As a result of the Sarbanes-Oxley Act (SOX) passed in the U.S. in 2002, organizations around the world have refocused their attention on maintaining a controls-compliant business environment.
Implementation of a well-controlled commercial card program is a key component of mitigating risk throughout the Procure-to-Pay process. Organizations define card program control goals such as:
- Compliance with procurement and payment policies
- Reduction of maverick spend
- Mitigation of fraud, loss and misuse
Best practice organizations typically achieve card program control goals by implementing recommended practices within the five areas outlined in the Visa
Controls Framework:
- Ownership - Companies must establish card program ownership with an organizational structure, including well-defined roles and responsibilities to manage the card program
- Policies - Best practice policies are those that are clearly defined with specific details for each of the aspects of the card program
- Procedures - Procedures clearly identify the appropriate "who, what, where, when and how" of card use and will assist in the monitoring and control of the card program
- Technology - Effective use of technology makes procedures more efficient and guards against human error, there by ensuring that misuse is more easily detected and prevented
- Audit - Regular audits enable organizations to review and update card program policies and procedures as necessary
Benefits
- Control and Compliance - Developing a controls strategy that addresses ownership, policies, procedures, technology and audit minimizes the risks of a commercial card program and increases compliance
- Cost Savings and Process Efficiency - A controls strategy minimizes non-compliant behavior. Automated monitoring and tracking reduces time and effort needed to enforce compliance