pcard and t&e policy compliance -...

AUGUST 2015

PCARD AND T&E POLICY COMPLIANCE

YOUR HOSTS

• We hate long introductions: just get to know our voices.

• Now, get ready!

WHAT WE WILL COVER TODAY

Bon Secours Health

Systems

Pcard

Visa Commercial Format

EquinixT&E

Oracle iExpense

Showcase

Common tests

Continuous monitoring

Cardholder questionnaires

Where to go from

here

Resources

Q&A

BON SECOURS HEALTH SYSTEM

Case Study: PCard

Bon Secours Health

Systems

Equinix

Showcase

Where to go from

here

BON SECOURS HEALTH SYSTEM

• Cyndi Rodas, Manager of Central AP

• About Bon Secours

– Non-profit healthcare provider

• 20 hospitals,

• 5 nursing home facilities

• 4 assisted living facilities

• 14 home care and hospice facilities

– 850 PCards, ~$2M spend/mo

• Senior leadership concerned with PCard program

• Previous continuous monitoring vendor went defunct

THE SOLUTION

• AP Director learned about ACL through IA– Conversation between AP Director and Internal Audit

– Discovered IA already had AX

• 11 data analytic tests “Audit Rules”– Implemented in 2012 Jun - Oct

• Key Data Sources:– Visa/Bank of America

– BoA WORKS card program management

– Lawson HR

THE PCARD TESTS

PC03 – Invalid Employees Ensure all cards are for employees who are also “active” in the employee Human Resources File.

PC04 – Invalid Active Cards Identify cards used by terminated staff. Identify any PCARD transactions that occur after the employee's effective termination date.

PC12 – Blocked Merchant Category Codes Identify all transactions with blocked MCC or restricted MCC.

PC13/14 – Debarred Merchants Identify transactions with merchants found on the GSA list of debarred merchants.

PC16 – Split Transactions Identify cases where there is more than one transaction from the same cardholder to the same merchant within <<number days apart>>

PC17 – Single Transaction Limit Flag transactions exceeding (or just below) the card’s single purchase limit. Transactions that are below but within the limit by percentage threshold would be reported.

PC18 – Monthly Transaction Limit Flag cardholders exceeding their monthly purchase limit.

PC19 – Restricted Items Flag transactions where the transaction description includes a restricted word indicative of an inappropriate purchase. Analyze transactions after Transaction Approval date.

PC22 – Weekend and Holiday Transactions Identify purchases made on weekends or holidays.

PC23 – Even Dollar Transactions Identify cardholders making multiple purchases with unusual evenly divisible amounts. (Based on even divisor parameter). Exclude employees with fewer than <<minimum employee exception count>> exceptions.

PC26 – Duplicate Transactions – Same Merchant Same Amount

Identify two or more transactions where the card, merchant, and amount are the same within the investigation period.

THE IMPACT

• IA now reviews the PCard data and exception responses prior to an audit of a location

• Senior Leadership have comfort over use of Pcards

• Changes in policy: “birthday” rewards

• Determined that local administrators were telling cardholders to “split” transactions

• Fraudulent activity raised before even the bank knew

THE LEARNING

• Triple check with data providers that sample data file formats will match production

• IA can be a good partner

• Best tests– Split payments

– Duplicate charges

– Weekend and holiday charges

– Keyword matches

VISA COMMERCIAL FORMAT

• Standard for transferring procurement card data– Level 1,2,3 data

• Work with your Pcard vendor on determining your version– VCF V4.0 Revision 2B

• Multiple record types– 27+ record types

– Record Type 4 = ‘Cardholder’

– T5 = ‘Card Transaction’

ACL IMPORT APPROACH

• Place all VCF files in same directory

• Use DIRECTORY command to determine all files

• Loop through each file– Multiple record types

– Split each record type to its own table

VCF Files

Card Account

Data

Cardholder Data

Transaction Data

Company Data

Organization Data

ACL IMPORT APPROACH

Card Account

Data

Cardholder Data

Transaction Data

Company Data

Organization Data

EQUINIX

Case Study: T&E

Bon Secours Health

Systems

Equinix

Showcase

Where to go from

here

EQUINIX

• Luana Anderson– T&E Corporate Card Program Manager

• About Equinix– World's largest IBX data center & colocation provider

– 2500 US Employees

– US T&E Spend 2014: Air travel $7M, up 50% from previous year ($20M total T&E)

THE PROBLEM

• Monthly T&E reporting– Collecting data from AMEX, Oracle iExpense

– Excel vlookups, pivot tables, etc.

