What is AppZen’s Compliance Index?

by AppZen January 2, 2020

The AppZen Compliance Index (ACI) is one of the key attributes we use to identify and assign risk to an expense report. ACI is analogous to a FICO credit score. Just as a FICO score uses previous purchasing history to determine a person’s reliability in paying back a loan with interest, the ACI gives an employee a risk score from 0 to 100 based on his or her compliance trends over time.

ACI Score Ranging From 1-30 =  Model Employees

These employees follow policy the majority of the time. They might occasionally have a small violation, but nothing worth auditing as they are given the benefit of the doubt.

ACI Score Ranging From 30-70 = Employees With Pattern of Policy Violations

These employees have a track record of policy violations. While none of their violations might be considered major, they are typically not correcting their compliance over time after repeated warnings.

ACI Score Ranging From 70-100 = Employees With Extremely Low Compliance

These employees not only have a track record of policy violations, but also violations with major risk associated to them. These could range anywhere from high dollar out of policy spend all the way up to suspected fraud.

Why is this important? An employee’s ACI is one of the data points used in determining the actual risk level associated with an expense report during a real-time audit. Without weighing an employee expense report history, it would be difficult to distinguish between employees who make an isolated mistake from those trying to cheat the system on a repeated basis.

How it works

While certain violations are categorized as “High Risk” based on a customer’s policies and configurations at the initial expense review level, medium-risk violations are really what ACI was built to analyze. Not all medium-risk expense violations should be treated the same.

For example, let’s say two employees submit the same expense report on which each violated his daily meal cap limit by $20 for the day. According to the company’s configuration, small meal limit violations should only incur medium-level risk. After the initial receipt and report analysis, AppZen’s AI will assign a preliminary medium risk.

However, before assigning a final risk level, employee history will be evaluated. While both employees committed the same violation, both have different history profiles.

Employee 1 

  • Has committed multiple policy violations in the last few weeks
  • ACI score of 70

Employee 2

  • Has only committed one small policy violation in the last few weeks
  • ACI score of 10

Employee 1 has a history of recorded lack of compliance. He or she has been warned many times before but continues to violate T&E policy. Taking into account an ACI score of 70, the AppZen AI engine will assign an overall risk level of HIGH to this report letting an auditor know this employee has a track record of misconduct even though this specific policy violation itself seems inconsequential.

Employee 2 has had one minor policy violation but overall follows T&E policy to a tee. Taking into account a track record of excellent compliance coupled with a relatively low dollar amount policy violation, AppZen’s AI will assign a risk level of LOW to this report and increase the employee’s ACI score from 10 to 15.

How is ACI calculated?

The first step to feeding the AppZen ACI algorithm is through the proper configuration. The baseline for all of our AI engine’s decision making is based on the levels of risk a company assigns to each and every potential policy violation during implementation. After these predefined violation weights are set in our system, data is fed into a model that determines the relative distribution of violations across other employees; this determines the ACI score.

For example, let’s say an employee has a few beers with dinner. This same expense item might play out differently in two different company policies when it comes to ACI:

  • Company A has a zero-tolerance policy against alcohol and assigned a high-risk indicator to violations regarding alcohol during configuration.
  • Before expense report submission, ACI = 10
  • After expense report submission, ACI = 30
  • Expense report marked as “High” due to “High Risk” associated at the policy violation level
  • Large ACI number jump due to a major policy violation
  • Company B doesn’t allow alcohol, but views the violation as a medium risk at the configuration level. Meaning, although alcohol is allowed, it is not worth auditor review if its occurrence is infrequent.
  • Before expense report submission, ACI = 10
  • After expense report submission, ACI = 15
  • Expense report marked as “Low” due to “Medium Risk” associated at the policy violation level and an employee track record of excellent compliance
  • Small ACI number jump to make sure this violation does not become a trend from the employee overtime

What this example illustrates is that an employee’s ACI score is a combination of many different factors, starting at the initial policy-level risk down to violation frequency and impact. High-risk violations can alter an employee’s ACI score 10 to 20 points while medium risk violations typically falls within a 1 to 10 point range depending on severity. ACI can only be made available when a sufficient number of expense reports have been processed and adequate sample size is available. For most companies, this typically takes about a month after launch.

With the help of the ACI, in-house finance professionals for the first time can audit 100% of all expense reports, in seconds — without compromising controls, accuracy, or peace of mind.

AppZen