Email-based supplier onboarding to OPA policy checks, synced to SAP/Ariba with approvals

Overview

A consumer electronics manufacturer’s supplier onboarding bogged down because compliance documents arrived in mismatched formats and lived in email threads. Intelligex implemented a supplier portal that extracted key fields from uploaded certificates, checked them against a policy engine, and pushed clean, approved data into existing procurement and ERP systems. The process shifted from back-and-forth requests to a governed workflow with clear approvals, consistent records, and fewer rejections.

Client Profile

• Industry: Consumer electronics manufacturing
• Company size: Global supply base with contract manufacturers and component vendors
• Stage: Mature sourcing function modernizing supplier lifecycle management
• Department owner: Procurement, Supply Chain & Logistics
• Other stakeholders: Quality, Environmental Health & Safety (EHS), Legal/Compliance, Finance/AP, IT/Security, Regional Sourcing Teams, Supplier Development

The Challenge

New suppliers and site renewals required a stack of artifacts: tax forms, bank verification, certificates of insurance, quality certificates, and environmental attestations such as RoHS, REACH, and conflict minerals templates. Each arrived as a different format—PDFs, scans, spreadsheets—and each was handled in a separate email thread. Buyers rekeyed details into the vendor master and asked for clarifications by email. Documents expired at different times, and reminders were hit or miss. Onboarding stalled over missing fields, inconsistent naming, and unclear ownership of approvals.

The source of truth for vendors lived in the ERP and the procurement suite. Those systems handled purchase orders and invoices reliably, but they were never designed for parsing scans or checking nuanced policy rules like insurance limits by spend tier or REACH declarations by product category. The team needed a way to standardize intake and validation without forcing suppliers or internal teams to switch core tools, and without asking IT to rebuild master data models.

Samplers and small suppliers added complexity. Many documents were signed locally and scanned from paper, logos shifted layouts between renewals, and some attestations arrived in regional languages. The team spent hours confirming what was missing, verifying that a certificate referenced the correct legal entity, and tracking down approvers. Audits were painful because proof of policy checks and the who-approved-what lived in inboxes.

Why It Was Happening

Supplier onboarding was treated as a series of ad hoc tasks rather than a structured workflow. Email served as the intake, classification, and approval mechanism. Without a normalized data model, key fields like effective dates, legal entity names, and policy numbers were extracted by hand and entered inconsistently. Ownership was split: Procurement owned vendor setup, Quality owned certification review, EHS owned environmental compliance, and Legal owned terms. There was no shared gate to reconcile these obligations before creating or updating a vendor record.

Rules lived in people’s heads and scattered spreadsheets. For example, spend tiers determined insurance coverage requirements; region and part category determined which environmental attestations were required. Because rules were not encoded, reviewers made case-by-case decisions, which led to rework, rejections late in the process, and uneven treatment between sites and categories.

The Solution

Intelligex deployed a supplier portal that centralized document intake, extracted structured fields from uploaded files, and evaluated them against a policy engine before routing for human review. The portal integrated with the existing ERP vendor master and procurement suite, so approved records and statuses flowed into the systems teams already used. Suppliers self-served submissions and renewals, and internal reviewers worked from a single queue with clear stages, exceptions, and an audit trail.

• Document extraction using a production-grade OCR and form understanding service to pull fields from certificates, attestations, and forms, with templates for common structures and free-form parsing for scans. Reference: AWS Textract.
• Policy-as-code checks to enforce requirements by supplier tier, region, category, and risk flags. Rules authored and versioned using Open Policy Agent (OPA) patterns.
• Integration to ERP vendor master (SAP S/4HANA or Oracle ERP Cloud) and the procurement suite (e.g., Coupa or SAP Ariba Supplier Lifecycle) to create or update vendor records, bank validation status, and compliance flags.
• Workflow states for intake, automated checks, reviewer assignment, approved, and returned for correction, with role-based permissions for Procurement, Quality, EHS, and Legal.
• Exception handling for unreadable scans, ambiguous entities, and missing attestations, with guided supplier prompts and internal escalation paths.
• Expiry tracking for time-bound documents with reminders to suppliers and reviewers ahead of lapses; auto-quarantine of suppliers when critical artifacts expire.
• Multi-language support for common document types and assisted translation for key fields when source documents are not in the primary language.
• Audit trail capturing extracted fields, rule evaluations, reviewer decisions, and publish events to downstream systems.
• Supplier-facing help, templates, and examples for environmental reporting, including links to standard templates like the Conflict Minerals Reporting Template (CMRT). Background: RMI CMRT.
• Security controls aligned to privacy and infosec policies, with access segregation between supplier-submitted documents, internal reviews, and ERP updates.

