Organizations of all types onboard thousands, often tens of thousands, payees each year. For 99% of those organizations, this effort is a highly MANUAL process. Relics such as fax machines and bins for paper forms are still the norm. The average onboarding for a new payee touches approximately six different internal hands (on average!) before it makes its way into the ERP. Countless hours are spent on this process and the overhead costs are through the roof. In fact, our internal data pegs that it costs your organization between $100-$200 each year to onboard and maintain each supplier in your vendor master. Do the math- it isn't pretty. (More on this cost later.)
With today’s technology, it seems like it would be easy to automate and collect this information digitally. So why is this process still stuck in the 80’s?
A Word From One of Your Peers
Johns Hopkins University is one of the largest research institutions in the county. Billions of federal funds get poured into the University and Medical Center for research - in fact they receive more federal funding than any other institution in the country - by about 2x!
As you can imagine, this means they pay quite a lot of people. They have tens of thousands of vendors onboarding into their ERP (SAP) every year - not to mention all the information updates submitted by existing vendors. We interviewed Matt Persic, Director of Procurement Operations at JHU, to hear about their challenges.
“After we walked through our current vendor registration process here at Johns Hopkins, we realized it was a very manually intensive process with multiple points of entry, requiring duplicative data entry, and lacking transparency to the end user. We recognized the need to address those issues and make this an opportunity to really automate and tighten things up. Maybe the largest impetus was when we realized that we had an opportunity to strengthen information security by eliminating: email, printing out forms, the practice of transferring vendor information between employees, and the appropriate disposal of documents generated through the process.”
While JHU may differ in volume from many organizations, their problems are likely all too familiar to AP and procurement professionals in all industries and in organizations of all sizes.
How Did We Get Here?
We have five reasons why vendor management is such a complex process and difficult to nail down.
Many large organizations, especially those in higher-education, healthcare, construction, state/local government, have what is called distributed purchasing - or distributed procurement. This means that there are multiple people (often a significant amount) within the organization - departments, business units, etc. - who have the authority to choose who they want to do business with.
At a smaller company, or a centralized company as is typical in manufacturing, this process is locked down. There’s one buying group making all the decisions regarding vendors and suppliers. At a university or hospital system, for example, this would be impossible! There are hundreds of departments with thousands of people and that would each need a procurement manager just to keep up. To prevent logjams, organizations of this type allow for the departments and business units to have buying power.
This distributed model is the only way purchasing can work at a company with a distributed organization, but it also now means that a manual process for collecting vendor information, and any controls that may or may not be in place are exponentially more difficult to execute against. In this type of organization, who, ultimately, owns the payee relationship and the validity of the submitting credentials?
Complex Vendor Records
Let’s start at the beginning: What is a Supplier Portal? Supplier portal can mean multiple things. In the simplest form, it is a webbased tool that allows for suppliers to submit (and sometimes manage) their company’s information to their customers. The reason for submitting information may be to get paid, to submit a bid, to upload an insurance certificate, or all of the above. Supplier portals may just be a feature within a larger solution set, such as an e-Procurement system. Or they may be a standalone application.
One of the major reasons why most supplier portals are frustrating to use is because they aren’t built to handle payee’s with complex vendor records. Specifically multiple addresses. Although everything can be done virtually now - POs, contracts, invoices, etc. - the address field is still a mainstay in the Vendor Master file.
An address is important for a few reasons: it’s part of a company’s legal identity, it’s included on the W9, and it needs to be used when filing for incorporation, for example. For complex organizations, it has another key role: it’s used to distinguish between divisions or groups within a large organization.
For example: Ford has many locations around the globe. If you are buying from and remitting to their Chicago location as well as their Miami location, you’ll need to distinguish between these two locations in the ERP. This use case, two locations but one tax ID, is extremely common. In fact, we’ve seen vendor records with more than 150 addresses for one payee!
Adding to the complexity, most ERPs (and their users) typically create one vendor number per Tax ID. But this isn’t always the case, especially for state agencies that share a Tax ID across all agencies, for example, in the State of Maryland everything from the RMV to the University of Maryland Baltimore County share the same Tax ID. Keeping these separate in the ERP can get challenging.
Believe it or not, it was easier in a paper-based world for an AP department to handle multiple locations than it is with supplier portals. Portals do not have efficient ways to input and organize this information, and as a result, the problem is often unsolved.
One Size Fits All
All payees are NOT created equal.
It would be a lot easier to manage your payees if they were. The reality is your payees are far from equal as there are so many different types.
If you start at the most basic level, the first most significant difference amongst payees is company vs. individual, aka: EIN vs SSN. In complex buying environments, most individual payees are consultants, sole proprietors, guest speakers, honorarium, or students. When onboarding these types of payees, most AP departments do not typically need to collect the same documentation they would from a big entity, items like insurance information or business classification (diversity), for example.
Depending on your organization, you may onboard a significant number of foreign payees. This stands true in industries like technology, higher ed, healthcare, and more. These organizations may have dedicated Tax Departments within Finance that will handle the complexities with foreign payees.
- Are they an individual?
– Non-resident alien?
– Resident alien?
- How do you get them paid?
– Can you easily verify their overseas bank account information?Are they an individual?
- Are they an individual?
Managing foreign payees can be challenging. There’s a significant amount of tax considerations when doing business with an individual, for example. And one thing is for certain, you need a dynamic user experience when collecting vendor information from a foreign individual or company. It needs to be tailored to the needs of your payees or else it will make the challenges of collecting the right information that much harder.
Furthermore, the information you need to collect from companies can vary as well. Are they in your state and subject to specific state mandated requirements? Will they be handling PII? Will they be coming on site? Are they a PO vendor? Do they accept credit cards for payment? The list goes on and on. In order for your payees to go through the process efficiently, they should only be required to answer questions that are applicable to them.
