Both Federal and State reporting required accurate vendor master file data:

  • Legal Name & Tax ID Combination – To avoid IRS penalties for correction filings and subsequent team member non-value-added work issuing B-Notices to vendors.

  • Addresses – to reduce the potential for returned 1099-MISC forms, and subsequent rework logging, identifying the correct address and resending

Click here for IRS filing deadlines for 1099-MISC and Penalty Rates

Now with vendor master file best practices and internal controls for vendor setup and maintenance including new and existing vendor validations and archiving inactive vendors, it should be no issues, right? Maybe, if you have a vendor portal or system that provides continuous vendor monitoring.  But what if you have not gone live with your portal project yet?  Or what if you are not sure your team has followed best practices all year? What if your vendors “forgot” to inform you that they moved, or were acquired or changed their name but kept their same Tax ID?  How confident are you that your vendor master file is clean?   

December is go-time.

Here are eight steps toward a clean vendor master that if not done continuously, should be completed at some interval throughout the year, but definitely before the tax filings:

  • Step 1:  Inactivate Vendor Records w/no PO, Invoice or Payment Activity reduces the volume of vendors in your vendor master file for the remaining steps. Inactivity can be based on 12, 15, 18 or 24 months.

  • Step 2:  Address Standardization – ensures that mailed 1099-MISC will not be delayed or returned due to incorrect entries.

  • Step 3:  IRS TIN Matchconfirm the legal name and tax identification number still match. Confirm with the vendor before the change and notify the vendor after the change.

  • Step 4:  Validate Banking Detailsvalidate routing #’s, validate bank account name matches bank account number. Confirm with vendor prior to change and notify the vendor after the change.

  • Step 5Validate OFAC/SDN List confirm existing vendors have not been added to watchlists post vendor setup.

  • Step 6:  Validate VAT for International Vendorsconfirm VAT number still active for vendor. Confirm with vendor prior to change and notify the vendor after the change.

  • Step 7:  Validate Other Regulatory Parties - based on your industry/company (Dunn & Bradstreet, Office of Inspector General OIG for Healthcare, etc.)

  • Step 8: Analyze Vendor Recordsresearch duplicate vendors, add missing information such as emails, industry coding, etc.  Confirm with vendor prior to change and notify the vendor after the change

As normal, review these recommendations with your leadership and/or auditing team and adjust based on your Accounting system/ERP, or 3rd Party systems for your company processes and your industry. 

I hope this helps those that are still fully or partially maintaining their vendor master file manually.  Let me know if I can help. 

 

Vendor Setup & Maintenance Additional Resources: 

Segregation of Duties in Accounts Payable for SMBs

The Public Company Accounting Oversight Board PCAOB defined Segregation of Duties as “Assigning different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets is intended to reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of his or her duties.”

There are three essential steps in the vendor payment cycle:

  • Creating a vendor record in the vendor master file

  • Creating/Posting the Invoice from the Vendor

  • Paying the Invoice from the vendor

Blog Post 7 Image.jpg

So, what do you do if you company does not have enough employees to comply with Segregation of Duties?  Not to worry, the PCOAB addressed the difficulty of small to medium sized businesses achieving this preventative control and recommended management oversight be used to achieve the control objectives.   Here are four recommendations for compensating controls that can be put into place where Segregation of Duties is not possible to protect the vendor master file from fraud: 

  1. Require Management Approvals for New Vendor Setups and Existing Vendor Changes

    • Require approval for all new vendor adds and vendor changes

    • Require supporting documentation including source of the add or change request

      • IRS W-9

      • Banking Details

      • Copy of Secure Email – no changes or adds should be done via phone or person to person without documentation

      • Vendor Setup Request Form signed

    • Try to refrain from AP personnel requesting vendors, but if needed, have management sign-off

    • Require validation be attached to the vendor record

      • IRS Tin Match – ensure the vendor legal name remains valid

      • OFAC Validation (Bank and Vendor)

      • Both the requirement of the documentation and the validation of that documentation is a quick indication that the vendor information is valid and not fraudulent.

