I recently started to think about risk management in the context of T&E and P-Card compliance and monitoring solutions. Having traveled extensively in my career, having managed travelers, and having observed other employees I’ve traveled with, I’m somewhat critical of the checks and balances that most organizations use to mitigate the risk of fraud, waste, and misuse in their T&E or P-Card programs.
It's great when you have honest employees who never make mistakes and know their organization's policies, however, my experience has unfortunately shown that this is not always the case. Additionally, it only takes a small percentage of employees to a) either knowingly game the system or b) innocently create waste through misuse or errors to add up to hundreds of thousands (or even millions!) of dollars that can severely impact an organization’s bottom line.
One definition of risk management is, "The forecasting and evaluation of financial risks together with the identification of procedures to avoid or minimize their impact. An organization may use risk assumption, risk avoidance, risk retention, risk transfer, or any other strategy in the proper management of future events.”
In many cases, insurance can be used to support a risk management strategy. Unfortunately, insurance to cover the cost of T&E and P-Card fraud, waste, and misuse is not available. I think one of the reasons for this is based on the weakness of current controls, and the inability to determine the actual liability of the total risk.
In Oversight’s business, we speak to hundreds of prospective clients, and we have found these to be the most typical controls in use. I have added my concerns around each control.
- T&E and P-Card policies are published which provides guidelines for employee behavior.
- After implementing our 100% monitoring solution, the majority of our clients have commented on being surprised at how many employees said they were unaware of policies that they unknowingly violated. Publishing policies and having employees understand and follow them are two distinct things. Simply having the former doesn’t guarantee the latter.
- An employee's supervisor or manager approves the expense report.
- Today's automated expense management systems make it easy for the person approving the report to do so without actually looking at the line item details, in essence, not doing any review. Pressure to quickly reimburse employees only exacerbates the lack of first line control.
- P-Card transactions are submitted via an expense report (used in less than half of the organizations we talk to).
- Without an expense report the organization pays the P-Card bill at the end of the month and hopes that a sample-based audit at a later date will catch any problems.
- An internal audit team periodically samples a percentage of reports/transactions for compliance with policy.
- Periodic sample-based audits do not offer 100% assurance.
- In some organizations, a third-party is engaged to perform policy or receipt audits.
- See above.
While insurance may not be available for T&E and P-Card transactions, I want to present readers with a new approach to risk management that is available in the form of Oversight Insights On Demand™. Since its inception, many of the largest and most well known global organizations have implemented Oversight’s solutions.
Briefly we offer our clients the following risk management assurance:
Our SaaS application will automatically acquire and monitor 100% of a client’s T&E and/or P-Card transactions, and identify behaviors indicative of errors, fraud, waste, and misuse. Via the integrated case management tool that comes standard with our solution, our clients are able to take action in a manner that allows them to enforce policy and influence employee behavior.
By deploying Oversight, our clients are able to leverage automation, reducing their cost of compliance by over 50% while increasing the scope of analysis from traditionally a 20% random sample to an automated 100% review. As a result of influencing employee behavior, our clients have been able to deter non-compliant activities that can have an impact of up to 5% of their total travel spend. Our client's data has shown that roughly 5% of employees in an organization represent over 80% of the fraud, misuse, and waste in T&E and P-Card programs. So, the first order of business is to identify the 5% and take action.
Traditional controls can't reliably do this, hence, no insurance being available to mitigate the risk. Before Oversight Insights On Demand™, the traditional controls that I've described above were the best that organizations had available. Oversight's technology provides assurance to organizations that 100% of their spend is being monitored, thereby managing their risk to a more significant level then they ever thought possible.