Case Studies
Real-life examples of how organizations use PaymentWorks to improve compliance, reduce workload, and add value.
Stuff to Watch
Library of short and sweet videos featuring product demos, customer interviews, and sessions with experts.
Podcasts
The perfect way to geek out on all things vendor management, and get tips from our guests, partners, and customers.
Vendor Management Appreciation Day
Dedicated to celebrating the unsung heroes of vendor management and up-leveling your strategy.
Events
We go places. We do things. Join us!Enjoy the replay of our chat with Adam Wilson Abner, Assistant Vice President, Controller, Ivy Tech Community College, and Brian Kirkley, Finance System Architect, Ivy Tech Community College
Higher education procurement and AP teams are under more pressure than ever: increasing fraud attempts, manual vendor onboarding bottlenecks, and limited staff resources are making day-to-day operations harder to scale. For institutions like Ivy Tech Community College—one of the nation’s largest statewide community college systems—automating vendor onboarding became essential for risk reduction, operational efficiency, and delivering a better experience to both internal teams and vendors.
In this fireside chat, the Ivy Tech team shares how they modernized vendor management, reduced AP fraud exposure, and standardized onboarding workflows using PaymentWorks.
If you’re wondering about the pros and cons of investing in vendor management, listen to the fireside chat above. You’ll hear from Adam Wilson Abner, Assistant Vice President, Controller, Ivy Tech Community College, and Brian Kirkley, Finance System Architect, Ivy Tech Community College, about the risk and reward of supplier management.
You’ll also hear the story of attempted supplier fraud followed by the most effective ways to:
Modern organizations—from higher education and healthcare to financial services, manufacturing, and government—depend on a broad and ever-changing vendor ecosystem. Suppliers, contractors, consultants, gig workers, international partners, and one-time payees all flow through an organization’s financial systems. The more vendors an organization manages, the more critical it becomes to have a secure, automated vendor onboarding process.
Below are the core reasons automation is no longer optional.
Vendor impersonation, ACH fraud, and business email compromise continue to rise. Attackers know that the vendor onboarding process is often the weakest link: a mix of emails, PDFs, spreadsheets, and manual verification steps that leave organizations vulnerable.
Automating vendor onboarding replaces these fragmented workflows with:
When validation happens automatically before a vendor is approved, AP teams no longer have to rely on phone calls, unverified forms, or outdated procedures. The result: dramatically lower fraud exposure and a stronger security posture.
Manual onboarding creates inefficiencies and introduces risk. Teams juggle W-9s, banking forms, tax documentation, questionnaires, and compliance data—all of which must be collected, checked, standardized, and keyed into internal systems.
Automation ensures data is:
This reduces errors, shortens onboarding cycles, and frees AP and procurement teams from repetitive admin work.
Organizations with multiple business units, departments, or locations often end up with inconsistent vendor data, duplicate profiles, and fragmented processes. Without a standardized workflow, vendor information lives in different formats across teams, making it difficult to enforce controls or maintain compliance.
Automating vendor onboarding centralizes everything—creating one authoritative vendor identity profile that follows the vendor across departments and systems. This improves reporting, audit readiness, and operational efficiency.
Automation isn’t just about internal efficiency. Vendors benefit from a guided, transparent, self-service onboarding experience. They know what they need to submit, where to submit it, and what the status is—without back-and-forth emails.
For the organization, automation creates scalable, repeatable workflows that work the same way whether you’re onboarding ten vendors a month or ten thousand. As businesses grow, vendor onboarding no longer becomes a bottleneck.
Higher education institutions operate with complex vendor ecosystems — from instructors and contractors to suppliers, grant partners, and service providers. Manual processes expose AP teams to:
Ivy Tech faced these issues firsthand. With more than 40 campus locations and decentralized vendor onboarding, the team needed a way to centralize, standardize, and verify vendor identity automatically.
Implementing PaymentWorks enabled Ivy Tech to transition from manual processes to an identity-driven, automated onboarding workflow, improving security and efficiency across procurement and AP. Key benefits included:
Before PaymentWorks, Ivy Tech relied on manual verification steps—phone calls, emailed forms, and spreadsheets. These steps were inconsistent and time-consuming.
With PaymentWorks, verification occurs automatically as soon as the vendor submits their onboarding information. This includes:
This significantly reduced Ivy Tech’s exposure to vendor fraud schemes.
Ivy Tech’s decentralized structure made it difficult to maintain consistent vendor data. Automation created a unified, standardized vendor profile that every department uses.
This helped them avoid duplicate vendors, inconsistent formats, and data quality issues that previously caused approval delays.
PaymentWorks streamlined Ivy Tech’s onboarding workflow by eliminating manual data entry and automating document collection. Vendors complete everything through a secure, guided portal, while Ivy Tech staff simply review and approve.
This resulted in:
Every step in the onboarding workflow is logged automatically, giving Ivy Tech a complete audit trail. When compliance reviews or internal audits occur, the team has instant access to the required documentation.
Megan Diakoumis: (singing). [00:04:00] Oh my goodness, that song never gets old. Welcome, everybody, and thank you so much for joining. I promise we have a great event for you today. We are greatly appreciative of your time. I know it’s a busy time of year with the holidays, so again, thank you so much for joining us today. My name is Megan Diakoumis and I am the marketing manager here at PaymentWorks. I have worked for PaymentWorks for just about three years, and I have to tell you my absolute favorite part of working here is working with our amazing customers like [00:04:30] Ivy Tech because of the true problems that PaymentWorks solves.
