From time to time suppliers will notify you of changes to their details. There may be a new individual who will act as your primary contact moving forward. They may need to update their contact details. From time to time they may be updating their banking details.
The first thing to bear in mind is that you should never delete old data by simply overwriting it with new data.
It is essential to maintain a complete audit trail of all data changes, so in the event of any future problems you will be able to go back and identify precisely what data changes took place and when they were changed.
If your ERP system has fields where you can enter notes, make it clear what the previous data was.
For example, if a supplier’s primary contact is changing, you can enter the following:
- OLD Primary Contact = Jane Simons
- NEW Primary Contact = Barry Davis
- As per email sent by email@example.com 10/10/2021
The name of the Accounts Payable team member who made the update should be recorded against the note as well. This will make it easy in any future investigation to retrieve and check the supplier email requesting the name change.
Naturally when it comes to changing supplier details, particularly any sensitive data such as banking information, your Accounts Payable team should have undertaken a call-back verification to ensure the change is legitimate. Details of this call back should also be recorded in the ERP.
For any large Accounts Payable function, ensuring all the members of your team are handling and encoding data consistently requires ongoing training.
Having established rules for how data should be encoded, as per Part 1, you now need to ensure all staff members receive training in order to adhere to those consistent standards. Firstly, ensure that all the rules are documented in a comprehensive manual. This should be approved by the CFO, and it needs to be clear to all your team that adherence to these rules is mandatory with consequences for repeated or deliberate deviation from them.
It will be likely that refresher training will be required, at least during the first few months after these rules are implemented.
Monitor Audit Trail
As mentioned above, it is essential that any data changes not simply overwrite old data. Maintaining a comprehensive audit trail of any data changes is an essential control.
In line with segregation of duties principles, at least one individual who is not responsible for encoding data should be tasked with monitoring data changes. Their responsibilities should extend to verifying that records have been retained of the old data, and to double check email records from suppliers requesting the change to ensure any changes made were valid and accurate.
Newly Onboarded Suppliers
Just as there needs to be oversight of updates to existing supplier data, there also needs to be oversight of newly onboarded suppliers.
An individual not responsible for encoding data should be tasked with conducting spot checks of newly onboarded suppliers. Vendor Master File onboarding usually occurs once a Purchase Order is issued to a new supplier. When undertaking spot checks of newly onboarded suppliers, not only should the veracity of the data be checked to ensure necessary control procedures were followed, however it is also important to check that the data was encoded consistent with your internal standards.
Ensure you have communications with your suppliers that make it clear to them what data you require from them and the format in which that data should be supplied.
For example, suppliers should make sure they supply you with their corporate name as per the ASIC register, as well as any trading names. They should clearly specify the address of their corporate headquarters if distinct from any branch you may have been dealing with.
By encouraging suppliers to provide their complete data in the right format, you can make it clear to them that the payment of invoices will be expedited and won’t be subject to any unnecessary delays.
If you have a vendor portal, all supplier data should be submitted through the portal for data integrity and security purposes.
How can eftsure help?
Ongoing data integrity is a challenge that many organisations struggle with. Even once you have cleaned and standardised the data in your Vendor Master File, maintaining long-term data hygiene requires ongoing effort.
All too often, a supplier needs to receive a payment long after they were initially onboarded and verified. During this interim period, malicious actors may have manipulated data or the supplier’s details may have changed. This can result in you processing a payment using incorrect or outdated information.
With eftsure addresses this issue by sitting on top of your accounting processes. By automating your continuous controls over data, each time a supplier needs paying, eftsure cross-checks their data against our up-to-date database. Anomalies can be identified immediately prior to issuing a payment.
For a full demonstration of eftsure’s capabilities, contact us today.