No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights

6 Vulnerabilities in Travel Expense Management

by Nathanael L'Heureux
October 3, 2016
in Uncategorized
Tips to reduce waste and fraud in travel and expense management

Monitoring and analyzing the travel and expense transactions across enterprise organizations isn’t easy. However, while working for a company that examines trillions of dollars of expense transactions, trends start to emerge, as well as a few recurring vulnerabilities. By addressing the vulnerabilities and implementing the right strategy—combined with technology—enterprise organizations can easily save between two and five percent of their travel budget due to unintentional waste and premeditated abuse, including outright fraud.

Vulnerabilities to Consider

While the following list isn’t exhaustive, it does include some of the most common vulnerabilities, many that if monitored and changed can deliver greater cost savings while decreasing the amount of waste and fraud:

  1. Effectiveness of manager approval – Once an employee submits an expense report in most expense management systems, their manager will receive an email notification that they can quickly process with a single click. In a hectic and time-constrained business environment, it is often easier to take the path of least resistance and click “Approve” rather than take the time to look at the details of a report. But even for the most careful managers, it is not possible for a person to remember everything that has been submitted in the past to detect risky behavioral trends.  Most recognize that manager approval is a very ineffective control.
  2. Risks when reviewing and auditing samples – Traditional audit techniques focus on reviewing a sample of expense reports. This sample can be random or based on some high-level rules. Typically, companies are looking at 10 to 20 percent of their expense reports. The purpose of sampling in auditing is to generalize a conclusion about a total population of transactions based on the review of a sample. In travel and expense reimbursement, the goal is to find problems in transactions, not create a generalized conclusion. It’s hard to detect problems using a sample-based approach unless you get lucky and your sample stumbles upon suspicious activity. The odds are 80 to 90 percent you won’t.
  3. Risks of reviewing expense reports at a single point in time – When reviewing expense report transactions at a single point in time, you don’t have much context or visibility into an employee’s behavior, and as a result, you’re unable to effectively address the root cause of many violations. You also don’t know what’s normal for this employee or other employees in your organization when it comes to a single instance of unusual spending. In addition, you may not be able to easily access all the previous issues with an employee.
  4. Reviewing is labor-intensive – When your review process is based on manually looking at expense reports, it tends to be very labor-intensive, and there’s a good chance you’ll fall victim to the positive confirmation bias—meaning when you’re used to looking at things that seem okay most of the time, it gets harder to spot anomalies and you can easily miss glaring issues. When 98 percent of tens of thousands of transactions are okay, it’s hard to find the needle in the haystack.
  5. Spending more time on finding than fixing – Whether you manually review transactions or even have a semi-automated analysis process, I’ve found that most organizations spend quite a bit more time on finding problems than on resolving them—often times at a ratio of 90/10.
  6. Lack of process around problem resolution – Because of a focus on finding versus fixing, it’s common to see an absence of a consistent workflow process and resolution infrastructure.

As mentioned above, two to five percent of travel budgets are consumed by waste and abuse. What are some of the things that can help address these vulnerabilities? First and foremost, the most overarching goal for companies is to create a culture of T&E compliance where their employees understand the T&E policies and know that they will be reminded when they inadvertently deviate from them. Based on experience, the following are best practice components of a solution that helps to achieve this goal.

Addressing Vulnerabilities in Travel Expense Management

Automation – Analytical monitoring software should be used to automatically and comprehensively evaluate all expense transactions. The system should automatically assign a priority for each potential irregularity so that analysts can work on the most significant problems first. Automation should be used to take over labor-intensive detection tasks so that analysts can spend more time researching and resolving problems versus finding them.

Process Optimization – Some process-level optimizations to travel and expense management can be made after automated analytical monitoring software is put in place.  For instance, rather than having managers review all expense reports, they can focus on high-dollar or high-risk categories to approve.  This saves time, and automated monitoring provides a much stronger control.  Audit rules within expense management systems can be simplified to identify only the black-and-white issues, which simplifies maintenance of these rules and also streamlines the submission process.  The automated monitoring handles the “gray” areas more effectively since there is behavioral context and deep analytics to again provide a stronger control.

