Take charge of your credit card program. Implement our updated best practices today!
Apr 24, 2024
How long has it been since your government evaluated its credit card program? Was it when we published our original best practice resource in July 2019, just before the start of the COVID-19 pandemic?
Time sure flies, but don’t worry – we have updated best practices to help guide you today, whether you have a small credit card program with just some activity or a full-on procurement card program with millions of charges. We’ve added more best practices to our resource, about 14 in total, to help you better manage the risk that comes with having a credit card program.
A word to the wise: Don’t underestimate the risk
The risk with credit card programs is real. Cardholders have tremendous control over a single transaction, which places considerable pressure on your monitoring controls. All too often, governments do not monitor enough and fail to identify unallowable charges. Performance audits from around the country often find questionable credit card purchases such as personal expenses, gifts, food and refreshments – even when a local government’s internal audit department performs audits annually. These audits also report frequent problems with split transactions, where employees find ways to circumvent single transaction limits.
To help you mitigate these risks, our updated monitoring best practices focus on three themes: implement a robust review process, perform central transaction monitoring, and conduct a thorough annual card review.
Best practice theme 1: Implement a robust review process
We recommend the cardholder’s direct supervisor or manager review their purchasing activity. Supervisors and managers know their employees’ activities, so they are in the best position to identify questionable transactions. But you might also consider a second reviewer, someone well-versed in policy requirements who might detect something supervisors have overlooked. You could always opt for a review checklist, to make sure that reviewers cover all the important bases. Lastly, impose a strict deadline for all the reviews to take place.
Best practice theme 2: Perform central transaction monitoring
You should assign someone to centrally review and monitor transactions, as frequently as daily. You might say you don’t have the resources to do this, but remember, many credit card programs generate rebate revenue. This revenue can and should be used to pay for the extra monitoring. And you should perform a risk-based review, which means you won’t look at everything.
Our updated resource includes a comprehensive list of items to review. For example, you might find it helpful to review declined and disputed transactions, to identify areas of concern and other red flags. In addition, you might review for transactions that exceed your single purchase transaction limit. Vendors can process transactions manually and override your established limit, so you want to check that.
Best practice theme 3: Conduct a thorough annual card review
We’ve expanded our guidance on how you should conduct an annual card review. During this process, you should physically verify the cards, make sure that your provider’s active cardholder list agrees to your own records, and double-check credit limits. Consider lowering any exceedingly high credit limits and closing infrequently used cards. Otherwise, you unnecessarily expose yourself to potential fraudulent activity.
You can find our Best Practices for Credit Card Programs in our Resource Library. Download a copy and get started on strengthening your internal controls today. If you use your credit cards for travel expenses, you’ll also want to review our recently updated Best Practices for Travel and Reimbursable Expenses.
Visit our Resource Library
All our guidance is available online at no cost. We have a lot of great information to share, so spend a few minutes in SAO’s Resource Library to see what we have to offer!
How to reach us for more assistance
Remember, SAO can help. If you have technical questions, submit them using our HelpDesk in the client portal.