We want this session to be completely interactive. If you have any questions or comments, please feel free to enter those in the comment section of this platform. Again, don’t be shy, we’d love to hear from all of you, and Ivy Tech is ready to hear and answer all of the questions that you may have. We will wait to answer all questions at the end of the event. Also, if you want more after today’s session, feel free to access today’s recording in [00:05:00] the replay section of this platform, where you’ll be able to view today’s recording, and we’ll be able to share that with others who would like to see as well.
For those of you who may not know, PaymentWorks is the foundation of vendor master data management. We truly transform the chaos of unsecured nature of the typical vendor onboarding process into an orderly, secured, and trackable process, so you and your team can sleep better at night. Today’s live event is all about [00:05:30] the strategic importance of vendor master data, and I promise you Brian and Adam truly know all about this. After a close call with vendor impersonation, a fraud scam that they actually experienced, the finance team at Ivy Tech looked hard at their vendor onboarding and management process where they uncovered countless opportunities to better defend against fraudsters and improve the experience overall. And now I will pass it over to our delightful guests who are so excited [00:06:00] to tell the story, Brian and Adam from Ivy Tech Community College.
Brian Kirkley: Adam, I think you’re muted, sir.
Adam Abner: Oh, can you hear me now?
Brian Kirkley: Yes, sir.
Adam Abner: Good. Good afternoon, everyone. Sorry about that. I’m Adam Abner, [00:06:30] assistant vice president controller for the college. In addition to having the financial statements and taxes under me, I also have grant accounting, enterprise risk management and insurance, and also the finance center of Agility, which includes all the finance systems. Brian?
Brian Kirkley: Hi, my name is Brian Kirkley. I’m the finance systems architect here at Ivy Tech. And what I do is I manage all of our different financial systems from vendor onboarding with PaymentWorks through our ERP system, our budgeting planning, and also our strategic sourcing [00:07:00] platforms that deal with our RFPs and our contract management.
Adam Abner: All right, next. All right, first for the agenda today we’re going to talk about understanding fraud risk. We’re going to talk about one of the fraud risks we have and some of the fraud risks we are seeing. We’re going to talk about how we rethought the supplying management, and how we did a risk approach to that, and then we’re going [00:07:30] to talk about how we have iterated that process for efficiencies. Next.
So, we already introduced ourselves, but we want to talk a little bit about Ivy Tech and our structure. So, we have 19 campuses across all the state of Indiana. We have 164,000 students as of fiscal year ’23. And we are the largest singly accredited college in the country. We spend over $200 million in spending for suppliers and capital in fiscal year ’23 and [00:08:00] some years that actually increases based on the large construction projects we may have if we have a 20 to $50 million construction for a building that increases. Brian’s going to talk about decentralized versus centralized nature of Ivy Tech.
Brian Kirkley: So, one of the biggest challenges that we have at Ivy Tech is the fact that we are a hybrid approach to decentralization and centralization. So, we have a centralized vendor onboarding team who works directly with PaymentWorks to onboard [00:08:30] vendors, but what we do is we outsource that to our campuses, some of those 19 campuses. They can invite vendors to partake in that process, but that’s the limit of their extent of the exposure to PaymentWorks during the vendor onboarding experience. What we’ve seen is this creates a little bit of a challenge when you think of decentralization versus centralization from the fact of we want to manage risk and fraud and we want to minimize it as much as possible, but we need from a staffing perspective [00:09:00] to enable our campuses to be able to have those relationships with vendors to initiate that invite experience of that vendor onboarding.
And so, what we’ve did is we’ve kind of given them the flexibility that they can continue to start those conversations and we just finished those conversations. So, the transition from decentralized to centralized is something that we focused on heavily is that all of the actual verification and all of the setup and maintenance is done from a centralized platform while [00:09:30] the invite and vendor relationship management is done from a decentralized platform. And so, that’s really worked for us to adopt that hybrid approach because we found neither one was the perfect solution. And so we really wanted to kind of, how can we make both work for Ivy Tech?
Adam Abner: All right, so as was mentioned in the intro, we started looking at this because of a situation of a near miss of a fraud situation. So what happened was prior to PaymentWorks, [00:10:00] how we did the onboarding of vendors or how we did account changes is that vendors would email us and then we would independently verify that that person was legitimate for the company by looking for a phone number or something and then calling the company and verifying that, “Hey, this is a legitimate change to the bank account.”
Well, unfortunately what happened in the situation is that we had an imposter act as a large construction vendor, which is high dollars [00:10:30] for us because we could be building $1 million building, and attempted to change their banking information of this construction company to this fraudster bank information. Unfortunately, the situation was the policy wasn’t followed, the change was made into the system, invoice was processed for six figures. Fortunately, during the payment process, someone noticed this didn’t seem right and we were able to contact the bank and stop the ACH [00:11:00] because the payment was made through ACH within mere minutes of the deadline of the payment going out. So after having that near miss, we really needed to look at it, talking to the board, we need to look at this whole process, the controls, and how we can improve it.
