A recent Palm Beach Post article reports that a Florida International University (FIU) professor and a University of Florida (UF) administrative assistant and IT specialist allegedly used school credit cards to buy more than US $18,000 worth of personal items, including a wireless reading device, a membership to United Airlines’ Red Carpet club, and a Blu-ray Disc player. University auditors also uncovered several other cases of credit card abuse that involved submitting fraudulent receipts, and state auditors cited weaknesses in programs at FIU and UF, as well several other Florida universities, that could lead to fraud.

How could these frauds have been detected earlier or averted altogether? What can management and internal auditors learn from this situation that will help them remain vigilant for future fraud schemes?

Lessons Learned

  • Convenience for valid cardholders also can mean convenience for fraudsters, and basic controls for credit card use must be in place to address fraud risk. One of the most basic preventative controls is ensuring that cards are issued only to persons required and authorized to make credit card purchases and that the cards are cancelled when employees resign or are terminated.
  • Employees should be required to submit original copies of receipts to support all purchases and understand that management will review credit card statements prior to expense reimbursement. A monthly managerial review of employee credit card transactions is an effective control for detecting fraud.
  • Most credit card companies offer a range of preventive and detective controls such as restricting card use to certain types of merchants, days of the week, or during certain hours of the day. Using these parameters, card companies can provide reports that identify unusual transactions.
  • Credit card transactions in electronic format are readily available from credit card companies and analyzing transactional data can quickly highlight symptoms of possible fraud. Ways to analyze this data include creating a summary by merchant category code, a duplicate test for the same card number, merchant, and date, a sorted list by transaction amount, a list of current cardholders versus valid employees, a report showing totals by cardholders, and a list of transactions with foreign currency amounts.

Share This Article:    


Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.





To make something bold:
<strong>Text to bold</strong>

To make something italic:
<em>Text to italicize</em>

To make a hyperlink:
<a href="URL">Text to link</a>


Subscribe_June 2014 


 IIA SmartBrief

Bookstore Digital

 IIA Academic_Nov 2013




 facebook IAO