When asked how often they conduct checks on their suppliers, most respondents in a recent survey conducted by Purchase to Pay Network (PPN), in partnership with FISCAL Technologies, answered that it is only once, at the time when the supplier is initially onboarded.
You can see the full Supplier Risk Management report by clicking here.
This is shocking! There are so many risks that can emerge after the single point in time of onboarding, that not protecting the organisation’s reputation and finances with any subsequent checks is bordering on negligence.
Next, we see ad-hoc and annually as the most common periods for checking suppliers, neither of which will provide adequate protection from risk. The only suitable frequency of protection is daily, and our survey shows only 4% of organisations meet this best practice.
Problems with infrequent supplier checks
Once a supplier has been passed its due diligence checks during onboarding, it is entered onto the Master Supplier File (MSF) and is ready to be used in the procure to pay cycle – it is approved and ready to use: if you are raising a purchase order for 1,000 tonnes of iron ore and Bob’s Minerals and Mining meet your criteria, they can be selected, and a PO is raised and sent to them.
But what if Bob’s has recently been added to a sanction list, or been added to a list of troublesome polluters, or a list of known users of child labour? Would you still want to raise that PO?
What if there is another supplier that’s been added: “Bob’s Mineral and Mines” and they have different bank details, and they are selected by accident, or deliberately? You could end up paying a fraudster.
And what if, only slightly less seriously, Bob’s repeatedly send you invoices without the PO number or duplicate invoices and invoices with incorrect figures? You may not be purchasing from a sanctioned supplier, but you will spend a lot of unnecessary time and money processing Bob’s invoices.
And if you pay any duplicate or overcharging invoices, and you detect this, you will need to try to recover these funds – causing even more time and costs to be incurred, and you may not even be successful with the recovery.
Who conducts these checks?
The survey found that overwhelmingly the Accounts Payable team is responsible for maintaining the Master Supplier File.
As the suppliers’ main point of contact, AP will frequently receive the change notices. There will be many legitimate billing addresses and bank account changes that sellers need to inform their customers about, and AP is whom they talk to most often. However, some of these requests may be fraudulent.
AP maintains the MSF, but who is responsible for periodically checking supplier details for potential risks? This task often falls between Procurement and AP, resulting in nobody doing it. And where AP valiantly pick up the mantle and check suppliers, do they have the right tools, time, and skills available to do this thoroughly?
Conclusions
Not only do Accounts Payable and/or Procure-to-Pay teams need the time, tools and the know-how to use them, but they also need to have the authority to take protective steps based on the results – put a stop on high-risk suppliers, investigate the cause, and resolved with the supplier, with the Procurement team and with Finance managers.
There are many more types of risk than the examples used here. Suppliers and the transactions made with them, and external risks – such as international sanctions, are complex and constantly changing.
Daily checking of suppliers and their transactions for multiple risk types is the only viable way to keep risks out of your procure to pay cycle, and we would be delighted to tell you about our solution for this.
You can see the full Supplier Risk Management report by clicking here.
