When it comes to global bribery laws and FCPA compliance, travel and entertainment expenses and the reimbursement process are enormously meaningful in many ways. So how can you make sure that your risk, compliance, and audit departments are properly tracking these processes and effectively mitigating risk?
The key is to automate the process so that control breaches can be identified before problems escalate and become material. By leveraging technology, organizations can establish a record of evidence and therefore become proactive in the prevention of violations.
If your organization operates on a global scale and has numerous departments that submit expense reports for travel, dinners, hotel stays, and so on, the task of implementing a solution to automatically monitor for red flags can seem daunting. While it might be even more intimidating to take a look at senior management’s purchases, for fear of having to bring an executive’s practices to light, establishing the tone from the top is the most effective way to let everyone know that you’re looking at the data and constantly monitoring T&E expense claims for validity, accuracy, abuse, and violations of regulatory policy, even when it comes to the c-suite. This approach essentially serves as a deterrent for non-compliant behavior.
Once the data analytics program is implemented within one unit of business, such as T&E, and applied to one department, such as senior management, it’s relatively easy to branch out into other areas and groups.
In order to further break down the process and reveal whether errors are honest mistakes or outright fraud that could raise concerns among regulatory agencies, it’s helpful to look at the individual components.
Step 1: Charging Expenses
This part of the sequence is rather straightforward. It involves making sure that a fundamental policy is actually being followed by those who submit expenses. On a basic level, this might include ensuring that those who hold purchasing cards or corporate credit cards are still employed by the organization, that individuals don’t possess multiple cards, and that approval limits are set in place. Another way to monitor for accuracy or potentially fraudulent activities is to categorize expenses by approved hotel groups, airlines, and travel agencies that are assigned to handle all bookings.
Step 2: Enforcing the Way Expense Claims are Processed
For a more compliance-focused approach (and in order to implement a thorough claims process), classification of T&E expenses is critical, as is the ability to identify specifically what the expense is for. An organization might also make it mandatory for each employee to enter a description of the expense in order to gain approval. By forcing people to describe the expense, you can use analytics to test for the words in the description. Many organizations have lists of keywords and phrases that they specifically want to identify in expense descriptions, such as: “permit”, “government”, “business licenses”, or “please put this through as”. These are often repeated in multiple languages if the company operates in multiple geographies. The main objective of classification and descriptions is to make sure that all parts of an expense can be monitored for compliance.
Step 3: Analyzing before Reimbursement
The final component of an effective T&E expense monitoring program involves a 100% analysis of expenditures. This is the stage in which the use of data analytics really shines in terms of providing a clear picture of overall T&E efficiency and compliance. An analytics program can look at all of the transactions proactively, and then automate testing to enable a continuous assessment of expenditures in order to target problem areas and look at them on a repetitive monitoring basis. Specific FCPA tests can be found here.
Having the right technology that enables the extraction of data from various sources is definitely a prerequisite for effectiveness in this area.
Although the notion of a fraudulent employee is cringe inducing for executives within any industry sector, businesses that encourage employees to entertain existing and prospective clients are especially prone to fraud, and even bribery, within the T&E expense department. This characteristic creates an even greater need for continuous monitoring technology.
Let’s take a look at airfare, hotel, and ground transportation. Airfare is a great place to start as every organization has its own internal controls around the types of flights employees are permitted to book. Simply checking to make sure that the classes are appropriate is a measure that will reveal potential abuse. Other issues within the theme of airfare include costly, late bookings or repeat destinations and one-day trips, which could point to an employee commuting by air.
With regard to car rentals, mileage, and gas expenses, people can be foolish, be it accidental or fraudulent. If an employee is claiming mileage for a two hundred mile trip at X number of cents per mile, but is also claiming on the expense report that he or she has a car rental that includes gas expenditures, you have someone who is attempting to take advantage of the system.
Hotel stays can be categorized and analyzed by city. Expense amounts should be reviewed by location as part of a standard analytic in order to recognize whether or not the claim makes sense within the context of the location. For example, if an employee is staying in Manhattan, the cost is going to be higher than if he or she were staying in Jacksonville, Florida.
By weaving some sophistication into the analytics, an organization forces people to be far more specific in terms of individual behavior.
From a T&E perspective, what happens in another country doesn’t stay there. Organizations that operate globally must have an automated, continuous monitoring analytics system in place to reveal areas of non-compliant behavior. The cost of lost revenues or regulatory enforcement penalties is too steep for executives to ignore or leave to manual processes, as human error can impart significant risk to the business.
The key objective is to implement a technological solution that increases efficiency, reduces manual effort, and decreases the chance of risk and loss for the business. Uncovering potential problems certainly takes a strong ethical mind and a bit of spine, but when the data is speaking for you, your argument becomes irrefutable.
This post only provides an outline of the top-line items that corporations must address in building a robust T&E compliance program. For more detailed information on analytic tests and FCPA compliance, click here (.pdf).
Christopher Stewart-Smith is a data analytics consultant for ACL, a Vancouver-based company delivering technology solutions and consulting services that are transforming audit and risk management to give organizations unprecedented control over their business. www.acl.com