January 4, 2018

I recently attended a training that discussed procurement cards—both their increased popularity and the risks associated with using them.

During the training, I shared that we have been using technology to help mitigate these risks. This technology can also help reduce risk in many other areas as well, including payroll and disbursements.

The Issue with Procurement Cards

Procurement cards are becoming a more common method of simplifying the purchasing process.

But as popularity and use grow, so does the number of transactions. This growth lessens management’s ability to effectively monitor use of these cards.

As a result, we are seeing more reports of fraud and increased inappropriate use of these cards. To help ensure that you don’t become one of these reports, consider using Data Mining software to monitor procurement card transactions.

What is Data Mining?

Data Mining software allows the user to perform a series of tests on 100% of the transactions in a database.

Each test will provide the user with valuable insight into the data, and allow them to see anomalies that require further investigation. Some procedures procurement cards allow us to perform include:

  • Sum purchases by credit card holder and sort from highest to lowest. Management then reviews this list to see that the top users seem correct.
  • Sum purchases by vendor and sort from highest to lowest. Management again reviews to determine if the vendors at the top of the list seem right.
  • Look for transactions on weekends or after hours by card holder and by vendor. Determine if the people listed have jobs that require weekend transactions.
  • Look for transactions in increments of $50 or $100. One of the most common types of procurement card fraud is purchasing gift cards or gift certificates. Sample the transactions that make this list to determine if they are appropriate.
  • Sort the list by Merchant Category Code—some codes are riskier than others. For instance, gas purchases, gift cards, and alcohol are the most common abuses, so the codes that correspond to these types of purchases should be looked at more closely.

Payroll Data Mining Tests

For payroll, some of the data mining tests we perform are:

  • Compare social security numbers with those in the Social Security Administrations database—this will isolate invalid numbers.
  • Sum the number of checks per person. You know how many pay periods there are—is anyone getting more checks than they’re supposed to?
  • Compare the payroll database to your vendor master file. Are there any employees that are set up as vendors, or any addresses that appear in both databases? These can be indicators of fictitious vendors.
  • Sum the pay by employee. This can help identify employees who are receiving more than expected.
  • Identify multiple names with the same address. While this could simply indicate employees living together, it could also be a red flag for fictitious employees.

Monitoring Disbursements

For disbursements, some procedures to consider include:

  • Sum payments to vendors by dollar amount and number of checks—does the amount you are paying the vendors seem appropriate? Also, look at how many checks are going to each vendor. There may be opportunities to consolidate purchases, reduce administrative costs, and take advantage of purchase discounts.
  • Checks on weekends or after hours. Like with procurement cards, this can be a red flag.
  • Make note of vendors with P.O. box addresses—this can indicate fictitious vendors.
  • Multiple checks to the same vendor on the same day. This can indicate purchases split to stay below authorization or purchase limits in your policies.
  • Checks with blank payees or written to cash. This is never, ever a good sign. Make sure you thoroughly understand these transactions and try to avoid them if possible.
  • Multiple vendors with the same address, or vendors listed more than once in the vendor master file. These can be indicators of fictitious vendors.

What Else Can Data Mining Do?

Data mining is a tool that allows you to quickly identify red flags during your data monitoring efforts. There are many more tests you can run in each of these areas, but you get the idea.

As you perform data mining tests, keep in mind that some tests may not be available to you if your data set does not have the required fields.

Once you have performed the tests, you can sit down with management and review the results of each test. For some tests, the results will make sense and they will not require further action.

For others, however, management may want to investigate an individual transaction, cardholder, or vendor. They may also want to select a sample of the exceptions noted and investigate further.


I hope this article helps demonstrate the power of technology in your risk management process. Consider making these types of procedures part of your annual internal control monitoring process.

If you are interested in learning more about software products available on the market, or if you have questions about the procedures listed above, please feel free to contact me.

© Clark Nuber PS, 2018. All Rights Reserved

This article contains general information only and should not be construed as accounting, business, financial, investment, legal, tax, or other professional advice or services. Before making any decision or taking any action, you should engage a qualified professional advisor.