Workflow-Driven Governance for Retail Master Data
Project Type
Workflow Automation
Date
Oct 2025
Location
Brisbane, Australia
Role
Finance Consultant
Client Industry
Furniture Retail
Tech Stack
M3 Events Framework
Infor ION Workflow
Infor ION API Orchestration
REST APIs
M3 Business Engine APIs / MI Programs
JSON Payloads
OAuth 2.0 / Token-Based Authentication
The Client
The client is a large Australian furniture and homewares retailer operating a nationwide store network supported by e-commerce and home delivery. The organisation manages high-volume retail operations across multiple locations, with integrated supply chain, merchandising, and finance functions focused on delivering affordable, value-driven products to consumers.
The Challenge
Users were able to create and maintain bank account details for suppliers and customers directly in the ERP, including highly sensitive information such as BSB and account numbers, PayID, BPAY biller codes, and international IBAN and SWIFT details. Given the critical nature of this data, the client needed stronger controls to prevent unauthorised or incorrect bank account usage, reduce fraud risk, and enforce a formal approval process—without introducing delays or manual follow-ups. The existing setup lacked automated approval routing, auditability, and out-of-office handling for delegated authorities.
The Solution
A secure, event-driven bank account approval framework was implemented using Infor M3 Events, Infor ION workflows, and REST APIs to control both the creation and ongoing maintenance of sensitive bank details. M3 Events detect new bank accounts as well as any post-approval changes to critical fields (BSB, account number, PayID, BPAY, IBAN, SWIFT), automatically setting the account to inactive and triggering an ION-orchestrated approval workflow. Required party and bank data is retrieved via REST APIs, transformed into JSON payloads, and embedded into device-agnostic email notifications for review.
Approval routing is handled dynamically through ION based on system-defined delegated authorities, with automatic escalation to the next manager when an approver is marked out of office in the user management module. Approvers can approve or reject directly from the workflow; approvals activate the bank account via M3 APIs, while rejections retain inactivity and return comments to the originating user. Any subsequent updates to sensitive fields re-trigger the same workflow, ensuring continuous governance, auditability, and fraud-resistant control over bank master data.
