Case Study: How an Accounting Firm Scaled Supplier Risk Reviews Across 80 Clients

The Advisory Firm Problem

Consider a mid-sized accounting practice with offices in Brisbane and Cairns, serving about 400 business clients ranging from sole traders to companies with $50M in annual revenue. Their business advisory team offered a supplier risk review service to approximately 80 of those clients — SMEs that lacked an internal accounts payable compliance function.

The service had grown organically. What began as a value-add for a few key clients became a regular engagement after a client experienced a significant payment fraud event. Word spread. But the manual process hadn't scaled with demand.

The Manual Process Breaking Point

The advisory team's process for a typical client review involved:

1. Export the active supplier list from the client's accounting software
2. Check each ABN on the ABR website
3. Note GST registration status
4. Google the business name to look for a website
5. Check ASIC Connect for company registration (for Pty Ltd entities)
6. Document findings in a Word template

For a client with 80 suppliers, this took 3–4 hours. Across 80 clients, the team was spending over 40 hours per month on supplier review work — the equivalent of a full-time junior staff member. And they were only doing it quarterly for most clients. The more important a client was, the harder it was to schedule the review.

More troubling: the reviews were inconsistent. Different staff applied different levels of rigor. One analyst might spot a young ABN; another might miss it. There was no standardised threshold for escalation, and the manual Google search for web presence was highly subjective.

The Shift to Systematic Verification

The practice integrated Gumshoe into their advisory workflow, initially trialling it on their 20 highest-risk client engagements — those with larger supplier bases or in higher-risk industries (construction, labour hire, hospitality).

The first finding came within the first week. A construction client with 110 active suppliers had six entities flagged with WARN or FAIL status. Two were simply cancelled ABNs that had slipped through — the businesses had closed and the client had forgotten to deactivate them in their system. Neither represented fraud, but both created compliance exposure around the GST treatment of recent invoices.

The third flagged supplier was more significant: a labour hire entity with a 4-month-old ABN, no ASIC registration, no website, and a domain registered three weeks before the first invoice. The assurance score: 29%. The client had been paying this entity $22,000 per month for "project staffing."

The Email Infrastructure Signal

One finding that surprised the advisory team was how useful the email infrastructure checks turned out to be. A legitimate business that has been operating for several years almost invariably has MX records, and many have at least basic SPF configuration. The absence of both — particularly when combined with a young ABN — is a reliable compounding signal.

For the labour hire entity, the email domain had no MX records at all. Invoices were being sent from a Gmail address. When the client was asked about this, they noted that all communications had indeed been via Gmail and a mobile number. No formal business email, no physical address, no account manager name — just a first name and a mobile.

The investigation confirmed this was a phoenix entity — a former subcontractor who had lost their legitimate ABN, registered a new one, and continued trading under a different name while pursuing the same client relationships.

Scaled Workflow and ROI

After the trial period, the practice rolled out systematic verification across all 80 advisory clients. Monthly re-verification of active suppliers above a $5,000 annual payment threshold was added as a standard engagement deliverable.

Time spent on supplier reviews dropped from 40+ hours per month to under 4 hours — a 90% reduction. The saved capacity was redeployed to higher-value advisory work. The practice also introduced a tiered verification service offering: standard (quarterly), enhanced (monthly with email alerts), and premium (real-time with phone verification for high-value suppliers). The enhanced and premium tiers attracted a price premium that more than offset the cost of the service.

One partner noted that the shift also changed client conversations: "Before, we'd hand over a spreadsheet. Now we hand over a structured report with PASS/WARN/FAIL for every supplier, data sources cited, and a clear assurance score. Clients understand it immediately. It looks like a proper audit deliverable — because it is."

Key Takeaways for Accounting Practices

• Consistency matters more than depth in high-volume reviews — applying the same eight checks to every supplier, every time, is more valuable than occasionally doing a deep review on a subset.
• Email infrastructure is an underrated signal — manual processes almost never check it. Automated verification catches it every time.
• The audit trail is a practice liability management tool — being able to show a client that you verified their supplier base on a specific date, with documented findings, changes the professional liability conversation.
• Cancelled ABN creep is universal — every practice that runs an initial bulk verification finds cancelled ABNs that have slipped through. It is not an edge case.