Robert Shull and Alysa Cayden, the forensic audit team at Midnight Sun Inc. (MSI), sat with Justin Planter, a regional sales manager at the solar power company, as he rolled his eyes and made condescending faces. MSI’s procurement department forwarded Planter’s travel and expense (T&E) reports to Cathy Francis, the human resources manager, after an employee noted that spending was not consistent with the company’s T&E policy. Francis reviewed the reports and was concerned that there was a greater pattern of abuse, so she requested that Shull and Cayden examine his T&E reports.
Sitting next to Planter was his boss, Thomas Cooper, a veteran regional manager with more than 25 years of experience with MSI. During the interview, Planter admitted to purchasing a personal cell phone using his company credit card. In addition, he frequently used the card for alleged business meetings at establishments that bordered on adult entertainment. Much to his surprise, Planter’s employment was subsequently terminated.
After the interview, Shull and Cayden felt something was amiss. Cooper approved all of Planter’s T&E reports but was not suspicious of any of his spending. Also, they noticed that Cooper’s statements were inconsistent, requiring him to revise them on several occasions.
After his firing, Planter contacted MSI’s CEO, James Spicolli, and explained how Cooper allowed his management team members to use their corporate credit cards to dine out, make personal purchases, and charge mileage for business travel despite being reimbursed through another program. Planter also claimed that Cooper attended many of the dinners and instructed him to pay the bill so that he could approve the expenditure, thus avoiding the scrutiny of Cooper’s manager. He also alleged that Cooper coached him before the interview on what to say and promised that there would be no significant disciplinary action.
To review Planter’s allegations, Shull and Cayden obtained all T&E reports for Cooper and his management team. Data analytics compared the company policy against spending. One area of focus was cash reimbursements for expenses below $25, the minimum amount requiring receipts to be submitted.
The results were shocking. Cooper’s team members used their corporate credit cards for expenses well outside the T&E policy. Furthermore, Cooper approved every expense report submitted to him. They found numerous abuses of travel expenses:
Shull and Cayden put together detailed profiles on Cooper and each manager, including their expense reports, supporting invoices, and the section of the T&E policy they violated. Additional evidence gathered during interviews resulted in the termination of Cooper and several other managers. Cooper justified the expenditures by explaining he was under budget for T&E expenses on his annual profit and loss statement.
Shull and Cayden then embarked on a companywide T&E audit. They obtained six months of data from MSI’s online T&E reporting program. The program allowed employees to book transportation and lodging, code expenditures by spending category, and submit expense reports for approval. Deviations from policy were flagged for the employee’s manager to review before approving the expense report.
Shull and Cayden organized and ranked all spending by employee and spending category. Their team selected T&E reports for detailed testing for the most egregious spending by category based on total spending and frequency of policy violation. Text analysis on words such as “gift card,” “baby shower,” and “party” identified miscoded or out-of-policy expenditures. They selected samples, reviewed receipts attached to the expense reports, and documented all policy violations. Finally, the investigation team interviewed the employees who submitted the expense reports. Policy violations included:
Individual violations included:
After the investigation, MSI invested in T&E audit software to review all reports in real time. When the software identifies T&E reports with excessive policy violations, the procurement department rejects them. In extreme cases, procurement forwards them to the forensic audit team. In addition, MSI started blocking spending on company credit cards by merchant category codes, which classify businesses by the products or services they provide. The T&E policy was updated to eliminate the use of money service providers.
In most cases of fraud, the employee was terminated. Employees who violated the T&E policy were reprimanded, and demand notices for repayment were sent to employees whose misdeeds were discovered after they left MSI. After one year, T&E spending was reduced by more than $5 million.
Lessons Learned - Periodically conduct a T&E audit to ensure employees are in compliance with the T&E policy. Review and update the T&E policy and educate employees as part of annual code of conduct training. Low-cost software can review all T&E reports in real time.
- Management should review subordinates’ T&E assumptions during its annual budgeting period. In MSI’s investigation, a management team used the T&E budget as a slush fund for personal spending and out-of-policy entertainment.
- T&E policies should not allow for the use of money service providers (e.g., PayPal). These providers allow for the purchase of goods and services or the transfer of funds for personal use. They also have limited audit trails, which enhances the risk of fraud.
- The organization should block merchant category codes on corporate T&E cards for goods and services that would not be appropriate for its business or allowable under its T&E policy.
|