  2. Management review all new vendor setups and vendor changesprior to payment runs

    • Look for changes in banking or remit addresses that were changed then changed back quickly.  For each change your system should maintain an audit log that will tell you the date, time and user making the change.

    • Cross-check that the vendor address or vendor banking if changed, does not match the employees address or banking.  You may will need to collaborate with Payroll and/or IT for this one if you do not have access to those records.  If you don’t already have access, you don’t need to get it, you only need a way for that check to be done in the background and have them notify you if there is ever a match.

  3. Management review pay cycles prior to releasing payments

    • Review invoices for existing vendors to ensure the invoice numbering is consistent with historical invoice numbers. 

      • Investigate any that have additional letters or numbers such as “a” or “1” that adds to an otherwise valid invoice number

      • Investigate any invoices out of sequence

    • Review the backup for any Non-PO invoices

  4. Inactivate Vendors - Monthly, Quarterly or at the very least annually – Review your Vendor Master and inactivate vendors that have not had Invoices, Purchase Orders or Payments in 12, 15 or 18 months.  This will reduce the # of vendors that management needs to be concerned with, reduce the potential for fraud because the record will not be available to select in error or intentionally to perpetrate fraud.  Require that all inactive vendors follow the same process for new vendor setups.    

As normal, review these recommendations with your leadership and/or auditing team and make adjustments based on your Accounting system/ERP or 3rd Party systems for your company processes and your industry. 

If you enjoyed these recommendations, consider taking my Vendor Master file training that consists of Authentication, Validation and Management courses or eGuide as part of a 3 Step Vendor Setup and Maintenance process to protect the vendor master file from fraud and keep it clean.   Visit www.debrarrichardson.com/training for more details. 

Vendor Setup & Maintenance Additional Resources: 

 #stayhappy #puttingtheapinhappy #Vendorsetup #accountspayable

9 Ways To Collect Missing Vendor Email Addresses to Update the Vendor Master File

vendor setup & maintenance

 

Getting ready to implement your Accounts Payable (AP) automation, dynamic discounting, or vendor portal project and you don’t have the critical item you need increase adoption?  A valid vendor email address.   

Lack of valid email addresses in the vendor master file can have the following effects in AP:

  • Vendor Portal Implementation / AP Automation Project – Removes the option for vendor email communication for upcoming change and subsequent use of the solution.

  • Working Capital Solutions – Can decrease participation/enrollment from vendors unaware of alternative payment options.

  • Remittance Payment Information – Increased calls to the AP Help Desk requesting invoices included in a payment due to not receiving remittance information.

  • Purchase Order Delivery – In some Accounting Systems/ERPs no purchase orders will be sent automatically.

  • Vendor Record Confirmations – Affects the ability to reduce the potential for fraud in vendor master file by sending email confirmations for requested changes.

And it’s not just valid emails – it's the right emails. 

So which emails are needed for the Vendor Master File and how do you get them?  Most Accounting Systems/ERPs have a separate email for remittance information which may be a generic email address.  Collect this one and make sure it is in the correct field on the vendor record needed to push the remittance to the vendor.   It’s also good practice to require at least a remittance email address at vendor setup. 

Next, collect the names and email addresses of the points of contact to validate vendor record changes.  Recording multiple contacts if available will give additional options for confirmations and will assist with authentication if those contacts call or send an email into the AP Help Desk for assistance.   

Lastly, identify those purchase order vendors that need email addresses to automate purchase order delivery.  There may be a separate email address to send purchase orders. 

For those that need to obtain missing email addresses for existing vendors in the vendor master file, here are some ways to get either the email address or the contact information to request the applicable email addresses from the vendor:  

  • Invoices – Pull invoice hard copy or images.  May get more emittance email addresses.

  • Purchase Orders – Email addresses may be for purchase order delivery only

  • Contracts – May include payment instructions including A/R email or points of contact

  • Call or Send Letter to Vendor – Remittance address on the vendor master file. The telephone number can come from other sources on this list.