Brian Kirkley: What we really wanted to look at was just, where is this risk at? What generates this risk? What are the areas that we really needed to focus on as a team and as Ivy Tech? And so, [00:11:30] we’ll talk here about the public facing request for proposals. So, as a state-run agency or a government agency with higher education, we’re governed by the state of Indiana, we’re required to have all of our requests for proposals, requests for bids to be public facing. So, that exposes us to a lot of risk right there in that we’re telegraphing to our fraudsters, which are our largest projects that we are going to have upcoming. So, we have construction projects, we have software bids, all of those are oftentimes multimillion [00:12:00] dollar proposals that we’re telling the world, “Hey, this is an opportunity for fraud and that this is a project that we have that’s high dollar.”
And so, we really try to focus heavily on those areas of risk with those high dollar projects is what is it about those that are attracting fraudsters besides high dollar? And oftentimes it’s the fact that those are very complicated projects with lots of multi-member teams on those projects. So, we may have multi-campus [00:12:30] projects that are in completely different locations across the state of Indiana. They work together, but oftentimes that’s through email and especially as we’ve moved through COVID and we’ve moved to remote work, we have a lot of people who may not be in the same office. They may just communicate via email and/or Teams. And so, what we’ve done is we’ve really taken a focus on, how can we make sure that we are authenticating those methods of communication? So, this is [00:13:00] something that as we transitioned from previous where we would have all sort of updates from projects being communicated via email, what happened here was specifically that we’ve had fraud instances where the emails have come in and they look like a part of the team.
They look like they have all the names of the individuals at the company, they have all the names of the individuals at Ivy Tech. The only difference is that they’re based on different servers or platforms [00:13:30] that there may be an alphanumeric code after their email that displays. And so, it’s something that we’ve really had to focus on from our team members’ perspective to make them aware of these changes and these risks when they’re communicating with email and with teams messages. And when in doubt, pick up the phone. That’s kind of what we’ve told people is if you ever have a question, if there’s ever a doubt in your mind, pick up the phone and call someone, talk to someone on the phone, make sure that it’s not something that we’re just taking the email, we’re not just [00:14:00] taking the team’s message word for it. We really want to make sure that you’re communicating with the teams and with the proper individuals on those projects.
So, the other difficult part of any fraud instance is not only are they sophisticated in terms of their complexity of they know our teams, somehow they’ve been able to access some of our emails at times to make sure that they have the proper players on the email, but they also understand our fiscal year, they also understand our busy times. So, [00:14:30] when you’re trying to process through three different projects, it’s end of year, it’s fiscal year end and you’re processing through all of your different financial statements or it’s budget season for our campuses or it’s the beginning of the school year, those are the times to be on high alert.
Those aren’t the times to slack off because what ends up happening is you’re processing through a bunch of emails, you’re processing through a bunch of projects. Well, that’s when they’re going to attack because what we’ve seen is that they have an understanding of those are when we’re at our weakest because we’re processing through [00:15:00] such a high volume of transactions, emails, different methods of communication, and that’s whenever we see those rise, and so we really try to make sure our awareness is heightened during those times of the year.
Adam Abner: And I would just add that these spoofs are just getting really good. They even sent some to me that emulated our president and it was really just one small number at the end of the email that was the difference, and everything looked very similar [00:15:30] to what something our president would send. So, it’s very impressive of what they’re doing here, and this is in spite that our information security is blocking most of the fraud attempt emails, like over 90-something percent of the traffic that’s coming in is being blocked, but some are still getting through. Next.
So, I want to talk about the risks. So with all of this, we had to start thinking about the risk of the vendor process and what are the risks [00:16:00] to us and how do we need to focus and think about that. So of course to us, the main risk of people impersonating our vendors to get account changes, so that they can get those money is a large risk to us. One, like Brian was talking about, they know us, they understand when our projects are happening, they know what buildings are being built, so it’s very easy for them to say, “Hey, this is an invoice for Kokomo and I need you to pay this.” Or, “This is so- [00:16:30] and-so company,” because I know that was a company that got awarded the bid, so that information is public so they can use that against us, but because of that we have to think about that risk very high.
But it’s important to really think about the cost-effectiveness of the controls versus the risk. If the risk is that you’re going to lose $1 every 20 years, you definitely don’t want to spend $1 million in processes to try to mitigate that risk. But in our case, of course, [00:17:00] vendors, we have millions going out, we definitely need to spend some money to reduce that risk because there’s a lot of money at risk for us. Another thing to point out is although you can have strong policy and procedures and it’s important for that to make it clear, that alone will not be enough to control a situation. For example, we did have strong policy and procedures on this, but a strong policy and procedure alone isn’t going [00:17:30] to ensure the activity occurred. Typically, policy and procedures just indicate the controls, the controls is just activity.
And the prior case before PaymentWorks, it was that independent verification. Well, human error occurs at least three to 5% of human error, so that alone wasn’t going to reduce the risk for us to an acceptable level. And on top of that, there was nothing to monitor to make sure that control was actually being followed and was actually occurring. [00:18:00] So, you have to think about that when you’re setting up controls that you can’t just say, “Oh, this policy and it’ll be done and that eliminates the risk.” You really got to think about, what’s monitoring to make sure that control is occurring? And when you think about the control, how effective do you think that control really will be? If it’s going to be effective 97% of the time, but the loss is $1 million and there’s multiple instances a year, it’s still probably not going to be effective [00:18:30] enough based on your risk tolerance.
