Key Control Roles
The three roles below are important parts of the P-Card control environment, as each involves transaction review, which should occur a minimum of monthly.
Related Resources
Don't forget to subscribe to the blog (no charge) to receive educational content!
1. Cardholders
They are the first line of defense against external fraud, as they should spot any fraudulent activity during their transaction review and reconciliation process. See also related content:
2. Managers (“Manager-approvers”)
Their role is equally important as the cardholder role, as they should be looking for any signs of cardholder fraud and misuse. Their sign off (ideally, electronic) on cardholders’ transactions represents the transactions are legitimate and comply with the organization’s policies and procedures.
Tip: A manager-approver should hold a position with more authority than the cardholders for whom he or she provides oversight. See related content about helping managers be more successful.
3. Audit
Monthly transaction auditing is most effective when accomplished by a robust auditing solution/technology. As an alternative, something as common as Microsoft Excel would be better than nothing. Whatever tool is used, someone—internal audit, the program manager, or other team—should be following up on the audit results. The primary purpose is to catch any potential fraud and/or policy violations previously missed by cardholders and manager-approvers.
In addition, on an annual basis, there should be process audits that verify and test internal controls. See more about auditing.
Best Practices
Help cardholders and managers (“program participants”) be successful at their roles by:
Mandating training for both roles at the start (prior to card issuance)
Requiring cardholders and managers to sign an internal agreement
Mandating annual refresher training and/or a quiz for cardholders and managers
Everyone, including executives, should be held accountable for their respective role. Lack of (or inconsistent) enforcement sends a message that policies and procedures are optional, increasing risk of card fraud and misuse.