Level 3 Data Uncovers Personal Purchases on P-Card

Following is a real-life case of internal Purchasing Card fraud that was quickly discovered with the help of level 3 data. A friend of mine, who is a VP for a national company in the private sector, recently had to terminate her long-time administrative assistant because she used her P-Card to make personal purchases and then tried to disguise the expenses as office supplies. The situation brings to light some factors related to transaction reconciliation and supporting documentation that all organizations should consider. Outlined below is what happened, as well as my thoughts on the matter.

The Situation

At my friend’s company, both P-Card transactions and non-card expenses are brought into the ERP system for review and approval. Transactions simply reflect a date and dollar total—not the actual vendor name where a card was used.

  • Employees/cardholders must enter a description for each of their expenses and upload the related receipts. However, expenses under $50 do not require a receipt.

  • Managers, VPs, etc. (“manager-approvers”) review their employees’ expenses, including the entered description, and can access the receipts as desired.

My friend (“Anne”) saw some charges under $50 marked by her admin (“Katie”) as office supplies. Nothing seemed out of the ordinary because Katie was responsible for replenishing department supplies. Then accounts payable contacted Anne, relaying that they were closing Katie’s P-Card due to suspicious activity and initiating an investigation. Anne asked Katie if she noticed anything odd on her card; Katie said no.

Less than a week later, AP had the evidence it needed. Katie had used her P-Card several times at a big box store to buy groceries and other items—not office supplies—that clearly were personal purchases. AP and/or the internal audit team was able, behind the scenes, to see the level 3 line-item data associated with Katie’s transactions. Their auditing efforts paid off.

Anne terminated Katie and specifically asked AP what she could have done differently to spot this during her review and approval process. AP reassured her that the company does not want managers/VPs/etc. spending their time digging into every little transaction. Anne did review Katie’s expenses, which, as seen via the ERP system, seemed legitimate.

Anne took the opportunity to warn the rest of her staff that AP will catch them—and they will lose their job—if they make personal purchases on the company’s dime.

My Reactions

  • This situation highlights the importance of effective auditing. I am impressed that my friend’s company caught Katie’s personal purchases so quickly (less than $1,000 total).

  • I disagree with not requiring receipts for expenses under $50. Even if most managers would skip receipt review for small-dollar purchases, at least the information would be there and it might deter employees from making personal purchases.

  • Perhaps Anne’s company is smart in not displaying level 3 data to cardholders or making them aware of its existence. Katie certainly chose the wrong vendor for her shopping trips. I imagine that, without level 3 data (and no receipt), the fraud would have continued much longer.

  • I have to wonder if adding the actual vendor names into the ERP system would be helpful, as it could reveal suspicious purchases at the manager-approver level. However, it would still be possible for an employee to make a personal purchase with a bona fide “business vendor,” regardless of payment method.

Questions for You to Explore Internally

  1. How strong is your organization’s auditing approach? Do not solely rely on manager-approvers to uncover cardholder fraud. Effective independent auditing is a key control.

  2. Does your organization’s receipt requirements (or lack thereof) open the door to increased risks? Consider requiring receipts for everything and be specific. Receipts should reflect line-item detail of what was purchased versus just a total dollar amount.

  3. Has your organization been thoughtful about the data it makes available for review by cardholders and manager-approvers? See related content, Interface File Creation.

As with any case of occupational fraud that you read about, share with the applicable people within your organization. Use the cases as learning opportunities to determine if internal changes are desirable.

Subscribe to the Blog

Receive notice of new blog posts.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With 20 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more