Developing an Effective Audit and Control Structure for the Travel Expense Process

Centralizing travel expense report processing as part of Shared Services requires a more sophisticated approach, with travelers and reviewing managers located hundreds, if not thousands, of miles away from the processing center.  Yes, placing responsibility and accountability with the department manager responsible for the expense is necessary, but that does not fully excuse Shared Services from fiduciary responsibilities to ensure adequate business controls ^[1] are in place. 

A Peercast^TM in Peeriosity’s Corporate Card research area ^[2] featured a large global consumer products & services company, discussing their approach to audit and control for the Travel Expense process.  The basic profile of their environment includes AMEX as the card provider, Concur for expense reporting, SAP for their ERP, and over 8,000 cards in use for their North America operations.  The company leverages a global structure that includes both regional and country-specific travel and entertainment policies.

The feature company created a four-part approach to audit and control, using: 1) Internal company resources from the Card Administrator Team, 2) AMEX, 3) Concur Audit, and 4) a purchased solution called Oversight Insights on Demand for T&E.

The Card Administrator Team audit review includes monitoring for unassigned transactions for possible policy violations and the use of blocked MCC Codes.

The Concur system is configured to identify possible problem transactions before the report is submitted, with soft warnings and hard warnings that must be corrected before submission.  The system also generates email reminders about unassigned transactions and personal expenses.  For the Concur audit, rules are in place to pull items for review based on specific criteria that can include:

1. A duplicate transaction
2. Large entertainment amounts
3. High mileage or use of a personal car
4. Miscellaneous codes or other non-travel codes
5. All members of a senior leadership team
6. A random percentage of other reports (for example, 1% of all reports are selected for audit)

The Oversight tool takes a data feed from Concur and analyzes all expense reports and card transactions and then highlights the highest risk travelers, merchants, and merchant categories.  The tool provides visibility to root causes to identify training needs, create policy awareness, and flag potential abuse.  The audit is performed with very little effort, requiring about one day a week for one person to complete.  The tool uses sophisticated logic to look at relationships in the data and provides a list of indicators for what is considered a suspicious transaction.  For example, for a transaction by an employee shopping at “Wolf Camera”, the following indicators were reported:

1. Transaction in a high-risk merchant category:  Camera and Photographic Supply
2. Transaction made on a weekend
3. Moderate risk because MCC is moderately used
4. Expense type rarely used for MCC

Supporting iPolling^TM questions evaluated how member companies approach the auditing of expense reports.  For 26% of the companies, a “high control environment” is in place to ensure policy compliance ^[3] and fraud mitigation.  For 65% of the companies, there is a “reasonable balance between controls and resource requirements to conduct audits”.   Obviously, with thousands of reports, the best way to reduce the cost of compliance is to increase the sophistication of the tools used to flag possible exceptions.  Here are the details:

The second iPolling^TM question asked about the status of using a formal process for collecting and analyzing data coming out of the audit process for the purpose of improving the overall process.  72% of member companies have implemented this idea, with 23% currently evaluating the opportunity.

While some level of misuse is more likely than intentional fraud ^[4], both are costly.  The good news is that processes and tools are available to significantly mitigate and, in many instances, eliminate the risk.

Here are several of the comments added by iPolling^TM participants:

• We use data analysis to help determine high-risk transactions. We are currently increasing our percentage of T&E transactions audited to cover a broader base.

• Our audit volume and spend coverage is comprehensive, with 24% and 36% coverage. We depend a lot on system controls and audit validation rules to control non-compliance at the front end. Only the outliers are flagged for an audit. We are in pursuit of intelligent audit analytics solutions that help provide expense analytics, deviation reports, and high, medium, and low-risk employee transactions based on cumulative spend patterns. We were using a solution in the past, which did not yield the desired progressive result. Now we are on the lookout and know exactly what we need.

• We currently perform a 100% audit of transactions for purpose and receipts USD $25 or higher. There are also trending audits performed monthly to identify compliance gaps. We are looking into ways to increase the effectiveness of our audit process to reduce the effort involved in auditing the transactions.

What is the approach at your company for audit and control for the Travel Expense process?  How automated is the process, and how sophisticated are the tools that are used?

Who are your peers and how are you collaborating with them?

“Peercasts^TM” are private, professionally facilitated webcasts that feature leading member company experiences on specific topics as a catalyst for broader discussion.  Access is available exclusively to Peeriosity member company employees, with consultants or vendors prohibited from attending or accessing discussion content.  Members can see who is registered to attend in advance, with discussion recordings, supporting polls, and presentation materials online and available whenever convenient for the member.  Using Peeriosity’s integrated email system, Peer Mail^TM, attendees can easily communicate at any time with other attending peers by selecting them from the list of registered attendees. 

 “iPolling^TM” is available exclusively to Peeriosity member company employees, with consultants or vendors prohibited from participating or accessing content. Members have full visibility of all respondents and their comments. Using Peeriosity’s integrated email system, Peer Mail^TM, members can easily communicate at any time with others who participated in iPolling.