Consider a standard expense claim: a $245 client dinner. The receipt is attached. The vendor exists, the date aligns with the employee's travel itinerary, and the itemized list—appetizers, entrees, drinks—looks completely reasonable. It sits just below the $250 threshold and requires a secondary manager sign-off. Your auditor reviews it, sees that it checks every policy box, and hits approve.
On the surface, the system worked. In reality, you just reimbursed a ghost.
The dinner never happened. The receipt wasn't scanned from a table. It was synthesized by a publicly available AI tool designed to bypass optical character recognition (OCR) and human review. It had the right logo, the right font, and the perfect tax calculation.
Such deception is no longer futuristic or science fiction. Yet, finance teams still operate with audit playbooks designed in the 2010s. They continue to check that an expense is within a specific threshold and that the correct receipt is attached.
However, fraud has become sophisticated enough to circumvent these simple checks. Teams today are up against two big challenges:
- Ever-growing expense volume that no human team can realistically verify 100% of the time
- Technology-driven fraud and waste that outdated controls weren’t built to handle
Guide employee submission and enhance fraud detection in real time with Emburse Assurance.
The true cost of fraud and waste
Expense leakage has many contributing factors, but for finance teams, it ultimately resolves into two outcomes: fraud and waste.
Fraud is intentional. It involves bad actors using AI-generated or altered receipts, deliberately miscategorizing expenses to bypass thresholds and controls or submitting duplicate expenses across categories or systems to steal funds. It is a direct attack on your financial infrastructure.
Waste is unintentional, but equally damaging. It’s the result of broken processes that generate most of the operational friction in expense operations. This may appear as inaccurate submissions resulting from employee confusion, or out-of-policy spend approved simply because the reimbursement queue needs to keep moving. It also covers invisible losses, like unclaimed VAT or missed discounts due to poor data capture.
According to the Association of Certified Fraud Examiners (ACFE), organizations lose an estimated 5% of their annual revenue to fraud—an amount that may very well be your R&D budget or expansion capital. Even more concerning is where this leakage concentrates. The same report shows that 11% of occupational fraud schemes originate directly from expense reimbursements.
However, focusing on the “fraud” aspect alone often obscures the broader “waste” reality. Why is this channel so vulnerable? Most organizations rely on trust at scale without the infrastructure to verify it. When you process thousands of expenses a month, differentiating between a typo (waste) and a tactic (fraud) becomes statistically impossible for human reviewers.
The financial impact varies by sector, but no industry is immune. ACFE reports that the median loss in the banking and finance sector is $120,000. In manufacturing, it is $267,000. Even in government, where oversight is theoretically tightest, the median loss sits at $200,000.
Every dollar lost here is a dollar that bypassed a control you thought was working.
Why “pay-and-chase” is failing finance teams
The traditional model of expense auditing is built on a “pay-and-chase” philosophy.
You reimburse the employee to keep operations moving, then you audit a sample of reports (usually 10-20%) after the fact. If you find an issue, you chase the employee down — often using valuable time and additional resources—for the money.
This model fails for three reasons:
1. The needle in the haystack problem
If you are auditing 10% of your reports, you accept a 90% blind spot. In a modern, high-volume risk environment, that exposure is untenable. But you can’t simply audit more without hiring an army of people. This constraint creates a dilemma: accept the risk of fraud or accept the skyrocketing cost of headcount.
2. The misallocation of talent
Perhaps the most damaging aspect of manual audits is what your team actually spends its time doing. ACFE research shows that 85% of rejected expense reports stem from simple policy or data entry errors.
That means that your highly skilled finance professionals spend most of their time fixing clerical noise: correcting mistyped submission details, back-and-forth on policy interpretation, and reminding employees they should have grabbed an itemized receipt from a restaurant they visited three weeks ago.
This routine can lead to “alert fatigue.” When a reviewer spends eight hours catching $10 accidental errors, they lose the mental sharpness required to spot the $5,000 intentional scheme.
