Fraud and Corruption Control—Local Government

Tabled: 19 June 2019

Appendix B. Credit and purchasing card testing methodology

To test the effectiveness of the credit and purchasing card controls, we examined a selection of purchases made on council credit and purchasing cards to confirm that they were for official council business and in accordance with council policies and procedures.

We requested card transaction data for all four councils and from their banks within our testing period of 1 July 2015 to 30 June 2018. Due to some of the audited councils moving from hard copy files to electronic systems to store credit card transaction data, and banks not always storing historical data, the time frame for the data we collected for each council differed, as shown in Figure B1.

Figure B1
Time period for transaction data collected from each council


Start date

End date


2 February 2017

28 June 2018


30 June 2015

29 June 2018


26 August 2015

14 August 2018


26 June 2015

29 June 2018

Source: VAGO, based on council data.

Due to the limited data available for collection from Strathbogie, we were only able to run data analytics over credit card transactions that occurred after 2 February 2017. However, where these tests identified high-risk cardholders, we were able to request hard copy files of transactions for these cardholders.

Data analytics

We ran data analytic tests over the available transaction data for each council to identify anomalies and potential high-risk transactions that would indicate inappropriate card use. These data analytic tests included identifying transactions:

  • that occurred on weekends and public holidays
  • that occurred when the cardholder was on leave
  • that occurred leading up to and after a cardholder's termination date
  • that were for an even dollar amount, potentially indicating the purchase of vouchers
  • at vendor categories such as liquor stores and spas
  • at restaurants, bars and wineries close to council offices.
Selecting transactions for further investigation

From the transactions highlighted in the data analytic test results, we identified a selection of transactions that warranted further investigation. Some of these transactions occurred outside of our original testing scope, after June 2018.

In some instances, we did not identify any transactions that warranted further investigation within the data analytic test results. In other instances, a high number of transactions were attributable to a certain employee. When this occurred, we targeted a wider selection of transactions made by this employee.

Due to this risk-based approach, the number of transactions we reviewed differs across each council.

Review of transactions

For each of the selected transactions, we viewed system workflows and supporting documentation to test whether each transaction was:

  • for official council business
  • incurred by the allocated cardholder
  • approved by an appropriate delegate with appropriate segregation of duties
  • supported by appropriate documentation, such as an itemised tax invoice.

We explore the results of our review of individual transactions in the body of the report for each council. We have only commented where data analytic tests and our further review confirmed questionable expenditure.

Back to Top