The simple problem is this: paper forms aren’t dynamic. And most online tools to collect supplier information, aren’t dynamic either. But your requirements for onboarding payees ARE dynamic. It’s all very vexing.
Payee Information Constantly Changing
Across all of our customers, we’ve established that approximately 30% of their vendors will change at least one piece of their information at least once each year. This may be a new remittance address, a change of bank account, or an updated insurance certificate. Or something more complex - like a merger of companies under one Tax ID.
We’ve heard time and time again: updating information is hard. So hard, that many (most?) organizations don’t even have an established process to support it. Do they have a separate form for vendor updates? (Probably not.) Do they go through a centralized process in AP/ Procurement? (Probably not.) Do the departments and business units still deal with the vendor on this? (Probably!)
This is just for the updates that the payees proactively submit — which equates to a small % of the total updates. Many updates come in the form of a new remittance address on an invoice. Or maybe via an internal notification regarding an expired insurance document. Or - and worst of all - the payee has popped up on a sanction list and your AP team doesn’t know about it.
Updates are time consuming and challenging without a process, system or clear internal ownership of accepting and making the changes.
It is fair to say that there is a lot that is involved with vendor onboarding and maintenance. And getting it right is important, so there is a lot that SHOULD be involved. For certain industries like banking, higher-ed, healthcare, SLED (State, Local, K-12 Education) there could be major ramifications if this process does not work well— or if they fail to do parts of it at all.
But the reality is that in a manual, paper-intensive process, it’s very difficult to maintain governance - or any semblance of business controls. Imagine trying to piece together what happened after something goes wrong like a fraudulent payment. This manual process likely touched many hands and information is often exchanged via phone calls, emails, and even faxes. Where is the audit trail? Everyone eventually needs that audit trail.
If you’re in the industries listed above, or the many others where this is important (SPOILER ALERT: it’s every industry), you need to have governance and business controls in place. If you receive federal funds, the government has guidances to push you to do this. If you have an insurance policies —umbrella, cyber, E&O, etc. — the insurance companies will push you to do this. If you cannot show that you have control over your process and an audit trail in the event something goes wrong. Your constituents, partners, or anyone else relying on the company to protect sensitive information will have a lot of questions.
Ready to make a case for investment?
What Can You Do About It?
So what can you do about this RIGHT NOW? There’s a handful of things that every organization should be doing in the immediate - even without full automation.
Create Ownership Over the Process
This is the easy part and it’s often neglected. At most organizations, vendor management is shared across multiple departments usually because it’s not a simple relationship. There are contracts, payment terms and details, the business relationship itself, security screening if it’s an IT vendor, and so on. Despite this complexity, someone at your organization should own the process of collecting, securing, and recording all vendor related information. Get this process out of your business units and move it to a central source, typically AP or Procurement. Start here so it’s clear who is responsible for the rest of this list.
Lock Down Sensitive Information
This can be challenging - especially in a distributed purchasing environment, but it doesn’t have to be. Create a requisition process for your departments, but move the collection of the information to the identified process owner. Keep your departments out of the business of collecting and looking at Social Security Numbers (SSN) or bank accounts!
Use 3rd Parties to Validate Information
When those Tax ID numbers, addresses and bank accounts start rolling in to the new owner, that person will need to determine if the submissions are valid. For both efficiency and accuracy, we recommend using 3rd party resources for this task. Many 3rd party solutions are relatively inexpensive, but if cost is a consideration, at a minimum, your organization will want to validate the incoming Tax IDs against the IRS database. We strongly recommend that you also use a 3rd party to validate items like addresses, sanction lists, insurance certificates, and bank account ownership. Just because someone sent it into your AP desk doesn’t mean it’s accurate! This is one of the main fraud vectors exploited by scammers to get you to send them money meant for a legitimate vendor.
Keep an Audit Trail
Although you have now identified a process owner, this person will not be the only one involved in onboarding the vendor. The owner will need to establish an approval workflow. Who needs to sign off on which types of vendors in what types of situations? How will the owner track those approvals? Excellent, airtight record keeping is a must. If you haven’t already heard from your insurance company about this, you will soon. And when and if something goes wrong, being able to track where it went wrong so it can be remedied (no one wants to make the same mistake twice!) it in the future. When it comes to understanding and preventing B2B payments fraud, this step is especially important.
Implement a Platform
Leaving this process to your own staff will be time intensive and very expensive, not to mention risky. You shouldn’t go at this alone. To do it right likely takes more tools than you already have at your disposal.
“But my ERP has a supplier portal. Seems easy to implement and they tell me it’s FREE. We’ll just use that.”
We don’t suggest you do that and here’s why:
Very little, if any, validation is done around the information collected which leads to your process owner making judgement calls without complete information. This is a gap in the design and functionality of supplier portals. This gap in managing payee information has led to a high degree of payments fraud, compliance risk, and process cost for organizations relying on them to provide accurate, verified information. And as mentioned above, they lack the sophistication to handle complex account structures.
When you factor in all the complexities and couple it with the process and procedures you SHOULD be doing, it’s amazing that many organizations attempt to accomplish all of this manually. With our abrupt 2020 switch to remote work it’s virtually impossible.
Interested in determining your own customized cost benefit analysis for investing in vendor management automation? Fill out our quick form (3 data points), and we’ll build your model for you.
Where's My Vendor? - Interview with Villanova University and CSU Monterey Bay
Five Ways Your Vendor Master is Costing You Money - Compliance Edition
Email Scams: Still Trendy After All These Years
Q&A: Clay Deutsch On the Evolution of Risk
Mutually Exclusive: Cyber Insurance and Payments Fraud
Business Payments Fraud: Risk Assessment, Fraud Vectors and Prevention - FREE guide