Automated Monitoring amp Resolution of Card Misuse July 2014 Introduction CaseWare Profile Current State in Higher Ed Purchasing Card Process Monitoring PCards Case Studies QampA ID: 692621
Download Presentation The PPT/PDF document "Preventing P-Card Abuse:" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Preventing P-Card
Abuse:
Automated
Monitoring
&
Resolution of Card Misuse
July 2014Slide2
IntroductionCaseWare ProfileCurrent State in Higher Ed.Purchasing Card ProcessMonitoring P-CardsCase StudiesQ&AMeeting AgendaSlide3
Founded in 1988An industry leader in providing technology solutions for finance, accounting, governance, risk and audit professionalsOver 400,000 users of our technologies across 130 countries and 16 languagesCustomers include Fortune 500 and Global 500 companiesMicrosoft Gold Certified PartnerCaseWare InternationalSlide4
International AcceptanceSlide5
*ACFE 2012 Fraud SurveyIndustry TrendsSlide6
*ACFE 2012 Fraud SurveyIndustry TrendsSlide7
*ACFE 2012 Fraud SurveyIndustry TrendsSlide8
P-Card Fraud in the news P-Card Misuse in Higher Ed. Slide9Slide10
End-User OrganizationCardholderGeneral LedgerSupplier/Merchant
5. Settlement /
Post to GL
4. Submit Reconciliation
1. Assign Card
2. Place Order /
Make Purchase
3. Receive
Goods/Services
Purchasing Card ProcessSlide11
One View: Complete overview of P-Card ActivitiesControl: Apply detailed spending & usage policiesPrevention: Visibility helps stop fraudulent activity before it affects your bottom lineAccuracy: Validate all transactions prior to paymentEfficiency: Ensure all appropriate discounts, rebates and refunds are properly appliedAssurance: Reputational risk is minimizedWhy Continuously Monitor P-Card Controls?Slide12
Purchasing Card Controls & ActivitiesSlide13
Card Issuance
Inactive/Terminated/On Leave employee using CardEmployee in any state except
‘full time active’ is currently using the company card.
Elevated liability
Create Employee transaction and spending profile
to gauge unnecessary exposure for the company.
Profile factors
(
employee transactions, spending, card time of use, avg. balance compared to credit limit, etc.)
Areas of RiskSlide14
Areas of RiskP-Card Administration & Analysis
P-Card LimitsEmployee(s) use the Purchasing Card to spend over their weekly, monthly or transaction limit.
Duplicate Payment through Accounts Payable
Vendor has been paid through Accounts Payable as well as employee processing the payment with
Purchasing
Card.Slide15
Areas of RiskProgram Performance
Non-Preferred Vendor Spend (Vendor Rebates not maximized)Multiple Vendors used for office supplies instead
of single vendor to receive appropriate
rebates.
Vendor is not giving you the appropriate Rebate as per contractual
agreement.
Decline Transactions
Review and analyze decline transactions to assess potential misuse or employee(s) with insufficient credit card limits. Slide16
Areas of RiskSpending PatternsExcessive Even Dollar TransactionsEven dollar transactions are normally rare and are typically used in the purchasing of gift cards, gift certificates.Split Transactions (Single or Multiple Cards)Employee(s) complete(s) two transactions at same merchant to circumvent their maximum purchase amount threshold.Slide17
Areas of RiskTransaction Policy ViolationsCardholder – Merchant MatchEmployee has registered himself or been registered as a Vendor and being paid for additional services outside of job responsibilities. Keyword SearchVerify employee are not making non-compliant purchases such as jewelry, groceries, tobacco, electronics, Apple store, etc. Cash Advance/Financial ServicesEmployee may be using card for cash advances or financial services (mortgage, loan, line of credit, etc.)
.Slide18
Data TypeLevel - 1Level - 2Level - 3Merchant Nameüü
üTransaction Amount (Total)
ü
ü
ü
Date
ü
ü
ü
Tax Amount
ü
ü
Customer Code
ü
ü
Merchant Postal Code
ü
ü
Tax Identification
ü
ü
Merchant Minority Code
ü
ü
Merchant State Code
ü
ü
Item Product Code
ü
Item Description
ü
Item Quantity
ü
Item Unit of Measure
ü
Item Extended Amount
ü
Item Net / Gross
Indicator
ü
Item Tax Amount
ü
Item Tax Rate
ü
Item Discount Indicator
ü
Ship from Postal Code
ü
Freight Amount
ü
Duty Amount
ü
Destination Postal Code
ü
Destination Country Code
ü
Level 3 Data – Purchase & Service DetailsSlide19
CaseWare Project ApproachSTAYING AHEADMove to a more proactive approach that reduces potential business impact of control failures.PROACTIVEREACTIVECONTROLS MONITORINGINVESTIGATIONS
INTERNAL ASSURANCEPOST-ACQUISITION ASSESSMENT
RISK ASSESSMENT INPUT
RISK ASSESSMENT FOLLOW-THROUGH
OPTIMIZE
Audit
Go beyond financial
processes
and assess the design and operations of controls for
the entire business.
