By: Patrick Taylor
The use of corporate credit cards is on the rise, for everything from office supplies to temporary employment services to fuel, telecommunications and travel expenses. According to the Global Business Travel Association, business travel expenses are expected to rise 7.2 percent in 2014, to over $288.8 billion.1 Corporate cards help corral this spending for corporate procurement, T&E and accounts payable departments while delivering tremendous economic benefit to companies in terms of expanded buying power and ease of use—not to mention card-issuer incentives.
But along with this distributed buying power come challenges, such as ensuring adherence to expense policies, as well as detecting misuse and fraud. In a survey by Coupa.com,2 66 percent of employees admit to making “risky purchases,” including:
♦ Overly expensive dinners
♦ Office supplies for home use
♦ Smartphone/technology purchases
♦ Out-of-policy airline upgrades
Even more shocking are the 33 percent of survey respondents who admitted to blatantly defrauding their company:
♦ 16 percent inflated the cost of an out-of-pocket cab expense,
♦ 14 percent expensed personal items as business,
♦ 13 percent secretly accepted a refund for an already expensed item and
♦ 7 percent created a fake expense that never happened.
Corporate card violations are usually indicative of violations elsewhere, and cash reimbursements, as in the case of travel and entertainment (T&E) expenses, especially leave the door wide open for abuse. As a result, many companies are beginning to employ continuous monitoring or continuous fraud analytics as a method for overcoming these challenges so that they can safely expand the use of corporate cards to maximize program value.
Even with ongoing continuous transaction monitoring, Oversight has found that with high-volume corporate card programs, eliminating fraud and policy violations relies on two secret ingredients: a cross-system view of enterprise data and the ability to automatically analyze 100 percent of transactions to identify out-of-compliance behavior.
#1- Create a Cross-System View
By “cross system view,” we mean implementing a process to evaluate the data from all platforms used to manage expenses. In the case of T&E expenses, this means cross reviewing the transactional data available from the card provider, data from the expense management system, if one is in use, and data on the card user.
For instance, the cross-system view will flag as suspicious a “spending spree” that takes place on the last effective date of employment of a terminated employee. While the actual charges to the card are, on their own, perfectly legitimate from the card-provider perspective, the broader circumstances of the card use is suspect in terms of its inherent business value to the corporation and may actually constitute a clear violation of company expense policy.
Example #1: An employee purchases items from a grocery store, office supply chain and jewelry store on their last day in the office. An office administrator may be in charge of buying company groceries and office supplies and may wish to do one last trip before his or her departure. A sales representative hitting up those stores on their last day in the office? This would likely be fraud.
Example #2– An employee uses a credit card to buy an expensive dinner for a potential client. Then they use the itemized receipt to submit an expense report for the dinner as an “out of pocket” expense. A cross-system review will reveal such duplicate expenses. Then, the T&E department can follow up and differentiate between honest mistakes and fraud attempts at their own discretion.
Corporate credit cards used for procurement offer significant economic advantages to the company as well. Procurement cards can leverage volume discounts, distribute and process purchase approvals and streamline operations. Yet procurement cards have the same issues as travel cards in terms of fraud and analytics, requiring card transactional data to be cross-reviewed with accounts payable (AP) data, as well as HR records. As with the previous examples, HR data will reveal procurements by employees while on suspension or transactions out of their purchase authority. AP data will flag purchases charged to the card for which there is also an invoice from the vendor, representing a duplicate purchase or resulting in duplicate payment for a single purchase.
A cross-system view of non card-specific enterprise data provides a more robust depiction of corporate spending; it creates a comprehensive view of corporate card usage, spending patterns and the behaviors of employees.
#2- Consistent Analysis of Card Transactions
The second element to successfully eliminating fraud and misuse in corporate card programs is the ability to analyze every single corporate card transaction. In a low-volume environment, it may possible to make a financial case for manual oversight. But as these programs scale — as they must to deliver maximum value to the corporation—such manual analysis becomes impractical or impossible.
Some program managers institute a “sampling”-based approach to auditing corporate card transactions. They may set up schemes such as auditing:
♦ a set or percentage of transactions or card holders each month,
♦ a specific card holder X times each year,
♦ new card holders for the first few months or
♦ arbitrary groups of card holders’ transactions on a rotating basis.
These organizations typically audit 25 to 35 percent of their total card transactions, but often there is no urgency in determining the potential economic impact of leaving the remainder unchecked. Because the typical violation includes a pattern of repeated activity, the danger inherent in this kind of “control” environment should be obvious.
These two secrets can be leveraged in conjunction with a transaction monitoring technology to detect fraud, reduce waste and impact the bottom line in their own organizations. With a technology solution, companies can ensure they are monitoring all corporate card expenditures while viewing spending and behavior across the entire organization. They can do all of this through technology, with less money and manpower than manual audit and oversight alone.
Resources
1 http://www.nbcnews.com/business/travel/business-travel-spending-expected-rise-2014-f8C11522438
Patrick Taylor, CEO of Oversight Systems, is an authority in the convergence of business analytics, information security and the implementation of technology to boost organizational performance. Patrick recognized that most IT-security and financial-system controls focus on user access and role management, but don’t address how to convert ERP, CRM and other financial transaction resources into plain-language, actionable insights. After speaking with executives from across the country, Patrick launched Oversight Systems to pioneer the concepts and technology for continuous transaction analytics.
As a thought leader in predictive business analytics, Patrick has spoken at a wide variety of conferences. He has held leading positions at Internet Security Systems (ISS) and Symantec as well as ORACLE, Red Brick Systems, GO, Air2Web and Fast-Talk. Patrick has a bachelor of mechanical engineering degree with honors from the Georgia Institute of Technology and an MBA from the Harvard Graduate School of Business Administration.
Published by Conselium Executive Search, the global leader in compliance search.
