Have you ever given thought to how easy it is to use your agency issued procurement card to purchase items for personal use? Creating a strong procurement card program that includes a fraud prevention program is critical. There are reports daily of fraud happening, not just external bad actors, but internal as well. Thousands of dollars of p-card activity that isn't in alignment with the core policies and procedures at your agency. How do you catch it?
This is a topic we've been considering and trying to find effective and efficient ways to mitigate the possibility of fraud and put a plan in place for actions if it is discovered. Through the help of many resources, the following are some of the key elements of a fraud prevention program we put together to discuss within our system. We are a system of 34 community and technical colleges and the state agency. Nearly all have a p-card program, some small, a few very large. How do we make sure that fraud and theft isn't being committed?
A procurement card fraud prevention program involves a set of policies and procedures designed to minimize the risk of fraudulent transactions made using procurement cards (also known as P-cards) by implementing strict controls on card usage, regular monitoring of transactions, thorough employee training, and clear guidelines regarding appropriate purchases, all while maintaining a system for reporting and investigating suspicious activity.
Key elements of a procurement card fraud prevention program:
- Clear Policies and Procedures:
- Define eligible purchase categories and spending limits for each cardholder.
- Establish guidelines for proper receipt documentation and expense reporting.
- Specify procedures for reporting lost or stolen cards.
- Specify consequences for violating policy rules.
- Outline disciplinary actions for misuse of cards.
- Cardholder Training and Awareness:
- Regular training sessions for all cardholders on proper card usage, fraud detection, and reporting procedures.
- Emphasize the importance of safeguarding card information and not sharing it with unauthorized individuals.
- Access Controls and Separation of Duties:
- Limit the number of individuals with access to each procurement card.
- Assign a designated card custodian within departments responsible for managing and monitoring card usage.
- Separate responsibilities for approving purchases from those making them.
- Transaction Monitoring and Analysis:
- Regular review of transaction statements to identify suspicious activity like unusual spending patterns, large purchases, or transactions at inappropriate merchants.
- Utilize data analytics tools to identify potential fraud indicators based on historical spending trends.
- Merchant Category Code (MCC) Restrictions:
- Block purchases at merchant categories not aligned with business needs (e.g., personal shopping, entertainment).
- Spend Limits and Approvals:
- Set appropriate spending limits based on the cardholder's role and department.
- Implement a system for mandatory approvals on transactions exceeding designated thresholds.
- Reporting and Investigation:
- Establish a clear process for employees to report suspected fraudulent activity.
- Promptly investigate all reported incidents of potential fraud.
- Regular internal audits of the procurement card program to assess compliance with policies and identify areas for improvement.
- Periodic review of cardholder compliance with established guidelines.
Transaction Audits
Who, How, When
Transaction audits:
- could be conducted by the P-Card program administrator or manager (PA/PM), an internal audit department or other department (Reviewer Proxy)
- should occur a minimum of monthly
What to Avoid
- Manually auditing all P-Card transactions every month, which is tedious and costly;
- Exclusively conducting random, percentage-based audits (e.g., 10% of transactions), which can result in some cardholders slipping through the cracks
Strategic P-Card Audits
Your strategy should include auditing transactions that have certain attributes, such as those:
- at or above a certain dollar threshold
- with certain merchant category codes (MCCs) and/or suppliers (e.g., Amazon)
- containing key words that could indicate a prohibited purchase per your policies and procedures
- occurring during non-business hours
Also look for suppliers used by only one cardholder; this might indicate an issue or something fishy.
In addition, audit all transactions by certain cardholders, such as those who (These are just some examples):
- are new to the cardholder role
- have a new manager/approver
- exceed a certain number of transactions during the month
Do not exclude executive cardholders just because of their job level.
Important considerations:
Utilize procurement card systems that provide real-time transaction monitoring.
- Communication and Culture:
Promote a culture of accountability and ethical behavior within the organization regarding procurement card usage.
Regularly assess the effectiveness of the fraud prevention program and make adjustments as needed based on emerging risks and trends.
What are your thoughts? What is your agency or institution doing to deter or prevent fraud?
I'd like to acknowledge and thank University of Iowa and UC Davis, as well as Recharged Education and Compliance Online, for public access to their information on procurement card fraud prevention.