Control and Compliance Features Your Expense Reporting Software Must Have

Good expense reporting software will provide more transparency into your expense policy and make compliance easier. 

With internal controls, employees are guided through only submitting in-policy expense reports. Admins can focus on approving in-policy expenses, and individually addressing exceptions to the rules as they arise. And your company can protect itself against theft, misappropriation of funds, and a major audit. 

Here are some of the compliance and controls features to look for. You can find a full list of the features and functionality your expense reporting software should have in our free guide

Functionality: Expense Policy Compliance and Internal Controls

Communication Tools

The majority of issues causing expenses to be red flagged or rejected are often cleared up with a simple question or additional information. Use a solution that makes communication more efficient — and, ideally, ties each communication to the expense it relates to. 

Look for:

  • Chat
  • Commenting
  • In-mail

Notifications can also make it easy for admins to know when a compliant expense report has been submitted — and automatically flag out-of-policy expenses for employees. 

Automated Policy Rules

The ability to automate controls is another benefit of using software to manage expenses. A solution’s system-triggered rules allow you to catch issues before expenses are even submitted and sets up card issuing without a hitch. 

Look for policy rules that boost compliance by automating your expense policy to prevent or warn of out-of-policy expenses before they’re submitted. Some common rules to consider setting include:

  • Requiring a receipt
  • Requiring the submitter lists the related project
  • Setting expense limits based on categories, spend thresholds, billable status, etc

Expense Categorization Unique to your General Ledger

A solution that syncs with your accounting systems can pull in accounting lists for use during expense categorization and coding. 

Look for the ability to auto-categorize expenses based on your company General Ledger (GL), not default consumer codes. Expense categories can map to a GL account based on the merchant, amount, and previous categorization behavior, for example. 

This ensures control over the accuracy of your line item data on export to your accounting system. Added bonus: It also saves you time.


Generally, there is a lack of transparency between companies and employees around policies for business spend and reimbursements. Even if a company provides their team with a written expense policy, it is often not immediately accessible as an expense is being incurred. 

An expense management tool is a bridge between your finance team and employees. It provides you with a place to store your written expense policy, while automating control with pre-set rules, and provides a central place for communication about specific expenses. It removes hurdles while increasing control and transparency.

Find Your Expense Reporting Software

Our how-to guide walks you through the process of finding the right solution for your business. It includes: 

  • ROI calculations for your next solution
  • Features to look for
  • An interactive evaluation toolkit

Download the buyer’s guide to expense reporting software.

Tallie’s Plan for GDPR Compliance

We’re committed to partnering with our customers and users to help them understand and prepare for the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades and will go into effect on May 25, 2018.

Besides strengthening and standardizing user data privacy across the EU nations, the GDPR will require new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located. On this page, we’ll explain our methods and plans to achieve GDPR compliance, both for ourselves and for our customers.

Organizations established in the EU and processing personal data of EU-based individuals will, in almost all cases, be required to comply with the GDPR by May 25, 2018. The GDPR updates and harmonizes the framework for processing personal data in the European Union, and brings with it new obligations for organizations and new rights for individuals. Many organizations, large and small, are now preparing for the new regulation. Here at Certify, Inc., we are committed to achieving GDPR compliance for the Certify, Nexonia, and Tallie brands.

Preparing for the GDPR
The GDPR’s updated requirements are significant. Here at Certify, Inc., we have partnered with TrustArc to assist in our compliance efforts. Measures to achieve this include:

  • Assessing our current level of compliance, then identifying and prioritizing those tasks needed to update our privacy policies, procedures, and practices to achieve compliance.
  • Conducting an inventory of customer and employee data flows, data sharing relationships, practices and procedures across the Certify, Nexonia and Tallie products. This will result in the creation of a DataInventory which we will maintain.
  • Making sure we have the appropriate contractual terms in place.
  • Ensuring we can continue to support international data transfers by maintaining our Privacy Shield certifications, and by executing Standard Contractual Clauses through our updated Data Protection Addendum.

In addition to these specific objectives, we’ll also continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies, and will adjust our plans accordingly if it changes.

What is a Data Protection Addendum (“DPA”)?
Certify, Inc. will be offering customers and prospects a robust Data Protection Addendum (“DPA”), which governs the relationship between the customer (acting as a data controller) and Certify, Inc. (acting as a data processor). The DPA facilitates our customers’ compliance with their obligations under EU data protection law. Our DPA is a key requirement for compliance with the GDPR. Our DPA contains data transfer frameworks to ensure that our customers can lawfully transfer personal data to Certify, Nexonia and Tallie, which are systems that are hosted outside of the European Union. Such data transfers require the foundation of one of three mechanisms: our Binding Corporate Rules, our Privacy Shield Certification, or Standard Contractual Clauses.

Our Security Infrastructure and Certifications
Data Security: The Certify, Nexonia and Tallie products provide our customers’ compliance with high-security standards, such as strong encryption of data, auditing standards (PCI DSS, SOC 2, Privacy Shield), regular vulnerability scanning and penetration testing, and regular review of our security policies and procedures. We make security and compliance documents available to current customers and sales prospects through our own Mutual-NDA Security Documents Portal. The GDPR Data Processing Agreement will become available as a contract addendum, and our current plan is to require all customers and prospects to agree to our DPA. We may also offer a simple waiver that customers without EU relationships can sign instead of our DPA.

We are excited to deliver on GDPR requirements because we believe it is a large step forward for all customers and users, whether residing in the EU or elsewhere. As always, please feel free to contact your Account Manager or Support team with any questions or concerns you may have. Thank you for using our products and entrusting us with your employees’ data. Rest assured that we do not take that privilege lightly, and we will do everything in our power to continue to earn your trust!