AWS Partner Network (APN) Blog

Accelerating Public Sector Financial Processes with Baker Tilly Digital’s Procure-to-Pay Portal on AWS

By Andrew Clark, Sr. Solutions Architect – Baker Tilly
By Jesse Pokora, Sr. Solutions Architect – Baker Tilly
By Puneet Kalra, Partner Solutions Architect – AWS

Baker Tilly Digital

In striving to meet the digital needs of the modern world, organizations require advanced digital transformation solutions that propel them ahead of their competition.

In the public sector specifically, organizations are ripe with opportunities to digitize their services to streamline inefficiencies, provide better access to information and services, and migrate from outdated on-premises systems to protect their data and better utilize it to make informed decisions.

In this post, we will highlight how Baker Tilly Digital, an AWS Advanced Tier Services Partner and AWS Marketplace Seller, helped a government contractor develop a serverless procure-to-pay (P2P) portal on Amazon Web Services (AWS) deployed in AWS GovCloud (US).

The P2P portal helped automate vendor management, improve the pre-award capabilities, transform the purchase ordering system, and simplify invoicing. It also improved the ability to scale capabilities, lower costs, build better applications, and support increased security.

Solution Background

Baker Tilly Digital worked with a not-for-profit company chartered to operate multiple Federally Funded Research and Development Centers (FFRDCs), which are unique organizations that serve as long-term strategic advisors to the U.S. government. They assist with scientific research and analysis, development and acquisition, and systems engineering and integration to provide objective guidance and act in the public’s best interest.

Although FFRDCs operate as self-managed organizations, many large projects are government-sponsored.

The company operating these FFRDCs has extremely strict security policies and does not allow offshore access to production data. It is required to provide transparency to procurement status and vendor communications, which creates a variety of inefficiencies throughout business processes. As a result, the company’s financial department uses multiple manual business processes to support vendor procurement.

Baker Tilly’s government contracting and compliance advisory team was first engaged to implement Deltek Costpoint. As the implementation was in flight, the team identified a need for a custom cloud application that could be integrated with Deltek and utilized by internal users and vendors to improve the vendor procurement process.

Thus, Baker Tilly Digital was brought on to build a serverless P2P portal that created a user-friendly, end-to-end solution.

P2P Portal

The client uses the procure-to-pay portal solution to support vendor management, procurement requests, purchase orders, and invoicing. It provides a workflow and collaboration functionality that supports its sub-contracts team, project leaders, and vendors participating in the procurement process.

The P2P portal also provides visibility for project leaders and vendors throughout the execution of a contract while allowing the procurement team visibility and engagement at the point of request. It consists of the following four key modules.

Vendor Management

Empowering end users with tools to manage vendors was one key focus area for the company. Self-service vendor management and efficient data processing, which include request and approval workflows, allows the company to gain insights across all vendors, increasing strategic sourcing decisions.

The portal’s vendor registration process empowers vendors to sign up, update their data as needed, automate purchase orders and invoicing workflows, and comply with policies related to government contracts, such as renewals of representations and certifications. Vendor management self-service digital tools accelerated an otherwise labor-intensive process, freeing Baker Tilly Digital’s client to focus on future innovations.


The automation of workflow notifications for approvals and actions based on the procurement need provided by the P2P portal streamlines the procurement intake process.

Additionally, it maximizes efficiency, enforces policies, and provides users visibility into the status of any request, at any point in the process.

Purchase Order

The portal also transforms the purchase order request submission process. The new and improved system auto-populates sections of purchase requisition requests with data that was entered in the subcontract intake form submitted by the vendor. This saves data entry time for the user.

The portal manages approval workflow and maintains signature authority approval policies from a system perspective. For example, the system will route approvals based on dollar project, threshold entered, and assigned authority. This, in turn, organizes the workflow for the project managers.


The portal simplified invoice submissions, as the application automatically monitors purchase order funding for vendors, helping project leaders maintain project oversight. It validates vendor invoices upon submission to ensure a two-way match between the purchase order and invoice.

