Controls / Expenses

Expense Reimbursements: Policy and Tax Evidence

CA Nikhil Gupta·June 2026·3 min readControls / Expenses

A reimbursement is not valid merely because money was spent. The company needs business purpose, authority and documentary evidence.

Quick View

Owner

Finance controller and HR

Cadence

Per claim, monthly exception review

First control

Issue one expense policy.

Core evidence

Expense policy and limits.

Why It Matters

The policy should define eligible expenses, limits, required documents, travel rules, approval hierarchy, submission deadline and treatment of advances.

Founders and senior management require independent review. Personal costs, family extensions, fines and unsupported items should not be hidden within operating expenses.

GST input tax credit, TDS, payroll benefit and income-tax deductibility can differ. Finance should classify the transaction before reimbursing.

Control Framework

ControlWhat it coversOperating rule
PurposeBusiness link and beneficiary are identified.Require project or meeting details.
EvidenceInvoice, receipt and payment are retained.Card statement alone is insufficient.
ApprovalIndependent authorised reviewer confirms policy.Avoid self-approval.
AccountingExpense, advance, tax and recovery are recorded correctly.Age open advances.

Action Checklist

  1. Issue one expense policy.
  2. Use digital claim forms.
  3. Require business purpose and receipt.
  4. Route founder claims independently.
  5. Review tax before payment.
  6. Recover personal or excess amounts promptly.

Practical Example

A founder adds a family hotel stay to a customer trip. Finance should split the invoice, reimburse only the business portion and record recovery rather than treating the entire bill as travel.

Evidence to Keep

  • Expense policy and limits.
  • Claim form and approval.
  • Invoice and payment evidence.
  • Travel or meeting support.
  • Tax classification working.
  • Advance and recovery reconciliation.

Warning Signs

  • Approving one’s own claim.
  • Using vague descriptions such as business meeting.
  • Accepting altered receipts.
  • Leaving advances open for months.
  • Claiming personal GST as business credit.

Management Decision

Publish exception data by category and claimant. Repeated issues show whether policy, training or management tone is weak.

Use pre-approval for high-value travel, events and unusual spend so finance is not forced to resolve policy after the money is spent.

Record the decision, owner, due date and evidence expected. A verbal explanation should become an approved working, board note, contract amendment, statutory filing or reconciliation before the item is treated as closed.

Rules, forms, thresholds and procedures can change. Use the latest official source and the actual company facts rather than copying a prior-year control or another entity’s legal position.

Exception Review

Classify every exception as a timing difference, data error, missing document, legal non-compliance, control-design gap or control-operating failure. This prevents management from treating fundamentally different problems as one ageing list.

The exception file should show amount or exposure, root cause, immediate correction, preventive action, owner and board-escalation threshold. Repeated low-value issues can become material when they reveal weak systems or management override.

Close the item only after the evidence agrees across source documents, books, portal data and management reporting. A screenshot or email promise is not equivalent to a completed filing, lender waiver, signed contract or reconciled ledger.

Board Escalation

The control should operate across the full transaction population, not only the samples management expects a reviewer to inspect. For this topic, the key stages are purpose, evidence, approval, accounting. Each stage should identify the source system, preparer, reviewer, deadline and evidence retained.

A useful management review asks whether the legal document, accounting entry, bank movement, tax treatment and public filing describe the same event. Differences may be valid, but they should be reconciled through a dated working rather than explained from memory during audit or diligence.

Materiality should determine escalation, not whether the company keeps a record. Repeated small exceptions can show weak master data, unclear authority, system bypass or management override. Root cause and preventive action should therefore be documented separately from the immediate correction.

Control evidence should show operation, not merely design. A policy document proves what management intended; a reconciliation, access review, approval log or exception report proves whether the control actually worked during the period.

Manual journals, spreadsheet uploads, administrator access and post-close changes deserve additional scrutiny because they can bypass automated workflows. The reviewer should assess both the entry and the reason normal processing was not used.

Frequently Asked Questions

Is a card statement enough? â–¼
No. It shows payment but not business purpose or tax details.
Can founders have different limits? â–¼
The board may approve appropriate rules, but independent review and disclosure remain important.
What if a receipt is lost? â–¼
Use a documented exception with stronger evidence; repeated losses should not become normal.
How are advances closed? â–¼
Through supported claims and return or recovery of the balance.