A Senior Sales Director Submits Expense Reports Just Below the Manager-Only Approval Threshold Every Single Week for Six Months. Each Report Is Individually Approvable. The Pattern Across All of Them Is Unmistakable. Does the Finance Analyst Have an Obligation?

Quick Answer

When a finance analyst notices a clear pattern of expense reports consistently submitted just below the threshold that triggers additional approval — but each report is individually within policy — does she have a reporting obligation?

Yes. What the analyst has observed is structuring — deliberately keeping transactions below a threshold that would trigger additional scrutiny in order to avoid that scrutiny. The fact that each individual expense report is technically approvable does not mean the pattern is legitimate. The pattern itself is the compliance signal — and a finance analyst who recognizes it has an obligation to report it to internal audit or the compliance function, not to ignore it because each transaction clears individually.

The Situation

A finance analyst processes expense reports for approximately forty employees across the sales division. The company’s policy requires dual approval — manager plus finance director — for expense reports over $500. Under $500 requires only manager approval. For six months, one senior sales director has submitted an expense report each week. Every single report is between $430 and $498. In six months, the analyst has never once seen a report from this director over $500.

Each report individually shows restaurant meals, ride-shares, and client entertainment — all legitimate expense categories with supporting receipts. The analyst is fairly new to the role. She wonders whether Marcus deliberately manages his expenses to stay under the workflow threshold. But the consistency — 24 consecutive weekly reports, all between $430 and $498 — feels statistically improbable.

She’s not sure whether flagging this to someone is overstepping — Marcus is a senior leader and she’s new. She’s also not sure whether doing nothing is the right call.

Choice AContinue processing the reports. Each one is within policy. Her job is to process reports that meet the requirements — and these do. Marcus is a senior leader, and she’s new. Questioning his expense patterns would be overstepping her role.

Choice BFlag the pattern to internal audit or the compliance function — not to Marcus’s manager, who is the sole approver and may or may not understand the significance of the pattern. Document the specific data: frequency, date range, amount range, and the consistent relationship to the $500 threshold.

Choice CRaise it informally with her direct supervisor in finance and let the supervisor decide whether to escalate. She shouldn’t be the one making a fraudulent inference about a senior leader.

The Right Call

Choice B — Flag the pattern to internal audit or compliance with documented data. Not an accusation — a pattern observation.

Choice A mistakes processing compliance for analytical responsibility. The analyst’s role includes identifying patterns indicative of control circumvention, not just verifying that individual transactions meet policy parameters. What she has observed is a textbook structuring pattern, and it is exactly what finance analytics are designed to surface. Choice C is better than A, but routes a potential senior leader fraud concern through the analyst’s supervisor, who may have a relationship with Marcus or limited audit authority. Internal audit and compliance have the independence, analytical expertise, and authority to properly assess the pattern. The analyst doesn’t need to conclude fraud has occurred. She needs to report the anomaly to people equipped to evaluate it.

Structuring is fraud, even when each individual transaction is legitimate.

Structuring — deliberately keeping transactions below a scrutiny threshold — is a recognized manipulation of internal controls. The fraud isn’t in any individual expense. It’s in the deliberate pattern of threshold management that circumvents the dual-approval control the organization designed to protect against large unauthorized spending. Each legitimate receipt doesn’t disprove the scheme — it’s entirely possible to run a structuring scheme using real expenses that are just inflated or timed to stay under the threshold.

The analyst’s seniority relative to the subject is irrelevant to the reporting obligation.

Concern about overstepping a senior leader is the most common barrier to reporting up the org chart. Internal audit and compliance exist precisely to receive observations that employees can’t or shouldn’t raise directly through management channels. The analyst doesn’t need to accuse Marcus. She needs to report the pattern she has observed to the function with authority to investigate it. That is not overstepping — it is the correct use of the compliance infrastructure.

Six months of consistent data is significant regardless of what the investigation finds.

If the investigation finds Marcus is innocently managing his expenses for workflow reasons, the report generates documented clarification that protects both Marcus and the organization going forward. If the investigation finds fraud, the analyst’s documentation has stopped a scheme. Either outcome is better than continued silence in the face of a clear statistical anomaly.

What is structuring and how does it apply to expense report fraud?

Structuring is deliberately breaking transactions into smaller amounts to stay below a threshold that would trigger additional review or approval. In internal expense controls, structuring to avoid dual-approval thresholds is a recognized fraud pattern that internal audit and compliance functions are trained to detect through analytics. The presence of legitimate receipts doesn’t disprove a structuring scheme — expenses can be real and still deliberately timed or inflated to remain below a control threshold.

What data should a finance analyst document when flagging a suspicious expense pattern?

The employee name and role, the date range of the pattern, the frequency of submissions, the consistent amount range relative to the approval threshold, and the total submitted over the period. The documentation should be factual and descriptive — not a conclusion. “Webb submitted 24 expense reports over six months, all between $430 and $498, against a $500 dual-approval threshold” is the right framing. The analyst doesn’t need to reach a fraud conclusion — the investigation function does that.

Should a finance analyst raise a suspected expense fraud concern directly with the subject’s manager?

Generally not as the first step when the subject is a senior leader or when the manager is the sole approver of the flagged transactions. In those situations, the manager may have a relationship with the subject, a conflict of interest, or limited authority to investigate. Internal audit and the compliance function are the appropriate first escalation points because they have independence from the management chain, analytical authority, and investigation capability that line managers typically don’t have.

How to Use This Scenario in Training

Recommended for finance, internal audit, accounts payable, and expense report review functions. The pattern recognition this scenario trains is transferable to any context where transactions are regularly reviewed — AP, payroll, procurement, and anywhere approval thresholds create opportunities for structuring.

This scenario demonstrates the authority rationalization combined with role minimization from the Decision Readiness Engine™ — “he’s a senior leader, and I just process reports.” Decision-ready finance employees recognize that the compliance reporting obligation is not limited to employees senior enough to challenge the subject directly — it is distributed across everyone with visibility into patterns that indicate control circumvention.

More Fraud, Waste & Abuse Scenarios