Trade and membership associations: Best practices for corporate credit cards

Without the proper oversight, policies and controls, credit card misuse can run rampant in an organization. Recent reports of nonprofit fraud include employees using their cards to purchase vacations, computer equipment, furniture and myriad luxury items. Not-for-profit trade and membership associations that issue corporate credit cards to employees are increasingly opening themselves up to great risk. The most effective risk prevention is eliminating the distribution of credit cards. However, many associations do not want to burden employees with work-related charges on their personal credit card. The solution is to implement a risk management strategy — determine who should receive a card, and then apply strong controls throughout the travel and entertainment process.

Not-for-profit associations that engage in trade shows, annual meetings and conferences, and the like typically issue credit cards to those employees who travel and entertain at the events. These are the employees who should receive a corporate credit card. Employees whose work is contained within the organization’s walls should generally not receive a card; their purchases are more suited for the direct procurement process.

Many associations lack the necessary preventive controls to mitigate the risk associated with card issuance and use. Credit card misuse generally occurs due to a lack of oversight. When charges are not reviewed and questioned in a timely manner, the chance of inappropriate spending or misuse increases. Although we see various detective controls implemented and executed, there is still a need to bolster both detective — and preventive — controls. We recommend these best practices for risk prevention and detection:
  • Limit the number of cards issued. Take a full inventory of individuals with corporate credit cards, and assess their actual needs. Evaluate the frequency of travel or entertaining to ensure that individuals who don’t make those kinds of purchases do not have a card. Consider the use of purchasing cards (P-cards) as an alternative to credit cards. This can be an effective way to limit the allowable purchase types, purchase locations and amounts.
  • Conduct a background or credit check. If this was not part of the pre-employment process, perform it before issuing a credit card.
  • Establish a formal policy. Implement a policy for the usage of credit cards and what constitutes a bona fide business expense. Include the types of allowable expenditures, the deadline for reporting such expenses and the necessary approvals. Require employees to sign the policy to verify that they understand the rules and will adhere to them. This form may be included with the individual’s expense report submission or credit card statement.
  • Require documentation. All goods and services procured should be properly supported by the original invoice. Fraudulent expense reporting includes creating fictitious invoices for goods or services not actually purchased or received, and falsifying payment documentation. Consider strengthening controls related to the expense report process. Include in your formal expense report policy a description of what constitutes appropriate supporting documentation. Establish a policy that requires all documentation to be submitted prior to reimbursement.
  • Specify purchases that should not be charged. To reduce your exposure to fraudulent charges due to falsified documents or fictitious vendors, forbid employees from paying for items appropriate for the purchasing and accounts payable cycle. Make this part of the formal policy. Paying for certain expenses through the expense report process circumvents the accounts payable process and its controls. Limit credit card purchases to those related to travel and entertainment, and don’t allow them for other types of goods and services. Do not allow personal charges to be made with the ability for the employee to reimburse the organization or to exclude certain charges from reimbursement; it is too easy for these charges to be accidentally processed, and they can create reputational exposure to the organization based on the type of purchase.
  • Establish employee responsibility for payment. Organizations that pay on behalf of employees usually do so because they don’t want the employee to be “out-of-pocket” for expenditures made on behalf of the organization. This can be addressed by streamlining your reimbursement process so that timely payments can be made. If done properly, employees can actually be ahead of the game in terms of float, as they may well be reimbursed before the monthly credit card bill is due. The alternative is problematic, as organizations find it difficult to enforce timely submission of documentation once payment has been made on behalf of the employee — this is the most frequent circumstance under which fraud occurs.
  • Process charges quickly. As with other reconciliations, when charges are not reviewed and questioned in a timely manner, the chance of inappropriate spending or misuse increases.
  • Set dollar and purchase restrictions. You may choose to disallow cash advances and/or to set spending thresholds as a means to limit the amount of fraud that could be perpetrated. These boundaries could be set per person rather than across the board. To prevent unauthorized purchases, contact the credit card company to restrict or block certain transactions. Some credit card companies offer mechanisms that can be put into place (e.g., alerts for unusual activity or summaries of types of purchases before the monthly statement arrives).

The risks inherent in corporate credit cards are great, but establishing policies and procedures for usage and expense reporting will mitigate risks and strengthen controls that will benefit the association and its employees.

See the full report: The State of the Not-for-Profit Sector in 2015