Expense Audit
June 27, 2018

What is AppZen’s Behavior Index?

Ryan Floersch

The AppZen Behavioral Index (ABI) is one of the key attributes we use to identify and assign risk to an expense report. ABI is analogous to a FICO credit score. Just as a FICO score uses previous purchasing history to determine a person’s reliability in paying back a loan with interest, the ABI gives an employee a risk score from 0 to 100 based on his or her expense reporting behaviors and trends over time.

ABI Score Ranging From 1-30 =  Model Employees

These employees follow policy the majority of the time. They might occasionally have a small violation, but nothing worth auditing as they are given the benefit of the doubt.

ABI Score Ranging From 30-70 = Employees With Pattern of Policy Violations

These employees have a track record of policy violations. While none of their violations might be considered major, they are typically not correcting their behavior over time after repeated warnings.

ABI Score Ranging From 70-100 = Employees With Extremely Bad Behavior

These employees not only have a track record of policy violations, but also violations with major risk associated to them. These could range anywhere from high dollar out of policy spend all the way up to suspected fraudulent behavior.

Why is this important? An employee’s ABI is one of the data points used in determining the actual risk level associated with an expense report during a real-time audit. Without weighing an employee expense report history, it would be difficult to distinguish between employees who make an isolated mistake from those trying to cheat the system on a repeated basis.

How it works

While certain violations are categorized as “High Risk” based on a customer’s policies and configurations at the initial expense review level, medium-risk violations are really what ABI was built to analyze. Not all medium risk expense violations should be treated the same.

For example, let’s say two employee submit the same expense report on which each violated his daily meal cap limit by $20 for the day. According to the company’s configuration, small meal limit violations should only incur medium-level risk. After initial receipt and report analysis, AppZen’s AI will assign a preliminary medium risk.

However, before assigning a final risk level, employee history will be evaluated. While both employees committed the same violation, both have different history profiles.

  • Employee 1 Behavior History
  • Has committed multiple policy violations in the last few weeks
  • ABI score of 70
  • Employee 2
  • Has only committed one small policy violation in the last few weeks
  • ABI score of 10

Employee 1 has a history of recorded bad behavior. He or she has been warned many times before but continues to violate T&E policy. Taking into account an ABI score of 70, the AppZen AI engine will assign an overall risk level of HIGH to this report letting an auditor know this employee has a track record of misconduct even though this specific policy violation itself seems inconsequential.

Employee 2 has had one minor policy violation but overall follows T&E policy to a tee. Taking into account a track record of good behavior coupled with a relatively low dollar amount policy violation, AppZen’s AI will assign a risk level of LOW to this report and increase the employee’s ABI score from 10 to 15.

How ABI is calculated?

The first step to feeding the AppZen ABI algorithm is through proper configuration. The baseline for all of our AI engine’s decision making is based on the levels of risk a company assigns to each and every potential policy violation during implementation. After these predefined violation weights are set in our system, data is fed into a model that determines the relative distribution of violations across other employees; this determine the ABI score.

For example let’s say an employee has a few beers with dinner. This same expense item might play out differently in two different company policies when it comes to ABI:

  • Company A has a zero-tolerance policy against alcohol and assigned a high-risk indicator to violations regarding alcohol during configuration.
  • Before expense report submission, ABI = 10
  • After expense report submission, ABI = 30
  • Expense report marked as “High” due to “Hisk Risk” associated at the policy violation level
  • Large ABI number jump due to major policy violation
  • Company B doesn’t allow alcohol, but views the violation as a medium risk at the configuration level. Meaning, although alcohol is allowed, it is not worth auditor review if its occurrence is infrequent.  
  • Before expense report submission, ABI = 10
  • After expense report submission, ABI = 15
  • Expense report marked as “Low” due to “Medium Risk” associated at the policy violation level and an employee track record of good behavior
  • Small ABI number jump to make sure this violation does not become a trend from the employee over time

What this example illustrates is that an employee’s ABI score is a combination of many different factors, starting at the initial policy level risk down to violation frequency and impact. High-risk violations can alter an employee's ABI score 10 to 20 points while medium risk violation typically fall within a 1 to 10 point range depending on severity. ABI can only be made available when a sufficient number of expense reports have been processed and an adequate sample size is available. For most companies, this typically takes about a month after launch.

With the help of the ABI, in-house finance professionals for the first time can audit 100% of all expense reports, in seconds -- without compromising controls, accuracy, or peace of mind.