Key Questions for Determining Your Expense Risk and Improving Your Expense Audit Process

Auditing Travel and Entertainment (T&E) or P-Card Expenses is an important part of the overall accounting process for documenting and coding expenses, policy enforcement, and compliance to regulatory or statutory requirements.

Although T&E expenses are often referred to as the third largest controllable expense behind salaries and IT; in reality, their significance varies greatly by the size, industry, and business structure of an organization. What is most common, though, is that improving the process of dealing with “non-purchase-order based” expenses (for the rest of this piece we’ll just call them “expenses”) is usually initiated only after an event of some significance, i.e. change in finance leadership, acquisition or divestiture, material failure with the current expense process, new regulatory or compliance rules, or a recent discovery of internal expense fraud.

The reason for improving the expense automation process is as important as the choice of what part of the expense workflow to improve. In our experience, the automation of auditing of expenses is most often overlooked, which is what this piece was written to help address.

What is most correlated with increased expense risk?

Below are two sets of questions that will help provide a quick estimation of your organization’s expense risk profile.

Answering “no” to one or more of the following questions is indicative of a higher risk profile:
1. Is your organization’s expense report process fully automated?
2. Does your organization have a corporate card for travelers and purchasers?
3. Does your organization’s expense process fully document policy exceptions?
4. Does your organization’s expense process capture required receipts such that approvers can view them easily?

Answering “yes” to any of the following questions is indicative of a higher risk profile:
1. Does your organization reimburse for mileage or the cost of operating a personal car for business use?
2. Does your organization utilize cash advances or pre-payments?
3. Is your organization required to track transfers of value to healthcare professionals, clients, or other organizations?
4. Does your organization have more than 50 corporate cards?

Understanding your current expense audit process:

The following Q&A is provided as a framework for you to evaluate your current expense auditing process and procedures, and suggestions for how it could be improved.

Question 1: When should audits be completed…pre-payment or post-payment?

Answer: Post-payment. Although there is some merit to auditing expenses pre-payment, the reality is that there are two significant factors that work against that approach. One: organizations commonly use corporate cards that are paid directly to the card issuer before the user has had time to complete an expense report, which effectively means any audit under this type of program will be “post-payment” Two: adding an audit step to the normal approval workflow, can add as much as a week or more to the process, which for corporate cards, where the employee is responsible for making the payment, will increase the risk of incurring late fees. Plus it will irritate your users, who typically want to get reimbursed quickly for their card transactions and more so for any cash transactions.

Question 2: What percentage of expense transactions or reports should be audited?

Answer: It depends. Different organizations have different requirements and therefore no single audit percentage will satisfy every organization. If your culture or regulatory environment is very rigid, then your audit percentage will likely be >50% or even as high as 100%. If your organization is a bit more cost conscious (audits are never free), then a 20% audit percentage is likely sufficient as long as there are effective selection criteria and some that are always randomly selected.

Question 3: What are the best audit selection criteria and why?

Answer: Assuming that you are not auditing 100% of the expenses, here is a list of suggested audit criteria for consideration:

a. Set a selection percentage and define the period. Example: 20% monthly. Having a defined approach will ensure that your expense audit compliance reporting will provide useful trend analysis, which should allow for the audit process to improve and become more effective over time.

b. User’s that have a need for their reports to be audited. Some would see this as self-explanatory, but this is best employed for users with a history of audit exceptions, or with contractors, company officers, etc.

c. New users for a set period of time or a set number of expense reports. This ensures that new users don’t make those easy “mistakes” that over time would be viewed as excessive or fraudulent.

d. Reports or expenses that exceed a certain value. High value transactions or reports should always be given an extra level of scrutiny, even if only because of their value.

e. Policy exceptions. Approvers often will rubberstamp exceptions like missing receipts, late entry, or excessive meal charges, which depending on the reason, can put the organization at risk if the exceptions are significant enough.

f. Suspected duplicate transactions. Although greater than 90% of suspected duplicate transactions are actually valid transactions, there are those situations when a user enters an expense manually on one report and then later submits the same expense manually or as an imported card transaction on a subsequent report. Because of the high rate of false positives, the only effective way to confirm a duplicate transaction is with an auditor.

g. Expenses coded as “miscellaneous” or “other”. In general, organizations should avoid the use of generic expense types, but if you have one, then you should audit the heck out it to be sure that it’s not being abused.

h. Mileage that exceeds a certain value. It is import to note that commuting mileage is non-deductible and has to be accounted for when the business trip begins or ends at home, even on the weekend, unless the user qualifies for a “home office exception”.

Question 4: If a process or expense automation solution ensures each expense has a receipt, is there still a reason to audit those expenses?

Answer: Merely have a “matching” receipt does not meet the requirements of certain expense types, such as hotel/lodging, entertainment, group meals, cell phones, etc., which typically require a detailed or fully itemized receipt. Otherwise it’s very easy to “hide” disallowables like gift cards, alcohol, etc.

Question 5: What level of audit exception should be expected or tolerated?

Answer: Once again…it depends. In our experience, expense audit exceptions can be found to be as high as 40% or a low as 3%. While there will always be some level of audit exceptions, perhaps what is most important is that there is an effort to reduce or eliminate the root causes of the audit exceptions by improving the expense process, revising training for users and approvers, or changing the expense policies.

Question 6: What else is important to consider for an effective expense audit process?

Answer: Follow through and recovery. Each audit exception is an opportunity to correct a deficiency. If it is a missing receipt, the user should be given the opportunity to find it and attach it to the record. If there was something paid to a user that was not valid, then there should be a defined process for accounting for and recovering the funds in question. And in the rare case of gross fraud, it should be investigated thoroughly and action should be taken by the appropriate personnel.


Auditing Travel and Entertainment (T&E) or P-Card Expenses is still more art than science and no amount of automation will remove the requirement for proper financial oversight.

The above information is of a general nature and is not intended to address the specific circumstances of any particular organization or business.

Have feedback or want more information? Click here to share your feedback privately.