Given the many benefits associated with purchasing cards (p-cards), the trend of widespread adoption is no surprise. Data from the RPMG P-card Benchmarking Survey reveals that annual purchasing card spending in North America has increased from $196 billion in 2011 to $229 billion in 2013. P-cards eliminate paperwork, lower processing costs, increase speed to payment, provide better visibility into expenses, enable tighter controls, and generally make for happier employees. But while p-cards close the door on certain losses, errors and abuses, they also open the doors to others.
When implementing the use of p-cards, companies should be cognizant of new vulnerabilities and prepare to monitor transactions in ways that can handle the expanded volume and intrinsic risks. Savvy companies are implementing cloud-based “on demand” monitoring to safely expand the use of p-cards for maximum cost savings and value while preventing loss and abuse.
According to a 2013 report issued by PayStream, “Purchase Cards: Working to Simplify the Procure-to-Pay Process,” all companies surveyed put in place at least one measure to protect against P-card fraud. The top three measures taken include:
• 83 percent require receipts for purchases.
• 81 percent define card spending limits or individual transaction limits.
• 75 percent conduct audits of compliance with card usage policies and procedures.
Yet preventive measures are not sufficient to eliminate abuses and errors, sometimes simply leading mal-intentioned employees to devise workarounds to comply with policies while passing through unapproved expenses.
Successful p-cards programs cause transaction volumes to soar, making it nearly impossible to review every transaction individually. Many companies solve this problem by auditing a sample (typically between 5 and 25 percent) of all transactions. Others hone in on employees that have been flagged as repeat-abusers. Some focus on auditing suspicious vendors that may have double-billed in the past. While some evaluation is better than none, these approaches still fall short of routine monitoring of P-card usage that captures fraudulent transactions and saves the company money.
Cloud-based monitoring systems incorporate information from multiple systems, including transaction details from the card provider, and perform analysis across disparate systems and data formats. Using algorithms and best practice statistical analysis techniques, cloud-based analysis delivers actionable information, enabling managers to gain understanding and take immediate action.
Following are three best practices for corporate spend analysis.
1. Evaluate Data from Multiple Systems
When it comes to auditing, transaction data from the p-card provider is only one valuable store of information. For the purposes of analysis, it is also important to pull in data from the accounts payable (AP) systems and third-party expense management applications as well as HR systems. By evaluating data from multiple systems, it is possible to compile a more “complete picture” that is not visible through transaction data alone.
For example, significantly increased spending activity during the last two weeks of an individuals’ employment with the company may indicate abusive spending behavior after a disgruntled employee has given notice. Without the additional information about the circumstances, expenditures would seem to be completely legitimate.
Or perhaps an evaluation of transactions in the P-card and AP system indicates that a particular vendor has been paid twice within one week in precisely the same amount, indicating a possible double-billing situation.
Best practice monitoring delivers information from multiple systems, enabling more effective identification of outliers and possible problems that require further investigation.
2. Multidimensional Analysis Reveals Insights Undetectable with Individual Auditing
There’s no single analytic technique that will reliably identify issues. The strongest approach uses a variety of algorithms to collect a wide range of indicators and then synthesizes the evidence into one set of conclusions.
Consider the importance of analytic technologies that are able to harmonize data. Data from different systems may include text files, notes fields, spreadsheets and other types of data. Analytics tools must first be able to normalize that data to evaluate it. Then the system applies sophisticated analytics to identify transactions that may constitute a policy violation, fraud or misuse. The transactions are evaluated against pre-defined integrity checks based on company policies as well as industry best practices. Some examples would include searching for transactions made by an inactive employee, suspicious merchant codes (such as a cruise liner, jewelry store, or luxury hotel), and unapproved merchants.
Multidimensional analysis is also able to compensate for data discrepancies such as transactions enacted under slightly different names (for example, James Tasker versus Jim Tasker versus James K. Tasker). Statistical approaches that incorporate data normalization and sophisticated algorithms serve to flag numerical and discrete valued outliners, timing and frequency anomalies, and combinations of the two.
Best practices monitoring tracks patterns of variance over time (such as expenses issued by James K, Tasker versus Jim Tasker), which can serve as a red flag for fraudulent behavior. This level and volume of statistical analyses would be possible only with sophisticated statistician-level work over long periods. Even with that, many variances and patterns are simply undetectable by human evaluation alone. For this reason, the multi-dimensional analysis made possible with cloud-based analysis is extremely valuable.
3. Benchmark to Validate Policies and Results
For every industry, that which qualifies as “typical” or “atypical” is different. For example, a large invoice to a plumbing vendor may represent a red flag to a pharmaceutical company, but be quite typical for a construction company. Or an off-shore drilling operation may have an average expense of a few thousand dollars (for purchases made on equipment or transportation) whereas a software sales business may rarely see an individual expense exceed $150.
Benchmarking can provide guidelines for setting policies and limits when initially implementing P-card systems, as well as thresholds for monitoring purposes. For example: Is the company’s average rate of fraudulent transactions in line with the industry standard? If it is higher, what policy or remedial education efforts need to be put in place?
Best practice cloud-based analysis tools automatically incorporate benchmarking data from other similarly situated companies.
When adopting any new technology or process, companies must ensure their evaluation capabilities keep pace with new challenges presented. As p-card adoption continues across all industries, companies have an opportunity to use cloud-based monitoring to ensure they “inspect what they expect” from employees and vendors.
Patrick Taylor is CEO and founder of Oversight Systems, a provider of business analytic software. Prior to founding Oversight in 2003, he held leading positions at Internet Security Systems (ISS) and Symantec as well as Oracle, Red Brick Systems, GO, Air2Web and Fast-Talk. He has a bachelor’s degree in mechanical engineering, with honors, from the Georgia Institute of Technology and an MBA from Harvard Business School.