A company card does not convert personal consumption into a business expense.
Finance controller with board oversight
Per claim, monthly exceptions
Issue a written expense policy.
Expense policy and approval matrix.
The policy should apply to founders, directors and employees with stricter independent review for senior management. It should define permitted categories, limits, approval, receipts, travel class, advances and prohibited personal items.
Accounting classification and tax deductibility depend on business purpose and evidence. Personal expenses paid by the company may require recovery, payroll or director treatment rather than being left in operating cost.
Repeated founder spend can become a governance issue during audit and fundraising. The reviewer should have authority to reject or escalate claims without founder override.
| Control | What it covers | Operating rule |
|---|---|---|
| Business purpose | Expense supports company activity. | State customer, project or event. |
| Evidence | Invoice, receipt and payment are retained. | Avoid unsupported card statements. |
| Approval | Independent reviewer checks policy and tax. | Use pre-approval for high-risk items. |
| Exception | Personal or excess amount is recovered or treated correctly. | Track until closure. |
Design the policy around judgement, not only limits. A low-value personal item is still personal, while a high-value business trip can be valid with strong evidence and approval.
Monitor ageing of employee and founder advances. Old balances can hide personal use, missing documents or unrecorded compensation.
Document the decision, owner, due date and evidence expected. A verbal explanation should be converted into a board note, approved working, contract amendment, portal acknowledgement or reconciliation before the item is treated as closed.
Rules, forms, thresholds and interpretations can change. The operating team should use the latest official source and the actual company facts instead of copying a control from another entity or prior year.
Ask four questions: Is the obligation or accounting treatment applicable? Has the underlying transaction been completely recorded? Does the evidence agree with the books and portal? Has an independent reviewer challenged the exception?
The review should distinguish a timing difference from an error, a judgement from a missing document, and a control failure from a one-time operational delay. Repeated small exceptions deserve root-cause action because they often become material during audit, fundraising, notice or distress.
The operating record should connect the control stages—business purpose, evidence, approval, exception—to the same transaction population. If the source list, accounting ledger, tax return, board record and management dashboard use different populations, the review can appear complete while exceptions remain outside the test.
Management should define an exception threshold, but the threshold must not hide repeated failures. A small error occurring every month can signal weak master data, unclear ownership or a broken interface. The reviewer should record root cause, immediate correction and preventive action separately.
Closure requires evidence. At minimum, the file should show who prepared the work, who reviewed it, which source documents were used, what differences remained and when the next follow-up is due. Screenshots without context or spreadsheets without source references are not a durable control record.
Conflicts and judgement should be visible before approval. A founder, director or business owner with a personal interest should disclose it and follow the appropriate review route rather than approve the transaction informally.
Diligence quality improves when records are maintained during ordinary operations. Reconstructed minutes, unsigned contracts and after-the-fact explanations may answer a question temporarily but weaken trust and can create separate legal risk.