Of course, you can transfer the risk by insurance, but of course, that does cost money. And from our experience, insurance is just getting more and more expensive. So, we try not to do that too often, and it’s important to make sure that stakeholder buy-in on the risk acceptance. So for us, when we think about the stakeholders, we think about the state board of trustees, that’s our ultimate governance. And so, they have to indicate [00:19:00] the risk level we’re willing to step on this to determine how level and what level of controls we’re going to have. So in this case, the board has a 0% and $0 tolerance for fraud. So, that means we have to have a very high level of controls to mitigate this. So, it wouldn’t be okay for us to accept something where 97% of the time this control is going to work. We need something that’s going to work 100% of the time or mitigate the risk to zero. [00:19:30] Next.
Brian talked a little bit about the methods of communication and we’re definitely seeing that with COVID, emails became more often. We all know we’ve been using emails for quite a long time now, but it seemed like it got more informal and more as the primary channel of communication, where in the past it used to be you’d be in the office and people would stop by. We definitely see Teams increase, that’s for sure, [00:20:00] but we see a deemphasize of phone calls and an emphasis on the email. And so, we think people being used to getting so many emails as part of what’s increasing the risk of this situation of these frauds is that people are just used to getting so many emails that they’re willing to accept more communication from there. The benefits of PaymentWorks and the communication there is that one, we get to invite, we get to [00:20:30] push the invite out and two, all the communication is happening within the PaymentWorks system in eliminating that email, so there’s ability to confirm the legitimacy of that communication. Brian’s going to talk about training and awareness.
Brian Kirkley: Sure, and I’ll really quick, just to kind of further expand upon the methods of communication, so when we think of email and phone calls, oftentimes for those of you using PaymentWorks, one of the greatest things that [00:21:00] they do is they do pick up a phone, they do reach out, they verify banking information with our vendors. For the longest time, when you think of the efficiency of a process and the ROI, the return of investment on that investment, when we had the fraud instance in 2019, we instantly swung our risk aversion way over to the extreme. And we said, “Hey, you know what? We’re not willing to accept [00:21:30] even a little bit of risk on this process.” So, not only did we use PaymentWorks to validate all of the vendor information and we used their ability to validate banking through phone calls, we also picked the phone and called all of our vendors to do a double check on what PaymentWorks is doing to make sure that we were comfortable that the banking was updated.
So, this is something that we have since took an iterative approach and removed that [00:22:00] from our policy and process, but it’s important because what I’m getting to is too many phone calls can also be a bad way of managing risk. So, we had a lot of vendors who would be frustrated by the fact that, “Hey, I just validated that information through such-and-such a person that PaymentWorks, and they’re like, ‘How do I know that you’re actually from Ivy Tech?'”
And so, we would raise their fraud awareness that they would be concerned that they’re getting multiple phone calls asking to verify banking [00:22:30] information. And so, there’s a happy medium between of how you can best use these methods of communication. So email’s not going away, it’s something that we’re going to have from now until forever, and so what we’ve done is we’re not telling people not to use email, but what we did is we completely changed the way that we use email.
And we’re not telling people not to make phone calls or to always double check every single thing with a phone call, but what we’re doing is changing the way we use phone calls and to make them more strategic. [00:23:00] And as Adam touched on, the PaymentWorks messaging system, it keeps all the messaging within PaymentWorks is a great way for us to validate banking through a secure channel, so that we’re not providing banking information external through a different system or through unsecured emails, but really our biggest focus has been on, hey, these things are here to stay. They’re really effective when used properly, how can we make sure that people use them properly? And that took us to training and awareness. So again, as I talked about earlier [00:23:30] with the sophisticated attacks that we received, the times of year that we receive those are related to our busiest times of year.
Oftentimes, we don’t want to push out trainings that people have to complete during those times of year year, but we do that with vendor fraud management and cybersecurity because we know that that is when they’re at a heightened risk of those fraud attempts. So, we do require that they complete those trainings two times a year. Oftentimes [00:24:00] during our busiest time of year, the beginning of school year, and also towards the end of the school year of the previous year towards the spring. And so, what that does is it puts that at the forefront of people’s minds during those times before they enter those busy seasons because we want to make sure that they’re thinking through all the things that they may not have seen for the past six months and they’re about to get bombarded with. And this has really been an effective method of targeted training [00:24:30] for us in terms of making sure that people are just aware of those things periodically throughout the year.
We used to do it annually, and so just changing it to two times a year, which isn’t a large increase in the ask of what we’re requiring them to do from a training perspective, it’s really allowed us to see a big increase in terms of the self-identification of fraud risk and fraud attempts even at the campus level. So, another big important factor was in 2020 we completely [00:25:00] revamped our trainings. So, in 2019 when we started to require the additional trainings, we said, “You know what? It’s great to have a biannual training, but is this training effective? Is it reaching our end users? Are they understanding what we’re asking them to do and is it properly preparing them to address the risks of fraud, the attempts of fraud that they’re seeing?” And so, we sat down as a team with our system security team, our finance team, the business affairs team, [00:25:30] and we said, “Hey, let’s develop something with a third party,” because we had developed a lot of trainings in-house at that time, but what we found is they weren’t as creatively engaging as what we had hoped.
And so, we kind of just restarted that process altogether and said, “How can we make something that grabs people’s attention, that helps them focus and also teaches them and helps them to learn these processes and to make sure that they’re just aware, even if they’re going through the training, it’s not something they’re going to click through, it’s something that they’re going to focus on and that they’re actually [00:26:00] going to grow and to learn?” And that repetitiveness of that each year, it’s something that it’s not the exact same quizzes, it’s not the exact same topics, it changes between those different trainings, and so it really helps to engage our end users and that is what leads to that constant awareness of vigilance that they have today.