In addition, the application simplifies the invoice workflow and approval process by providing increased visibility into invoice status for vendors and project leaders. The new automated workflow improves vendor invoice submission and overall experience prior to payment.

The invoicing process required Baker Tilly Digital to integrate with the company’s third-party vendors—such as Salesforce—to create a complete end-to-end solution in which third parties could update their premium deposit funds (PDF) invoices easily and efficiently.

Architecture Overview

Following the diagram below, we’ll discuss some notable elements of the solution architecture.


Figure 1 – Architecture diagram.

Serverless and Stateless Architecture

Serverless architecture lends to the development of stateless microservices. Baker Tilly Digital’s integration approach with third-party APIs included the development of an AWS Lambda function to manage client HTTPS requests to SharePoint’s API, for example.

The AWS Command Line Interface (CLI) allowed the team to integrate client on-premises workday data via automation. An Amazon Simple Storage Service (Amazon S3) CLI command leverages the AWS native API to transfer the workday data CSV file from a client’s on-premises servers to AWS’s remotely hosted S3 bucket.

Once the file landed in S3, an event was triggered prompting a stateless Lambda function microservice to process the new file’s workday data. Cloud-native tools and stateless serverless architecture minimized development investment and prioritized the business value delivered to the client.

The architecture maximizes code reuse, and Baker Tilly Digital developed a dynamic permissions microservice and user management portal decoupled from the rest of the application, allowing developers to further leverage the serverless architecture hosted by Lambda.

The user management portal’s decoupled serverless architecture allowed developers to specialize and standardize the technical approach for user authentication and authorization, as well as roles and permissions for future web application development projects.


Baker Tilly Digital values a DevOps approach to infrastructure and deliver to the client an automated infrastructure and application deployment processes. Infrastructure as code (IaC) alterations happen within Agile Scrum processes consistent with the organization’s core principles, regardless of the technical challenges.

AWS CloudFormation IaC scripts enabled Baker Tilly Digital to support the demands of tenants across multiple environments within an agile software development life cycle (SDLC).


Baker Tilly Digital leveraged Amazon Cognito to amplify the development process and facilitate timely integration of the vender management feature. It allows the client to easily navigate user sign-up and authentication to Baker Tilly Digital’s web app, enabling users to authenticate through an external identity provider.

This provides temporary security credentials to access the app’s backend resources on AWS or any service behind Amazon API Gateway.

Solution Benefits

Building the portal on AWS serverless delivers a variety of benefits to the client, some of which are outlined below:

Go to Market Faster

Baker Tilly Digital developed AWS CloudFormation IaC scripts, guided by DevOps principles, to generate reusable architecture.

Additionally, the full automation of deployment strategies via CloudFormation scripts and the ability to leverage community-developed templates sped up the go-to-market (GTM) process.

Finally, Amazon Simple Queue Service (SQS) and Amazon EventBridge provided outside-the-box capabilities that allowed Baker Tilly Digital to focus on publishing innovations rather than building fundamental frameworks.

Adapt at Scale

Although the internal P2P portal presently serves a small population of users, the ability to adapt at scale will be necessary to support the anticipated utilization once vendors gain access. Because AWS Lambda functions horizontally and can scale depending on demand, Baker Tilly Digital is confident the underlying infrastructure will scale on demand.

Lower Costs

AWS allows the company to pay for only what it uses. In contrast, on-premises infrastructure costs typically require significant research and risk-averse forward planning.

Infrastructure costs depend on return on investment (ROI) forecasts that can set a company’s direction for years. This can limit the ability to stay agile in a quickly evolving market and create a scenario where the company only has one chance to “get it right.”

The pay-as-you-go approach to pricing at AWS encourages experimentation and allows organizations to “fail fast.” This results in proof of concepts with a quick turnaround, which facilitates opportunities for feedback and refinement.

