7 Ways to Protect P-card Spend
October 01, 2017 by David Griffiths, CEO
The use of P-cards, or purchasing cards, has grown considerably in the last 10 years, streamlining employee purchases of goods and services by using a corporate credit card which is restricted according to the business need. P-cards present a highly cost-effective way to reduce payment processing costs and increase visibility of purchasing transactions.
In the US and Europe, p-card use has grown rapidly, with around two-thirds of US companies now using them, according to research by Paystream Advisors. But to mitigate business risk and implement p-cards successfully, management needs to formulate and communicate clear strategies and ensure that a set of comprehensive, enforced controls protect their use.
Spotting fraudulent P-card transactions
There are several red flags which may indicate misuse, abuse or fraud within card spend. Some of the soft indicators include transactions racked up outside of business hours or with unfamiliar vendors. Risk is also heightened among employees who may be experiencing difficulties at work or be poised to leave the organization, or who work within a team with staff morale issues or high staff turnover.
Hard indicators include transactions just below the card threshold, or multiple transactions from a single vendor on the same day. Employees who fail to submit their monthly reconciliations or attempt to file several at once - often right on deadline - may also be hiding suspect transactions.
Seven key ways to protect P-card spend
1. Prevention at the start
Start as you mean to go on. When the p-card program is set up, establish roles and responsibilities, ensure a clear separation of duties and actively communicate the appropriate policies. Procedures should be clearly documented and include the systemic controls detailed in points 4 and 5. Be ready to fully implement and follow through on all policies.
2. Cardholder checks
Every new employee added to the program should be subject to extra background checks and a probationary period of 2-3 months during which time their p-card use undergoes extra scrutiny. New users must specifically sign up to the company’s P-card policy.
3. Communication and education
All p-card users should be formally educated on the corporate policies and procedures that govern their use and offered refresher sessions to be run at regular intervals. Finance organizations can run webinars, post the relevant documents on the intranet and in extreme cases, consider naming and shaming employees or departments who do not abide by the correct rules of the program, which they have signed up to.
4. Standard internal controls
All programs should be managed according to a set of standard internal controls. These include dollar limits on single, daily and monthly transactions, and restrictions by merchant classification code so that employees cannot use the card to purchase items unrelated to their job. All ATM and cash access should be blocked. Immediate line supervisors should review and approve purchase transactions monthly, and the p-card coordinator should cast a second pair of eyes over the transactions to ensure their validity.
5. Detective Controls
Beyond the standard controls, all programs should include more rigorous detective controls that actively search for anomalies and potential fraudulent transactions and require a detailed reconciliation review. Monthly program management reports must deliver insight into reconciliations, and an anonymous tip-line can encourage suspicious colleagues to come forward with their information without fear of reprisal. If there has been a transgression, a card should be placed on hold until the issue is resolved, and employees who flout the rules repeatedly should be disciplined.
6. Purchase-to-pay self-auditing
There is too often an over-reliance on Internal Audit teams to monitor p-card programs. But Internal Audit’s role tends towards historical or ad-hoc checks, whereas p-card programs require continuous, real-time monitoring to effectively safeguard against fraud or misuse. An organization should appoint an internal controls person who looks at card transactions daily and analyses them, either manually or (for larger programs) using specialist software, to look for exceptions. Once data is being collected and reviewed regularly, patterns and trends start to emerge that highlight program weaknesses and areas needing improvement.
7. P-Card monitoring service
A company with a substantial p-card program – i.e. one with thousands of transactions a month-- may need a more automated P-card forensic monitoring service to sufficiently safeguard it. This type of service seeks to analyse all the card transactions and reconcile them with the accounts payable ledger. This way, red flags are collated and analysed to identify potential issues, build expertise in the team, and constantly improve the processes and procedures in place to protect corporate spend.
P-card programs can be a highly efficient, cost-effective method of streamlining the purchase of smaller value goods and services and when they are run properly, they can save organizations substantial amounts of money. But stringent controls must be in place to ensure purchases are reasonable, properly recorded and made by a valid cardholder to an approved supplier. It is also essential that crystal clear rules and policies are communicated to employees and followed through on by management. As a final safeguard, card spend must be regularly monitored and analysed to identify potential misuse, abuse and fraud, so that the savings made by implementing the program aren’t lost by not executing or managing it properly.