Risk Management

Get Involved. Join the Conversation.


    Christine Doxey
    Seven Best Practices to Reduce Risk in Your Supplier...
    Topic posted August 13, 2019 by Christine DoxeyRed Ribbon: 250+ Points, tagged Advanced Controls, Compliance, Financial Reporting Compliance, Financial Transactions, Fraud, GRC, Risk Management, Tip 
    Seven Best Practices to Reduce Risk in Your Supplier Onboarding Process
    In my last post, we discussed the development of a roadmap for your internal controls program. Now we’ll drill down to the Supplier Onboarding Process within the Procure-to-Pay (P2P) process.

    Leading organizations recognize the importance of comprehensive supplier qualification processes but struggle to communicate qualification requirements to potential suppliers, and have difficulties creating a baseline for evaluating supplier risk levels.  Ardent Partners reports that 51% of the respondents in “The CPO’s Top Goals for Investing in Technology” survey report improving compliance as a goal.  The Hackett Group includes customizing supplier onboarding, identifying fraud and addressing internal policy non-compliance as the best practice tactics for a world class P2P organization.

    It’s a well-known global enterprises manage thousands of invoices, purchase requisitions, and purchase orders within the Procure-to-Pay (P2P) process.  Organizations may have disconnected purchasing and accounts payable processes and may depend upon third-party software and cumbersome spreadsheets. This results in countless hours of reconciliation resulting in payment errors, compliance and control issues.

    To support tax and regulatory compliance requirements, there are several best practices to consider when onboarding your suppliers. Here are seven best practices to consider which include the following details: Summary of Action, Benefits, and Suggested Audit Trail.

    1. TIN Matching

    Summary of Action:TIN Matching utilizes the functionality provided by the IRS.  You can convert your supplier master file into the proper format required by the IRS to get actionable results.

    • Ensures 1099 accuracy.
    • Eliminates B-Notices
    • Provides fraud prevention since the matching process ensures suppliers are “legitimate.”
    • The TIN Matching process can identify duplicate suppliers and can be a catalyst for cleaning up your supplier master file.

    Suggested Audit Trail:

    • TIN Matching Summary Report (Source: IRS)
    • TIN Matches (Source: IRS)
    • Non-Matching TIN Numbers (Source: IRS)
    • TIN Numbers Not Submitted
    1. W-8 and W-9 Document Acquisition

    Summary of Action:   The W-8 form is required for all foreign suppliers. There are many variations of the W-8 forms that include the W-8 BEN, W-8 BEN-E, W-8 ECI, W-8 EXP, and W-8 IMY.  The W-8 is an IRS form that grants a foreigner an exemption from certain U.S. information return reporting and backup withholding regulations.

    • Provides an audit trail for your supplier’s TIN information.
    • Provides proof of exemption from backup withholding.
    • Back-up documentation for an erroneous B-Notice.

    Suggested Audit Trail:

    • A file containing scanned copies of all W-8 and W-9 documents acquired.
    • All scanned copies will be linked to your supplier name and number.
    1. Compliance Screening and Reporting:

    Summary of Action:   Compliance screening is a key component of supplier validation. It’s also important to complete the due diligence process to ensure that an issue is acted upon. The due diligence process includes researching Better Business Bureau, State of Incorporation data, and other research based on specific supplier information.

    • Office of Foreign Asset Control (OFAC)
    • Bureau of Industry and Security (BIS)
    • Office of Inspector General (OIG) - For Healthcare Suppliers
    • Specially Designated Nationals (SDNs)


    • Ensures compliance to OFAC and other regulatory requirements.
    • Avoids penalties due to non-compliance.

    Suggested Audit Trail:

    • Compliance Screening Reports
    • Supplier Master Screening Results Summary Report
    • Detail Per Record Match Screening Results
    • Due Diligence Process Results
    1. Supplier Master Data Review 

    Summary of Action:  To keep your supplier master in control, I recommend that your supplier master is scrubbed at least every year to alleviate duplicate suppliers, suppliers that haven’t been used in 18 months, suppliers with missing information, and suppliers that have duplicate records. 


    • Provides enhanced internal controls for your vendor master.
    • Identifies duplicate and potentially fraudulent vendors.
    • Helps to prevent duplicate payments.

    Suggested Audit Trail:

    • Duplicate Supplier Names
    • Suppliers with Duplicate Street Addresses
    • Suppliers with Duplicate PO Boxes
    • Suppliers With Duplicate Phone or FAX Numbers
    • Suppliers With Duplicate TINs                      
    1. Supplier Master Reporting and Analytics

    Summary of Action: This best practice includes the analysis of accounts payable transactions by dollar distribution, and the stratification of spending levels. It’s a great way to look into your accounts payable data to determine if there opportunities to consolidate suppliers, change invoicing methods, identify spending anomalies, or implement a P-Card program for low spend purchases.


    • Identifies transaction volumes and values of payments.
    • Highlights opportunities for invoice automation, summary billing, and the implementation of P-Cards.

    Recommended Audit Trail:

    • Top 30 Suppliers with Invoice Amounts of $0 - $150
      • Top 30 Suppliers with Invoice Amounts of $0 - $50
      • Top 30 Suppliers with Invoice Amounts of $50 - $100
      • Top 30 Suppliers with Invoice Amounts of $100 - $150
      • Invoice Payment Dollar Distribution
      • Accounts Payable Year to Year Analysis
      • Accounts Payable Transactions by Month
      • Top 50 Suppliers by Transaction
      • Top 50 Suppliers by Dollars

    6. ACH Account Validation

    Summary of Action:  The ACH account validation process is the most efficient if ACH account information is validated and maintained in the supplier master file. As a best practice, many companies contact either the supplier or the supplier's bank to validate the banking information. 


    • Prevents payment fraud and ensures that funds are disbursed to the correct supplier bank account.
    • Provides an enhancement to current disbursement controls.

    Recommended Audit Trail:

    • A report that reflect the positive confirmation of ACH numbers.
    • All non-confirmed or accounts with issues should also be reported.
    1. Insurance Certificate Acquisition

    Overview of Action:  Validation of the insurance certificate provided by the supplier. 


    • Validating the insurance certificate when you set up a supplier should be a key step in the onboarding process.

    Recommended Audit Trail:

    • A file containing scanned copies of all insurance certificates should be available for review. 

    In conclusion, these seven best practices support your supplier onboarding process and can help to ensure that the data is accurate in your supplier master. With correct supplier master data, invoicing and payment processes are accurate. This means that financial statements and cash management processes will be correct and there is confidence in your supplier data.

    If you have questions about these best practices or the supplier onboarding process, please post a comment below.