1 / 36

Preventing P-Card Abuse:

Preventing P-Card Abuse: . Automated Monitoring & Resolution of Card Misuse July 2014. Meeting Agenda. Introduction CaseWare Profile Current State in Higher Ed. Purchasing Card Process Monitoring P-Cards Case Studies Q&A. CaseWare International. Founded in 1988

magnar
Download Presentation

Preventing P-Card Abuse:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Preventing P-Card Abuse: Automated Monitoring & Resolution of Card Misuse July 2014

  2. Meeting Agenda • Introduction • CaseWare Profile • Current State in Higher Ed. • Purchasing Card Process • Monitoring P-Cards • Case Studies • Q&A

  3. CaseWare International • Founded in 1988 • An industry leader in providing technology solutions for finance, accounting, governance, risk and audit professionals • Over 400,000 users of our technologies across 130 countries and 16 languages • Customers include Fortune 500 and Global 500 companies • Microsoft Gold Certified Partner

  4. International Acceptance

  5. Industry Trends • *ACFE 2012 Fraud Survey

  6. Industry Trends • *ACFE 2012 Fraud Survey

  7. Industry Trends • *ACFE 2012 Fraud Survey

  8. P-Card Misuse in Higher Ed. • P-Card Fraud in the news

  9. Purchasing Card Process 1. Assign Card End-User Organization 4. Submit Reconciliation Cardholder 2. Place Order / Make Purchase 5. Settlement / Post to GL 3. Receive Goods/Services General Ledger Supplier/Merchant

  10. Why Continuously Monitor P-Card Controls? • One View: Complete overview of P-Card Activities • Control: Apply detailed spending & usage policies • Prevention: Visibility helps stop fraudulent activity before it affects your bottom line • Accuracy: Validate all transactions prior to payment • Efficiency: Ensure all appropriate discounts, rebates and refunds are properly applied • Assurance: Reputational risk is minimized

  11. Purchasing Card Controls & Activities

  12. Areas of Risk • Card Issuance • Inactive/Terminated/On Leave employee using Card • Employee in any state except ‘full time active’ is currently using the company card. • Elevated liability • Create Employee transaction and spending profile to gauge unnecessary exposure for the company. • Profile factors (employee transactions, spending, card time of use, avg. balance compared to credit limit, etc.)

  13. Areas of Risk • P-Card Administration & Analysis • P-Card Limits • Employee(s) use the Purchasing Card to spend over their weekly, monthly or transaction limit. • Duplicate Payment through Accounts Payable • Vendor has been paid through Accounts Payable as well as employee processing the payment with Purchasing Card.

  14. Areas of Risk • Program Performance • Non-Preferred Vendor Spend (Vendor Rebates not maximized) • Multiple Vendors used for office supplies instead of single vendor to receive appropriate rebates. • Vendor is not giving you the appropriate Rebate as per contractual agreement. • Decline Transactions • Review and analyze decline transactions to assess potential misuse or employee(s) with insufficient credit card limits.

  15. Areas of Risk • Spending Patterns • Excessive Even Dollar Transactions • Even dollar transactions are normally rare and are typically used in the purchasing of gift cards, gift certificates. • Split Transactions (Single or Multiple Cards) • Employee(s) complete(s) two transactions at same merchant to circumvent their maximum purchase amount threshold.

  16. Areas of Risk • Transaction Policy Violations • Cardholder – Merchant Match • Employee has registered himself or been registered as a Vendor and being paid for additional services outside of job responsibilities. • Keyword Search • Verify employee are not making non-compliant purchases such as jewelry, groceries, tobacco, electronics, Apple store, etc. • Cash Advance/Financial Services • Employee may be using card for cash advances or financial services (mortgage, loan, line of credit, etc.).