And we’ve seen multiple fraud attempts since 2019 caught at the campus level of people saying, “Hey, you know what? This email, it just seemed odd.” [00:26:30] Or, “I got a second email right up against this other email. It doesn’t seem like this would be the time that this email would come,” or they’ve noticed to where the different parts of the email address that may be hidden, they’re reviewing those, maybe the attachment is named a little bit awkwardly. And so, they’re calling those out and we’ve made it to where they can report those very easily and that they can get instant communication back from our security team and from our business affairs team as to, “Hey, thanks so much. We’ll [00:27:00] go ahead and add that to the blacklist for our system security and then we’ll address that and take it from here,” but we’ve really made that a seamless experience for them in that their understanding of what they’re looking for has just really made it to where they’re empowered and able to identify those pretty quickly and efficiently.
Adam Abner: And I would just add that to make the trainings engaging, we’ve really catered and selected trainings that are more story- [00:27:30] like. So the training, the cybersecurity is taking real situations that has really happened and having people listen to the whole story and what happened and creates some very engaging… And they’re not very long. The goal is that we strike that balance that most of these trainings are five to 15 minutes long. They typically have more modular like testing instead of multiple choice they’re story-based and we get so much feedback [00:28:00] of, “This was a great training. I actually remember it because of the stories stuck with me so much.”
Brian Kirkley: All right, so this is the piece de resistance of this presentation, our supplier process for onboarding. So, we have changed our onboarding process over the years many, many times. It’s something that we continue to look at each [00:28:30] and every year, even multiple times throughout the year because we really want to focus on having an accurate onboarding process. So, when you look at creating your onboarding experience through PaymentWorks and you’re creating your vendor onboarding form, the important thing to remember is it’s great to gather in as much data as you can. That’s great from our perspective of we like to have the data and we like to work with the data. If the end user [00:29:00] does not understand the question that you’re asking or how to answer that question, you’ve just created an opportunity for errors and for incorrect data that oftentimes requires a lot of back and forth with those vendors.
And so, what we’ve done is we’ve really focused on simplifying our questions and simplifying that user experience. So in 2019, as I said before, we swung the pendulum way to the extreme and we said, “You know what? We need all the data we can get. We need as much as we can and [00:29:30] we need it at the very first start of onboarding and we want to gather all that information. We might not necessarily use it all, but at least we have it all in case we need it in the future.” And we were on that form for a while, for at least a year before we started making changes to that, and then we started making small changes to the form. And so, what that does is it can create a frustrating experience for your suppliers because it’s information [00:30:00] that we may have the ability to use, but it’s not anything that’s critical to the actual supplier onboarding process and/or experience and verification of their data.
And so, what we started to do was we started to say, “Okay, not only do we require an accurate onboarding of data for our suppliers, but we also really need to require a great supplier onboarding experience.” And so, [00:30:30] we started to look at that form and say, “How can we make this form better from a supplier standpoint?” So we started talking with our suppliers, “What is it about this form that’s confusing to you? What is it about this form would you see improved and or changed?” And then we started to work with them and make those iterative updates to our form in that it really allowed us to focus in on the data that we needed that we required today. That’s not to say we can’t require additional information in the future. We may very well be [00:31:00] adding fields as we go, but right now today, what data do we use?
And we’re not requesting additional data on top of the data that we use today. Number one, because it just creates the opportunity for frustration of back and forth with the vendor, of miscommunication, of them providing an incorrect answer that then we need to have them correct. And so, this streamlines that process and it expedites that vendor onboarding experience. And then number two, it’s to have all of that excess data being stored in PaymentWorks in data [00:31:30] that we don’t use.
Again, in our perspective from a vendor management perspective, that’s just bad management of our supplier’s data on our part is we really don’t want to safeguard all of this data that we don’t use whenever it’s something that we’re not needing for that vendor onboarding experience. So, we really took a hard look at that experience and we worked with our suppliers to say, “How can we simplify this? How can we make this better and streamline it?” And it’s helped immensely with the number of errors that we get just from that initial onboarding. [00:32:00] And so, this is something that I’ll talk about again in a little bit during the question section. We don’t have it here, but as we’ve transitioned to ERP systems, again, we’ve taken another look at this and said, “How can we make this process even better for not only external users, but internal Ivy Tech users?”
And so, when we look at our supplier process for managing all the amount of suppliers that we have, we have around, at any given time, around 8,000 active vendors [00:32:30] in our ERP system. So, we do a periodic purge of those suppliers. Five years ago that look-back period was five years, three years ago, we shortened that to three years. Two years ago, we actually shortened that down to two, and then when we started to look at transitioning to a new ERP system, we’ve moved forward with the ability that we purge suppliers that have been inactive for one year from our database each [00:33:00] year because again, when you think of supplier fraud with the risk and the ability for us to have supplier data managing that’s out of date, that’s really not relevant anymore, if we haven’t done business with them for one to two years, it’s really in that timeframe that it probably does need an update and we want them to…
If they’re not in PaymentWorks currently, we want them to go through PaymentWorks again, we want to get that updated information. And this allows us to do a better job of allocating our internal resources [00:33:30] towards the vendors that we actually actively do business with. So, we don’t want to be maintaining a database of 8,000 vendors if we’re only transacting with 6,000 vendors. And so, we really try to manage that and get that number down, so that our campuses are utilizing the vendors that we use on a regular basis because that just helps us from a supplier management team in keeping that number down. It helps us to provide a better experience for our internal users and for our external users as well.
