Use These Best Practices And Tips For A Fraud Mitigation Program

Serge Kogan

In part one of this series, we defined employee-initiated spend and enumerated a number of areas affecting its management. In this article, we’ll focus on potential fraud, intentional and accidental, that can result from employee spending and how to mitigate it.

The ways in which employees are spending complicates spend management for organizations. The Association of Certified Fraud Examiners (ACFE) 2018 Global Study on Occupational Fraud and Abuse reports that five percent of a typical organization’s revenue is lost to fraud each year, and 83% of fraud cases involve asset misappropriation, including padding travel and expense categories. Employees using personal payment methods such as cash, Apple Pay, personal credit card, or paying a service provider directly for nontraditional expenses can open the door for potential fraud and impact an organization’s predictability of cash flow requirements. Nontraditional expenses include:

  • Hotel bookings outside of the company’s managed travel system
  • Meeting room bookings and catering for a corporate function without a purchase order or prior approval request
  • Subscriptions to magazines, gift programs such as wine clubs, season tickets for sporting events, etc.
  • Gasoline
  • Reimbursement for the use of personal cars

Opportunities for fraud can also occur when multiple reimbursement requests are submitted for the same expense, such as home-office supplies purchased with a credit card, reimbursed on an expense report to the employee, and later paid against an invoice submitted to accounts payable by the vendor. Or an employee might submit the same receipt on two different expense reports or the same expense for different trips.

The ACFE study shows that the median loss from asset misappropriation amounted to US$154,000, with expense reimbursements making up 14% of the risk in this fraud category. Additionally, a 2017 report by Oversight indicates that 37% of business travelers had at least one exception on their expense reports. Ultimately, this means there are numerous opportunities for an employee to manipulate expenses to their benefit. The multiple channels of spend and payment methods available today, and the absence of a process and system in place to capture all of this spend, can multiply the impact of this phenomenon.

Audits are only part of the solution

Most companies have some forms of approval workflows and audit processes to ensure that expense reports are properly filled out and substantiated. The employee categorizes the expense (travel to visit a client, personal meal, hotel, taxi, etc.); indicates the amount spent, includes which form of payment was used (cash, corporate credit card, etc.); and attaches a receipt or invoice. Managers approve or reject the expense reports according to corporate policies. Approved expense reports and invoices are registered in the ERP system and scheduled for reimbursement to the employee or payment to a corporate credit card or a vendor.

Audits are a great method to verify that expenses are properly substantiated to meet tax and fiscal requirements and adhere to company policy and as a checkpoint against multiple submissions of the same expense or invoice. However, if you are not connecting all channels and methods of spend available to employees, you can’t proactively prevent fraudulent activity. And you may be missing out on accurate spend data for reporting, budgeting, and forecasting purposes, no matter what percentage of expenses you are auditing.

Visibility into fraud requires observation over time

According to the ACFE study, 82% of fraud is caused by five percent of employees and it takes 18 months to uncover. Tracking unusual patterns of spend within a department or spending peaks by employees might help detect possible fraud.

Fraud mitigation involves a combination of actions beyond audits:

  1. Have a robust program that integrates corporate P-cards or travel and expense cards into a spend platform. This provides a mechanism for automatic verification and visibility of charges independent of when an expense report is submitted. Fraud examiners, auditors, and managers can rely on this data to validate purchases and credits and aid in investigations.
  1. Use GPS-enabled technologies that track point-to-point mileage to ensure employees are not padding their traveled miles to see clients.
  1. Monitor out-of-policy spending with reporting tools that can track exceptions over time by employee and expense category to alert managers to potential fraud before it gets out of hand.
  1. Have an integrated system that automatically alerts when the same charge is submitted on two separate expense reports, such as a train ticket for reimbursement against a personal credit card receipt and against the actual ticket, to prevent potential instances of fraud.

For employee spend that is not travel-related, payment with P-cards or corporate credit cards can also protect the company from paying the same expense twice. The P-card or credit card provides visibility to the charged amount and vendor to minimize the chances of the same invoice being paid twice.

Best practices to mitigate errors and fraud

Intentional fraud and unintended mistakes can be minimized by implementing one or more of the following best practices:

  • Use an integrated platform for capturing employee spend across all channels,
  • Have centralized budgets with timely alerts to department managers for staying within approved budgets, combined with approval policies for before and after submitting the expense.
  • Put audit policies in place to monitor 100% of reports for key areas of duplication and intended and unintended errors.
  • Eliminate manual reporting of mileage with the introduction of automatic GPS-based mileage trackers.
  • Audit 100% of expenses using a combination of artificial intelligence and manual audits.

As the ACFE reported, up to five percent of a company’s revenue is lost each year to fraud. For organizations with $100 million to $500 million in annual revenue, fraud can account for $5 million to $25 million in losses annually. Putting policies and best practices in place, such as budget control, 100% auditing, replacing manual reporting of mileage with automated mileage tracking, and data mining, can mitigate the magnitude of these losses and increase the company’s bottom line.

Stay tuned for our next article, where we will explore the topic of invisible spend. We will take an in-depth look at ways in which CFOs can benefit from monitoring and tracking spend, no matter how spend is captured, where the money is spent, and what payment channel the employees use to pay for services.

Visit Concur.com to learn more about compliance and fraud solutions and strategic spend solutions for better expense management and create a culture of compliance.

Want to hear more how GRC and security leaders are harnessing the power of technology innovations to transform their operations? Register today to attend the first-ever, complimentary online SAP Finance and Risk Management Virtual Event for an insightful experience of customers, experts, partners, and SAP executives discussing today’s pressing challenges and opportunities.

This post originally appeared on the SAP Concur Newsroom.

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube


Serge Kogan

About Serge Kogan

Serge Kogan is a value consultant at SAP Concur, where he has been working with current clients for over three years as a customer engagement executive. Prior to joining Concur, Serge’s career spans over 20 years, advising clients as part of iSuppli, a business intelligence firm serving participants in the electronics industry value chain, spearheading Latin America business as general manager of Interleaf’s Latin America group, and as a finalist in Mass Challenge, a start-up accelerator. Serge holds an MBA from the University of Rochester, and Master and Bachelor degrees in engineering from Cornell University. His current interests include spend management, global expansion and localization, digital transformation, cloud services best practices, and integration with partners.