Do you give out credit cards and travel cards to your employees? If so, how confident are you that your internal controls are working, if you have any internal controls at all? If you're like most small firms, your policies are largely based on trust. But, as you no doubt know, 'trust' is not an internal control. Trust is important in any organization, but it is not an internal control.
The Government is a major user of travel cards but audit after audit show that the Government, with all of its controls and oversight (approvers checking the travelers, managers checking the approvers, and auditors checking the managers) they still have issues and deficiencies in managing their credit/travel card programs.
The Government Charge Card Abuse Prevention Act of 2012 requires OIGs (Office of Inspector Generals) of agencies with more than $10 million in travel card spending to conduct period audits of reviews of travel card programs to analyze risks of illegal, improper or erroneous purchases and payments.
The EPA (Environmental Protection Agency) Office of Inspector General (OIG) recently completed a risk assessment of the Agency's travel card program and decided there was enough risk to merit a full audit. The OIG found employees who had been separated from service with active travel cards. They found irreconcilable differences between transactions and bank records (Citibank records in this case). The OIG found reports with 'blank' columns where data should be listed. They also found that they couldn't determine how much 'credit' was remaining on travel cards.
You might want to read how one highly trusted contractor employee used a company issued credit card to embezzle $825 thousand from his company.
You might also be interested in our article on how to improve controls over credit card usage.