Red Flags
Combating Purchasing Card Fraud
Robert Notman
Agency Purchasing Card Administrator
FL Department of Revenue
Overview
What are PCard Red Flags?
 Mitigating Risks
 What else could we do?

What are PCard Red Flags?









Missing receipts
Receipts that are not itemized
Receipt date or total does not match FLAIR
Cardholder frequently claiming erroneous charges by
vendors
Cardholder frequently claiming pending credits
Split transactions
Transactions at or near the max limit
Failure to complete monthly reconciliation
Transactions identified as “unusual” or with “unusual”
vendors
Mitigating Risks
Risk Analysis
 Internal Controls
 Adaptation of card use with controls
 Training
 Annual Reviews
 Post Reconciliation Audits
 Provide Feedback, include the supervisor
 Comparing Card List to Employee Lists

Risk Analysis
Evaluate how the card is being used
 What are the risks associate with its use?
 What controls are in place?

Internal Controls

Cardholder
– Limits

Supervisor or Approver
– Active participant
Payer
 Reconciler
 Agency Purchasing Card Program
Administrator

Adaptation of Card
Use with Controls
Merchant Category Codes
 Use of Restricted Codes
 Use of non-Restricted Codes but…

Training
Before the card is issued
 Ongoing “Purchasing Card Messages”
 Remedial in response to audit findings
 Annual Review of Responsibilities

Annual Reviews
Have the supervisor review summary of
cardholder activity and credit limits
 Have cardholders and
approvers/reconcilers acknowledge their
responsibilities with the card

Post Reconciliation Audits
Max dollar transactions
 100% audit of new cardholders
 Transactions with prohibited or high risk
vendors (PayPal)
 Transactions with prohibited or restricted
commodities (fuel, fans)
 High number of transactions

Provide Feedback
Document audit findings
 Use a template
 Review findings to identify weaknesses
 Include supervisors in the feedback loop

Employee List/Cardholder List?
Does someone at your agency compare
the Cardholder list to the employee list?
 This protects the Agency Administrator as
well as the agency.

What Else Could We Do?
MRE – Line Item Data?
 Positive Feedback
 Look at outside audit reports
 Old tried and true

Red Flags

Look out for the Red Flags
– Could be nothing, or it
– Could be something serious

Develop tools that suit your situation
Questions?