  17. Level 3 Data – Purchase & Service Details

  18. CaseWare Project Approach STAYING AHEAD Move to a more proactive approach that reduces potential business impact of control failures. ACCESS DATA Your organization’s data is accessed from the relevant sources and consolidated PROACTIVE REACTIVE DATABASES FLAT FILES Audit Go beyond financial processes and assess the design and operations of controls for the entire business. LOGS CONTROLS MONITORING PREPARE FOR ANALYTICS Your data from multiple sources is then cleaned and organized to ensure it is accurate, consistent and ready to be analyzed. INVESTIGATIONS GOALS & PLANNING Work with key stakeholders to understand the business processes to be analyzed and their monitoring requirements. SOURCE DATA Governance Ensure that sound governance structures are in place to ensure the right information about the right issues is available at the right time. INTERNALASSURANCE POST-ACQUISITION ASSESSMENT Core Processes Embed monitoring best practices to ensure that business owners and operators are accountable . RISK ASSESSMENT INPUT RISK ASSESSMENT FOLLOW-THROUGH OPTIMIZE WORKFLOW AND REMEDIATION The workflow for results are designed including assignment, escalation, investigation and closure. RISK & CONTROLS Drill into the details of current risks and controls. This determines the data analytics needed, the strength of your existing controls and policies as well as what controls need to be improved to mitigate risks. DATA ANALYTICS The correlations and relationships are made identifying, trends, field statistics, and patterns and anomalies are isolated. REPORTING RESULTS The details of how the results are to be communicated along with any relevant reporting are determined. RESULTS VALIDATION Key stakeholders validate the results of the analytics and results are fine tuned.

  19. Recommendations Here are a few general recommendations: • Direct cardholders to document purchase requests and approvals, budget approvals, and bona fide company/government/corporation needs for P-card transactions. • Strengthen the monthly P-card reconciliation process. • Ensure that purchases are equitably distributed among qualified vendors and that you determine the most efficient and effective method of obtaining services (i.e., insourcing versus outsourcing, purchase cards versus other procurement tool). • Develop policies and procedures to ensure that purchase card files are retained when cardholders or approving officials end employment with the department or discontinue their functions as cardholders or approving officials. • Improve training — as well as its tracking and monitoring — for cardholders and approving officials on regulations over the use of P-cards.

  20. Customer Value Chain Enabled by Expert Content Business Process Modelling Data Management Training, Consulting and Certification Certified Enterprise Platform Global Partner Network

  21. Customer Value Chain • Upload the company’s risk and controls library across: • Business Processes • Subsidiaries • Locations • Design analytics to monitor the controls • Generate alerts when controls are failing • Trigger a collaborative remediation workflow • Take the necessary actions • Measure performance and track root causes • Optimize business processes

  22. Generate Insights • Indicators of controls performance • Tracking root causes • Measuring ROI

  23. Collaborate • Alerts are triggered by system events • For example: • An inactive employee is currently using their purchase card • An employee has left the company but the card was never recovered. • Alerts delivered in the browser, e-mail or Text Messaging. • Triggers a collaborative workflow for teams to take action

  24. Remediation Workflow • Create work items for users to take action • Designed according to business requirements • Time limits, escalation, team assignments, metrics capture all configurable.

  25. Actions • Users are engaged by the system to action items • Exception details are provided along with: • Research info • Remediation guidelines and links • History of the item • Relevant Indicators/Metrics

  26. Taking Action • Users are provided with guidelines for resolution • They take action according to the workflow design • This include capturing the metrics

  27. Measure & Optimize • Based on the indicators the business gain insights how to improve operations • For example: • Card Misuse may be consistently happening in a particular department or location • Which may be occurring because of a lack of training in that sub-process or location. • Address the training issue and the control environment is restored

  28. Monitor: Value Added Solution • Give customers the ability to: • Determine the state of any control in the business • Resolve identified breaches before impact • Provide an unparalleled ROI All of this in a simple, yet sophisticated solution.

  29. Success Story – Georgia Tech Expanding P-Card Program • 2,400 cards and growing… • 180,000+ transactions per year • $70+ million spend

  30. Success Story – Georgia Tech Challenges • Card abuse by employees • Reputational Risk • Money Leakage

  31. Success Story – Georgia Tech CaseWare Monitor Solution • Automated Transaction Monitoring • Use Level III data to independently verify the integrity of transactions • Customizable Workflow management to facilitate analysis and investigations • Notifications (via dashboard, e-mail, SMS, etc.) equipped with Resolution Guidelines

  32. Success Story – Georgia Tech Results • Detected millions in fraudulent purchases • Uncovered $350K during initial phase • Automated and scheduled analysis of transactions • Fast resolution of control breakdowns “The real value of using data analytics is that it allows you to see fraud schemes that would be impossible to detect manually.” Phil Hurd, CISSP, CISA Georgia Institute of Technology

  33. Success Story – Georgia Tech Video Reference

  34. Q & A Andrew Simpson, COO andrew.simpson@caseware.com Michel Caluori, Professional Services michel.caluori@caseware.com For Complimentary Risk & Control Assessment Contact: rcminfo@caseware.com

  35. Save the Date!Upcoming PDG Conference! 18th National P-Cards on Campus Conference February 8-11, 2015 - Wyndham San Antonio Riverwalk - San Antonio, TX For details, be sure to visit www.prodev.com

More Related