Timothy F. Hagan
Lead Partner – Audit
(978) 887-2220 x212
“Our auditors have questioned our personnel’s use of credit cards.
What are best practices for this area?”
Implement a policy for credit card use
Providing employees with credit cards may seem convenient. But sharp criticism will likely follow if the cards are misused or appear to have been. And while large nonprofits typically have strong internal controls that minimize the risks, smaller organizations may need to take steps to protect themselves from credit card abuse. That begins with establishing a formal credit card policy.
Why you need rules
A formal credit card policy is particularly critical for social service organizations, which frequently have charges similar to those an individual would make for his or her own purposes — for example, food, clothing or household goods. Credit card misuse could jeopardize any organization’s tax-exempt status, and a policy can set up rules and requirements that make it easier to discern between valid and invalid charges.
How to draft guidelines
While each organization’s policy will vary according to its circumstances and priorities, most credit card policies should address the following issues:
Eligibility. It’s a good idea to set restrictions on which employees can use credit cards. You might, for example, limit cards to full-time employees who travel regularly for their jobs, purchase large volumes of goods and services for the organization’s use or otherwise incur regular business expenses of a kind appropriately paid by credit card. You also should require written approval from a supervisor prior to obtaining a credit card.
Prohibited uses. Clearly identify prohibited uses for the cards, such as cash advances, bank checks, traveler’s checks and electronic cash transfers. And explicitly state that the credit cards may not be used for personal expenses. You also might bar using the card for purchases of alcohol or other items inconsistent with your organization’s mission and values. Additionally, you may want to prohibit capital purchases, which may need to go through a more significant approval process.
Your policy also should specify that reimbursement for returns of goods or services must be credited directly to the card account. The employee should never receive cash or refunds directly.
Spending limits. In addition to restricting the types of purchases, your policy should set a spending limit. Or the issuer can set a specific limit for each card depending on the user’s needs.
Unauthorized charges. Many nonprofits require all employees to seek explicit preapproval prior to incurring any credit card charge in order to comply with federal guidelines. Set limits for all card users of what can be charged without preapproval. Clearly state that unauthorized credit card purchases and charges without appropriate documentation are the responsibility of employees, including any related late fees or interest.
Documentation. Employees must provide documentation — usually the original itemized receipt — to support all charges. For meal purchases, require employees to provide the names of everyone in attendance and a description of the meal’s business purpose to comply with IRS regulations.
Statement reconciliation. Require card users to reconcile their charges to the monthly credit card statement within 15 days of the statement date. Request all original receipts to be submitted to the Accounting Department in an organized manner, and provide users with a standardized format to expedite processing by requiring department coding and descriptions of each charge. Supervisors should indicate their review and approval of the charges by a signature and date on the receipt or on the required form. All charge account activity of the Executive Director should be reviewed and approved by the Treasurer.
Enforcement. A policy without an enforcement mechanism is simply a piece of paper. Your policy should state that violations will result in disciplinary action, up to and including termination of employment and, where appropriate, criminal prosecution.
Once you communicate your credit card policy, require the employee to sign an acknowledgment stating that he or she has read and understands the policy and procedures governing credit card use.
Beyond the policy
Establishing and enforcing a formal policy is only the first step your not-for-profit should take to reduce the risks associated with employee credit card use. Additional controls include having the monthly credit card statements reconciled in the accounting department and reviewed by an executive or board member.
Sidebar: Employee reimbursements and accountable plans
If your organization decides against having credit cards altogether, there will be situations where employees will need to be reimbursed for expenses they have incurred personally. Ensure your arrangement qualifies as an “accountable plan” under IRS criteria so reimbursements paid under it aren’t considered pay to the employee. An accountable plan must require that employees:
- Have paid or incurred expenses for a deductible business purpose,
- Adequately account for these expenses within a reasonable time period (within 60 days after they were paid or incurred) by providing a statement of expense, an account book, or a similar record in which they entered each expense at or near the time incurred, along with evidence such as receipts of travel, mileage and other business expenses, and
- Return any excess reimbursement or allowance within a reasonable time period (within 120 days after the expense was paid or incurred).
If the plan doesn’t satisfy all three requirements, reimbursements must be reported as wages.