The top performing companies are using automation to carefully manage travel spending as well as speed reimbursements to keep business travellers focused on meeting client needs and closing deals. Employees are overwhelmingly compliant, but fraud does occur. The majority of employee fraud occurs in procurement, payment, and expense transactions.
The 2016 Association of Certified Fraud Examiners, Report to the Nations on Occupational Fraud and Abuse, noted when executives committed fraud, the median damage was ten times worse than when employees were the perpetrators.
In addition, asset misappropriation (like expense report and credit card fraud) was by far the most common form of fraud, occurring in more than 83% of the cases. Victim organizations that lacked anti-fraud controls suffered greater median losses.
Large organizations with companywide expense reimbursement policies are not immune to expense fraud. If you’re not taking a hard look at reimbursements, many instances of fraud can go unnoticed. Even the strongest internal controls will not guarantee absolute prevention or detection of fraud.
Some of the recent examples include the Ex-COO of Butler Health System admitting to a $1.3 million embezzlement scheme. Ms. Roskovski used her corporate Visa card to make more than $500,000 in personal purchases and disguised them with fake receipts for bogus expenses such as “welcome gifts” and “physician recruitment.
Indianapolis Business Journal reported that the former CEO of Hendricks Power Cooperative, in Avon, was sentenced to 33 months in prison for embezzling over $580,000 from the organization. The CEO had falsified his expense reports for six years, by fraudulently reporting personal expenses as business expenses. His fraudulent expense reports gained him reimbursement for personal vacations, jewellery, iPhones, iPads, tickets to sporting events, clothing and meals.
From time to time the Securities and Exchange Commission (SEC) decides to remind issuers of their obligation to the investing public to disclose executive perquisites. The latest cautionary tale? The Dow Chemical Company. The SEC fined Dow Chemical $1.75 million and used its cease-and-desist order to detail the issues regarding $3 million worth of undisclosed perks to its former CEO, Andrew Liveris. In doing so, the SEC cited a laundry list of rules Dow violated by not making the proper disclosures. According to Reuters, Dow had understated by 59% perks the CEO received between 2011 and 2015. The perks in question including things like Personal vacations Liveris took with family using Dow aircraft, parties Liveris threw at sporting events including the Super Bowl, allegedly with few Dow customers in attendance, and Dow’s financial support for the Hellenic Initiative, a Greek charity Liveris had co-founded.
The Securities and Exchange Commission is now settling with companies that self-report violations in a timely fashion under non-prosecution agreements, which creates even more incentive for senior management to ensure that all T&E expenses are valid and spent within regulatory guidelines.
The SEC defines a perk as an item that “confers a direct or indirect benefit that has a personal aspect without regard to whether it may be provided for some business reason or for the convenience of the company, unless it is generally available on a non discriminatory basis to all employees.”
Something isn’t a perk if it is “integrally and directly related to the performance of the executive’s duties.” But what if the something is both? As clarification, the SEC stated in its order that legitimate business expenses can still also be perks “has determined that an expense is an ‘ordinary’ or ‘necessary’ business expense for tax or other purposes or that an expense is for the benefit or convenience of the company,” that determination “is not responsive to the inquiry as to whether the expense provides a perquisite or other personal benefit for disclosure purposes.” The SEC’s test is a tricky one, especially because it is easily confused with—but is different from—the test used to determine if a business expense is deductible.
Clearly the SEC wants to make non-compliance expensive for companies. Moreover, these investigations can also be time consuming; the Dow investigation reportedly took three years. In light of this, boards of public companies will want to review both their business expense policies and executive compensation disclosures to ensure that perks aren’t being overlooked or mischaracterized as normal business expenses.
Organizations should consider the following best practices to deter expense report and credit card fraud:
As a best practice, an Officer of the Board should periodically review the expense reports and credit card activity of the Organization’s CEO. These reviews may occur post payment to avoid delays in timely payment of Organization obligations. The reviewer should be alert for reimbursement requests that lack supporting documentation, multiple expense reimbursement requests for the same amount, receipts that include personal items and travel related expenses submitted at a time when the employee doesn’t normally travel.
IA departments should collaborate within their organization to develop and implement a cohesive strategy to leverage data analytics for the benefit of the whole organization. IA should leverage enabling real-time, continuous data monitoring mechanisms.
Traditionally, internal audit’s testing of controls has been performed on a retrospective and cyclical basis, often many months after business activities have occurred. Today, however, it is recognized that this approach only affords internal auditors a narrow scope of evaluation, and is often too late to be of real value to business performance or regulatory compliance. Continuous Monitoring (CM) is evolving in its use of technology to improve operations integrity and information and transaction quality.
Companies of all sizes employ different methods of monitoring T&E. For example: there are enterprise corporations compiling reports using complex spreadsheet formulas, but there are also startups using expense management software to keep tabs on spending in real time.
Ultimately, automated monitoring is the most accurate way to keep T&E spending in check, regardless of company size.
The cost of lost revenues or regulatory enforcement penalties is too steep for executives to ignore or leave to manual processes, as human error can impart significant risk to the business.
If your organization operates on a global scale and has numerous departments that submit expense reports for travel, dinners, hotel stays, and so on, the task of implementing a solution to automatically monitor for red flags can seem daunting. While it might be even more intimidating to take a look at senior management’s purchases, for fear of having to bring an executive’s practices to light, establishing the tone from the top is the most effective way to let everyone know that you’re looking at the data and constantly monitoring T&E expense claims for validity, accuracy, abuse, and violations of regulatory policy, even when it comes to the c-suite. This approach essentially serves as a deterrent for non-compliant behaviour.
An effective T&E expense monitoring program involves a 100% analysis of expenditures. This is the stage in which the use of data analytics really shines in terms of providing a clear picture of overall T&E efficiency and compliance. An analytics program can look at all of the transactions proactively, and then automate testing to enable a continuous assessment of expenditures in order to target problem areas and look at them on a repetitive monitoring basis.
Thanks to the increased focus on compliance there is now a shortage of talent and skills for expense management – with many organisations struggling to fill posts and cover absences in their internal teams. Bringing in external help from experienced virtual accounting companies can alleviate this pressure, as you can quickly plug any gaps to build a fully-resourced, blended team – rather than relying on an over-stretched team, which may lack key skills.
As well as relieving pressure on your internal team, outsourcing compliance can also save you money. Paying an outsourcing firm doesn’t always work out to be less expensive than handling everything yourself, however it is often done better. That’s because these companies specialize in delivering just one or two services for multiple companies. As a result, savings are possible too, due to economies of scale and a clear operational focus, which means they can offer a very competitive rate.
Outsourcing can also provide you with much quicker access to more sophisticated systems – such as compliance analytics – that you would otherwise have to pay for or develop in-house. An outsourced solution can also save you a lot of time, as it’s your outsourcing partner’s responsibility to stay on top of all the latest regulations and rule changes, freeing up your own staff to concentrate on key compliance projects or remediation activities.
For many internal teams, it can be comforting to know that external expertise is immediately available should it be required. It’s also useful if the 3rd party is proactively recommending improvements and sharing best practices to the compliance operation, based on its exposure to many other clients and its visibility of what is working for them.