Workflow Templates for Accounting: New Vendor Onboarding Checklist

Vendor Information Collection

Capture the legal name and any DBAs

Match the legal name exactly to the secretary-of-state filing — checks issued to a DBA that doesn't match the registered entity get returned. Capture every DBA the vendor invoices under so AP doesn't open duplicate records later.

Request a signed W-9 from the vendor

Get the W-9 before the first payment, not at year-end — chasing W-9s in January is the most common 1099 prep blocker. Confirm the TIN, entity classification, and exempt-payee status are completed; an unsigned or partially-completed W-9 doesn't satisfy IRS Pub 1281 backup-withholding rules.

Determine 1099-NEC eligibility

Read the entity classification on line 3 of the W-9. Sole proprietors, single-member LLCs, partnerships, and most LLCs taxed as partnerships are 1099-eligible. C-Corps and S-Corps are exempt — except for legal and medical services payments, which are reportable regardless of entity type. Flag the answer here so the GL setup later picks it up.

Record remit-to address and AP contact

Capture the remit-to address (often differs from the corporate HQ on the W-9), AP contact name, AP email, and AP phone. This is the address that goes on 1099s; remit-to changes mid-year are a frequent source of returned forms.

Compliance and Risk Assessment

Screen the vendor against OFAC and SAM.gov

Run the legal name and any beneficial owners through the OFAC SDN list and SAM.gov exclusions. Save the screenshot or report to the vendor folder — Treasury enforcement requires evidence of the check, not just the result.

Verify the TIN through IRS TIN Matching

Submit the name and TIN through the IRS e-Services TIN Matching program. A mismatch returned at year-end triggers CP2100 notices and 24% backup withholding obligations on prior payments — far cheaper to catch the typo now.

Assign a vendor risk tier

Tier based on annual spend, data access, and criticality. High = >$100K/yr, accesses client PII, or sole-source. Medium = $25K–$100K or moderate access. Low = under $25K and no sensitive access. Tier drives whether enhanced due diligence is required.

Pull a D&B or Experian business credit report

Look at PAYDEX, years in business, suits and liens, and any UCC filings. A vendor with a deteriorating PAYDEX or recent UCC filings is a going-concern risk that affects payment-term negotiations.

Request audited financial statements

For high-tier vendors only: request the most recent audited or reviewed financials and the SOC 1/SOC 2 report if they handle client data. Have the controller review for going-concern language and material weaknesses before signing the contract.

Documentation and Contracts

Collect the certificate of insurance

Request a current ACORD 25 with general liability, workers' comp (if they have employees), and professional liability where applicable. Check the expiration date — set a 30-day pre-expiration reminder so coverage doesn't lapse mid-engagement.

Confirm the firm is named as additional insured

Read the certificate holder block and the additional-insured endorsement (CG 20 10 or CG 20 26). A COI without an endorsement only names the firm for notification purposes — it doesn't actually extend coverage. Reject and re-request if the endorsement is missing.

Execute the master services agreement

Negotiate and route the MSA through DocuSign. Confirm scope, deliverables, payment terms, indemnification, data-handling, and termination clauses match what was scoped. File the fully-executed PDF in SmartVault under the vendor folder.

Account Setup and Payment Terms

Create the vendor record in Bill.com

Set the legal name, DBA, remit-to, default GL account, and approval routing. Sync to QuickBooks Online once the record is clean — fixing a duplicate vendor in QBO after bills have posted is a multi-step reclass.

Configure payment terms and early-pay discounts

Default to Net 30 unless the contract specifies otherwise. Capture any 2/10 Net 30 discount terms in the vendor record so AP can take the discount automatically. Note any deposit or progress-billing terms separately.

Verify ACH banking via micro-deposit

Never accept banking details by email — that's the most common BEC attack vector against AP. Require the vendor to enter routing and account through Bill.com's verified channel and confirm the micro-deposit amounts. Phone-verify any change request to existing banking on file.

Flag the vendor as 1099-NEC eligible in the GL

In QBO, check 'Track payments for 1099' on the vendor profile and map the default expense account to a 1099-NEC box-1 category. Without this flag set at activation, year-end 1099 prep has to back-fill from bill detail — slow and error-prone.

Internal Process Alignment

Notify AP, purchasing, and receiving of activation

Send the activation note to AP, purchasing, and the requesting department lead with the vendor ID, payment terms, approved spend categories, and any PO requirements. Without this hand-off, the first invoice tends to arrive before AP knows the vendor exists.

Distribute the vendor onboarding packet

Send the vendor the onboarding packet: invoice formatting requirements, PO reference policy, AP contact, payment schedule, and the WISP-aligned data-handling expectations if they touch client data. Sets the bar for clean invoices from invoice one.

Schedule the 90-day vendor performance review

Calendar a 90-day check-in with the requesting department: are deliverables on schedule, are invoices clean, are payment terms working for both sides? Catches misaligned scope or pricing while it's still cheap to renegotiate.