• Took 50 hours of effort over 7-10 days– No time for review of actual results

• Only for US, going global

• Director of Finance learned of ACL through IA

T&E ANALYTICS

T&E 01 – Total T&E By Expense Category T&E 13 – AMEX Top 10 Hotels by City: Domestic, International

T&E 02 – AMEX KPI’s Trend T&E 14 – AMEX Hotel Expense Trend

T&E 03 – Policy Exceptions Trend T&E 15 – AMEX Car Rental by Vendor

T&E 04 – Trend: Monthly T&E Expense by Month T&E 16 – AMEX Car Rental by City (extra output to flag exceptions)

T&E 05 – Top 15 Spenders: Corporate and Americas T&E 17 – Airfare Out of Policy Exception

T&E 06 – Top 15 Air Expense by Employees T&E 18 – Airfare Class Exception

T&E 07 – Trend: Monthly T&E Expense by Region T&E 19 – Hotel Out of Policy Exception

T&E 08 – T&E Analytics by Functions T&E 20 – iExpense Submission Exception

T&E 09 – AMEX Advance Purchase Compliance: Domestic, International T&E 21 – T&E Monthly Trend by Functions

T&E 10 – AMEX Class of Airfare: Domestic, International T&E 22 – Data Integrity check of AMEX source

T&E 11 – AMEX Top 10 Destinations: Domestic and International T&E 23 – ABC Keyword Search

T&E 12 – AMEX Airline Market Share

T&E KEYWORDS

Miscellaneous House hunting

Other Appliance purchase

Gift Computer purchase

Flowers Dog sitter

Facilitation Dog sitting

Cash Lawn care

Liquor Compensation

Upgrade Fitness

Consultation Massage

Consulting Charity

Babysitting Donation

Health club Award

Pet sitting Recognition

Kennel Clothing

Traffic violations Membership

Child care Security

Financial planning Boarding

Income tax preparation Donation

Travel insurance Clear registered

Relocation Dues

Househunting Childcare

TOP DESTINATIONS REPORT

Tables that will

be linked to the

PowerPoint

Template use to

lookup the

Airport city name

Pivot Table

SOLUTION ARCHITECTURE

ORACLE IEXPENSE DATA

Oracle Table Key Fields Function Comments

AP_Expense_Report_Lines Workflow_Approve_Flag

A-Approve

Need all txns under A or Y.

Mgr approved only

Y-Yes approved by mgr

and AP team

AP_Expense_Report_Headers_All Shows all summary info

Per_All_People_DEmployee info

Per_All_People_F

AP_Cards Contains CC info

FND_USER Contains useful user info

GL_Code_Combinations_VLGL exp codes – pull everything

starting with 5*

R12 Exp Acct – Cost

Center

GL code assignment to each expense

category. association to expense item

description

GL codes mportant to perform Expense

Grouping necessary for results

table/reporting

THE RESULT

• Effort reduced for monthly process– 7-10 days down to minutes

• Accuracy, completeness, consistency, comfort, way up– Pivot tables can remove duplicate lines

– Manual steps were prone to error

• Centralized exceptions– Ability to track repeat offenders

– Ability to ask for justification

– Ability to analyze T&E more effectively

• AMEX and iExpense data combined effortlessly

THE LEARNING AND WHAT’S NEXT

• Keep data pristine

• Importance of quality assurance testing

• Next– Global launch of process for T&E

– PCARD

SHOWCASE

Common testsContinuous monitoringInvestigation and follow-upQuestionnaires

Bon Secours Health

Systems

Equinix

Showcase

Where to go from

here

COMMON TESTS

SOLUTION ARCHITECTURE

DEMONSTRATION

WHAT’S NEXT

Resources

Q&A

Bon Secours Health

Systems

Equinix

Showcase

Where to go from

here

Resources

Q&A

T&E APPLICATION SHEETS

• 47 Profiling, Policy, and Potential for fraud analytics

• Examples provided

• Work with us to identify considerations, data elements required, common parameters, etc.

ACADEMY

• academy.aclgrc.com

• Recommend the learning series

• You’ll get

– Sample data

– Hands-on activities

– Upon completion, satisfaction that you’re growing as a person

SCRIPTHUB

• scripts.aclgrc.com– Way cool stuff here

• Data import scripts

– SAM list

– Import Concur SAE

• Keyword searches, and hundreds more

Q&A