Are traditional approvals and audit reviews of procure-to-pay transactions sufficient to prevent expenses fraud, waste and abuse in your organization? The evidence suggests not. A recent study showed that expenses fraud committed by employees is estimated to cost U.S. businesses more than $2.8 billion per year. In the public sector and higher education, we see numerous news articles about government and university employees either misusing funds or putting the organization at risk due to bypassing important controls.
It should be said that the vast majority of staff do the right thing. A number of studies have shown that the majority of fraud (around 80 percent) is committed by just 5 percent of employees. The types of issues which most organizations are trying to prevent include:
- Buying personal items with a corporate purchase card (p-card)
- Inflating an expense report with personal travel or unapproved expenses
- Directing purchases to favored suppliers
- Unallowable usage of sponsored awards including federal grant monies
Less troubling, but also problematic are violations of established policies such as:
- Requestor lacks documentation to support procurements requirements (e.g. bids, quotes) for special funds or grants
- Split purchases into multiple transactions to avoid a procurement threshold
- Purchases which are made using a p-card for an item on an approved catalog
- Taxable travel expenses which are not properly coded as taxable.
The sheer volume of financial transactions makes it almost impossible for a large organization to solve this problem using manual reviews, while effective, 100 percent audits, of all transactions for mid-to-large sized organizations is cost-prohibitive. And even the best audit program is likely to miss issues such as split transactions, PO leakage, or potential HIPAA violations.
What is needed is an automated system that can review every transaction using predictive analytics to estimate the risk level that each transaction represents to the enterprise. This approach allows managers to focus their time during their approval review and for auditors to center their attention on the highest priority items saving money while simultaneously reducing waste and fraud.
Of course, expenses scandals are all the evidence needed to understand why an automated system would reduce the likelihood of public embarrassment or negative audit findings that could result in the loss of grant or other funding.
Challenges with the Traditional Expenses Approval Processes
Organizations often rely on management review and authorization to ensure the integrity of financial transactions. While many managers are responsible, diligent and thoughtful, not all approvals receive appropriate scrutiny. Many managers are extremely busy and click an “approve” button without giving the request appropriate detailed review. In some cases, managers trust their employee to do the right thing and don’t review the details of expense reports or purchase requests, especially if the employee stays within budget. Other managers will delegate the approval to administrative staff who are ill-equipped or lack the authority to truly scrutinize a purchase order or expenses.
Automated risk modeling is needed to help focus these reviews so that managers can question high risk transactions. By ‘risk’ we mean a mathematical calculation that combines many factors but represents the risk to the organization from the transaction. Our deep history in fraud with predictive analytics and scoring designed to protect the credit and debit portfolios of the world’s financial institutions, means our technology and approach can also be applied very effectively to ‘internal transactions’.
Risk Scoring in Real Time
Experience shows that there is a direct correlation between having data to inform decisions early in the process and higher rates of compliance. If an organization has automated notifications which indicate specific rules that have been violated and risk scores to help prioritize and focus their attention, the review and audit process will be more accurate, efficient and effective. Risk assessment is based on many factors including:
- Funding source. Some funding sources, like Federal Grant money, are highly sensitive and subject to external audit.
- Dollar amount. Higher dollar amounts represent more risk, but also dollar amounts just below review or procurement thresholds carry additional risks.
- Purchase category. Over time, certain types of purchases or expenses are more likely to be abused.
By scoring the case using mathematically derived predictive analytics, the ERP or expense reporting system can provide alerts to reviewers (managers and auditors) for additional scrutiny prior to initial approval, and suspect transactions are stopped before any outlay of funds. Requestors can also be provided with real-time feedback about their purchase, potentially stopping them from even making the request.
Automated Review of receipts using OCR
Technology is now available which can automatically review the text within receipts or purchase card data (Level 3) for signs of improper or unusual spending. Through automation these reviews occur more cost effectively than through traditional manual processes. These reviews would include checks for:
- Receipts for unapproved items (e.g., alcohol or entertainment)
- Airplane Tickets for someone other than the employee
- Improper Class of Service (e.g., first class airfare, luxury car rental)
- Personal side trips accompanying business travel
- Hotel location outside of the approved destination
- Additional nights of hotel and excessive ancillary costs (e.g. gym, spa, room service, laundry, etc.)
Since some flagged items may be permissible, refinement of the predictive models and business rules means false positive results can be reduced. In addition, these same models can identify permissible expenses which are taxable but were not properly coded.
Over time, merchants will provide higher quality Level 2 and Level 3 data for p-card transactions because the credit card companies charge merchants a lower commission rate based on the data they include, which incents their participation and further supports automation.
Change habits by reducing the opportunity for errors
Fraud has been described as a result of pressure, rationalization and opportunity. Improper actions can occur when otherwise diligent staff rationalize that they can save time by cutting corners and with a belief they will not be caught. By instituting sophisticated automated checks and publicizing the existence of those controls, staff will make the reasoned decision that they are likely to be caught, which will in turn lead to an increase in voluntary compliance. The automated system can also continually look for new types of noncompliance, to prevent new approaches to circumventing processes and controls.
Over time this will lead to a reduced cost of compliance, improved usage of master contracts, and spending which better matches established policies, reducing costs within the procure-to-pay process.