Purchase Card

The Open Booking Debate

on November 12, 2013

The Beat recently published an opinion-based article entitled, The Business Reality of Open Booking that I thought presented a good opportunity for debate. The article’s author is clearly against open booking stating, “Open Booking rests upon a theoretical foundation that is distant from the real world and requires us to suspend belief in how travel distribution works if we are to adopt it.” I respectfully disagree with the author’s point that Open Bookings equate to a lack of management and control because the TMC is not in place as a preventive measure. Even in the world of Sarbanes Oxley, preventive controls aren’t always the best answer particularly when the preventive controls induce a high friction bureaucratic environment. Often detective controls provide a lower cost method to comparably reduce risk.

My favorite example is segregation of duties (SoD). The concept behind SoD is having two or more people involved in a transaction lowers fraud risk. Therefore the auditors mandated that each employee be given very strictly defined privileges in the financial software such that the same person couldn’t for example both approve a PO and payment. The net result is a highly sclerotic work environment.

But let’s take a step back, the actual issue isn’t that one person can perform both functions, it’s that the same person doesn’t perform both functions in any single transaction. To reduce the bureaucracy explain SoD principles to employees, empower them to get work done and adopt a trust but verify approach. A detective control would check each transaction and when one person violates SoD principles in any given transaction that transaction is escalated for review by a third party. Now we are both preventing fraud and enabling a flexible work force.  When you have a repeat SoD offender you can invoke the preventive controls.

The same logic applies to Open Bookings.

Patrick Taylor

Patrick Taylor is an authority in the convergence of business analytics, information security, and the implementation of technology to boost organizational performance. An innovator in his field, Patrick founded Oversight Systems in 2003 and served as President and CEO for 15 years. In this role, he helped hundreds of Fortune 1000 companies improve financial, accounting, and auditing processes. Previously, Patrick held leadership positions with Oracle, Symantec, and Internet Security Systems (ISS). Patrick has a bachelor’s degree Mechanical Engineering from Georgia Tech and an MBA from the Harvard Business School.

spend-analysis-vol3