Kyra came up to me this morning with a worried look. “What’s up?” I asked. “My manager is asking me to grow the account revenue,” she said in a bewildered voice. “But the client wants me to reduce the headcount, as he is not getting enough value from the work we do.”
When you’re in a pickle…
Kyra went on to explain that we were processing travel expense claims for a large global company. Although the company’s policy was embedded as business rules in the travel application, and most of the claims were processed as “auto approved,” the company’s policy required a post audit to be performed to detect anomalous claims.
The client had also implemented an audit tool in which exception rules were defined, with travel reports that meet this exception criteria extracted and reviewed manually. Travel policy variations were followed up with employees to obtain a better understanding – where an employee claim was determined to be incorrect, recovery measures were initiated.
The client was now expecting improved outcomes from the audit team in terms of identifying more instances of incorrect claims.
… focus on the process and data
This is where the governance, risk and compliance (GRC) team stepped in, gaining a thorough understanding of the business operations, the divisions, the nature and type of business associated with each business division, how the corporate travel policy was to be applied, what typical exceptions arise and how they were handled.
While the situation Kyra found herself in is pretty typical, the best approach to address these challenges involves two dimensions – process and data:
- The audit process– review and refine the existing audit process to eliminate inefficiencies, and bring in greater transparency into the analysis and reporting of travel reports. With time, these improvements deliver visibility to the baseline performance of the travel audit process.
- Predictive data modelling – the current approach of reviewing exception reports generated an abundance of false positives, wasting both time and effort. The most optimal way to solve Kyra’s problem was to build a predictive intelligence model to identify incorrect travel claims:
- Clean, scrub and analyze the data.
- Visualize and use descriptive analysis of the data to get insights into building predictive models.
- Evaluate several models to determine the most suitable model for your context.
- Perform feature engineering to extract more value from the existing data elements.
- Choose a model that gives the most optimum results.
- Run the model against the data.
Once performed, these steps will give you a solid sample on which manual audit procedures can be performed. While the sample size will be much smaller, there is a greater probability of finding erroneous claims, thereby increasing the efficiency of the audit process. Remember to recalibrate your model at regular intervals to align the predictive model with the business reality.
As a next step, T&E analytics could be used to drive corporate travel policy. Analysis of patterns of travel and lodging options could reveal trends in usage, which could be leveraged to drive volume discounts with carriers and hospitality providers, and recommendations on the use of technology to minimize travel could be identified. These kinds of measures have great potential to deliver significant cost savings for corporations.
The new prediction model has been in operation for just over a month, increasing the audit team’s effectiveness significantly. The audit team can now identify more instances of incorrect travel claims, which are expected to feedback into the travel policy.
And as for Kyra? She was relieved to have the situation under control … and her client was delighted!
To find out more about how our GRC services can help you to save time and money for your clients, contact: firstname.lastname@example.org
Click to learn more about how Capgemini’s Continuous Controls Monitoring service from our GRC portfolio can enhance your reputation, ensure compliance and deliver real business value.
Click the links to read the other blogs in this series:
- GRC 101 – an Introduction to Governance, Risk Management and Compliance
- Audit and Compliance Productivity Driven by Artificial Intelligence
- How to Effectively Manage Your Audit Challenges