Look Beyond Single Expense Reports – It’s hard to draw conclusions about an employee’s spending behavior and knowledge of expense policies if you only look at one expense report at a time. You can gain a better understanding if you look at past spending to determine if the current problem is a one-off by a good employee or part of a larger pattern of willful abuse. Trend and pattern detection can only be understood by looking at expense reports over a time horizon.

Cross-Employee Analysis – In order to understand the patterns of behavior, it’s important to benchmark each employee against all other employees over an extended time horizon.

Employee Communication – It is very important to proactively communicate with employees and their managers using email regarding potential T&E problems and their subsequent resolution. It’s also important that all analysts use a set of email templates to communicate a consistent message to all employees. All email communication should be stored in a centralized system rather than on each analyst’s PC.

Resolution Workflow – A research and resolution workflow should be used consistently by all analysts. This should include the assignment of stages such as “problem detected,” “under review,” “email sent,” “email received,” “resolved” with a finding and “resolved” with a dismissal. Resolution codes that identify the specific issues identified would be assigned so that root cause analysis can be determined and T&E policy adjustments made or employee training initiated.

Expense Report Data Mine – An automated transaction monitoring system that has the ability to store all current, as well as previous expense transactions, is an important requirement. The data mine will enable the comprehensive expense transaction analysis and case management functions described here.

Comprehensive Centralized System – Traditional methods of expense management error detection and resolution are typically fragmented among separate systems including email and employee hard drives. Using a comprehensive, centralized system enables automation, multidimensional analysis, employee communications, workflow, file attachments, audit trails and records of all activity taken to research and resolve problems.


Tags: HIPAA
Previous Post

New York DFS Announces New Proposed Cybersecurity Regulations

Next Post

Has Integrity Become a Commodity?

Nathanael L'Heureux

Nathanael L'Heureux

oct-3-nathanael-lheureux-headshotNathanael L’Heureux is VP of Product Management at Oversight Systems. With over 25 years of software engineering management, system architecture and development experience, Mr. L’Heureux blends his management experience and technical knowledge to serve the needs and bridge the communication gap between technical and business leaders from senior management to technical and business analysts. Mr. L’Heureux also has brought thought leadership and innovation to new product design and delivery.  He has been with Oversight Systems since 2006 and previously served as the company’s Director of Solution Development and Professional Services.  Prior to joining Oversight, he served as the Senior Director of Product Development at Interactive Information Services, which was ultimately purchased by Equifax. Mr. L’Heureux holds a Bachelor of Science degree in Electrical Engineering and Computer Science from U.C. Berkeley and an M.A. in Theology from Fuller Seminary.

Related Posts

people waiting in covid line

Did Covid Lead to a Lower HIPAA Fine?

by Rodney King
August 17, 2022

Eye-popping fines over violations of the right of access portion of the federal HIPAA healthcare law aren’t exactly common, and...

medical records hipaa

Survey: Majority Admit Missing Key Piece of HIPAA Compliance

by Corporate Compliance Insights
June 8, 2022

Organizations admit failing to prioritize annual security risk analysis, according to small survey

A masked professional holds up their covid-19 vaccination card.

‘My Employer Can’t Ask for Proof of Vaccination’ and Other Myths Regarding COVID-19 and HIPAA

by K Royal
September 7, 2021

When it comes to COVID-19 and HIPAA, many misunderstand the law’s scope and purview, especially in a professional setting. Privacy...

illustration of cybersecurity concept

VigiTrust Launches VigiOne Cybersecurity Compliance Platform for Managed Security Service Providers

by Corporate Compliance Insights
August 17, 2021

Easy-To-Use, Cost-Effective Solution Enables MSSPs to Keep Pace with Changing Regulations, Scale Effectively and Ensure Ongoing Compliance New York, NY...

Next Post
Risky behavior and the cost of integrity

Has Integrity Become a Commodity?

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT