Key Control Roles

The three roles below are important parts of the P-Card control environment, as each involves transaction review, which should occur a minimum of monthly.

Related Resources

• Other program roles

• Transaction reconciliation

• Controls and fraud

• Training and communications

Don't forget to subscribe to the blog (no charge) to receive educational content!

1. Cardholders

They are the first line of defense against external fraud, as they should spot any fraudulent activity during their transaction review and reconciliation process. See also related content:

• Cardholder management

• Keeping cardholder contact information current

• Conducting credit checks on card applicants

• Surveying cardholders to get program feedback

2. Managers (“Manager-approvers”)

Their role is equally important as the cardholder role, as they should be looking for any signs of cardholder fraud and misuse. Their sign off (ideally, electronic) on cardholders’ transactions represents the transactions are legitimate and comply with the organization’s policies and procedures.

Tip: A manager-approver should hold a position with more authority than the cardholders for whom he or she provides oversight. See related content about helping managers be more successful.

3. Audit

Monthly transaction auditing is most effective when accomplished by a robust auditing solution/technology. As an alternative, something as common as Microsoft Excel would be better than nothing. Whatever tool is used, someone—internal audit, the program manager, or other team—should be following up on the audit results. The primary purpose is to catch any potential fraud and/or policy violations previously missed by cardholders and manager-approvers.

In addition, on an annual basis, there should be process audits that verify and test internal controls. See more about auditing.

Best Practices

Help cardholders and managers (“program participants”) be successful at their roles by:

• Mandating training for both roles at the start (prior to card issuance)

• Requiring cardholders and managers to sign an internal agreement

• Mandating annual refresher training and/or a quiz for cardholders and managers

Everyone, including executives, should be held accountable for their respective role. Lack of (or inconsistent) enforcement sends a message that policies and procedures are optional, increasing risk of card fraud and misuse.