Consistent Enforcement
Consistent enforcement of policies and procedures, regardless of an employee’s job position or level, is a key part of the control environment. Conversely, not holding employees accountable for their card program roles is a slippery slope that increases the risk of policy violations and internal fraud. Word gets out if you treat cardholders (or approving managers) differently—particularly if you allow some to get away with breaking the rules. Indeed, most cases of cardholder fraud indicate that a lack of accountability contributed to the problem. Because consistent enforcement requires some planning, following are three action items to support this best practice.
Related Resources
Don't forget to subscribe to the blog (no charge) to receive educational content!
Action Items
1. Determine the Consequences for Non-compliance
To prevent a debate over what to do every time a rule is broken, identify the appropriate action up front. Consistent consequences are part of consistent enforcement, but they should be based on the severity level of a particular infraction. Consider the different types of issues, which vary widely. Examples include:
ordering a higher quality good than what is allowed
using a non-approved vendor
late reconciliation of transactions
missing or vague receipts; some organizations offer a “missing receipt form” for cardholders to complete, but be aware that receipt issues could indicate fraud
personal use of the card that the cardholder presents as a legitimate business transaction; in other words, fraud
Some things might warrant a warning and/or additional training, but it could depend on whether it is a cardholder’s first offense or part of a repeated pattern. Fraud should be grounds for termination and never tolerated.
Ensure you also decide how to address the approving manager associated with a non-compliant cardholder. After all, they fulfill an oversight role. Their sign off on cardholders’ transactions represents that the transactions are legitimate and comply with program policies and procedures.
2. Create Template Email Language
Besides ensuring a consistent message when communicating an issue, having a ready-to-use template speeds up the process since you will not have to start from scratch. The tone of the email should align with the severity of the issue, as well as your organization’s internal culture. Before finalizing the template, obtain approval from management.
3. Establish a Way to Track Infractions
Finally, tracking infractions by cardholder provides documentation to support the consequences. In addition, the ability to review and filter infractions organization-wide can help instigate change by highlighting: 1) possible gaps in the training and/or 2) unclear/vague policies and procedures.