By: Christian Spencer, CPA
Although fraud will never be able to be 100% eliminated at an organization, understanding why fraud is committed and adopting preventative and detective measures to mitigate fraud is key to safeguarding an organization’s most vulnerable asset: cash. One of the key transaction cycles that continues to be susceptible to fraud is an organization’s corporate credit card program. In order to properly address the relevant risks, one must first become familiar with the three conditions that if concurrently present, can result in a perfect storm for the perpetration of a fraud.
Pressure - With nationwide unemployment still hovering above 8%, homeowners underwater on their mortgages, and banks tightening their loan approval processes, many individuals are finding it difficult to maintain the lifestyle they did prior to the financial crisis of 2008. All of these pressures result in an environment where the chance of fraud is inherently higher. Recognizing the financial and social pressures ever present in today’s environment is essential for those individuals charged with establishing and enforcing an effective internal control system.
Rationalization - Depending on the industry served, many organizations are seeing declines in memberships and event attendance. This reduction in revenue often times equates to the elimination of positions and/or a corresponding reduction in salaries. Employees may be performing more tasks for less pay than they did several years ago; leading to a feeling of being undercompensated. This train of events creates the rationale for the employee to commit even the smallest fraud, which may include charging a systematic amount of small monthly expenses on the corporate credit card. The employee feels justified that, based on the circumstances at their employer, they are entitled to more than they are being provided.
Opportunity - Reductions in the workforce can also lead to incompatible functions being performed in the internal control system. Organizations that had the resources to more closely vet expenditures may be operating under circumstances where expenditures are not reviewed as closely as they had been in the past. This reduction in staff coupled with fewer individuals monitoring the internal controls at an organization can result in the opportunity for fraud to be committed.
Recognizing that the above circumstances can result in a higher chance for fraud at your organization, the question next becomes, what can be done to help mitigate the chance of fraud occurring and help increase the likelihood of early detection? Below are some items to consider as you reevaluate your current credit card program:
1. In addition to recognizing the above three criteria are present when a fraud has occurred, clearly establishing and enforcing a strong control environment with respect to credit cards is an essential element of prevention. Policies that clearly outline the appropriate uses of the card, timely coding of expenses, and criteria for receipt submittal should be communicated and reinforced to all staff. In addition, these policies need to be equally enforced across all card users, regardless of the level of the user in the hierarchy of the organization. Permitting top level employees to bypass the policies because of their level in the organization creates a poor tone at the top and results in an environment where others may begin to follow suit.
2. Credit card expenditures for the CEO should be reviewed by a member of the Board of Directors. The CEO reports to the Board of Directors of the organization—not the CFO. The organization’s staff can serve to review and question proper coding of the expenditures, but it would be more appropriate for the governing body responsible for hiring the CEO to review the expenditures and question, if necessary, the nature of the business purpose of a particular expense. Having the CFO question the CEO’s expenses can create an uncomfortable situation for everyone involved.
3. Limit the number of credit card holders and establish card limits. Mathematically, the fewer number of cardholders at an organization, the less chance for fraud. Although this will differ by organization, take the time to evaluate the number of individuals that need a corporate credit card in order to effectively and efficiently execute their job responsibilities. Perhaps those individuals traveling once or twice a year do not need a credit card, whereas individuals traveling on a monthly or more basis do. Those individuals not having a corporate credit card would submit business expenses along with itemized receipts under the organization’s expense reimbursement policy.
4. Ensure that those responsible for reviewing credit card expenditures are thorough, detailed and have a questioning mindset. Reviewers should be comfortable and willing to enforce the internal control policy regarding receipts and coding of expenditures. If the explanation for an incurred charge is not satisfactory, there should be a protocol as to how this is addressed within the organization.
5. Timely circulation, approval and coding of a consolidated credit card statement is essential to properly posting expenditures in the accounting system and ensuring that late charges are not incurred as a result of late payment.
6. Consider having all card users sign an agreement acknowledging their understanding and commitment to abide by the internal control policies and procedures related to the corporate credit card program. In addition, this statement should indicate the employee recognizes that abuse of the credit card program for personal use could result in termination. This serves to further enhance the control environment at the organization.
Christian Spencer is a senior manager in Tate & Tryon’s audit and assurance services practice and can be reached at cspencer@tatetryon.com.