3. The Control Paradox
While your team fixes data entry errors, the real money walks out the door as fraudulent expenses go unnoticed. ACFE’s Report to the Nations reveals that more than half of occupational frauds occur due to a lack of internal controls (32%) or an override of existing controls (19%).
“Control failure” isn't just about a manager ignoring a red flag. In a pay-and-chase world, failure is systemic:
- Controls are not embedded where decisions are made: The organization has never implemented a control appropriate for the current risk (e.g., no receipt validation beyond verifying that an attachment exists).
- Detection happens too late: Controls exist, but they only activate after reimbursements are made or during end-of-month reconciliation.
- Controls are bypassed for speed: Approvers rubber-stamp reports under workload pressure because they lack the context, bandwidth, and time to assess risk.
From back-office cleanup to strategic infrastructure
How do you stop a threat that you can’t see? The most critical step is to start treating audit as a mechanism for predictive control, rather than just a back-office cleanup function.
The only way to close the gap between the speed of fraud and the capabilities of finance is to introduce a layer of intelligent compliance that operates before reimbursement happens.
Emburse Expense Intelligence reframes audit and compliance as real-time infrastructure—shifting control from after-the-fact cleanup to continuous, predictive oversight across every expense. This manifests as two connected layers of defense:
Layer 1: Emburse Assurance (The automated shield)
You can’t realistically audit 100% of transactions with people, but you can with AI. Emburse Assurance acts as the first line of defense, using Emburse AI to automatically check every expense before it’s submitted. It verifies that
- The receipt is itemized
- The expense details are complete and accurate
- The receipt matches what the employee entered
- The expense follows company policy
If the employee tries to submit an incorrect expense (e.g., non-itemized receipts or missing VAT details), or if the claim amount and receipt total don’t match, the system provides immediate, in-workflow feedback, guiding them to fix the error in the moment.
Once compliant expenses are submitted, Emburse Assurance then runs a variety of checks to ensure there is no risk of fraud or unusual spend. If it identifies high-risk anomalies, it then flags the expense for expert review.
Layer 2: Emburse Audit (The expert lens)
AI reduces errors up front by guiding employees as they submit expenses, and reviews 100% of spend to catch anything that needs a closer look.
When an expense requires human judgment, Emburse Audit can assist. Our team of independent, professional auditors reviews the flags so finance teams can stay confident without adding workload.
External experts also provide a neutral layer of validation that internal teams often lack the time or distance to execute.
A continuous feedback loop
Through unified dashboards, Emburse Assurance turns audit data into targeted, actionable recommendations—showing finance leaders where to adjust policy, strengthen controls, or intervene early. Over time, this closes the loop between employee intent and auditor insight, allowing controls to adapt dynamically as risk profiles change.
The result is a unified defense system. You achieve automated coverage for speed and scale, backed by human expertise for critical judgment. The pay-and-chase model disappears, replaced by infrastructure that stops leakage at the front door rather than chasing it out the back.
The cost of inaction
The evolution of fraud continues to accelerate, and the cost of waste continues to accumulate. As generative AI becomes more accessible, the “fake receipt” scenario we highlighted earlier will become the standard, not the exception.
Sticking to the manual pay-and-chase model is a choice to remain vulnerable. It is a choice to accept material revenue leakage from fraud and waste as the cost of doing business. In an economic climate that demands efficiency, that tradeoff no longer holds.
Catching the thief is secondary. The primary goal is to build an infrastructure that is intelligent enough to prevent neither fraud nor waste from ever getting past the front door.
Now that we’ve outlined the scope of the problem, what does it look like in practice? In Part 2 of this series, we’ll break down the five biggest red flags hiding in today’s expense processes—and why traditional sampling misses them every time.
Want to learn more about fraud and compliance in the age of compliance? Sign up for our Expense Fraud Red Flags & Prevention Tactics CFOs Must Know on-demand webinar here.