Organizations weighing T&E automation should look beyond the value of streamlining the process to solutions that include analytic and reporting features that enforce compliance controls and provide audit evidence while minimizing business risks associated with uncontrolled spending and fraud. These more robust solutions are part of the extended enterprise applications market experiencing greater investment as a result of governance, risk, and compliance requirements.
Kathleen Wilhide Research Director, Compliance and Business Performance Management Solutions
Avoiding the Compliance Trap for Travel and Expenses
January 2008 Travel and related expenses are one of the largest controllable indirect expenses many companies incur. Managing adherence to policy and monitoring for fraud can be burdensome and costly tasks. Software that automates the travel and expense (T&E) process has always been a valuable investment for companies to achieve efficiency and provide policy enforcement. However, increasing compliance requirements, from the broad stroke of Sarbanes-Oxley to targeted regulations affecting financial services and pharmaceutical firms, now demand greater transparency and control over the T&E management process. Organizations weighing T&E automation should look beyond the value of streamlining the process to solutions that include analytic and reporting features that enforce compliance controls and provide audit evidence while minimizing business risks associated with uncontrolled spending and fraud. These more robust solutions are part of the extended enterprise applications market experiencing greater investment as a result of governance, risk, and compliance requirements. IDC estimates that some companies are spending up to 0.5% of revenue to meet compliance requirements, and investments to improve core processes and automatically enforce controls and compliance can ease the compliance burden while mitigating risk. With the promise of fast and dynamic delivery of software functionality, on-demand T&E solutions are helping companies quickly meet requirements to enforce policies and controls and are also providing capabilities to meet evolving compliance requirements.
The following questions were posed by travel and expense management services provider Concur to Kathleen Wilhide, research director for IDC's Compliance and Business Performance Management (BPM) Solutions research, on behalf of Concur's customers.
Q. What are the compliance issues surrounding employee travel and expense management?
A. Compliance has a number of direct and indirect implications for companies. Many organizations have no choice but to assign employees to check and double-check operational controls and manually assemble evidence to prove adherence to policy. If control gaps are identified, auditors continue to make demands on organizations to prove risks are being managed. As the cost of compliance escalates, companies look to automated solutions to help them provide enforcement in areas that pose control risk or are impacted by specific legislation. T&E is one of those areas.
IDC 614 Regulations such as Sarbanes-Oxley are not prescriptive with regard to what areas should be automated, but they provide overall guidance for processes that are material in nature and pose risk. When processes such as T&E pose control risks, the opportunity for fraud escalates. Companies can continue to manually monitor this process and incur increasing internal costs and audit fees or implement technology to automate the process and provide a system of record that auditors can rely on while reducing manual effort.
Q. Which industries are particularly at risk for noncompliance, and why?
A. Processes such as T&E management pose control risks for all industries. What organizations find is that other areas of legislation can also be satisfied through a common compliance process or an investment in software. The financial services and pharmaceutical industries are at the forefront of determining how their technology solutions can help meet multiple compliance requirements. From a T&E perspective, these two industries in particular are also looking to software to manage the T&E process and at the same time meet the requirements of currently evolving legislation for additional policy enforcement and reporting in this area.
For example, in the financial services arena, the National Association of Securities Dealers (NASD) Rule 3060 addresses business entertainment expenses and conflicts of interest. Specifically, the rule prohibits brokers from giving gifts worth more than $100 in any given year to individuals with whom they have a business relationship. Gifts can take the form of entertainment as well as specific gifts, both of which are typically paid through corporate travel an... [download for more]
