Expense Audit & Fraud-Flag Checklist (2026)

1Tell us where to send it
Your name and work email — nothing more.
2Check your inbox
Your checklist arrives in seconds, not days.
3Use it with your team
Editable and ready to share — make it your own.

A peek inside

See exactly what you're getting

Free PDF

Spotsaas · 2026

Expense Audit & Fraud-Flag Checklist

✓ Why expense fraud hides so well

✓ Pre-payment fraud flags

✓ Per-report review (every submission)

✓ Quarterly audit program

Get the checklist →

What it is

The Expense Audit & Fraud-Flag Checklist is a two-part control tool: a set of pre-payment red flags to apply to every report before money goes out, and an audit program for a periodic deep-dive on a sample after the fact. It's designed to catch the three things that drain a T&E budget, deliberate fraud, policy abuse, and honest errors, before they're reimbursed, and to give finance a structured way to test for them in a quarterly review. Rather than relying on an approver's gut feel, it names the specific patterns that signal a problem and what to do about each.

The fraud-flag section is a table of patterns paired with what they mean and the response. Duplicate receipts or amounts (the same expense submitted twice or by two people) call for blocking and comparing to prior reports. Amounts just under the receipt cap (e.g., $74 against a $75 threshold) signal padding to dodge substantiation and warrant a spot-check across the submitter. Round-number cash claims suggest fabricated lost-receipt spend. Weekend or non-travel-day spend may be personal cost coded as business. Mismatched receipt and card dates point to altered or recycled receipts. Out-of-policy lines with vague purposes hide disguised personal spend. Repeated same-vendor max claims indicate habitual padding to the cap.

The pre-payment checklist is the per-report discipline: an itemized receipt present for every line over the threshold, the receipt total matching the claimed amount (not rounded up), a specific business purpose rather than 'business meeting,' attendees listed for any meal or entertainment line, GL code and cost center matching the expense type, no duplicate of a previously reimbursed line, per-diem and actuals never both claimed for the same day, and mileage reasonable versus the point-to-point distance. Used together, the flags and the checklist turn approval into a real fraud and error control.

What it's used for

Finance and audit teams use the checklist to stop fraudulent, abusive, and erroneous expenses before reimbursement and to run a repeatable periodic audit on a sample. It converts vague suspicion into named patterns and concrete responses, so reviewers know what to look for and what to do.

✓ Screening every report pre-payment against a fixed set of checks, itemized receipt over the threshold, receipt total matching the claim, specific business purpose, attendees listed, correct GL and cost center, no duplicates, no per-diem-plus-actuals on one day, reasonable mileage.
✓ Detecting duplicate fraud, the same expense submitted twice or by two different people, by blocking the line and comparing against prior reports across submitters.
✓ Spotting padding patterns: amounts that sit just under the receipt cap to avoid substantiation, repeated same-vendor claims at the maximum, and round-number cash claims that suggest fabricated lost-receipt spend.
✓ Catching disguised personal spend: weekend or non-travel-day charges coded as business, and out-of-policy lines hidden behind a vague business purpose, by confirming against travel dates and rejecting for specificity.
✓ Validating receipt integrity by comparing the receipt date to the card-feed date, so altered or recycled receipts don't slip through.
✓ Running a quarterly audit program on a sample of reports, trending an individual submitter over six months to surface habitual padding that no single report would reveal.
✓ Building the documented control evidence, what was flagged, what was tested, and how it was resolved, that internal and external auditors expect to see.

Who uses it

The checklist serves the people who review and audit expenses, from the manager approving a single report to the auditor sampling a quarter's worth. It's most valuable where T&E volume is high enough that abuse can hide in the noise.

Accounts payable / expense reviewersApply the pre-payment flags to every report, so they need the specific patterns and responses to catch issues before reimbursement rather than after.

Controller / Finance directorOwns the control environment, decides the sampling approach for the periodic audit, and acts on trends that emerge across submitters over time.

Internal auditRuns the quarterly deep-dive on a sample using the audit program, and documents the testing and resolutions as control evidence.

People managersAre the first line of defense on their team's reports, and the flags give them objective patterns to question rather than relying on instinct.

External auditorsReview the documented flagging and audit work to confirm T&E controls are operating, not just written down.

Context & good to know

Expense fraud is rarely a single dramatic theft; it's usually a slow drip of small abuses that hide in the volume of routine reports. A meal padded a few dollars under the cap, a personal weekend charge coded as business, a 'lost receipt' round number, none of these trips an alarm on its own. That's exactly why the checklist names the patterns: the value isn't in catching the obvious $5,000 fake invoice (any approver would see that) but in surfacing the systematic, low-grade leakage that approvers miss because each instance looks plausible. The fraud-flag table gives reviewers the vocabulary to recognize a pattern as a pattern.

The split between pre-payment flags and a periodic audit is deliberate, because the two catch different things. Pre-payment screening stops the obvious problems on the report in front of you, missing receipts, duplicates, mismatched amounts, before money moves. But the most damaging abuse is habitual and only visible over time: the submitter who claims the same vendor at the cap every month, or whose 'lost receipts' are always round numbers. No single report reveals that; trending an individual over six months does. The audit program exists to do that longitudinal analysis on a sample, which is where the real recoveries and deterrence come from.

