Credit cards

Corporate credit cards were introduced into the NSW public sector in 1987 for official travel and the following year their use was extended to the purchase of goods and services. 
The Audit Office, through a series of performance reviews, has monitored compliance with the NSW Treasurer's Directions for corporate cards and purchasing cards. The Audit Office concluded in its 2005 review that the controls of credit card usage had deteriorated since its previous review in 2001.

Individuals and agencies can become complacent over time about following policies and procedures, leading to a culture of cutting corners that can be exploited. 

The improper use of official credit cards can constitute corrupt conduct as defined by the Independent Commission Against Corruption Act 1988.

Corruption risks

A risk assessment of credit cards in a public sector agency may identify some or all of these corruption risks:

  • An employee charging personal expenses to the agency credit card.
  • An employee and a client colluding to misuse an agency credit card.
  • An employee using the card's the personal identification number to withdraw cash for their own or another's benefit.
  • An employee falsifying, destroying or damaging receipts and other records.
  • One or more employees of an agency colluding for improper benefit – for example, the person allocated the credit card colluding with a financial officer whose role is to check expenditure.


Managing corruption risks

As a minimum your agency should:

  • Introduce policy and procedures for the management of credit cards.
  • Train all relevant employees in the policy and procedures.
  • Include in the policy sanctions for any breach of the policy and procedures. 
  • Review the policy every two years.
  • Include credit cards in the agency's internal audit process and corruption risk management processes.
  • Allocate credit cards only to support operational functions and efficient public expenditure (not, for example, to all managers regardless of need).
  • Establish lines of accountability for the approval of credit card usage and expenditure. 
  • Conduct regular reconciliations of expenditure records.

The following record-keeping requirements should be included in the policy:

  • Conditions for the use of the credit card, including maintaining receipts of expenditure.
  • Limitations of expenditure for each card and/or position.
  • Limitations on items that can be purchased by the credit card.
  • Nominating agencies where the credit card can be used (where applicable).
  • Listing who has been allocated a credit card; a cross reference to individual personnel records to ensure the card is returned as part of the exit process when an employee leaves the agency.
  • The purposes for which the card has been allocated and the limits of expenditure.
  • The records the card holder is required to keep regarding usage, to whom these records have to be provided and the timeframes for this provision.  
  • Maintain accurate records about who has been allocated a credit card, for what purchases and the limits of approved expenditure. 


Risk management strategies

Following your risk assessment of the use of credit cards you should consider these risk management strategies:

  • Developing protocols for the secure storage of credit cards on agency premises. 
  • Making sure that policies and procedures for the use of credit cards are consistent with related financial and personnel policies.
  • Regularly reviewing the need for the credit cards that are in use.  
  • Ensuring the usage of credit cards complies with the NSW Treasurer's Directions for Corporate Cards and Purchasing Cards.


Case studies

Case study 1: Misuse of PIN number

An agency discovered that an employee had incurred more than $20,000 worth of unauthorised transactions on his departmental credit card. The employee told the agency that he had given his former partner the personal identification number (PIN) of the card, and that she had made cash withdrawals to purchase illicit drugs.

The agency reviewed its credit card policy and decided to ban cash withdrawals (and releasing PINs), lower the limit available on cards, and conduct more frequent reconciliations of transactions.

Case study 2: Private use of credit card

A public officer made several cash withdrawals from his corporate credit card over a six month period without the written approval of the agency's finance section and in breach of the policy.  This came to a total of $15,000. The officer claimed these expenses as travel expenses and falsified travel documentation to cover his use of the funds.

The agency found that the officer's actions were premeditated and not the result of his lack of knowledge of the policy as he had initially claimed. The agency terminated the officer's employment, directed him to repay the $15,000 and reported the matter to the NSW Police.


Frequently asked questions

Who should be allocated a credit card? 

This will depend on the nature of the agency's operations, including whether employees frequently work in the field. Agencies may decide to provide credit cards only for a specific purpose, for example, overseas travel to a conference. Even then, it is recommended that limits of expenditure and the types of expenditure be imposed, for example, the credit card can only be used for accommodation and meals.

Is it better to avoid these corruption risks by not providing credit cards at all?

Credit cards do pose a corruption risk but they also provide accountability for expenditure by automatically generating an auditable record of payments made using them. Provided security is adequate, controls are in place and records are regularly checked and reconciled, credit cards can actually improve the accountability of some types of public expenditure.  

 Should my agency allow employees to use agency credit cards for personal use?

Most agencies have a policy of allowing employees 'reasonable use' of its resources such as telephone and computer use. Credit cards are an agency resource that should probably not be included in such a policy because the risk of misuse, even inadvertently, is so high.

It is important for employees to know that credit cards are issued to the position not the person. They are not a personal benefit that comes with the job but an agency resource.



  • Answering the charges – Guidelines for using corporate cards, Building Capacity series, Crime and Misconduct Commission, (Qld), August 2003
  • AS 8001-2003: Fraud and Corruption Control, Standards Australia
  • Compliance Review of the Use of Credit Cards, Auditor-General's Report to Parliament Volume Five, The Audit Office of NSW, Sydney 2005
  • Credit card use: best practice guide TPP05-1, NSW Treasury, Sydney, August 2005
  • Guide to Better Practice: Corporate Credit Cards, The Audit Office of NSW, Sydney 1997
  • Treasury Circular No. G1992/22, NSW Treasury.


Relevant websites


Legislation and policy

  • Public Sector Finance and Audit Act 1983. Section 9 sets out the provisions of the NSW Treasurer's Directions.
  • NSW Treasurer's Direction, TC05/06, NSW Treasury, Office of Financial Management205.01-205.08.
  • Appropriate controls on the use of council issued credit cards, Circular 04/04, Department of Local Government, March 2004
  • Local Government (Financial Management) Regulation 1999, clause 14.


Related topics on the ICAC website