Additionally, there is no need to hire specialists to help maintain purchased infrastructure. Companies can refine an approach without risking large, upfront investments. This also helps to create a culture of innovation, as the reduced cost risks allow infrastructure decisions to happen at any level of the organization.

Build Better Applications, Easier

Amazon CloudWatch is a monitoring and logging service that allows you to collect, monitor, and analyze log files from your AWS resources and applications. CloudWatch provides real-time visibility into your applications and infrastructure, making it easier to troubleshoot issues and monitor performance.

AWS X-Ray is a tracing service that helps developers analyze and debug distributed applications, such as those built using microservices. X-Ray allows you to trace requests as they flow through your application and provides detailed information about the different components and services the request touches.

Together, Amazon CloudWatch and AWS X-Ray provide insights into the performance and behavior of your applications through:

  • Log analysis: CloudWatch provides a centralized location to analyze logs in real-time, troubleshoot issues, and perform forensic analysis to identify patterns and trends that can help you optimize your applications.
  • Metrics and alerts: CloudWatch also allows you to create custom metrics and alarms based on log data. This can help you monitor critical performance indicators and alert you when issues require attention.
  • Distributed tracing: AWS X-Ray allows you to trace requests as they flow through your application to identify bottlenecks and other issues that are impacting the performance of your application.
  • Performance optimization: By using AWS X-Ray to trace requests, you can identify areas of your application that are causing performance issues. X-Ray gives insights into how you can optimize your application to improve its performance.

Additionally, AWS Lambda’s function version control and automated deployment processes via continuous deployment and cloud formation scripts make it possible to conduct various production deployment procedures, allowing Baker Tilly Digital to test the capabilities.

The application programming interface (API) integration endpoints developed for this solution are supported by Amazon SQS. This allows Baker Tilly Digital to quickly deploy an architecture that enables their APIs to remain decoupled, highlighting robust and available benefits.

Improve Security

The client had several security needs, including compliance auditing, security analysis, change management, and operational troubleshooting. The security posture also required regulatory compliance, including Cyber Maturity Model Certification (CMMC) and general Department of Defense (DoD) Cloud Computing Security.

The move to AWS enabled access to technology such as the AWS GovCloud Regions, AWS Config, AWS Well-Architected Tool, and the AWS Shared Responsibility Model.

Hosting the P2P application in AWS GovCloud (US) secures servers from foreign adversaries by ensuring that hosted servers are operated by U.S. employees on U.S. soil and are only accessible to U.S. entities.

Additionally, AWS Config helps raise awareness and ensure the architecture meets Cybersecurity Maturity Model Certification (CMMS) Level 3 by flagging settings that fall outside AWS Config CMMC Level 3 performance package tests.

AWS WAF is a web application firewall whose configurations protect against bots and common network threats and allow users to create security rules and block common attacks.

Finally, AWS CloudFormation uses infrastructure as code to increase the speed of cloud provisioning for improved infrastructure management.


In this post, you learned how Baker Tilly Digital identified a need for a custom cloud application to help improve a government contractor’s vendor procurement process.

The serverless procure-to-pay (P2P) portal was created as a user-friendly, end-to-end solution to support vendor management, procurement requests, purchase orders, and invoicing. As a result of implementing the P2P portal, the company improved scaling capabilities, lowered costs, built better applications, and continues to support its increasing security needs.

Thanks to its adoption of AWS architecture, the company is better positioned to provide cloud-based solutions that meet the digital needs of its customers while allowing the flexibility to keep pace with demand and rapidly respond to changes.

To explore how your organization can improve its products and better serve customers by enhancing its cloud transformation capabilities, contact Baker Tilly Digital. You can also learn more about Baker Tilly Digital in AWS Marketplace.


Baker Tilly Digital – AWS Partner Spotlight

Baker Tilly Digital is an AWS Partner that focuses on combining digital strategies, innovative thinking, and technology to help you unlock the true potential of your organization.

Contact Baker Tilly Digital | Partner Overview | AWS Marketplace