Governance
Ensure that sound governance structures are in place to ensure the right information about the right issues is available at the right time.
Core Processes
Embed
monitoring best practices to ensure that business owners and operators are accountable .
GOALS
&
PLANNING
Work with key stakeholders to understand the business processes to be analyzed and their monitoring requirements
.
DATA ANALYTICS
The correlations and relationships are made identifying, trends, field statistics, and patterns and anomalies are isolated
.
RESULTS VALIDATION
Key stakeholders validate the results of the analytics and results are fine tuned.
ACCESS DATA
Your organization’s data is accessed from the relevant sources and consolidated
PREPARE FOR ANALYTICS
Your data from multiple sources is then cleaned and organized to ensure it is accurate, consistent and ready to be analyzed
.
LOGS
FLAT FILES
SOURCE DATA
WORKFLOW AND REMEDIATION
The workflow for results are designed including assignment, escalation, investigation and closure.
RISK & CONTROLS
Drill into the details of current risks and controls. This determines the data analytics needed, the strength of your existing controls and policies as well as what controls need to be improved to mitigate risks.
DATABASES
REPORTING RESULTS
The details of how the results are to be communicated along with any relevant reporting are determined.Slide20
RecommendationsHere are a few general recommendations:Direct cardholders to document purchase requests and approvals, budget approvals, and bona fide company/government/corporation needs for P-card transactions. Strengthen the monthly P-card reconciliation process. Ensure that purchases are equitably distributed among qualified vendors and that you determine the most efficient and effective method of obtaining services (i.e., insourcing versus outsourcing, purchase cards versus other procurement tool). Develop policies and procedures to ensure that purchase card files are retained when cardholders or approving officials end employment with the department or discontinue their functions as cardholders or approving officials. Improve training — as well as its tracking and monitoring — for cardholders and approving officials on regulations over the use of P-cards. Slide21
Expert ContentBusiness Process ModellingData Management
Training, Consulting and Certification
Certified Enterprise Platform
Global Partner Network
Enabled by
Customer Value ChainSlide22
Upload the company’s risk and controls library across:Business ProcessesSubsidiaries LocationsDesign analytics to monitor the controlsGenerate alerts when controls are failingTrigger a collaborative remediation workflowTake the necessary actionsMeasure performance and track root causesOptimize business processesCustomer Value ChainSlide23
Generate InsightsIndicators of controls performanceTracking root causesMeasuring ROISlide24
Alerts are triggered by system eventsFor example:An inactive employee is currently using their purchase cardAn employee has left the company but the card was never recovered.Alerts delivered in the browser, e-mail or Text Messaging.Triggers a collaborative workflow for teams to take actionCollaborateSlide25
Remediation WorkflowCreate work items for users to take actionDesigned according to business requirementsTime limits, escalation, team assignments, metrics capture all configurable.Slide26
Users are engaged by the system to action itemsException details are provided along with:Research infoRemediation guidelines and linksHistory of the itemRelevant Indicators/MetricsActionsSlide27
Taking ActionUsers are provided with guidelines for resolutionThey take action according to the workflow designThis include capturing the metricsSlide28
Based on the indicators the business gain insights how to improve operationsFor example:Card Misuse may be consistently happening in a particular department or locationWhich may be occurring because of a lack of training in that sub-process or location.Address the training issue and the control environment is restoredMeasure & OptimizeSlide29
Give customers the ability to:Determine the state of any control in the businessResolve identified breaches before impactProvide an unparalleled ROIAll of this in a simple, yet sophisticated solution.Monitor: Value Added SolutionSlide30
Expanding P-Card Program2,400 cards and growing…180,000+ transactions per year$70+ million spendSuccess Story – Georgia TechSlide31
ChallengesCard abuse by employees Reputational RiskMoney LeakageSuccess Story – Georgia TechSlide32
CaseWare Monitor SolutionAutomated Transaction MonitoringUse Level III data to independently verify the integrity of transactions Customizable Workflow management to facilitate analysis and investigationsNotifications (via dashboard, e-mail, SMS, etc.) equipped with Resolution GuidelinesSuccess Story – Georgia TechSlide33
ResultsDetected millions in fraudulent purchasesUncovered $350K during initial phaseAutomated and scheduled analysis of transactionsFast resolution of control breakdowns“The real value of using data analytics is that it allows you to see fraud schemes that would be impossible to detect manually.”Phil Hurd, CISSP, CISA Georgia Institute of TechnologySuccess Story – Georgia TechSlide34
Video ReferenceSuccess Story – Georgia TechSlide35
Andrew Simpson, COOandrew.simpson@caseware.com Michel Caluori, Professional Servicesmichel.caluori@caseware.comFor Complimentary Risk & Control Assessment Contact: rcminfo@caseware.com Q & ASlide36
Save the Date!Upcoming PDG Conference!18th National P-Cards on Campus ConferenceFebruary 8-11, 2015 - Wyndham San Antonio Riverwalk - San Antonio, TXFor details, be sure to visit www.prodev.com