If you assume that most organizations require cardholders and the “manager-approvers” to sign an internal agreement pertaining to their card program role and responsibilities, I have contrary news. According to a survey on internal controls conducted by AP Now at the end of 2018, only 29% of the respondents whose organizations have a card program follow the best practice of requiring both groups to sign such an agreement. These organizations represent all types and sizes, proving that best practices are accessible to everyone. Keep reading to see more about the survey results, including a surprising outcome concerning card limits and restrictions.
Most organizations only require cardholders to sign an internal agreement, but there are even some organizations that do not utilize one at all. If you do not have one, make it a priority to develop one. Further, ensure your organization is not overlooking the manager-approvers who are responsible for confirming that cardholders’ transactions comply with program policies and procedures. Requiring them sign an internal agreement helps reinforce accountability for their role.
The survey by AP Now, which pertained to all sorts of AP-related controls—not just cards, also explored card controls like spend limits. Respondents were directed to check which ones—from a list of six—they apply to all or most cards. As shown in the graph below, it is very common to utilize a monthly/cycle spend limit, but the results for the other controls are lower than what I expected. Hence, there is ample opportunity here.
Approximately one-third of respondents’ organizations only apply one or two of the above card controls to all or most employees’ cards. While I always try to steer end-user organizations away from being overly restrictive (to prevent declines of legitimate transactions and encourage card usage), I do recommend taking advantage of what is available. The key is to strike the right balance, aligning card controls with program goals. At a minimum, besides utilizing a monthly/cycle spend limit, organizations should block “high risk” merchant category codes (MCCs), including automated teller machines (ATMs).
Internal agreements and card controls are basic components of a program that help deter fraud. I have to wonder if the organizations that fall a bit short in these areas made conscious decisions about them or whether they simply got overlooked. The good news is both are easy to act on and improve.
If you are concerned about potential control gaps within your program, consider attending the three-hour virtual workshop on P-Card risk assessments June 25, hosted by AP Now.
Available Products & Services from Recharged Education
Submit a contact form to request a quote for what your organization needs.
Subscribe to the Blog
Receive notice of new blog posts.
About the Author
Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With 20 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more…