We have seen a thing or two from working with hundreds of Fortune 2000 companies helping them transform their T&E audit process from a transactional expense report review to a comprehensive focus on mitigating risk and influencing employee behavior.
A clear benchmark across our customer data reveals that about 70% of business travelers at organizations are fully compliant and pose no risk to the organization. About 25% of travelers that engage in wasteful spend and policy misuse but without any intent to commit fraud. And lastly, about 5% of employees are engaging in almost 95% of all the highest-risk activities.
Despite these findings, the audit process currently used at most organizations treats employees in each of these segments the same exact way. Not surprisingly, businesses end up irritating the 70%, not influencing the 25% -- while the 5% bad actors go completely undetected.
The challenge is that the tools supporting the underlining T&E controls are only capable of analyzing individual expense reports at a single point in time. By their nature, these controls are designed to find low-level policy infractions, not waste, misuse, patterns of suspicious behavior, or fraud.
Below are 5 signs that your existing approach isn’t working to mitigate T&E expense risk, influence employee behavior, and prevent you from optimizing your business process. If you recognize any of these 5 signs, you probably need to streamline your T&E auditing process.1. You are using your T&E system’s audit rules to identify risk.
Most T&E systems include audit rules that can be configured to flag expense lines on individual expense reports for several reasons. These audit rules are useful for identifying errors and defects (e.g., missing attendee information, hotel stay is not itemized, cash transaction amount is negative) upfront when employees are submitting expenses.
However, audit rules are ineffective at identifying risk or influencing employee behavior. An expense management system’s workflow is built for processing individual expense reports – not assessing and mitigating risk.
Risk extends beyond the single dimensions of an individual expense report at a given point in time. To effectively identify risk, a comprehensive risk analysis must focus on the gray areas of employee spending behavior in expense report and card transactions over time.
System audit rules simply lack the sophistication to provide multi-threaded behavioral analysis, time-based reasoning, statistical benchmarking, and fuzzy logic to detect unusual employee behavior. Most T&E system audit rules are only capable of performing simple Boolean logic to flag items on individual expense reports. It is rare for audit rules to flag any serious risk or present actionable insights from the data to help educate or influence employees and prevent future waste. At best, audit rules flag minor policy infractions on individual expense lines that, in most cases, employees can easily explain away.
2. You are performing sample audits that focus on individual expense reports.
OK, you recognize that system audit rules are not an effective control to identify risk, so you do the next-best thing: You supplement your efforts by performing sample-based audit reviews of expense reports. Your sample selection is determined by a few factors, such as expense reports over a set dollar threshold, selected expense types, cash transactions. You may even leverage the system audit rules here to create blanket rules to flag expense reports for manual review. Over time, you may have added hundreds of blanket rules to avoid the possibility of any potential risk going undetected from your process.
To manage this additional review, you probably had to add significant overhead. For all your efforts, you will have seen little in the way of benefits. This review typically amounts to little more than a clerical check of individual expense lines and receipts for completeness and minor policy infractions. This approach fails to mitigate risk from potential fraud or wasteful spend, requires increased staffing, and causes unnecessary interruptions to the reimbursement process creating a backlog of expense reports impacting processing service-level agreements (SLAs).
Here are the biggest challenges with performing a sample-based review of individual expense reports:
- The consequences of positive confirmation bias: Sample selection criteria generally return large volumes of expense reports or transactions – typically in the 20% to 30% range. For companies processing more than tens of thousands of expense reports annually that is a significant volume of transactions to manually comb through to identify policy violations. Based on analyzing several billion dollars of T&E spend, Oversight has identified that 95% of expenses are within company policy. When most items in your sample are in-policy expenses, you are likely to fall victim to positive confirmation bias. That means that you probably will begin to believe that most transactions are valid, while being susceptible to missing the obvious risk.
- If you’re lucky, you may stumble on fraud: However, it is unlikely you will be able to spot any fraud using sample audits. Clearly, a fraud scenario may not present itself within your sample, so it’s a matter of chance. More importantly, fraud is hard to spot when reviewing individual expense reports at a single point in time.
- You lack visibility into employee behavior: Waste, misuse and fraud do not present themselves on a single expense report; they are complex and are identified over time, often across multiple reports, multiple employees, or even multiple attendees. Without visibility into non-compliant patterns of employee behavior, you are only communicating on a one-off transactional basis that will probably fail to expose any significant risk or influence employee behaviors to prevent future wasteful spend.
3. You are inundated with false positives.
It is easy to flag exceptions in T&E data when you are focusing on individual lines on an expense report. But combing through these items can be an extremely tedious task. A system that lacks the ability to dynamically establish baseline “norms” will not be able to detect problematic activity, thus generating a pile of exceptions are mostly non-issues for manual review. To be useful, analytics need to have the ability to “learn” from the exception resolution process, which becomes a data source from which the analytics can get smarter and more refined.
4. Follow up with your employees is messy and inefficient.
For every error or policy violation found in your transactional audit, someone on your team must personally reach out to each person who filed the report, communicate what is wrong, state the desired outcome, and then manually track the resolution. Without a case management system with built in-audit trails, organizations will require significant overhead to track the resolution process – with no visibility into previous history of issues. It’s important to know the past outcomes for an employee issue as it can impact the resolution of a case currently under review. If your audit process is taking a lot of time, but the infractions often don’t amount to much, you probably need to finetune your expense audit process.
5. You are lacking necessary KPIs to evaluate policy effectiveness and drive process improvements.
You struggle to provide key stakeholders across finance and business functions with visibility to key compliance metrics. In many cases, you may be unsure how to measure the success of your existing process because there is no way to track the impact of your audit on employee behavior, error detection, or dollars saved. Management reporting without a systematic way to track repeat offenders, exception resolution process and root-causes of compliance violations hinders policy development and ongoing process improvement.
By tracking these key metrics, you can report across multiple data dimensions such as organizational hierarchy, merchants, spend category, geography (e.g., country, region, state), time-based, analytic type, and others. Such reporting will provide real time visibility into the compliance health of your business process and enable data-driven policy decisions promoting compliant behaviors without increasing employee friction.
If you recognize any of these 5 signs, check out our best practices guide and learn how you can detect and stop employee expense and purchase card fraud, waste, and misuse in your organization. Better yet, request an Oversight demo today and see how an automated data monitoring can turn your manual expense audit process into a streamlined and automated risk mitigation workflow.