  • Stakeholder Groups in your Company – They may have a separate system with vendor email addresses for both remittance and points of contact.

  • 3rd Party AP Solution – Many 3rd Party Solutions collect vendor email addresses and other contact information. Leverage solutions used at your company. 

  • LinkedIn Company Pages / Company Website – Can provide valid URL to the company website.

  • Company Website - To get email addresses or telephone number call and request.  

  • Other Vendor Master Files - Do you have multiple Accounting Systems/ERPs and thus multiple vendor master files? Check each system for at least a starting point. Be careful though, since different systems may mean different types of spend, email addresses/contacts can be different.

A reminder that if during this email address search project, you identify existing email addresses that need to be updated, send a confirmation to the old email addresses as part of your internal controls to protect the vendor master file from fraud.  See blog post titled “Send a Notification to Vendors After Updates in the Vendor Master File” dated October 18, 2018. 

What additional ways have you used to update vendor email addresses in the vendor master file?

Stay hAPpy.

Vendor Setup & Maintenance Additional Resources: 

#Stayhappy #puttingtheapinhappy #vendorsetupandmaintenance #vendorsetup #businesscase #apautomation

Need Help with ROI for a Vendor Portal?

ROI Image.jpg

Calculating a rock-solid Return on Investment (ROI) for an Accounts Payable (AP) Vendor Self-Registration Portal project can be daunting.  First you need to calculate the total costs (investment).  The total costs need to include implementation costs, plus annual subscription/licensing, maintenance and support costs.  Your potential supplier can assist with identifying these costs. 

Next, you need to calculate your total savings (benefit) that will be unique to your company.  To make sure you capture all costs, talk to all stakeholders in the Procure-to-Pay process and identify their time to include in the savings costs.  These stakeholders can include Accounts Payable, Procurement, IT and large groups that submit vendor requests.

Here is an example of items used to calculate savings for a Vendor Supplier portal to automate the vendor setup process: 

Monetary Savings

  • Vendor Maintenance Labor Costs $

    • Hours per day x 260 days per year x Avg Rate per hour of staff

      • Change Existing Vendors

      • Add New Vendors

    • Vendor Data Validation (since it must be done vendor by vendor)

      • IRS, OFAC and Banking Detail validations. 

    • Reduce saved hours by 10% to account for manual processing

      • Portal downtime (should be minimal)

      • Rare, but potential scenario when a vendor is allowed to opt out of the portal (GDPR, etc.).

  • Vendor Data Validation Costs $

    • IRS TIN Match - Yes verifying with the IRS is free, however, registration needs lead time and your team’s personal tax data.  To reduce potential periods with no access, some use paid 3rd Party sites to validate against IRS records and those costs need to be included.

    • OFAC/SDN & Other Watch Lists – License and/or monthly fees for access.

  • Internal Requestor Labor Costs $

    • Estimated # of Requests submitted per year x # of minutes to submit requests - includes time communicating with the vendor.

    • Estimated # of Requests reworked per year x # of minutes to resolve with the vendor, correct and resubmit.

Non-Monetary Benefits

  • Compliance and Controls > Fraud Deterrence

    • Eliminates the need to gather W9’s and Banking data by allowing the vendor to self-register.

    • Removes confidential vendor information from Internal Requestors previously needed to submit on the vendor’s behalf.

    • Systematic Vendor Authentication.

    • Bank Routing/ABA & Bank Account Ownership validation.

    • Support IRS Regulatory Changes:  Interactive W-9 forms, reducing risk for penalties/interest for by collecting error-free, certified and signed forms.

    • Provides Diversity Certification and Industry Codes across vendor master file.

    • Collects and stores Insurance Certificates either by requesting from the vendor or attaching once received from the vendors’ insurance company.

  •  Increased Usability

    • Supports multiple languages.

    • Streamlines vendor setup and maintenance into a single usable tool.

    • Enhances the AP user experience by allowing the vendor to make their updates to addresses and banking.

    • Enables mass communication to vendors.

    • Potential to integrate with other 3rd Party solutions to gain efficiencies, such as with 1099 distribution.

