Fraud Risk Benchmark Survey Question Title * 1. Where do you see the greatest risk in vendor onboarding? Fraudulent bank account information Onboarding organizations or individuals named on sanctions and other watch lists (OFAC, OIG, SAM, etc.) Incorrect Taxpayer Identification Number (TIN) Other incorrect information (address, etc.) Vendor false identity Vendor criminal background Other (please specify) OK Question Title * 2. Regarding the risk in onboarding vendors, over the next five years do you see vendor onboarding risk: Increasing Decreasing Remaining about the same OK Question Title * 3. Over the last three years, have your vendor onboarding risk mitigation procedures: Increased Remained constant Decreased OK Question Title * 4. Which of the following best describes your risk mitigation procedures? Mostly manual Mostly automated Evenly divided between manual and automated OK Question Title * 5. If you have implemented manual risk mitigation procedures, which would you like to automate? (check all that apply) Vendor bank account verification Sanctions and watch lists (OFAC, OIG, SAM, etc.) verification Taxpayer Identification Number (TIN) verification Verification of other information (address, etc.) Identity verification Criminal background check Other (please specify) OK Question Title * 6. Which of the following do you believe is the biggest weakness in your supplier onboarding and registration process that contributes to higher risk of payment fraud and compliance issues? Too many manual processes Lack of internal controls Lack of visibility into the process Ability to override internal controls Lack of human review OK Question Title * 7. Compared to two years ago, how do you believe your organization’s risk of payment fraud changed? Our risk of payment fraud is significantly higher. Our risk of payment fraud is slightly higher. There has been no change in our risk of payment fraud. Our risk of payment fraud is slightly lower. Our risk of payment fraud is significantly lower. OK Question Title * 8. Within the last year, how many times has your AP department experienced attempted or successful payment fraud? More than 5 instances of attempted or successful payment fraud 5 instances of attempted or successful payment fraud 4 instances of attempted or successful payment fraud 3 instances of attempted or successful payment fraud 2 instances of attempted or successful payment fraud 1 instance of attempted or successful payment fraud We have not experienced attempted or successful payment fraud in the past year OK Question Title * 9. Does your organization currently have a way to validate supplier bank account details automatically? Yes No, but planning to deploy a solution within 6 months No, but planning to deploy a solution within 6 to 18 months No, and no plans to deploy a solution OK Question Title * 10. Compared to two years ago, how do you believe your organization’s risk of compliance issues related to supplier onboarding and registration changed? Our risk of compliance issues is significantly higher. Our risk of compliance issues is slightly higher. There has been no change in our risk of compliance issues. Our risk of compliance issues is slightly lower. Our risk of compliance issues is significantly lower. OK Question Title * 11. Does your organization validate vendor taxpayer identification numbers (TINs) through the IRS TIN Match program, whether directly or through a 3rd party? Yes, consistently Yes, inconsistently No OK Question Title * 12. Does your organization screen vendors against government sanctions and barred-parties watch lists? (e.g. OFAC's SDN, OIG LEIE, SAM, etc.) Yes, consistently Yes, inconsistently No OK Question Title * 13. Does your organization currently have a way to automatically screen companies, persons and parties against OFAC's SDN and other watchlists? Yes No, but planning to deploy a solution within 6 months No, but planning to deploy a solution within 6 to 18 months No, and no plans to deploy a solution OK Question Title * 14. Does your organization currently have a solution for automatically matching the Taxpayer Identification Number (TIN) provided by suppliers? Yes No, but planning to deploy a solution within 6 months No, but planning to deploy a solution within 6 to 18 months No, and no plans to deploy a solution OK Question Title * 15. Does your organization currently use a self-service portal to collect and validate supplier information? Yes No, but planning to deploy a portal within 6 months No, but planning to deploy a portal within 6 to 18 months No, and no plans to deploy a solution OK DONE