Ask the Experts: Is My Fraud Prevention and Detection Best-In-Class?
PwC’s 2018 Global Economic Crime and Fraud Survey finds that 49% of organizations globally have been a victim of fraud, an increase from the survey’s previous 36%. It’s no surprise then, that with instances of fraud rising, your organization may be at risk.
Savvy companies are looking closer at their travel and expense (T&E) spend areas as a way to prevent or find fraud schemes. In a recent ACFE webinar, attendees asked T&E experts for their perspective on fraud tips, tricks, and how to build a best-in-class T&E program. Here are some of the questions from fraud examiners with answers from our experts:
Building a fraud-proof expense policy
How do you handle compliance with expense policies, globally?
Some companies have an overall global policy, but then allow for country or regional exceptions, while others set up multiple policies within SAP Concur. SAP Concur has global service centers to assist with specific location regulations and languages. We focus on your T&E policy requirements and provide guidance on our internal best practices for that specific location.
Where do gifts to customers and vendors fall in your compliance program? Are gifts included in the entertainment side of T&E?
At SAP Concur, we see many “gifts” fall into the T&E area. We encourage clients to include an audit rule that enables the expense submitter to add in if the “gift” is for clients, internal employees, or government officials. The Foreign Corruptions Practices Act (FCPA) in the U.S. and other similar laws in other countries are pushing companies to call out “gifts” to government officials to ensure compliance and show that they have financial controls in place.
How do you deal with different rules for employees and senior management?
It is very common for a company to have multiple policies – it could be based on employee versus senior management, employee location, or department. Flexibility to have specialized configurations is one of the great things about SAP Concur.
Making expense reports a breeze
What are the features you use on the front-end of expense reporting; what does your company do before any expense is even submitted by an employee?
Recommend using expense type limits and audit rules to help guide the employee prior to them submitting the report. Our clients find “tool tips” that enable employees to “hover over text” extremely helpful to help guide them along the way.
What if employees aren’t looking at policy notifications based on audit rules within their reports?
If the employees aren’t looking at the “pop ups,” you should consider looking at how your audit rules are set up. Warnings would still allow the report to be submitted and hard stops would prevent the report from being submitted. If you want to change behavior, you may have to have a hard stop unless they add a comment, then it would be a warning but would still allow the report to be submitted.
What’s the value of automatically feeding corporate card expenses to an expense report, versus manually inputting the charge?
It’s awesome when you can make it easy for employees to submit their expenses by having the credit card feed into their expense report. It’s also advantageous for the company, as it reduces errors and captures actual spend, thus reducing fraud. At times there is still a need for itemized receipts and other detail. For example, hotel stays require detail regardless if there is a credit card transaction and credit card receipt and so do business meals with attendees.
Auditing expenses easily
How do you best educate the senior management who question expense processors with an intimidating tone?
To avoid having internal departments manage any expenses from senior-level managers, we have seen companies use external auditors to view executive-level expense reports. The third party also manages any inquiries around this group’s expenses and explains when expenses fall out of policy. Companies often prefer this independent review, as it enables the internal team to focus on other areas. Also, this shows board members, stockholders, and other external stakeholders that the company has systems in place to manage compliance and fraud at senior levels.
What are the recommended penalties for employees who are committing travel fraud?
We’ve heard clients come up with various ways to penalize and educate employees who commit travel fraud. Some have a “three strikes you’re out” policy, while others leave it to the direct report’s manager to come up with the consequences. At times, human resources will intervene especially when it’s a high-dollar expense. Companies have also found that if an employee is committing fraud in travel and expense areas, then other areas such as time reporting should be looked at as well to uncover if there’s any other fraudulent activity.
Our company has moved away from manager approval due to low review rates and uses artificial intelligence (AI) for detection instead. What are your thoughts on employee experience and friction compared to fraud prevention and detection? How do you walk that fine line?
SAP Concur has partnered with AppZen on the Concur Detect service – an AI driven solution – to allow clients using their own internal teams for fraud and anomaly checks to be more efficient. These internal teams are sometimes also used to do the compliance checks, so Detect allows them to remove the tedious “receipt validation” step and only focus on those identified as a potential invalid transaction. Agree that many supervisors do not check employee expenses. We actually have a report that’s popular with clients that shows who is opening/viewing expense reports prior to approval. If you set up proper controls upfront using audit rules that make sense for your industry and company, then employees should be limited in being able to submit out of policy expenses.
Building a fraud detection and prevention program that’s best-in-class
Ensuring your organization is effectively prepared to prevent and detect fraud within your T&E program is no easy task. But thinking your policies and technologies are “good enough” because you haven’t had a major issue yet, or fully trust your employees is creating a gateway for fraudsters. Remember, instances of organizational fraud are rising, after all.
To respond to these modern challenges, you need a modern solution. One that automates the T&E process from start to finish, integrates all of your spend channels, and ensures you’re proactively reporting on spend trends.
To learn more about the steps you can take to improve your fraud prevention and detection game, check out our ACFE webinar executive briefing. Additionally, discover the dangers of sticking with the status quo by reading about the cost of doing nothing