[00:34:00] So, some of the stats of PaymentWorks, so as you’ll see, so we have 45 Indiana locations, we have 19 campuses, we have multiple sites that aren’t technically defined as a campus. That’s where you get the 19 to the 45. We’ve been a PaymentWorks customer since February of 2020. We started having these conversations in 2019. I actually started at Ivy Tech in May of 2020, so we’ve been on PaymentWorks since I can remember. And so, the vendors that we’ve onboarded through PaymentWorks, you can see here, are 4,208 vendors. [00:34:30] Now, I said a little bit ago, we have 8,000 active vendors in our ERP system, so we are actively finding every excuse to inactivate a vendor and have them process through PaymentWorks because oftentimes what we see is it’s not necessarily the banking information that goes out of date, but that is the part that fraudsters focus on is they want to have that banking information updated.
But where we find the difficulty in is, what if we don’t have an updated contact for that vendor? And so, that’s something that as you think of the turnover [00:35:00] that vendors, suppliers experience, they have turnover in those AP fields, in those eight AR areas, and so when we’re reaching out, we maybe contact someone who hasn’t worked there for a year or two. And so, we really want to get that contact information updated as soon as possible because that helps us eliminate that fraud risk because we have active relationships with those contacts, at those vendors, and we can have those conversations. So, number of bank accounts collected, 4,120, and you’ll see here 96.95% [00:35:30] of our vendors choose ACH for onboarding experience. We actively don’t offer any discounts, any accelerated payment types. If someone selects check, it requires a reason as to why they require an exception to ACH.
We want all of our vendors using ACH. We want them working digitally. We don’t encourage any sort of manual check printing in-house, and it’s something that has just been a huge burden on [00:36:00] the team of trying to establish printing those checks and getting those out to vendors. And so, we really encourage them all to do ACH. We do have, as you can see, 3% who choose check. Oftentimes, those are regulatory or governmental agencies that don’t necessarily provide ACH options, but whether that’s courts or department of revenues, but that is something that we’re constantly working to get that number down as low as possible.
We would love a 0% choose check, but it’s something that also helps us to eliminate that fraud possibility. [00:36:30] We have seen multiple instances of fraud of our checks getting lost in the mail where people have taken our checks, they’ve tried to manipulate those checks, and create additional checks. And so the more times that we can push vendors to ACH, again, that’s another step that just eliminates some of that risk of fraud for us that we’ve really tried to focus on is, “Hey, what are all the things that we can control to shift that risk of fraud and to make sure we control that and mitigate that as much as possible.
[00:37:00] Next screen. So, thank you guys so much for letting us present, but now we’re going to open it up for questions. And so, if anybody has any questions, feel free to post those in the comments and we’ll go ahead and answer those questions.
Megan Diakoumis: We do not have any questions yet, Brian, so do you maybe want to walk through the integration with your new ERP through Workday? Awesome.
Brian Kirkley: Yep, so just [00:37:30] in case I wanted to leave time for questions, but we do have additional things that we can talk about. Vendor onboard experience has been near and dear to my heart for over three and a half years now. So, what we have recently done is we’ve transitioned our ERP system into using Workday. And as part of that, PaymentWorks has a team who has helped with that integration of developing a connector to Workday directly from PaymentWorks. And I’ll say we have nothing but the [00:38:00] best opinion of the PaymentWorks integration team. They have been fantastic. They’ve been so flexible in working with us on that, and what it’s allowed us to do is it’s allowed us to automate our vendor onboarding process from PaymentWorks for the first time in Ivy Tech’s 60-year history. So previous to now, even on our prior system, we would always have the information of PaymentWorks and that’d be manually entered into our ERP system.
And now we have that process, it completes automatically. So, all the vendors are created. As you can guess, [00:38:30] this eliminates a lot of that human error, possibility, risk of fraud, risk of error, risk of just the ability for us to make those changes. And so we’ve now… With this process, our vendor onboarding experience has become far more efficient. We can allocate a lot more resources towards helping our suppliers and vendors with our questions, helping our end users with their vendors and kind of working with them on that, but one of the things we did is with [00:39:00] the connector, we really took a look at the onboarding form again, and we eliminated over 50% of our fields from the onboarding experience of our previous form into the new form with Workday, basing that decision on the fact of what information and data do we use in Workday actively, and what information do we want to maintain within PaymentWorks to facilitate that connection.
So, this allowed us to have an accurate and efficient mapping experience [00:39:30] when it comes from PaymentWorks to Workday, which has been flawless. Honestly, the PaymentWorks team has been awesome in this connector development process in that they have been able to address every single need that we have from a data perspective with the connector, and it’s given us the ability as we’re processing vendors, the translation of those vendors from PaymentWorks to Workday has been incredibly accurate. If there’s been any changes, they’ve [00:40:00] been something that we kind of talk with them and we get that addressed very quickly, but we’re really excited about this connector. It addresses not only new vendors, it will address updates to vendor information, so updates to existing vendors in the system. And so, we’re really excited to get all of this rolled out. We currently use it for new vendors, which allows all of our new vendors to automatically be created in the system without any manual intervention or review of our team.