  • Capital/Project Budget

    • Eliminate planned ERP enhancement projects.

Now with your total costs and total savings, input into your ROI template, review, revise (do it again) and present to leadership.  You’re a step closer to your vendor self-registration portal. 

Vendor Setup & Maintenance Additional Resources: 

#Stayhappy #puttingtheapinhappy #vendorsetupandmaintenance #vendorsetup #businesscase #apautomation

How Are You “Putting the AP in hAPpy?” Enter to Be on Podcast!

How Are You “Putting the AP in hAPpy?” Enter to Be on Podcast!
Putting the AP in Happy.JPG

The phrase “Putting the AP in hAPpy” didn’t begin that way.  The journey began after returning from the IOFM* APP2P Spring Conference in 2017.  I love attending conferences and networking with colleagues about topics I am passionate about and Accounts Payable (AP) is one of them.  As I sat in the living room talking to one of my non-AP friends explaining that AP is my happy place and in trying to emphasize that point to a bewildered face – I said “see, there’s even an AP in happy” which 5 minutes later shortened to “There’s an AP in hAPpy!” I immediately added that phrase to my work email signature to show the passion I felt for Accounts Payable.   

Now don’t get me wrong, I spent 15+ years knee deep in g/l, financial statements, budgeting and forecasting and I loved it.  There is something so satisfying in reclassing an expense to the right account code, or recounting inventory to correct COGS 😊.  Even as a Controller, when I oversaw AP at a local level which basically meant keying in the few invoices that were for our site, I didn’t get it. It wasn’t until I only focused on AP that my passion came alive.  I don’t know if it was a mid-career crisis and AP was the shiny new sports car, but when I had an opportunity to build a new AP team, I jumped at it and my career was re-energized. 

That renewed energy eventually took me out of my comfort zone, and I relocated to a new State to focus on Vendor Setup & Maintenance within Accounts Payable in a Shared Services environment.**  Five years later, I am here with you now, providing content on how to prevent fraud in the Vendor Master File based on my experience maintaining 100,000+ active vendors in multiple ERP systems.  I gave action to the phrase “There’s an AP in hAPpy” which turned it into “Putting the AP in hAPpy” and created a new blog and podcast to serve all Accounts Payable team members.  

Now is your turn.  How are you “Putting the AP in hAPpy?”

Whether a newbie to Accounts Payable or a seasoned professional, at a small company or large, everyone has at least one great idea, one great contribution to a team. I want to hear about one of yours.  Don’t worry, we will omit company names, systems and 3rd party solutions, but they are not needed anyway – the focus is on you!

  1. Before the Podcast - Click button below and submit the form below to start discussion.

  2. During the Podcast - Podcast Interview – < 20 minutes

  3. After the Podcast - Add a link to the Podcast on your LinkedIn Profile for visibility for current and future connections and career growth!

Complete the form below and let me know how are you “Putting the AP in hAPpy”!

  • Did you complete your certification?

  • Did you get training?  In what area?

  • Were you part of a team that implemented an AP automated solution – what was your role and contribution?

  • Are you the one who remembers your team members “special day”?

  • Did your suggestion save your company $$ or process hours?

  • Did you avoid a fraud attempt?

  • ??

#Stayhappy #puttingtheapinhappy #vendorsetupandmaintenance

Vendor Setup & Maintenance Additional Resources: 

*IOFM: www.IOFM.com

**My career: www.linkedin.com/in/debrarrichardson

AP & Procurement: Owning the Vendor Master File

I attended a conference last week with what turned out to indeed be "Procurement Maestros," and it was a great experience.  With more years on the Accounts Payable (AP) side of the Procure-to-Pay (P2P) process, I paused to think about my view that AP owns the vendor master file.

My view is in large part due to regulatory requirements based on the vendor master file and the administrative tasks that go along with them:

  • IRS - Having overseen the distribution of up to 27,000 IRS 1099's and 1042's and the related tax filing for multiple years, I understand the work involved in keeping up to date with valid addresses, vendor acquisitions, etc. to avoid potential backup withholding requirements and IRS penalties and interest due to vendor data errors.

