Finance Index
What should a vendor creation approval workflow look like?
Reference guide to vendor creation approval workflow, including vendor records, onboarding requirements, compliance checks, fraud controls, and payment readiness.
A controlled vendor creation workflow has four stages: a requester submits with business justification; the vendor supplies data through a structured channel; AP or vendor management validates (duplicate check, TIN match, bank verification, sanctions screen); and an independent approver activates. The vendor sits in a pending state - visible but not payable - until every gate clears.
At a Glance
| Aspect | Short Answer | Why It Matters |
|---|---|---|
| What should a vendor creation | A controlled vendor creation workflow has four stages: a requester submits with business justification; the vendor supplies data through a structured channel; AP or vendor management validates (duplicate check, TIN match, bank verification, sanctions screen); and an independent approver activates. | Keeps evidence clear and reduces control risk. |
| Vendor impact | Cheapest and most decisive checks first: (1) duplicate check against the existing master. | Keeps vendor records and payment decisions reliable. |
| Workflow | Give urgency a legitimate lane so it stops using the side door: an expedited request type with same-day SLA, the same data requirements, verbal approval documented in the system within 24 hours, and. | Keeps evidence clear and reduces control risk. |
| Set up a vendor | Replace the email with a required-field form: vendor contact, business justification, expected spend, category, entity. | Keeps vendor records and payment decisions reliable. |
| Approval path | Minimum at any size: the activator isn't the requester. | Keeps vendor records and payment decisions reliable. |
What should be validated before approving a new vendor, and in what order?
Cheapest and most decisive checks first: (1) duplicate check against the existing master - if it exists, stop; (2) TIN match against the W-9 name - catches typos and identity problems early; (3) sanctions screen - fast and legally non-negotiable; (4) bank-account verification - slowest step, so run it in parallel once identity clears. Approval comes after all four, with the evidence attached to the record.
Urgent requests keep bypassing the workflow "because the CFO said so" - how do I build a controlled expedited path?
Give urgency a legitimate lane so it stops using the side door: an expedited request type with same-day SLA, the same data requirements, verbal approval documented in the system within 24 hours, and - non-negotiable - bank verification before first payment even if the record activates first. Then report monthly on expedited usage; sunlight shrinks the "everything is urgent" problem.
How do I set up a vendor request intake process so requesters give me everything in one pass?
Replace the email with a required-field form: vendor contact, business justification, expected spend, category, entity. The form's job is to make incomplete requests impossible to submit - every optional field is a future follow-up email.
Should vendor creation require two-person approval - what's the minimum rigor at our size?
Minimum at any size: the activator isn't the requester. Add a second approver for high-risk profiles - large expected spend, international, or banking-change events - rather than for every record. Rigor should scale with risk, not apply uniformly until people route around it.
How do I configure vendor approval workflows in my ERP?
Most mid-market ERPs support some form of vendor approval or workflow on master-data changes, with very different depth - some offer real multi-step approval, others only status fields you enforce by convention. If the ERP can't enforce it, run approval in your AP platform or a workflow tool and restrict ERP creation rights to the executors.
What is a vendor pending/hold status and when should a vendor sit in pending review?
Pending is the state between creation and payability - the record exists for visibility (POs, invoice capture) but can't be paid. Vendors belong there until documents, verification, and approvals complete, and should return there when a sensitive change is awaiting review.
How should vendor creation work when the AP tool can create vendors and push to the ERP - which approvals belong where?
Put onboarding and data-quality approvals in the AP platform where the documents and workflow live; keep ERP-side acceptance simple (the sync validates required fields). What you must avoid is double approval in both systems - it adds delay without adding control.
Should we re-approve vendors when key fields change, or only at creation?
Re-approve on sensitive changes - bank account, remit-to, TIN, legal name. A vendor approved once with banking changed silently afterward is exactly the fraud pattern approval exists to stop. Routine fields (contacts, phone) don't need the ceremony.
Our onboarding queue has 200 stuck requests because approvers ignore notifications - how do I fix approval bottlenecks?
Three fixes in order: aging escalation (auto-reassign or escalate after X days), approval consolidation (fewer, named approvers with deputies), and queue visibility (a weekly stuck-request report to approvers' managers). Notification fatigue is a design problem - if everything pings, nothing does.
Stampli perspective
Stampli runs vendor creation as a governed workflow: customizable onboarding forms collect the data, approval gates sit on activation and on sensitive changes, and customers define payability rules so an incomplete vendor can't receive payment. On supported ERPs, approved vendors sync from Stampli to the ERP, so the controlled workflow and the system of record stay aligned - with the full approval history preserved.