And so, that’s been a really exciting function that we’ve had, [00:40:30] and it’s just what we’re shooting for is right now a vendor onboarding takes in between two and three weeks from the invite process as long as the vendor is responsive, as many of you know, it takes around two to three weeks for us on onboard that vendor. With setting up the automated connector, we’re looking at getting that number down to less than a week for vendor onboarding experience, which is something that our end users have been excited about for years. They’ve been wanting us to get that number down as fast as possible, and this gives us that ability. It really puts [00:41:00] us in a position when you think of the allocation of resources that we no longer have to focus on that manual entry. We no longer have to focus on, is all this information being entered correctly, and having multiple reviews on the vendor side in the ERP system because we know that what is in PaymentWorks is in Workday, courtesy of that connector, and it’s been a really exciting opportunity for us to develop that and to work with that team.
Adam Abner: Hey, Brian, we have a question about the process for that [00:41:30] simplification. Can you speak to that?
Brian Kirkley: Sure, so what we did is as many of you know, there are lots of different data points that we use for supplier onboarding, whether that’s XPE, women and minority-owned businesses, whether that’s different remit to addresses, some internal specific items that we track, and so whether that’s insurance, provided insurance forms, certificates of insurance, we kind [00:42:00] of looked at… We required a vendor to provide every single item that we could think of that we may ever need. And so, what we did is we started to look at that and say, “Are these attachments required? Are there any areas of our form that contradict one another?” So, if we ask for a W-9, which is required through the payments onboarding, but then we ask somewhere else for their entity type, we’ve just created an opportunity for them to misalign and that they identify themselves as an improper [00:42:30] entity than what their W-9 says.
So we looked at, how can we streamline in this form and make sure that all of the fields have a purpose and that they’re not contradictory to one another? Because what we were finding was a vendor oftentimes may interpret the question slightly different than how we intended it, and that’s something that happens. We’ve provided hints, we’ve provided kind of tutorials and walked them through those processes, but oftentimes you get people that they just read the question a little bit differently or maybe they skim [00:43:00] over a part of it, and so they answer it how they interpret it. Well, every single time that that’s answered incorrectly, we want to have accurate data in PaymentWorks, we’ve got to send that back to the vendor, we’ve got to have them make the update and then they resubmit it and then we go back and we review that.
And I’ll say that just trimming that down has eliminated a lot of that back and forth with vendors, which is part of their frustration with the onboarding experience at times is just that amount of back and forth with getting that data correct because they may see something slightly different [00:43:30] or they may interpret it slightly different and we’ve got to jump on a call and make sure we talk to them. And so, those are what we’ve done is just make sure we don’t have any duplicates, make sure we don’t have anything that’s contradictory, and then make sure that we’re using the data fields that we’re asking for. I will say for those of you already using PaymentWorks, the bolding, the coloring, the call out of their important fields, whether that’s sanctions or verification process, those are incredibly useful when you’re looking through supplier data, and so we really appreciate those, but you can also… [00:44:00] For our purposes, we have a step-by-step guided tutorial for all of my team as they’re processing a vendor of the different areas and data points that they’re looking for for any sort of risk of fraud and/or issues.
Adam Abner: And that reminded me, as you were mentioning the sanction alerts, that’s also additional control that has helped us because previous to that, we would have to do an annual review of our vendors by getting with the company to make sure that there was no sanctions [00:44:30] against them, to make sure that we’re in compliance with federal, financial awards, and now with the ongoing sanctioned alerts that comes through with PaymentWorks, that acts as a stronger control than what we had previously. It ensures that we’re compliant for federal grants. So, PaymentWorks doesn’t just help us with external fraud, but it also acts as additional controls for us and other risks that we have as a college.
Brian Kirkley: And one important thing to call out [00:45:00] for sanctions while we’re on those is, so when we started on PaymentWorks, they had sanctions coming in and we received the full gamut of sanctions and it wasn’t a la carte, so to speak. So, one of the things is if you are receiving a lot of false positives, you’re receiving a lot of alerts with sanctions with vendors that you’re looking through. If you focus on the specific sanctioned groupings that you’re required to review and/or report on… So for us, that’s the OFEC list [00:45:30] and the denied entities list, we trimmed that down to make sure that we received those results, which eliminated 99% of our false positives of any sort of sanctions that were coming through for vendors.
And that was a huge iterative approach and update of our form in that it wasn’t necessarily on the form that the vendor saw, but it allowed us to expedite the vendor onboarding process because we were receiving a lot of sanction alerts for vendors who we were like, “This is from an entirely unrelated process that isn’t necessarily [00:46:00] important to us or that we’re regulatory required to report on, but it’s something that once it’s identified and we’re aware of it, we want to make sure that we are processing that and having our due diligence of making sure.” So, we kind of looked at, how can we expedite this process, how can we make this better? And so, we really focus on the areas that we’re required to report on, and that has really helped with those sanction alerts as well.
Megan Diakoumis: Awesome, you guys are doing great, so thank you. I have [00:46:30] one other question for you. Hopefully, we have time for some more that come in, so feel free, keep the questions coming within the comment section. But Brian and Adam, I would love to hear your advice, obviously you’re the true experts in building a business case, so help us understand, what advice would you give somebody that’s looking to make a case for a solution like PaymentWorks? How did you build that business case? What resources did you need to make something like that happen?