Implementation

• Discovery: Inventory of required documents by supplier type, spend tier, category, and region. Mapped the current approval chain, ERP fields, and procurement suite requirements. Collected representative samples, including low-quality scans and regional formats, to train extraction and define confidence thresholds.
• Design: Defined the data model for extracted fields, policy inputs, and approval metadata. Authored initial OPA rules for insurance, quality certifications, environmental attestations, and banking verification steps. Designed integration touchpoints to ERP and procurement systems to avoid changing vendor master schemas.
• Build: Stood up the portal, configured document extraction templates, implemented the policy engine and routing, and built connectors to create or update vendor records and compliance flags. Added supplier guidance, dynamic checklists, and validation at upload to catch obvious gaps early.
• Testing and QA: Ran extraction and policy evaluation in shadow mode on live submissions, comparing results to reviewer decisions. Tuned templates for low-quality scans and multilingual documents. Verified that policy failures produced clear supplier guidance. Confirmed that only approved records updated ERP and procurement systems.
• Rollout: Launched with new suppliers in selected categories, then extended to renewals. Kept email intake open temporarily, but triaged those into the portal for consistency. Enabled expiry reminders and quarantine rules after reviewers saw stable behavior. Feature flags allowed quick rollback of individual checks.
• Training and hand-off: Delivered role-based sessions for Procurement, Quality, EHS, and Legal on queues, exceptions, and approvals. Provided supplier-facing guides and office hours during the first cycles. Established a cross-functional review board to adjust rules based on real cases.
• Human-in-the-loop review: Reviewers saw extracted fields, source document snippets, policy results, and prior decisions. They approved, requested changes, or granted exceptions with a required rationale. Exceptions were time-bounded and visible to downstream users.

Results

Onboarding moved from scattered emails to a predictable workflow. Documents were parsed once, fields were standardized, and policy checks surfaced issues early with specific guidance for suppliers. Approvals happened in sequence with clear ownership, and only complete, approved records flowed into vendor master data. Rejections dropped because suppliers saw what was missing and why before a reviewer ever touched the file.

Audit readiness improved. Every decision, rule evaluation, and change to a supplier’s status was captured, along with the underlying document snippet that supported it. Expiry management became systematic, so lapsed certificates no longer surprised buyers mid-negotiation. Teams stopped re-entering the same data into multiple systems, and onboarding conversations focused on risk and capacity rather than document housekeeping.

What Changed for the Team

• Before: Email attachments and manual rekeying; After: Portal intake with extracted fields and structured records.
• Before: Reviewer interpretations varied; After: Policy-as-code checks with consistent criteria and visible exceptions.
• Before: Approvals buried in threads; After: Role-based queues with audit trails and clear handoffs.
• Before: Expirations discovered late; After: Automated reminders and quarantine rules tied to critical documents.
• Before: ERP updates delayed by missing data; After: Only approved, complete records synchronized to vendor master data.
• Before: Suppliers unclear on requirements; After: Guided checklists, templates, and immediate feedback at upload.

Key Takeaways

• Treat supplier onboarding as a governed workflow with shared rules and ownership, not an email inbox.
• Extract structured data from documents once, validate it automatically, and reuse it across systems to reduce rework.
• Encode requirements as policy so teams enforce the same standards across regions and categories, while keeping humans in control of exceptions.
• Integrate with ERP and procurement systems rather than replacing them; publish only approved, complete records downstream.
• Manage expirations proactively with reminders and automated holds to avoid surprises during sourcing cycles.
• Give suppliers clear guidance at the point of upload to prevent avoidable back-and-forth.

FAQ

What tools did this integrate with?
The portal synchronized approved records to the existing ERP vendor master (such as SAP S/4HANA or Oracle ERP Cloud) and the procurement suite (e.g., Coupa or SAP Ariba Supplier Lifecycle). Document fields were extracted using a production OCR/form service like AWS Textract. Policy checks followed Open Policy Agent conventions, and environmental templates such as CMRT were supported out of the box.

How did you handle quality control and governance?
Key fields were extracted with confidence thresholds. Low-confidence extractions routed to manual review with side-by-side document snippets. Policy-as-code enforced consistent checks, and any exception required a named approver and rationale. Every decision, rule version, and publish event was logged for audit, with access controls aligned to roles.

How did you roll this out without disruption?
We started with a subset of categories and new suppliers, ran extraction and policy checks in shadow mode, and kept email intake as a safety valve while teams learned the workflow. ERP and procurement integrations remained read-only until reviewers confirmed accuracy. Feature flags allowed gradual enforcement of checks and easy rollback if needed.

Can the portal handle different document types and languages?
Yes. Common document templates were configured for fast, high-confidence extraction, while free-form parsing handled scans. The system recognized multilingual fields for standard certificates and routed ambiguous cases to human review. Supplier guidance included localized instructions and example templates.

How are expirations and renewals managed?
Each time-bound document captured effective and expiry dates during extraction. The portal scheduled reminders to suppliers and owners, held high-risk vendors when critical artifacts lapsed, and reopened the workflow to collect updated documents before expiration. Changes flowed to ERP and procurement systems only after approval.