IRMI Online Talk With Us
Home Articles Expert Commentary Risk Management for Company-Paid Purchase Cards
Corporate Fraud Prevention

Risk Management for Company-Paid Purchase Cards

Scott Langlinais | June 1, 2008

On This Page
Business credit card

Several of my clients have recently shifted to the company-paid purchase card (P-card) to attempt to improve controls over spending. I tell them to beware.

The Government Accountability Office (GAO), which for years has used data analysis software to search for and identify inappropriate and unauthorized transactions on its government purchase cards, reported the following transactions in its most recent audit of card purchases by government employees.

During a six-year period, [a Forest Service] cardholder fraudulently wrote approximately 180 [convenience] checks to an individual with whom the cardholder lived and shared a bank account…. The cardholder was sentenced in November 2007 to 21 months imprisonment followed by 36 months of supervised release and was required to pay over $642,000 in restitution.

[A Navy] cardholder purchased 19 pilferable items, including 2 LCD monitors, 5 iPods, a laser jet printer, a PDA, and other computer accessories, 18 of which are now lost and presumed stolen.

Over a 15-month period, a postmaster used the government purchase card to subscribe to two Internet dating services. 1

The report lists numerous examples of fraudulent, unauthorized, and abusive purchases. It concludes more than 48 percent of purchases over $2,500 between July 1, 2005, and June 30, 2006, failed to meet the standard of proper authorization, independent receipt and acceptance, or both.

Another GAO report details this:

An Air Force cardholder used the purchase card to prepare a shoulder mount of a mule deer head. The deer was a "road kill" that was found on the roadside by an approving official who approved the purchase of taxidermy services. The deer head was hung on the wall in the Natural Resources Office. The cardholder, approving official, and two other employees occupy the office where the deer head currently hangs. 2

The Perceived Benefits of P-cards

Chief financial officers and controllers claim that with P-cards, their company is able to systematically block certain classes of vendors, such as retail stores and gambling sites, to prevent employees from buying suits at Macy's or establishing accounts at Poker.net. A P-card also allows spending ceilings, so if an employee does make inappropriate purchases, the system caps the damage.

Most alluring to CFOs and controllers is the cash back: banks administering P-cards often provide refunds up to one percent of the company's purchases. If your company spends $60 million a year in common purchases and travel, then it can receive a $600,000 refund at year end. Some executives believe such a refund can offset the exposure inherent in the new process.

But one or two employees can devour this amount. Consider the credit card problems at the Dallas Independent School District. Over a 2-year period, one administrative assistant spent $383,788 on her card but had no receipts to support her purchases. She supposedly bought supplies for several departments, "but her favorite places were the grocery store and Base Exchange on Carswell Air Force Base in Fort Worth, where she spent $101,500 over an 18-month period. She made 170 purchases between January 2004 and July 2005, almost all of them on weekends." 3

When considering P-card process implementation, CFOs and controllers also cite the lure of streamlining controls, meaning it is much easier in theory to allow a system to administer controls instead of forcing employees through inefficient procedures of submitting purchase requests and then waiting for purchase order approvals. But that is the point of controls—they are inefficient and for good reason. By forcing reviews and approvals, the opportunity to perpetrate fraud is reduced, and that is what we seek, at least up to the point where the cost exceeds the benefit. Unfortunately, with the reduction in monitoring of employee expenditures, the opportunity is increased for employees to perpetrate fraud.

Implement Checks and Monitor

As with any other process, in order for your company to prevent fraud in P-cards, your managers must first consider the risks (several are listed throughout this article). Second, they must consider the symptoms of these frauds. Finally, they must build processes to detect those symptoms and follow up on all symptoms observed.

A defined selection process on the front end helps reduce the opportunity for employees to perpetrate fraud. Realize not everyone deserves a P-card. If you provide cards to people with credit problems and financial trouble, then your employee's personal irresponsibility aggravates the risk of loss. Establish parameters for recipients of cards based on credit scores. Everyone else needs to go through traditional purchasing requirements (purchase requisition/purchase order).

Also realize systematic vendor blocks and credit limits are not enough to prevent employees from purchasing goods and services from unapproved vendors. Certain vendors, such as gambling sites based in the Caribbean, have learned how to circumvent vendor blocks, and credit limits are not enough for employees savvy enough to pay their credit card balance down more than once per month.

Your company must have a process to monitor spending, and this is best done with data analysis software such as IdeaTM. With such software, an employee can be assigned to monitor and test the "top 10s": the top 10 spenders every month by dollar amount and by number of transactions; the top 10 vendors processing charges on the card; and the top 10 highest increases in total spending from the previous quarter.

The types of behavior to monitor are limited only to the creativity of the employees doing the monitoring. Managers understand what normal credit card activity should look like in their areas, so preventing fraud on the P-card becomes an exercise in seeking deviations from standard behavior. Most companies with P-card programs simply fail to assign an employee or department to regularly review and monitor P-card transactions, assuming that manager approvals will suffice.

Regular and assertive monitoring of P-card transactions is essential if you want to prevent your employees from using company money to mount road-kill deer heads.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

Footnotes

1 United States General Accounting Office, Governmentwide Purchase Cards: Actions Needed to Strengthen Internal Controls, to Reduce Fraudulent, Improper, and Abusive Purchases, Report GAO-08-333 (March 2008).
2 United States General Accounting Office, Data Mining: Results and Challenges for Government Program Audits and Investigations, Report GAO-03-591T (March 2003).
3 Kent Fischer, "Secretary charges $383,788, has no receipts: Ex-boss says she was trustworthy, shopped for eight departments," Dallas Morning News, July 2, 2006 (accessed June 25, 2008).
IRMI Online