Efficiently and effectively auditing your P-Card program

Efficiently and effectively auditing your P-Card program

A purchasing or procurement card (P-Card) is a credit or debit-like card that allows employees of an organization to purchase goods and services on behalf of the organization without having to go through the traditional procurement or purchase request and subsequent approval process.

P-Card programs enable employees to complete business transactions more efficiently and allow charges to be reviewed within moments of purchase. While P-Cards can be a great way to support effective and efficient purchases for your organization, P-Cards are at greater risk for misuse and fraud. Additionally, when P-Cards are used for online purchases, there is an increased risk that P-Card data is stolen and used to execute fraudulent transactions. Organizations should monitor and manage P-Card spending and reduce misuse and fraudulent behavior by implementing internal control activities, including the performance of P-Card audits.

The purpose of a P-Card audit is to identify whether controls are working as intended or whether other controls are needed to prevent misuse or fraud and detect instances in which misuse or fraud have occurred. Auditing P-Cards can benefit an organization by identifying opportunities for further process efficiencies and cost-saving benefits and help to reinforce a strong internal control environment around purchasing. Below are some key objectives for an effective P-Card audit.

P-Card audit objectives

Objectives of a P-Card audit may include, but are not limited to, the following:

  • Determining whether the control environment is sufficient to prevent and/or detect possible fraudulent activities or misuse of organization funds
  • Assessing whether fraud or misuse has occurred within the P-Card program
  • Identifying procurement-related efficiencies the organization may implement to optimize financial resources

P-Card audit approach

A P-Card audit may have many different approaches depending on the audit objectives. An audit approach may include, but is not limited to, the following:

  • Review available documentation such as organizational policies and procedures to identify controls designed to prevent or detect possible instances of misuse or fraud
  • Examine available documentation to identify organization-specific compliance attributes to inform analytics and testing procedures. Testing procedures may include, but are not limited to:
    - Transactions are below organization established P-Card thresholds
    - Verification of business purpose
    - Verification sales tax was not applied (if organization is a tax-exempt entity)
    - Transactions include appropriate supporting documentation (e.g., receipts, invoices, etc.)
  • Assess training and workflow materials to identify and confirm organization-specific training requirements are met and workflows are optimized to meet the purchasing demands of the organization
  • Conduct interviews with key personnel, process owners and procurement stakeholders at the organization to understand:
    - Setup, usage and approval practices within the organization
    - Organization requirements for P-Card holders, including any necessary training
    - Monitoring and oversight to review spend
  • Perform data analytics to identify:
    - Vendor trends (e.g., top vendors by volume and/or spend, most frequently used vendors, unusual vendors). Gaining an understanding of vendors with which the organization does a lot of business may lead the organization to explore opportunities to leverage economies of scale
    - Employee spending trends (e.g., top employees by volume and/or spend, inactivity, determining whether P-Card is appropriate method to procure certain goods or services). Employee spending trends can serve as a reasonableness check to confirm whether the top spenders make sense given their role at the organization
    - Transactions that may not comply with the organization’s policies and procedures (e.g., missing business purpose, splitting transactions to avoid P-Card spending limit thresholds or receipt thresholds, purchase of restricted items). This analytic test, as well as the identification of vendor and employee spending trends, may also be used to inform a sample selection for more detailed testing at the transaction level
    - Review purchase amounts to consider whether current P-Card spending limits are appropriate and in line with the organization’s needs as well as leading industry practices

Key risks and how to approach them during audit fieldwork

Through analytics and purchasing trend reviews, auditors can identify possible unauthorized use or fraudulent activity within an organization. For example, if transactions are split, there is a risk of individuals bypassing the required approvals in effort to expedite the procurement process. For further information on risks associated with P-Cards and how to prevent them, read our insight, Optimizing P-Card use with internal audit.

Baker Tilly can help

Our specialized higher education risk advisory team can help your organization. How we help:

What we do What you get
Assess your organization’s policies and resources related to procurement and P-Card administration and activity A facilitated discussion with key process owners across the organization to identify opportunities for increased communication and awareness as well as a policy gap analysis to determine what documentation needs to be updated or developed and implemented
Identify the roles and responsibilities between departments that are involved in P-Card administration and the available resources at your organization A clear understanding and layout of the control environment or collaboration efforts and practices in place to facilitate efficient and effective P-Card program administration and auditing
Evaluate current procedures to assess compliance with organizational policies and alignment with industry leading practices Actionable recommendations to address identified audit observations, gaps, challenges, risks or enhancement opportunities based on organizational policies and industry leading practices

Case study: P-Card program review and audit in action at higher education system

Person paying for a purchase with credit card
Client background

Management for a system of universities requested an assessment of its P-Card program, including testing and analysis of their program for compliance with organization policies and procedures.

Baker Tilly solution

Baker Tilly interviewed key personnel, process owners and procurement stakeholders and reviewed organization policies and procedures as well as training and workflow materials to gain an understanding of the organization’s P-Card program and any challenges with administering the current program effectively and efficiently. Our team performed analytics of vendor trends and employee spending to inform detailed testing of transactions to assess compliance with the organization’s policies and procedures.

Results achieved

During our review, we identified instances where organization policies could be enhanced to optimize procurement operations. We also discovered various key controls that were not operating as intended to prevent or detect P-Card misuse. We provided management with actionable recommendations to address the observations identified and monitoring activities of potential future P-Card misuse.

For more information on P-Card audits, or to learn more about how Baker Tilly’s higher education internal audit specialists can help your institution, contact our team.

Government building with columns
Next up

FASB reaches milestone decision to finalize proposed chapter on concept of measurement