​​Traveling First Class

​​A California State University internal audit report questions travel expenses by an employee in the university's Risk Management Authority​.

Comments Views
Risk management

​A California State University (CSU) internal audit report questions travel expenses by an employee in the university's Long Beach-based Risk Management Authority, which assesses the liability for conducting educational programs in locations around the world. According to the Sacramento Bee, the employee incurred nearly US $159,000 in travel expenses from July 2010 to September ​2012, much of which were "questionable in terms of their appropriateness and business necessity," the university said. Among the expenses were visits to sightseeing locations in Kenya, more than 80 overnight business trips to San Francisco, and much-higher expense reimbursement requests than other employees on a trip to Israel and Ghana. The university reports that the employee has reimbursed it for many of the ineligible or questionable expenses, but the employee remains on CSU's payroll.

Lessons Learned

First, the relative "good news" arising from this story: An internal audit uncovered the questionable and ineligible travel claim activities of the CSU employee, albeit more than two years after they occurred. CSU officials also say they are cracking down on travel procedures in response to the audit, including looking for ways to replace travel with alternative technologies such as audio/video conferences and Internet services like Skype and Gmail.

The "less good" news here is that management is taking action after financial and reputational damage has been done to CSU. Many reports and studies suggest the biggest vulnerability to travel and expense fraud exists in the approval process for reimbursement claims. If controls are weak or employees know that their managers are too busy to review expense claims thoroughly before submitting them, the opportunities for fraud are almost limitless.

Here are seven of the most relevant key internal controls related to travel expenses that ought to be in place and assessed regularly to ensure their ongoing effectiveness:

  1. Establish a clear and comprehensive travel reimbursement policy or guidelines. Key elements include detailing prohibited activity such as personal expenditures and establishing per diem amounts for employee travel, which should be communicated to employees regularly. The guidelines should permit only authorized, allowable, and appropriately documented expenses to be submitted for reimbursement. Moreover, they should establish dollar value purchase limits, such as for hotels in foreign locations, and thresholds (e.g., US $25) for requiring receipts. These policies should apply consistently to all employees, including top management. Allowing exceptions for favored employees that benefit them financially can backfire if co-workers consider themselves entitled to the same leniency.
  2. Maintain a rigorous travel expense documentation process. The organization should require original and full documentation to be submitted with expense claims and maintained for audit purposes. Using an electronic travel and expense reporting system can allow for built-in policy controls and provide ease of use, timely reporting (with pre-population of credit card data into reports), simplified auditing, and timely reimbursement.
  3. Initiate a formal review process in which a department manager or equivalent reviews employees' reports regularly. Only authorized personnel should approve expense reports — delegating this to another employee should be strictly prohibited. Payroll or human resources should perform a cursory review, as well.
  4. Routinely question expenditures that look extraordinary, abnormal, or too frequent. Auditors should look for rounded dollar numbers without supporting documentation or potentially counterfeit documentation as well as a series of claims for the same amount. Waiting for a larger problem to build will only be more difficult and costly to resolve later.
  5. Implement use of corporate charge cards for greater control. This can enable organizations to query each card individually and ensure that payments are being made against them. Also, organizations that use corporate charge cards should receive credit activity reports on a monthly basis from the issuing company. These reports can help determine how many charges are being cancelled or credited back to the accounts. In addition, this activity can be compared to actual expense reports to determine whether it is being reported accurately.
  6. Regularly (at least annually) audit a sample of employees' expense reports to ensure they meet established policies and guidelines.Auditors should check that appropriate documentation exists to support the expenditures that were requested. If a company card is used, verify that the balance is being paid promptly.
  7. Prosecute individuals found to be violating or falsifying their expense reports. If they are allowed to escape unpunished, others will follow their actions. Also, organizations should consider implementing a measure that holds authorized managers accountable for fraudulent or prohibited expenses that slip through the review process due to incomplete reviewing. They should penalize those managers for second or third occurrences of such oversights.​​



Comment on this article

comments powered by Disqus
  • IIA GRC_July 2020_Premium 1
  • AuditBoard_July 2020_Premium 2
  • IDEA_July 2020_Premium 3