According to the Association of Certified Fraud Examiners, fraudulent use of purchase cards, or p-cards, is one of the most commonly occurring types of employee fraud, and a 2013 survey of 2,200 audit, risk management and compliance professionals reveals that risk related to internal fraud and abuse is an area of highest concern.
On the positive end of the spectrum, p-cards can help employers increase efficiency by automating supplier and vendor payments, eliminating unnecessary paperwork and trimming costs tied to administrative efforts. On the other hand, regardless of the size of an organization, whether p-card access is provided to 50 or 5,000 employees, the risk for misuse is high.
Employees can be tempted to abuse p-card program controls and in extreme cases, commit sophisticated, high-level fraud.
If any risk exists for this type of activity to become widespread within an organization, not only can the total monetary losses become considerable, but a culture that promotes fraudulent behavior can also become prevalent.
It’s critical that the risk management, compliance and audit departments have this threat on their radar. But it’s also important for the executives and senior-level management of an organization to have a sense of where the areas of risk are and how to identify red flags before they become material problems.
Monitoring for suspicious activity within a p-card program can be extremely labor intensive if performed manually, generating high costs and low productivity. In order to ensure that issues are identified immediately, it’s advantageous for a company to employ a continuous monitoring system that uses data analytics. In addition, if management sets the tone at the top by letting everyone know that they are keeping a close eye on p-card use, an ethical culture will emerge and employees will be less likely to engage in troublesome behavior.
Data analytics deliver a powerful method for minimizing an organization’s risk exposure and validating internal controls. Analytics support business assurance by providing:
- Independent control testing
- 100 percent data review with cross-platform analysis
- Prompt notification of key exceptions
- Predefined and tailored analysis of pain points
When it comes to p-card programs, analytics are typically designed to cover each of the four major components of the p-card process:
- Managing cards
- Managing merchants
- Managing transactions
- Conducting review and analysis
Effective analytics might test for invalid employees and duplicate purchase cards using name and address matches, for example. Other key analyses include validating card limit changes, pinpointing blocked merchant categories and key words (such as alcohol, clothing and casinos), and looking for unusual behavior patterns (such as using cards during weekends and holidays for employees not known to travel). The opportunities are endless, but first, let’s look at data analytics in action.
Streamlined efforts produce big results
Global security and technology firm Lockheed Martin offers a nice example of how to develop a coordinated p-card monitoring process. The company created a Commercial Card Operations division to maximize its commercial card value proposition and minimize risk. The p-card program covers:
- 90,000 cardholders across multiple continents
- 2.5 million transactions per year
- Four primary cards – travel, meeting, fleet and purchasing
The Commercial Card Operations division implemented data analytics to create an early warning system that flags suspicious transactions on a near real-time basis. When unusual transactions occur, cardholders receive a message requesting additional details on a fixed timeline. The program quickly made a powerful impression on cardholders. As auditors know firsthand, people are far more likely to follow the rules when they know someone is watching.
Start small and keep sharpening your analytics
Automating p-card control validations is clearly an effective audit strategy, but a well-designed monitoring program driven by analytic technology can provide significant value when applied to business processes across the organization. Analytics can find money, increase efficiency, reduce risk, and identify problems before they snowball into crises. They also provide evidence and support for internal and external audits.
If you’re eyeing your p-card program and looking for a concrete plan, the key is to start with simple tests that you can continue optimizing for long-term value. Identify just a handful of areas and launch simple, specific analytics based on pain points, risk areas, and top opportunities for improving processes.
Next, be sure to leverage other people’s expertise to get your plan up and running. There are terrific industry associations – such as the NAPCP – and user groups out there that can offer a helping hand.
Finally, it’s critical to benchmark your work against past experiences. Look at the time it takes to audit transactions, the number and quality of issues you identify and the risks mitigated. Detailed anecdotes will also make it easier to get buy-in from senior management.
Analytics aside, one reliable way to reduce leakage though p-cards is to “leak” the fact that a comprehensive program for p-cards is about to begin: this notion on its own has reduced fraud and “discrepancies” in many companies.