Each time I make a change to any of my personal accounts online, I receive a notification that at a minimum, says a change was made to my account and if I didn’t initiate the change, to contact them (hopefully not via a link in the email). Some sites go as far as preventing the change unless I confirm through email or go to the account and change a setting first (thanks Google :-)).
The same can be done for the vendors in your Vendor Master File, by sending a post-update notification using the previous communication information (if changed) to notify the vendor of the change. Include in the notification the general fields such as “Address” or “Banking” that were changed and your departments contact information, but do not include the actual details changed. This should be enough information to alert vendors to contact your department if they did not initiate the change(s). With “phishing” and “vishing” cyber schemes today, no matter how the supporting documentation was collected or who updated the vendor record, you cannot be too careful when protecting the vendor master file from fraud.
The key fields to warrant the notification are those that include confidential or sensitive personal identifiable information, that are used for authentication or that affect payments. Depending on your company processes or industry the key fields may be more or less than the field list recommended below:
1. Legal Name
3. Banking Details
4. Social Security Number/Tax ID
5. Remittance Email
6. Contact Email
I know you are going into the busy season for Accounts Payable. You will start receiving all those invoices in that have been on desks all year and new vendors will need to be created to pay them. If your team is also responsible for issuing vendor 1099’s and 1042’s and the related IRS tax filing, right now you are probably updating your account system/ERP with the IRS Pub 1220 updates that are required for preparing 1099 files to meet IRS specifications. Not to mention cleaning up your vendor master file for the same reason.
And now a new process? Hopefully, if you are with a large to mid-size company this post-update notification process is already in place. If so, it is still a great time before the year-end push begins to review the fields that trigger the change to validate whether any recent changes that affect the vendor master field requires the field list to be updated.
Here are some options to implement the post-update notification:
Vendor Portal: If your company has implemented a portal to automate the vendor setup and maintenance process, the portal may have configured a notification email back to the vendor whenever the record is updated. Even if the change in the portal was made by the vendor, a change to the record should trigger a notification. You may want to confirm that the setting is turned on and that the email wording is applicable.
Accounting System/ERP: If your accounting system/ERP has not been configured to send an email automatically when fields on the vendor record are updated, consider requesting an enhancement to add that functionality. This may not be possible with some out of the box or cloud-based systems, but may be possible with larger ERPs that are maintained by an IT/Development team.
Robotics Process Automation (RPA): If your current vendor portal or accounting system/ERP does not offer an automated confirmation process, consider Robotics Process Automation (RPA) software. RPA software allows employees to talk to other digital systems and configure triggered responses based on rules for repetitive tasks. A change on a vendor record triggering a form letter or email notification to be sent appears like a candidate. Check with your leadership and/or the IT/Development team to see if this is an option since software may need to be purchased and team members may need to be trained.
Manual Email: If any of the automated options above are not available to you, there is always email. Use an email template to make the process easier. Develop a process to pull and review vendor master file changes and confirm the manual notifications were sent.
Manual Letter – U.S. Mail: If the vendor does not have an email address on file, send a letter. This is the most manual process and should be an incentive for collecting the email address at the time of vendor setup. Use a Word template to make the process easier. Develop a process to review vendor master file changes and confirm that manual notifications were sent.
What did I miss?
Vendor Setup & Maintenance Additional Resources:
For training and information on what you and your team can do to protect your vendor master file from fraud visit my website at www.debrarrichardson.com/training
For assistance with cleaning your vendor master file or reviewing your vendor setup & maintenance process visit my website at www.debrarrichardson.com/services.
#stayhAPpy #puttingtheAPinhAPpy #vendorsetupandmaintenance #authentication