Adam Abner: And I think it comes back to what we talked about previous is what’s [00:47:00] those costs of those controls you’re going to put in lieu of that? When we thought about it, were we going to purchase additional insurance? Were we going to hire more people to keep on doing these reviews and can we put it in a way that was going to not cause issues with our vendors? Like Brian was mentioning earlier, you don’t want to keep on contacting vendors over and over, and as we talked about, there is a risk of human error here and it didn’t make sense for us to hire an additional employee [00:47:30] who all they were going to do was verify and then have another person verify and contact them multiple times causing issues.
So, we really had to look for a solution that was more cost-effective, with identification, with PaymentWorks, you’re already getting that insurance aspect also. So, it was kind of like bundling all the controls together, and with the software solution, it was creating controls that we couldn’t create outside of the software solution in an effective way. [00:48:00] So, basically for us was the alternative was more expensive, one, either it wasn’t going to reduce risk and the fraud risk for us to a sufficient level or two, even if we tried to do more additional controls, the cost was going be way more than what PaymentWorks was. Brian, do you have anything to add to that?
Brian Kirkley: Yeah, whenever you are going down this path of vendor fraud onboarding management, I think you’re going to be presented [00:48:30] with PaymentWorks, a mature solution that is cost-effective and provides you with a lot of functionality. And when you go look, even if you decided, “Hey, I’m going to look for competitors,” they kind of started to write the book on this process and the fact that you have the sanction alerts, you have the fraud, and the banking verification, you have the address verification, and all of that wrapped up into one software platform that you’re using, the streamlined nature of that is priceless, to steal from MasterCard, [00:49:00] but it’s something that the value on that return on investment is really high and that the amount of people that you would need to hire, the amount of other tools that you would need to buy to do what PaymentWorks does, and you’re losing their expertise in doing that, you’re training that team, you’re relearning that process, for us, it was a no-brainer.
It was an easy purchase, it was something that they evaluated at the time in 2019, and we have seen that return on investment every year since, and it’s something that [00:49:30] we really believe in because we want to make sure that our vendors are accurate, and we’ve had zero fraud instances… We’ve had attempts, but we’ve had zero fraud instances that even made it out of the gate since then, and we’ve had one specifically that PaymentWorks caught themselves that made it through some of our internal reviews at the time. And so, it was really exciting for us to see that working in process and for our CFO to see that, hey, PaymentWorks found this. It’s doing what it was intended to do.
Adam Abner: Right, Brian. I think [00:50:00] we have another question here.
Megan Diakoumis: We do, even though that was a phenomenal place to end, but I have to ask one more question that we have. So from Megan, “Our vendor onboarding process currently occurs across three different departments. How do you communicate out to different departments who are utilizing these vendors? Do you suggest a vendor management cross department committee?” Great question, Megan.
Brian Kirkley: Our onboarding process, the invitations occur across [00:50:30] all campuses. So, they have the ability to interact with the vendors. And so, those campuses utilizing those specific vendors are the ones who kickstart that relationship and they’re the ones who actually transact with that vendor to start. We don’t provide communication out to the other campuses that those vendors are now available for use. All that we are doing is we’re working with that campus to get that vendor onboarded, and then oftentimes those business offices are talking to one another. And one of the things that we’ve done since moving to Workday is [00:51:00] we’ve utilized our ability to tag our vendors, so that people can see existing vendors with different supplier tags and supplier groupings that allows them to identify what existing vendors we have, but we don’t do anything as far as this vendor was created and now it’s available for use across the college. It’s something that we allow them to operate with autonomy on the campus levels as long as they’re reviewing our existing vendor dataset.
Adam Abner: But we do include some reports that are [00:51:30] available for them to see that data for, like Brian was mentioning, they can search by the work tag to identify those. And then from just the vendor process, the business office does get together, we do meet with the business offices to provide training on the vendor process.
Brian Kirkley: And I will say as far as that vendor management across departmental committee, all of our campuses are included in our discussions. So, we want to make sure each of them have a voice on [00:52:00] our vendor onboarding process. And so we may not necessarily have an official committee, but it is something that we regularly communicate with those stakeholders and we bring them in for those discussions, and we make sure that we hear from all those campus business offices because again, at the end of the day, not only are they interacting with the vendors, but they’re inviting them and they heavily utilize all of our requisitioning process, our procurement process with these vendors. And so, we want to make sure that they have a great understanding of how to find those vendors that we currently have and how they can utilize them.
Megan Diakoumis: [00:52:30] Beautiful. Well, I don’t believe we have any further questions, so maybe we will end now. Again, I just want to thank Brian and Adam for joining us today. Your story is phenomenal. We are very grateful for your time today. We can surely tell that you guys are sleeping better at night, so we love to see that, and again, look out for a replay following today’s session. And again, thank you so much for joining us today. I hope you have a wonderful holiday. (singing).
Our resources below are full of ready-to-implement insights and tips.
With both the Ivy Tech Community College Fireside Chat and these resources, you’ll have everything you need to begin moving toward your ideal state in vendor management.
What’s the Cost of Not Investing in Automating Your Vendor Management
5 Ways Your Supplier Master Data is Costing You Money- Compliance Edition
5 Ways Your Vendor Master Data Mistakes & Fraud Are Costing You Money
The 4 Secrets of Strategic Vendor Management
5 Things to Know About Vendor Onboarding Software
Schedule some time to speak with our team
We’d love to walk through your process with you and talk about security, compliance, efficiency and sleeping better at night.
© Copyright 2025 - PaymentWorks