  • NACHA - There are also the banking details that must be updated timely not only to avoid EFT returns but also for Notice of Change notifications from the bank.  The notifications indicate that the bank account or routing number has changed and there is a limited time to update the vendor master file a NACHA violation is received. 

  • Escheatment - Banking details along with vendor addresses also affect escheatment.  Escheatment of unreconciled payments (checks or electronic) is becoming the focus of many States causing administrative tasks for companies.   According to JD Supra article "Unclaimed Property:  5 Key Developments for 2018", States are viewing escheats as a crucial source of revenue and the 5th key development is the proliferation of unclaimed property audits. 

Administrative tasks are not the daily focus of the Procurement team.  They are rightfully focused on the vendor relationships that provide products and services, at the best price and quality, that keeps our organizations running efficiently.  Also, even with compliance to a purchasing policy, there will be vendors that do not require a Purchase Order (PO) so will not be handled by the Procurement team, but still need to find their way into the vendor master file.  

So, no, I did not change my view that AP should own the vendor master file. But, I could be wrong, since that was no longer my question. The real question I determined was, in this digital climate of automated solutions, how can AP better contribute to AP and Procurement working together to build a valid, complete and fraud-free vendor master file that ensures accurate on-time payments? I came with three ways as a start:

  1. Partner with the Procurement team to bring in a P2P solution – Implementing an end to end solution that solves the pain points of both teams is a win-win, even when the inevitable comprise is required.  Both AP and Procurement would have a seat at the table, and the collaboration opens the door for future consolidation of the teams either as one group on or under the same leadership. 

  2. Share Vendor Data – Today, especially in larger organizations, vendor data can exist in multiple systems outside of the ERPs, to support different functions.  Working with Procurement to integrate or sync vendor validated data to ensure we are all working with the same information will help AP as well. AP can leverage the relationship Procurement has with the vendors to be notified of changes before payments are issued, 1099's or 1042's is generated, or payment is escheated to the state.  Treatment of confidential data must be taken into consideration.

  3. Communicate vendor master issues/changes.  Did a vendor's payment return and AP put the vendor on hold, so no future payments will go out until it's resolved?  Communicating this issue can be crucial to Procurement maintaining their vendor relationship, plus that email AP sends out to obtain updated information, may be answered if the Procurement team member is cc'd.  In my experience, AP's email to the vendor will go unanswered, only to have the vendor reach out to a blind-sided Procurement team member when they haven't received payment. 

If you are a Procurement team member, how else can AP be a better partner?  If you are an AP team member, what have you done to be a better partner with Procurement?

Leave your comments below.  

 

Note – A key concern for AP owning the vendor master is segregation of duties. Compensating controls need to be in place in AP to reduce the potential for fraud due to increased access to create vendors, invoices, and payments by the same group.  For this reason, some companies have moved the vendor master file to a different group outside of both AP and Procurement.  As reported in a December 30, 2014, IOFM article "Who should be entering vendors in the master file, AP or purchasing? Should this task be shared?":  1) 76% - AP owned the vendor master file; 2) 2% - AP and Procurement shared the vendor master file, and 3) In a few cases the vendor master file was handled by a separate group. 

 Vendor Setup & Maintenance Additional Resources: 

#Stayhappy #puttingtheapinhappy #vendorsetupandmaintenance

Charity Fraud - Verify Before You Give

This week is Charity Fraud Awareness Week and the Fraud Advisory Panel has been spreading the hashtag #charityfraudout across social media to bring awareness to charity fraud.

On October 10th, The FTC published on their site that they received reports of fake charities taking advantage of the devastation that Hurricane Florence caused in North and South Carolina.

With Hurricane Michael and the upcoming Giving Tuesday on November 27th, it’s a great time to learn how to protect yourself and your business from charity fraud.

Verify before you give.

Below is a video and graphic provided by the FTC Consumer Information site and there are resources from the Fraud Advisory Panel and the IRS to help you verify before you give. I have added the links below.

