A relabeled fraud triangle targets organizations’ faults.

Donald Cressey’s “fraud triangle” theory pegs factors that collectively lead someone to commit occupational fraud. We can apply a similar model to an organization’s role in internal card fraud. Do the following characteristics fit your organization? Possessing all three is a sure sign of a weak control environment, but having even just one can increase the risk of fraud.

Ignorance

A lack of education about Commercial Card controls and fraud prevention/detection techniques can cause an organization to focus on the wrong things and overlook others; for example, establishing overly restrictive card controls (spend limits, MCC blocks), but not addressing separation of duties.

Reluctance

Rooted in organization culture, this trait can be exemplified various ways; for example, a reluctance to:

  • invest the time to learn and follow best practices
  • believe that long-time, trusted employees can (and do) commit fraud      
  • consistently enforce program policies and procedures, regardless of job level

Comfort

While comfort is typically a good word, it can be problematic if an organization finds comfort in what it has always done, seeing no reason to change. An “implement and forget it” control strategy is never wise. What has worked in the past may prove to be ineffective now or in the future.

Avoiding the Triangle Trap

Hire the right program manager and utilize their expertise. Annually conduct a risk assessment to identify potential control gaps. Evaluate the effectiveness of your controls through audits. Keep pace with the changing nature of fraud.

Dial back your organization’s level of risk by avoiding traits that weaken the control environment.

Dial back your organization’s level of risk by avoiding traits that weaken the control environment.

Most fraudsters work for their employers for years before they begin to steal.
— 2014 Report to the Nations on Occupational Fraud and Abuse by the Association of Certified Fraud Examiners

More Information

For more information on the three elements of Cressey’s fraud triangle (pressure, opportunity and rationalization), refer to the Association of Certified Fraud Examiners (ACFE). Also access their resource referenced above: 2014 Report to the Nations on Occupational Fraud and Abuse.

Next Blog Post

Reconstructing the crime scene—a case of internal card fraud.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Subscribe

Effectively on-board suppliers to avoid the re-board blues.

Fasten your seat belts. Convincing suppliers to accept P-Card or enroll in your Virtual Card program can be turbulent at times. To make the journey smoother, think 3-1-1. Three primary activities—preparation, execution and follow-up per each (one) supplier for the desired (one) type of card program, whether P-Card or Virtual Card. However, before going to the supplier level, your organization needs a clear flight plan in the form of a payment strategy that best fits its business and goals. Refer to the previous blog post on regaining a broad perspective.

Ready for Takeoff?

Take off smoothly and stay out of the turbulence with your supplier enrollment campaign.

Take off smoothly and stay out of the turbulence with your supplier enrollment campaign.

Within your enrollment strategy, incorporate education for the supplier about the benefits of P-Cards or Virtual Cards and how, exactly, the purchase-to-pay (P2P) process will work. You do not want to on-board a supplier only to have that supplier drop out of the program later because they didn’t understand what it entails. Re-boarding a supplier can be tougher than the initial on-boarding.

Additional Strategies

At the IFO Fusion conference in May, supplier enrollment strategies were shared by Matthew Dragiff, Vice President, Product Development, AvantGard Payment Services, SunGard. His session pertained to Virtual Cards, but his tips also apply to P-Cards:

  • Understand the supplier/buyer relationship and determine the best approach or tone to take for each supplier. Will you simply offer, strongly encourage or mandate your card program?
  • Create customized communications (e.g., campaign letters) for each type of tone.  
  • Once a supplier enrolls, do not keep sending a check payment. This is confusing to the supplier (and keeps your program in a holding pattern!).

If a supplier declines participation, document why. Plan to follow up again with the supplier at a designated time (e.g., in nine months) in case something changes. See more on the related webpage

A Smooth Landing

Adding to Matthew’s tips, I suggest more follow up efforts with enrolled suppliers:

  • Adjust your AP system/supplier records accordingly to indicate the preferred payment type.
  • Monitor spend with enrolled suppliers to verify they remain on track. An air pocket drop in monthly spend with a particular supplier could indicate your organization reverted back to another payment method. I learned this lesson firsthand.

The Value of Monitoring Spend

During my time as a program manager, I discovered, through a P-Card spend-by-supplier report, that P-Card volume with a key supplier went from thousands of dollars per month to none. The cause was employee turnover. The new person started using a different P2P process. Her manager did not notice nor did AP, who processed the check request. It required some work to return the supplier to P-Card payments.

Supplier enrollment does not need to be painful, but you do need to prepare for the trip.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Subscribe

In need of compliance reinforcement?

Developing controls is one thing. Compliance is another matter. I recently read an AOC Solutions’ blog post about the Verizon 2014 PCI Compliance Report. It cites that nearly 60% of companies do not regularly test their data security systems and processes, even though this is a requirement of the Payment Card Industry Data Security Standard (PCI DSS). Does your P-Card program suffer from similar low compliance in one or more areas? What do your compliance metrics show?

I previously wrote about declined transactions and delinquent cardholders, but there are more potential issues; for example:

  • incidents of personal use of a Commercial Card
  • purchasing prohibited goods/services
  • improper card storage (e.g., cardholders leaving cards on their desks when they are not there)
  • improper disposal of cards or documentation reflecting card account information
  • sharing system login IDs and passwords or posting the information next to a computer
  • cardholders allowing someone else to use their card
  • suppliers who are not PCI-compliant (the Verizon report will make you think twice about what your suppliers are doing) 

A good auditing program is critical to catching and resolving compliance problems, but prevention is equally important. Do your policies and procedures (P&P) address the bullet points listed above? For tips on what P-Card P&P should include, purchase the related guide for $29.99. What about your training program? P-Card training should complement other organization training, such as training focused on ethics and information security. If your organization could use help with any of these efforts, contact Recharged Education.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Subscribe