In my last two blog posts “Check Payment Method? Still Needs to be Protected from Cybercriminals” and “4 Steps to Protect Your Vendors Banking from Being Changed by a Cybercriminal Includes a Critical Step Most Companies Leave Out” I identified additional steps that will need to be done when making changes to existing vendor data. In fact, many of the fraud prevention techniques I recommend to protect the vendor master file from fraud require additional steps. And, since less than 30% of Accounts Payable (AP) Vendor Maintenance teams have a vendor self-registration portal, these additional steps are manual processes that are added to an already manual or mostly manual Vendor Setup & Maintenance process. RPA to the rescue.
Why Robotics Process Automation (RPA)?
Enter Robotics Process Automation (RPA). RPA is a digital solution that uses software to program “bots” to perform repetitive, rules-based tasks that can be kicked off by a human or have a predetermined schedule to run without intervention. The best part? Your IT team may not be necessary. You or a team member can learn RPA software and get to work on a list of eligible manual tasks that can be automated.
Click here for a list of RPA Tools & Vendors provided by AI Multiple.com.
How RPA Can Be Used For Fraud Prevention in the Vendor Setup & Maintenance Process
Let’s be frank. Fraud prevention tasks that I recommend in my AUTHENTICATION. VALIDATION. MAINTENANCE. TM Vendor Setup & Maintenance process eGuide and Toolkit is successful in reducing the potential for fraudulent payments, but adds more work. For those that have a vendor self-registration portal some or all the recommended steps and tasks may already automated. For those teams that do not have vendor self-registration portal (70%+), the additional manual task is piled on top of the current full or partial manual process.
To that end, I reviewed which fraud prevention tasks are repetitive and rules-based and came up with the following potential RPA candidates:
1. Sending Notification to Vendors - Notifications to vendors is a fraud prevention task because it alerts the vendors to changes to their vendor record, with your contact instructions so they can contact you if they did not initiate the change.
a. How? Program the “bot” to sign-in to the Accounting System or ERP, run a report on all vendors that had a change to banking or remit address (or other critical fields) based on modification date. Then using a generic email address and notification template the bot has access to, have the bot create and send a notification email to the vendors on the report. The report can be emailed to a human and stored for reference and audit. Program to run at least daily.
2. Vendor Inactivation - Inactivating vendors that have not done business with your company in 12, 15, 18 or 24 months reducing the volume of vendors available for fraudulent activity. It also keeps your vendor master file clean, because it requires revalidation for inactive vendors.
a. How? Program the “bot” to sign-in to the Accounting System or ERP and run reports to identify the last invoice, payment and vendor record activity, and whether there are open Purchase Orders. Then download and consolidate the reports in Excel. Using macros to build pivot tables, formulas, etc. to identify those vendors where the date for each activity is over your inactivity months threshold. Those vendors can then be inactivated. The report can be emailed to a human and stored for reference and audit.
3. Generate Reports & Analytics – Generating management reports that show vendor adds and changes can be critical as a compensating control where there is no segregation of duties. Reports can also be run to compare employee data to vendor data to prevent occupational fraud. Generating analytics on a period basis to track # of vendors created, inactivated or that have ACH as a payment method provides information to management on work balance.
a. How? Program “bot” to sign into the Accounting System or ERP to run new or existing reports and email them to management to review. Monday morning coffee and reports anyone? Or how about prior to pay cycles – have reports sent to management to review vendor adds or changes since the last pay cycle. The report can be emailed to a human and stored for reference and audit.
4. Validations – US Based entities are prohibited from doing business with vendors on certain watchlists. Monitoring that existing vendors have not been added to the Office of Foreign Assets & Control (OFAC) Specially Designated List or the Excluded Parties List (EPLS) for example, after the initial check during vendor setup is not always done on a recurring basis. What better time to perform the check than prior to the check run?
a. How? Program the “bot” to sign into the Accounting System or ERP and pull a report on the generated pay cycle or identify the vendors that will be picked up in the next pay cycle. Export that report. Some 3rd parties such as Tincheck.com allow bulk upload validations, which allow the “bot” to sign-in (yes, they get their own sign-on) and have them process the file. The report can be emailed to a human and stored for reference and audit. The human can determine if any vendors need to be removed from the pay cycle.
These are just some ideas of how to apply and use RPA to automate repetitive, rules based tasks that will allow AP Vendor Maintenance teams to incorporate not only the fraud prevention tasks, but other manual tasks that a team member is currently assigned to perform.
Worried a “bot” can take your job? Up your skills and learn how to program “bots”. Many of RPA software providers such as Automation Anywhere and UI Path offer training, certifications and a free trial to get you started.
Has your department used RPA to automate other Vendor Setup & Maintenance processes? I’d love to hear about it – comment below or email me at email@example.com.
Debra R. Richardson,
MBA, APM, APPM, CPRS
Debra is an accounts payable speaker, consultant, and trainer with over 20 years of experience in AP, AR, general ledger, and financial reporting for Fortune 500 companies including Verizon, General Motors and Aramark.
For the past eight years, Debra has focused on Global Vendor Maintenance, and implemented a vendor self-registration portal for 140k+ global vendors across five Accounting Systems/ERPs. In her consultancy, she focuses on internal controls and authentication to prevent fraud in the vendor master file.