2013-09-01
Travel and entertainment expense reporting is replete with challenges. Here are some tips to help manage the risks before breaches become damaging – by ACL’s Chris Stewart-Smith
Corporate executives need to be keenly aware of the importance of travel and entertainment expenses, particularly within the financial services industry, which requires at least some level of spending in order to generate new business leads. Taking a prospective client to a golf outing or hosting a dinner isn’t out of the ordinary. In fact, these costs are often crucial to signing new business. But what happens in Vegas, from a T&E perspective, doesn’t stay there. It follows you home.
Although savvy execs might have an eye on the bottom line, the question must be raised: are all of the organization’s internal departments effectively monitoring every expense, and would they catch something that may on the surface appear to be valid, but in reality is an error, or even worse, fraud?
Take the example of the employee who worked for a business with an extensive P-Card (purchasing card) program. This individual had an interesting side hobby raising livestock. One weekend, while attending a cattle auction, he ended up winning a bid, but only had his corporate credit card in his wallet at the time. Until this was flagged, the cow was listed as a valid business expense. Yes, this is a true story.
Although it’s a great cocktail party narrative that is certain to garner chuckles, these types of errors and fraudulent acts are unfortunately a reality. If left unchecked, they can add up quickly.
Even if an organization has established policies, along with a clearly defined document that everyone must sign off on when the actual transactions come through, it’s extremely difficult to match the expenses with the descriptions (cash transactions vs. corporate credit card purchases vs. out of pocket expenses, etc.), which are usually vague and don’t always map directly to the policy.
In the financial services industry and others in which travel is a crucial aspect of employees’ jobs, this immediately rises to the top as an area of risk for the organization.
In addition, because this facet of the business is highly subject to manual controls, it speaks volumes about corporate behavior, employee values, and overall culture. If there is a high level of non-compliance in T&E as witnessed in some transactions, what does this say about the culture that executives have cultivated?
Overall, T&E is enormously meaningful in many ways. So how can executives make sure that risk, compliance, and audit departments are mitigating risk? Automating the process helps along with leveraging technology and having a record of evidence so that organizations can identify control breaches before problems escalate and become material.
If an organization has numerous departments that submit expense reports for travel, dinners, hotel stays, and so on, the task of implementing a solution to automatically monitor for red flags can seem daunting. Although it might be even more intimidating to take a look at senior management’s purchases for fear of bringing an executive’s practices to light, establishing the tone from the top is the most effective way to let everyone know that all T&E expense claims are monitored, even when it comes to the c-suite. This approach serves as a deterrent for non-compliant behaviour.
And once a data analytics program is implemented within one unit of business, such as T&E, and applied to one department, such as senior management, it’s relatively easy to branch out into other areas and groups.
One error that often occurs is when employees are submitting the same expense on both the corporate card as well as their personal card at the same time. Another example would be two employees who have attended the same event or dinner and both accidentally submitted a claim. Monitoring this closely would show that the employees spent money at basically the same restaurant during the exact same time frame.
Although the notion of a fraudulent employee is cringe-inducing for executives within any industry sector, businesses that encourage employees to entertain existing and prospective clients are especially prone to fraud within the T&E expense department. This characteristic, common among the financial services industry, creates an even greater need for continuous monitoring technology.
Airfare, hotel, and ground transportation are all areas that must be looked at closely. The airfare booking class is a great place to start as every organization has its own internal controls around whether or not employees are permitted to book a business class flight. Simply checking to make sure that the classes are appropriate is a measure that will reveal potential abuse. Another issue to monitor for is people who are constantly making late bookings, which tend to be significantly more expensive.
Other issues within the theme of airfare include repeat destinations and one day trips, which could point to an employee commuting by air as opposed to taking a flight and staying for more than a day at a time. It’s also necessary to check airfare expenses that are less than a certain amount, which could identify instances where an employee is charging up additional fees, such as excess baggage, premium seats, etc. These fees can add up to enormous, unnecessary costs.
With regard to car rentals, mileage, and gas expenses, people can be foolish, be it accidental or fraudulent. For instance, if an employee is claiming mileage for a two hundred mile trip at X number of cents per mile, but is also claiming on the expense report that he or she has a car rental that includes gas expenditures, you have someone who is attempting to take advantage of the system.
Similarly, hotel stays can be categorized and analyzed by city. Expense amounts should be reviewed by location as part of a standard analytic in order to recognize whether or not the claim makes sense within the context of the location. For example, if an employee is staying in Manhattan, the cost is going to be higher than if he or she were staying in Jacksonville, Florida. With the right tools, an organization forces people to be far more specific in terms of individual behavior, benchmarking against not only the city itself, but some of the employee’s colleagues who also frequent the same city.
An area that has become especially significant in recent years is regulatory compliance with the Foreign Corrupt Practices Act (FCPA). The U.S. government has increased scrutiny of corporate practices abroad and management must be made aware of any potential suspicious activities that indicate possible violations at an early stage so that a direct focus can be placed on high-risk targets for regulatory enforcement.
One violation, no matter how minor it may seem, can carry significant fines and damage an organization’s reputation. The Securities and Exchange Commission is now settling with companies that self-report violations in a timely fashion under non-prosecution agreements, which creates even more incentive for senior management to ensure that all T&E expenses are valid and spent within regulatory guidelines.
The cost of lost revenues or regulatory enforcement penalties is too steep for executives to ignore or leave to manual processes, as human error can impart significant risk to the business. Uncovering potential problems certainly takes a strong ethical mind and a bit of spine, but when the data is speaking for someone, their argument becomes irrefutable.
(Source: ACL Blog)
