If there is one good thing to emerge from the Craig Thomson/HSU debacle – and surely every cloud has a sliver of silver lining – it is that a bright light has been focussed on the area of credit card control.
There are sound and legitimate reasons for organisations providing key personnel with credit cards which I strongly support: they offer flexibility and purchasing agility; can streamline the purchase of relatively inexpensive products and service; and, improve the purchase-to-pay cycles. At the same time credit cards offer organisations a clear audit trail of who bought what and when.
Where these programmes come unstuck is where credit card policies are not understood by employees or properly enforced by employers, and where the credit card audit trail is not examined until a major problem is suspected.
Two recent audits of credit card activity in the public sector have thrown the problem into sharp relief. A report from the Victorian Auditor General’s Office tabled in the Victorian Parliament in May 2012 examined 460 transactions and found that seven per cent had not followed the rules. Seven per cent is a relatively small percentage – but for government organisations under tight budgetary constraints any leakage is significant, and no organisation wants to expose itself to the risk of fraud.
A second audit, this time by the NSW Auditor General of the University of Newcastle, reprised concerns raised a year ago about the level of credit card use at the university where around 1,000 people hold University-issued credit cards. The audit found that 93 people had used their cards for personal expenses, 253 had their cards suspended and nine were cancelled because people had failed to follow the rules.
Both the Victorian and NSW audit reports uncovered a lack of effective control, and the recidivism at the University of Newcastle suggests that even organisations which have been warned about the problem in the past are still failing to adequately assess the value of their credit card programmes or grapple with the risks that they potentially introduce.
The fact is that credit card purchases are often considered as little more than petty cash, and unless there’s evidence of systemic fraud many organisations remain relatively lax about how they police the use of the employer-issued credit card.
This is a grave mistake. As anyone who has opened a newspaper or turned on the television news in recent weeks understands, credit card abuse can devastate more than the dollars involved might suggest. In addition the advent of cloud computing, where computer services can be bought over the internet using a corporate credit card, introduces a whole new risk vector to organisations which don’t keep close watch on who is buying what.
Credit cards remain a valuable ally in the search for effective procurement. But to be effective organisations need to:
- establish and regularly review policies as to how the cards may be used;
- properly educate users about the policies governing credit card use; and
- invest in information systems to monitor credit card use and identify potentially rogue payments.
Over the years I have been involved in a number of credit card investigations. Most problems arise when organisations fail to invest in information systems that properly monitor card use – meaning that the issue is often only detected at the end of a financial year, rather than being nipped in the bud when it first manifests.
There are a number of information systems which have been developed to restore control to organisations – tools such as Proactis and Concur. These tools are designed so that employees regularly submit information about their credit card use, which is important for basic financial hygiene and ensures proper tax recording of spending important for GST and FBT liability management. By integrating data from these tools with the general ledger companies also achieve much greater transparency regarding their overall financial position, hence reducing their overall risk position. The other value add from these tools, is that the same processes can be use for other expense claims such as petty cash, mileage, re-imbursements etc., adding to their overall value and effectiveness to the enterprise.
The tools take account of organisational rules regarding credit card use and can identify excessive or unusual use – potential flags of fraud; they feed information into workflow management systems to ensure proper oversight and approval processes are adhered to; while the information they collect delivers important and very granular insights into purchasing behaviours which can in many cases be used to fine tune procurement practices.
Many of these tools are highly intuitive and often web based, meaning the barriers are lowered in terms of encouraging employees to use them. Organisations can develop easy-to-understand online training modules which quickly educate employees about both credit card use policies and how the information systems that collect data about credit card use operate. By including a short quiz which employees have to complete successfully before being issued with a card, organisations can be assured that their employees understand how the credit card regime operates.
Achieving procurement and probity best practice is not just about ticking boxes, but taking a smarter strategic approach. It is a little disappointing that the recent Auditor General reports from NSW and Victoria cling to audit as the primary tool recommended to monitor credit card purchasing.
There is a better way.