Red Flags Combating Purchasing Card Fraud Robert Notman Agency Purchasing Card Administrator FL Department of Revenue Overview What are PCard Red Flags? Mitigating Risks What else could we do? What are PCard Red Flags? Missing receipts Receipts that are not itemized Receipt date or total does not match FLAIR Cardholder frequently claiming erroneous charges by vendors Cardholder frequently claiming pending credits Split transactions Transactions at or near the max limit Failure to complete monthly reconciliation Transactions identified as “unusual” or with “unusual” vendors Mitigating Risks Risk Analysis Internal Controls Adaptation of card use with controls Training Annual Reviews Post Reconciliation Audits Provide Feedback, include the supervisor Comparing Card List to Employee Lists Risk Analysis Evaluate how the card is being used What are the risks associate with its use? What controls are in place? Internal Controls Cardholder – Limits Supervisor or Approver – Active participant Payer Reconciler Agency Purchasing Card Program Administrator Adaptation of Card Use with Controls Merchant Category Codes Use of Restricted Codes Use of non-Restricted Codes but… Training Before the card is issued Ongoing “Purchasing Card Messages” Remedial in response to audit findings Annual Review of Responsibilities Annual Reviews Have the supervisor review summary of cardholder activity and credit limits Have cardholders and approvers/reconcilers acknowledge their responsibilities with the card Post Reconciliation Audits Max dollar transactions 100% audit of new cardholders Transactions with prohibited or high risk vendors (PayPal) Transactions with prohibited or restricted commodities (fuel, fans) High number of transactions Provide Feedback Document audit findings Use a template Review findings to identify weaknesses Include supervisors in the feedback loop Employee List/Cardholder List? Does someone at your agency compare the Cardholder list to the employee list? This protects the Agency Administrator as well as the agency. What Else Could We Do? MRE – Line Item Data? Positive Feedback Look at outside audit reports Old tried and true Red Flags Look out for the Red Flags – Could be nothing, or it – Could be something serious Develop tools that suit your situation Questions?