Credit Card Use: Having a policy can thwart misuse

When it comes to fraud in an organization, credit cards are frequently a fraudster’s tool. Because the use of credit cards is so commonplace today, there’s always the risk of improper charges to your account. Credit card misuse could not only hurt your organization financially, but can also jeopardize its reputation in the community.

But there are ways to protect your organization against credit card fraud. Developing a credit card use policy is an important first step.

Certain components make sense

While each organization’s policy will vary according to its circumstances and priorities, certain components are both commonsense and essential. It’s important, for example, to address eligibility by setting restrictions on which employees may have or use your organization’s credit cards. For example, you might want to limit cards to full-time employees who:

• Travel regularly for their jobs;
• Purchase large volumes of goods and services for the organization’s use; or
• Otherwise incur regular business expenses appropriately paid by credit card.

You also should require written approval from a supervisor prior to having a credit card issued to an employee.

In addition, your policy should clearly identify prohibited uses for the cards, such as cash advances, bank checks, traveler’s checks and electronic cash transfers — and explicitly state that the credit cards may not be used for personal expenses. You also might bar using the card for purchases of alcohol or other items inconsistent with your organization’s mission and values. Additionally, you may want to prohibit capital purchases, which often need to go through a more layered approval process.

Finally, your policy should specify that reimbursement for returns of goods or services must be credited directly to the card account. The employee should receive no cash or refunds directly.

Spending limits should be specified, preapproval required

In addition to restricting the types of purchases, your policy should set a spending limit. Or you can rely on the specific limit set with the issuer for each card if that limit is in sync with the user’s needs.

Many nonprofits require all employees to seek preapproval (usually in writing) prior to incurring any credit card charge as a proper internal control. Clearly state in your policy that unauthorized credit card purchases and charges without appropriate documentation are the responsibility of the employee, including any related late fees or interest.

Documentation and statement reconciliation are key

Employees must provide documentation — usually the original itemized receipt — to support all charges. For meal purchases, require employees to provide the names of everyone in attendance and a description of the meal’s business purpose to comply with IRS regulations.

Request that all original receipts be submitted to the accounting department in an organized manner, and provide users with a standardized format to expedite processing by requiring department coding and descriptions of each charge. Supervisors should indicate their review and approval of the charges by a signature and date on the receipt or on the required form. Your accounting department should reconcile monthly credit card statements, and the statements should be reviewed by an executive or board member.

Enforcement should be mentioned

A policy without an enforcement mechanism is simply a piece of paper. Your policy should state that violations will result in disciplinary action, up to and including termination of employment and, where appropriate, criminal prosecution.

Once you communicate your credit card policy, require the employee to sign an acknowledgment stating that he or she has read and understands the policy and procedures governing credit card use before receiving the card.

The right steps

Credit card use is sometimes a convenient way to handle expenses, particularly for event planning and travel. So if your nonprofit permits credit card use, make sure that you have controls in place to deter and guard against misuse.

You should review your credit card policy at least every five years to ensure the proper policies and updates are integrated. If you would like a review of your policy or need assistance with putting together a new policy, contact us.