Loading...

Subscribe to newsletters
About Us
Careers
Client Portals
Pay Invoice
Locations
Industries
Services
Professionals
Legal & Privacy
CCPA Privacy
Contact Us
Request a Proposal

© 2024-2026 Baker Tilly US, LLP / Baker Tilly Advisory Group, LP

Baker Tilly US, LLP and Baker Tilly Advisory Group, LP and its subsidiary entities provide professional services through an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable laws, regulations and professional standards. Baker Tilly US, LLP is a licensed independent CPA firm that provides attest services to clients. Virchow, Krause & Company, LLP, a licensed CPA firm, is an affiliated entity of Baker Tilly US, LLP and provides attest services to clients located in Kansas, USA. Baker Tilly Advisory Group, LP and its subsidiary entities provide tax and business advisory services to their clients. Baker Tilly Advisory Group, LP and its subsidiary entities are not licensed CPA firms.

Baker Tilly Advisory Group, LP and Baker Tilly US, LLP are independent members of Baker Tilly International. Baker Tilly International Limited is an English company. Baker Tilly International provides no professional services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. Baker Tilly Advisory Group, LP and Baker Tilly US, LLP are not Baker Tilly International’s agent and do not have the authority to bind Baker Tilly International or act on Baker Tilly International’s behalf. None of Baker Tilly International, Baker Tilly Advisory Group, LP, Baker Tilly US, LLP, nor any of the other member firms of Baker Tilly International has any liability for each other’s acts or omissions. The name Baker Tilly and its associated logo is used under license from Baker Tilly International Limited.

Efficiently and effectively auditing your P-Card program

Article

Efficiently and effectively auditing your P-Card program

May 29, 2024 · Authored by Kishan Patel, Niamh Boyle

Subscribe to newsletters

Share

Related sections

  • Higher Education
  • Risk Advisory
  • Internal Audit

Tags

internal audit
p-card
higher education

A purchasing or procurement card (P-Card) is a credit or debit-like card that allows employees of an organization to purchase goods and services on behalf of the organization without having to go through the traditional procurement or purchase request and subsequent approval process.

P-Card programs enable employees to complete business transactions more efficiently and allow charges to be reviewed within moments of purchase. While P-Cards can be a great way to support effective and efficient purchases for your organization, P-Cards are at greater risk for misuse and fraud. Additionally, when P-Cards are used for online purchases, there is an increased risk that P-Card data is stolen and used to execute fraudulent transactions. Organizations should monitor and manage P-Card spending and reduce misuse and fraudulent behavior by implementing internal control activities, including the performance of P-Card audits.

The purpose of a P-Card audit is to identify whether controls are working as intended or whether other controls are needed to prevent misuse or fraud and detect instances in which misuse or fraud have occurred. Auditing P-Cards can benefit an organization by identifying opportunities for further process efficiencies and cost-saving benefits and help to reinforce a strong internal control environment around purchasing. Below are some key objectives for an effective P-Card audit.

P-Card audit objectives

Objectives of a P-Card audit may include, but are not limited to, the following:

  • Determining whether the control environment is sufficient to prevent and/or detect possible fraudulent activities or misuse of organization funds
  • Assessing whether fraud or misuse has occurred within the P-Card program
  • Identifying procurement-related efficiencies the organization may implement to optimize financial resources

P-Card audit approach

A P-Card audit may have many different approaches depending on the audit objectives. An audit approach may include, but is not limited to, the following:

  • Review available documentation such as organizational policies and procedures to identify controls designed to prevent or detect possible instances of misuse or fraud
  • Examine available documentation to identify organization-specific compliance attributes to inform analytics and testing procedures. Testing procedures may include, but are not limited to:

Related sections

  • Higher Education
  • Risk Advisory
  • Internal Audit

Article Tags

internal auditp-card higher education

- Transactions are below organization established P-Card thresholds

- Verification of business purpose

- Verification sales tax was not applied (if organization is a tax-exempt entity)

- Transactions include appropriate supporting documentation (e.g., receipts, invoices, etc.)
  • Assess training and workflow materials to identify and confirm organization-specific training requirements are met and workflows are optimized to meet the purchasing demands of the organization
  • Conduct interviews with key personnel, process owners and procurement stakeholders at the organization to understand:
    - Setup, usage and approval practices within the organization
    - Organization requirements for P-Card holders, including any necessary training
    - Monitoring and oversight to review spend
  • Perform data analytics to identify:
    - Vendor trends (e.g., top vendors by volume and/or spend, most frequently used vendors, unusual vendors). Gaining an understanding of vendors with which the organization does a lot of business may lead the organization to explore opportunities to leverage economies of scale
    - Employee spending trends (e.g., top employees by volume and/or spend, inactivity, determining whether P-Card is appropriate method to procure certain goods or services). Employee spending trends can serve as a reasonableness check to confirm whether the top spenders make sense given their role at the organization
    - Transactions that may not comply with the organization’s policies and procedures (e.g., missing business purpose, splitting transactions to avoid P-Card spending limit thresholds or receipt thresholds, purchase of restricted items). This analytic test, as well as the identification of vendor and employee spending trends, may also be used to inform a sample selection for more detailed testing at the transaction level
    - Review purchase amounts to consider whether current P-Card spending limits are appropriate and in line with the organization’s needs as well as leading industry practices

    • Key risks and how to approach them during audit fieldwork

    Through analytics and purchasing trend reviews, auditors can identify possible unauthorized use or fraudulent activity within an organization. For example, if transactions are split, there is a risk of individuals bypassing the required approvals in effort to expedite the procurement process. For further information on risks associated with P-Cards and how to prevent them, read our insight, Optimizing P-Card use with internal audit.

    Baker Tilly can help

    Our specialized higher education risk advisory team can help your organization. How we help:

    What we do What you get
    Assess your organization’s policies and resources related to procurement and P-Card administration and activity A facilitated discussion with key process owners across the organization to identify opportunities for increased communication and awareness as well as a policy gap analysis to determine what documentation needs to be updated or developed and implemented
    Identify the roles and responsibilities between departments that are involved in P-Card administration and the available resources at your organization A clear understanding and layout of the control environment or collaboration efforts and practices in place to facilitate efficient and effective P-Card program administration and auditing
    Evaluate current procedures to assess compliance with organizational policies and alignment with industry leading practices Actionable recommendations to address identified audit observations, gaps, challenges, risks or enhancement opportunities based on organizational policies and industry leading practices
    Connect with our team

    Case study: P-Card program review and audit in action at higher education system

    Person paying for a purchase with credit card
    Client background

    Management for a system of universities requested an assessment of its P-Card program, including testing and analysis of their program for compliance with organization policies and procedures.

    Baker Tilly solution

    Baker Tilly interviewed key personnel, process owners and procurement stakeholders and reviewed organization policies and procedures as well as training and workflow materials to gain an understanding of the organization’s P-Card program and any challenges with administering the current program effectively and efficiently. Our team performed analytics of vendor trends and employee spending to inform detailed testing of transactions to assess compliance with the organization’s policies and procedures.

    Results achieved

    During our review, we identified instances where organization policies could be enhanced to optimize procurement operations. We also discovered various key controls that were not operating as intended to prevent or detect P-Card misuse. We provided management with actionable recommendations to address the observations identified and monitoring activities of potential future P-Card misuse.

    For more information on P-Card audits, or to learn more about how Baker Tilly’s higher education internal audit specialists can help your institution, contact our team.

    Contact us