August 24, 2022
By Kristen Ocampo, CPA, Senior Internal Auditor
Travel & Expense (T&E) reimbursement fraud can have a significant impact on your organization. The Association of Certified Fraud Examiners’ 2022 Report to the Nations found the average loss from an expense reimbursement scheme was $152,000. The report, which is based on a worldwide survey of Certified Fraud Examiners conducted between July and September 2021, noted that the expense reimbursement fraud schemes were generally ongoing for 18 months before being noticed. Given the high-risk posed by expense reimbursements, most organizations should conduct an annual travel & expense reimbursement audit.
If your organization has not conducted an expense reimbursement audit since the start of the COVID-19 pandemic, now is the time to review this area. Organizations are likely to see an increase in expense reimbursements as they start to schedule business travel and face-to-face meetings after several years of restrictions on in-person events. The expense reporting process may also have become more digital during the pandemic, but the new process may not have been reviewed for appropriate internal controls and best practices.
There are several areas of the expense reimbursement process that are especially high risk, such as conference registrations, business meals, hotels, transportation, mileage, and other miscellaneous expenses. It is also important to pay special attention to whether duplicate charges are placed on both out-of-pocked expense reports and on a corporate credit card. The misuse of corporate credit cards is common and additional areas to focus on are as follows:
- Lack of policies outlining which expenses can be paid with a credit card
- Credit card expenses receiving a less stringent review than expense reports
- No separation of duties between the reviewer and the individual paying the credit card bill
- No verification of the total monthly credit card bill prior to payment
- Interest or late fees accruing on late payments
- Lack of policies governing the issuance and termination of credit cards
Executive Director/CEO expenses is another high-risk area. The Executive Director or CEO is typically a trusted individual within their organization and therefore may not face the same scrutiny as other employees. The 2022 Report to the Nations found that 18 percent of expense reimbursement fraud schemes were perpetrated by executives in upper management. An Internal Audit function, whether in-house or outsourced, is likely the most appropriate function to review these expenses in an independent and objective manner.
Internal Audit Solutions
While the above-mentioned areas will be applicable across many organizations, some entities may face additional risks. A risk-based internal audit will allow the audit team to identify these risks and develop procedures to properly address them. There are multiple ways that a risk-based internal audit can help uncover fraudulent expense reimbursement schemes. For example, an internal audit can verify that management has an established whistleblower policy, so that concerned employees feel safe in reporting fraud. Internal Audit can also aid management in their fraud identification efforts by ensuring that management’s processes contain appropriate reviews and approvals. The mere fact that an organization executes annual T&E audits will act as a preventative fraud control, since the would-be fraudsters will know that expenses are being scrutinized.
Appropriate policies and procedures related to expense reimbursements lower the risk that an organization will reimburse an employee for fraudulent or incorrect expenses. These policies should clearly outline which individuals are authorized to approve expense reports, which types of expenses are reimbursable, and the timeline for submitting expense reports. Routine expenses, such as monthly phone reimbursements, should be defined in the employee handbook. Policies be reviewed periodically to reflect updates in the process.
How GRF Can Help
If your organization needs assistance performing an expense reimbursement audit, visit our Internal Audit Solutions page to learn more about our services, contact GRF’s Risk & Advisory Services, or feel free to reach out to us directly at the contact info below.
Melissa Musser, CPA, CITP, CISA,
Partner and Director, Risk & Advisory Services
Kristen Ocampo, CPA,
Senior Internal Auditor