Credit Card Best Practices

One of the most common areas of investigation that I encounter relates to the misuse or abuse of credit cards issued by an organization to its employees.

Select which categories you would like to subscribe to.


In comparison to employee-submitted expense reports, organizations are in a different position when it comes to credit card payments. If an employee submits an expense report that is deficient in receipts or supporting documentation, the reimbursement is easily denied until adequate support is provided. With credit cards it is not as simple because the statement balance has a specific due date and the credit card company doesn’t care if the users have submitted receipts to your accounting department. Unfortunately, some employees take advantage of this situation and know that the statement will be paid, whether or not they supply all of the documentation, so they will try to either stall until the bookkeeper gets tired of asking for the receipts, or use their position of authority to convince the bookkeeper that the charges were all legitimate…but it just so happened that the receipts flew out of the car when they opened their window on the way home.

Additionally, when receipts are submitted, many times the receipts are not detailed enough to satisfy tax or regulatory requirements if the organization comes under the unfortunate situation of being audited by a taxing or governmental authority. For these reasons it is important to review your current policies and procedures regarding credit cards issued to employees for business-related activities, and to make sure the following best practices are in place.

Adopt a Clear Policy and Procedures Related to Credit Card Usage

A proper policy will address the following issues in as much detail as possible:    

  1. Authorized Users – Who is authorized to have and use an organization credit card, under what circumstances, and how will the credit card be safeguarded?
  2. Authorized Uses – What types of expenses may be charged and under what circumstances? Limited to lodging and transportation incurred while traveling on business? To purchase office equipment and, if so, is pre-authorization required? For meals and entertainment expense and, if so, under what circumstances? Other allowable expenses?
  3. Prohibited Uses – What types of expenses are prohibited? Does your policy clearly prohibit the use of cards for cash back at point of purchase, ATM withdrawals, cash access checks or other cash withdrawals? Does the policy clearly prohibit the use of cards for personal use and, if so, establish the consequences of such use?
  4. Expenditure Amount Limits – Does your policy establish dollar limits for the types of expenses authorized? 

Establish Clear Requirements for Documentation and Submission

Your policy should identify exactly what documentation the card user is required to submit, by a specific date each month, and to whom. Do all submissions adequately document the requirements of Who, What, When, Where and Why?

Additionally, in the case of meals and entertainment, it is important for the user to include not only the credit card receipts that have the amount, tip and total, but the detailed receipt that shows what was ordered so that specifics can be identified, such as liquor purchased if the organization has a policy prohibiting or limiting alcoholic beverages.

Establish Internal Procedures to Detect “Double-Dipping”

Adequate controls should exist in the areas of accounting and reporting to prevent double-dipping between credit card usage and expense report payments. For example, if employees receive a per-diem amount for meals, is a system in place to ensure that meals were not charged onto the organization’s credit card on the same days?

Whatever credit card policies and procedures are adopted, they should be memorialized in writing, documented in minutes, and added to the organization’s employee handbook, bylaws, policy manual, etc. As part of the policy, anyone issued a credit card should acknowledge and sign the policy upon receipt of the card to document the understanding between the user and organization.

Once established, the organization should consistently monitor the usage of issued cards and management should ensure compliance of the adopted policy and procedures to satisfy the effectiveness of these best practices.

Select which categories you would like to subscribe to.