Fraud risks should be developed as part of an overall risk assessment. You're not likely to make friends throughout the organization by conducting this on your own. If you think it's high time to look into the fraud potential of purchasing cards, it's probably a good idea to include the p-card manager in the discussions. That way it's a joint effort that will benefit both parties and hopefully result in a more continuous approach to fraud risks in that area.
Which risks to look at?
With data analysis, you can identify and monitor business risks to ensure you are auditing today's risks, not yesterday's. Consider these:
Revenue by location, division or product line
Revenue backlogs-by value and age
Personnel changes in key positions (legal, controller, R&D)
Volume of manual JEs or credit notes
Aging A/R balances or Inventory levels
Vendor management (# vendors, volume of transactions)
PCard vs. PO procurement
Average days for customer payment
If anyone was looking for an example of the benefits that continuous controls can bring to an enterprise, the state of the U.S. economy and the fall of some of the largest, most admired financial institutions in the last couple of years provide more than enough data. And instituting a continuous controls process focusing on risks related to fraud is likely now in the plan for many companies this year.
Check out this seven-step outline, provided by Dustin Lewis, CISA, a senior technical consultant with ACL Services, Ltd. for building an analytics-based program that will allow you to focus on risks that have the greatest chance of reducing shareholder value. For example:
Extended supply chain re: safety, quality, reliability of suppliers and processes
Is there a process to receive and act on regulatory comments or findings?
Are pricing strategies consistent with regulations and free from collusion?
Can you detect and avoid discrimination with customers, suppliers and employees?
Plus, by focusing on reducing the risk to shareholders, you make management happy, and this can result in a more robust, long-term fraud program.