Want to know how to provide the vendor master file from charity fraud? Listen to the Putting the AP in hAPpy Podcast - Episode 3: Fake Charities: How to Protect Your Vendor Master File from Fraud.

Vendor Setup & Maintenance Additional Resources: 

https://www.consumer.ftc.gov/blog/2018/10/charity-scams-follow-hurricanes-wake

https://www.consumer.ftc.gov/blog/2018/10/charity-scams-follow-hurricanes-wake

Send a Notification to Vendors After Updates in the Vendor Master File

Each time I make a change to any of my personal accounts online, I receive a notification that at a minimum, says a change was made to my account and if I didn’t initiate the change, to contact them (hopefully not via a link in the email). Some sites go as far as preventing the change unless I confirm through email or go to the account and change a setting first (thanks Google :-)).

The same can be done for the vendors in your Vendor Master File, by sending a post-update notification using the previous communication information (if changed) to notify the vendor of the change.  Include in the notification the general fields such as “Address” or “Banking” that were changed and your departments contact information, but do not include the actual details changed.  This should be enough information to alert vendors to contact your department if they did not initiate the change(s). With “phishing” and “vishing” cyber schemes today, no matter how the supporting documentation was collected or who updated the vendor record, you cannot be too careful when protecting the vendor master file from fraud.

The key fields to warrant the notification are those that include confidential or sensitive personal identifiable information, that are used for authentication or that affect payments.  Depending on your company processes or industry the key fields may be more or less than the field list recommended below:

1.      Legal Name

2.      Address

3.      Banking Details

4.      Social Security Number/Tax ID

5.      Remittance Email

6.      Contact Email

I know you are going into the busy season for Accounts Payable.  You will start receiving all those invoices in that have been on desks all year and new vendors will need to be created to pay them.  If your team is also responsible for issuing vendor 1099’s and 1042’s and the related IRS tax filing, right now you are probably updating your account system/ERP with the IRS Pub 1220 updates that are required for preparing 1099 files to meet IRS specifications. Not to mention cleaning up your vendor master file for the same reason.

And now a new process?  Hopefully, if you are with a large to mid-size company this post-update notification process is already in place.  If so, it is still a great time before the year-end push begins to review the fields that trigger the change to validate whether any recent changes that affect the vendor master field requires the field list to be updated. 

Here are some options to implement the post-update notification: 

Vendor Portal: If your company has implemented a portal to automate the vendor setup and maintenance process, the portal may have configured a notification email back to the vendor whenever the record is updated.  Even if the change in the portal was made by the vendor, a change to the record should trigger a notification. You may want to confirm that the setting is turned on and that the email wording is applicable. 

Accounting System/ERP:  If your accounting system/ERP has not been configured to send an email automatically when fields on the vendor record are updated, consider requesting an enhancement to add that functionality.  This may not be possible with some out of the box or cloud-based systems, but may be possible with larger ERPs that are maintained by an IT/Development team.  

Robotics Process Automation (RPA):  If your current vendor portal or accounting system/ERP does not offer an automated confirmation process, consider Robotics Process Automation (RPA) software.  RPA software allows employees to talk to other digital systems and configure triggered responses based on rules for repetitive tasks.  A change on a vendor record triggering a form letter or email notification to be sent appears like a candidate.  Check with your leadership and/or the IT/Development team to see if this is an option since software may need to be purchased and team members may need to be trained. 

Manual Email: If any of the automated options above are not available to you, there is always email.  Use an email template to make the process easier.  Develop a process to pull and review vendor master file changes and confirm the manual notifications were sent.

Manual Letter – U.S. Mail:  If the vendor does not have an email address on file, send a letter.  This is the most manual process and should be an incentive for collecting the email address at the time of vendor setup.  Use a Word template to make the process easier.  Develop a process to review vendor master file changes and confirm that manual notifications were sent.

What did I miss? 

Vendor Setup & Maintenance Additional Resources: 

#stayhAPpy #puttingtheAPinhAPpy #vendorsetupandmaintenance #authentication