Many of the flags are about substantiation discipline as much as fraud. Requiring a specific business purpose instead of 'business meeting,' listing attendees on meals, and ensuring receipt totals match the claim aren't just anti-fraud, they're the substantiation an accountable plan and an auditor require. The per-diem-plus-actuals-on-the-same-day check is a classic example: claiming both isn't always fraud, but it's always wrong, and it's the kind of error that compounds across a company. Catching it pre-payment keeps both the policy and the tax treatment clean.

Modern expense platforms automate a meaningful share of this. Tools can detect duplicate receipts by comparing images, amounts, and merchants; OCR can read a receipt and flag when the total doesn't match the claim; and rules can surface out-of-policy and just-under-the-cap lines to the reviewer automatically. That automation handles the per-report flags at scale, which frees human reviewers and auditors to do the judgment-heavy work, the six-month trend, the pattern across submitters, that software can flag but not interpret. The checklist works whether you run it manually or use it as the spec for what your tool should be catching.

✓ Independent · vendors can't pay to rank

Built on verified data, not vendor spin

Every Spotsaas resource draws on the Spotsaas Score — a blend of verified review ratings, review volume, and feature depth across 113 expense management software tools. Refreshed regularly; data as of June 2026.

FAQ

Questions, answered

What's the difference between the pre-payment flags and the periodic audit?

The pre-payment flags are applied to every report before reimbursement to stop obvious problems, missing receipts, duplicates, mismatched amounts, out-of-policy lines. The periodic audit is a quarterly deep-dive on a sample that trends individual submitters over time (the checklist suggests six months) to catch habitual abuse no single report reveals. You need both: one stops the visible issues, the other catches the systematic leakage.

Why are amounts just under the receipt cap a red flag?

Because they suggest padding to avoid substantiation. If your receipt threshold is $75 and a submitter repeatedly claims $74 cash with no receipt, they may be sizing claims to stay just under the cap where no proof is required. One instance is nothing; a pattern across a submitter warrants a spot-check. The checklist calls this out specifically because it's a common, low-grade abuse that approvers wave through individually.

How do I catch duplicate expenses, especially across two people?

Block the suspected line and compare it to prior reports, including reports from other submitters, because a shared cost (a team dinner, a conference fee) can be expensed by two attendees. Modern tools detect duplicates automatically by comparing receipt images, amounts, dates, and merchants across the company. The checklist makes duplicate detection both a per-report flag and a thing to confirm against prior reports.

What makes a business purpose acceptable?

Specificity. 'Business meeting' or 'client lunch' is not a business purpose, it's a category. An acceptable purpose names who, what, and why: 'lunch with Acme procurement team to finalize Q3 renewal.' Vague purposes are a flag because they're where disguised personal or out-of-policy spend hides. Reject the line and require specificity; for meals and entertainment, also require the attendees to be listed.

Why check the receipt date against the card date?

A mismatch can indicate an altered or recycled receipt, someone reusing an old receipt to justify a different charge, or doctoring a receipt's amount or date. Validating the receipt against the card feed (the card date and amount are hard to fake) is a quick integrity check. When the receipt and card dates or amounts don't agree, investigate before reimbursing rather than after.

Is claiming both per-diem and actual meals on the same day fraud?

It's always wrong, even when it isn't deliberate fraud. Per-diem is a receipt-free daily allowance; actuals are receipted real costs. Claiming both for the same day double-pays for meals. The checklist flags it as a pre-payment check because it's a frequent error that quietly inflates reimbursements. Policy should require choosing one method per trip, and the reviewer should reject any day that claims both.

How big a sample should the periodic audit cover?

Large enough to be representative and to let you trend repeat offenders, but small enough to actually complete each quarter. Many teams audit a risk-weighted sample, all high-dollar reports plus a random selection of routine ones, and follow any submitter who triggers flags across a longer window (the checklist suggests six months). The goal is deterrence and recovery, not auditing everything, so focus the sample where the risk and the patterns are.

Can expense software catch fraud automatically?

It can catch a lot of it: duplicate detection, OCR that flags when a receipt total doesn't match the claim, and rules that surface just-under-the-cap, out-of-policy, and weekend spend to the reviewer. Tools like Concur and Expensify build many of these checks in. But software flags patterns; it doesn't interpret intent. The judgment calls, is this padding or a one-off, is this a habit, still need a human, which is why the audit program pairs automated flags with periodic review.

What should I do when a flag turns out to be real?

Document it, recover the amount if it's been paid, and escalate per your policy, an honest error gets a correction and coaching, deliberate fraud gets a formal response. The key is that every flag, tested item, and resolution is recorded, because that documentation is the control evidence auditors look for and the trail you'll need if a pattern becomes a personnel or legal matter. Resolution without documentation leaves you exposed.

Keep exploring