Evaluate policies by using Audit workbench cases


Expense policies block submission and/or approval of expense reports. Audit policies look at reports that are already complete and determine whether they meet specific criteria or cases that a company wants to monitor.

Set up audit policies

You can set up audit policies for expenses as you would set up expense management policies. The key difference between these two types of policies is when they're evaluated.

The system will evaluate expense management policies before you can allow submission or approval of an expense report. Contrarily, the system evaluates audit policies for expense reports that have already been completed. The audit policies can also flag violations that apply to sets of expense reports based on date ranges, employees, or other criteria.

To set up audit policies, go to Audit workbench > Setup > Policies > Expense report.

When you create a new policy, make sure that you define organizations to which the rule applies and the policy rules. You can define the details of an audit policy by selecting the policy name.

The Details page for defining an audit policy shows the Name and Description, a set of selected organizations that the audit policy will run against, and one or more policy rules.

Audit policy rule types

Each rule type uses the order of precedence that you specify on the Policy rule parameters tab of the Parameters page. To set up order of precedence for audit rules, go to Audit workbench > Audit policies > Parameters in the Audit policies page.

The policy rule types aren't predefined. You'll build the rule types based on predefined queries and criteria that's specified for the query. To create policy rule types for audit rules, go to Audit workbench > Setup > Policy rule type.

The following table describes how you can use each policy rule type column to define a rule type.

Grid column Permitted values What does the value do?
Rule name Name of the policy; it can be up to 100 characters You can name the policy rules however you want.
Description Up to 500 characters of descriptive text You can include a description of the policy rule in user-friendly terms.
Query name Any predefined query whose name begins with AuditPolicy The query defines the data that is reviewed as part of an audit. The query must be created and stored as part of the code base. You can't create new queries from the user interface.
Document type Read only – primary table that's used by the query that you select This type of document is one that the policy audits. It's the friendly name for a table that's used in the query.
Query type One of the following types: Conditional, Aggregate, Sampling, Duplicate, List search, or Keyword search The next lesson describes how each query type works in detail when you're evaluating expense reports against this policy rule.
Legal entity Column of the table that's specified in the document type that indicates the company for which the expense report is associated Some tables use a column that represents the company ID (a character string), while others use a column that represents a legal entity (generally, a numeric record ID).
Document date Column in the primary table that contains a date or date/time value Values in this column are used by the date range criteria that's specified when a batch is created to evaluate a set of expense reports or when an audit policy rule type is tested.

Query types

The following sections describe the query types that you can use for audit policy rule types.


A Conditional query type doesn't add criteria to the query over and above what you have specified as a filter for the Audit policy rule.


The Aggregate query type includes Group by and Having clauses in the query. For example, you want to encourage employees to pursue their careers and pass professional certification exams. However, you want to limit the amount for which you'll reimburse an employee in a year.

The rule that's defined in the following screenshot doesn't trigger a violation unless an audited employee spends more than USD 1,000 in a year for professional certification exams.


Sampling queries are useful when you want to examine a random set of documents based on the number of documents that match the audit rule type criteria and a sampling percentage value that you specify.

You can apply a criterion to any column of an expense line to cause the line to be selected for audit. In the following example, 50 percent of expense lines for which the transaction amount is > 1,000 will be selected for review.


Duplicate queries look for repeat expense lines that occur within a specified number of days. You can specify the number of days prior to the start date to include in the audit when you're looking for duplicates. Specifying zero (0) for additional days will cause the audit to look only at expense lines within the date range of the batch.

Use the List search when you want to audit employees that you've specified in a list.

The keyword search is flexible. You can search any number of columns of available data and include an unlimited number of search words.

When you add an audit policy rule type to an audit policy, you need to specify the following criteria, regardless of the query type:

  • Effective date and Expiration date – These dates can limit the records that are searched within the batch. For example, the rule might specify a blocked period for travel for a particular month. You should enter the blocked month start and end dates in this field.
  • Filter – Specify filter values that are allowed for the document (expense report or expense line) that's being audited.

Test an audit policy rule

You can test a rule against a set of expense reports or expense lines within specified start and end dates.

  1. When you enter criteria, select the Test button.

  2. Enter the date range and select Run test.

Evaluate a policy rule

To evaluate a policy rule, create a batch that specifies a date range of documents to review. Submit the batch by using the Additional options menu item on the Audit policies or Audit policy details page.

When you create a batch, the system expects that you won't leave gaps between batches that were already created and the new batch. If you leave a gap, several expense reports won't be evaluated.

You shouldn't overlap dates with another batch because it will double-count the expense reports that occur within the overlap of the date ranges. The system will display a warning when you change the batch dates, but the system doesn't try to correct dates that you specify.

To improve performance, you can run the tasks for evaluating the expense reports as bundles. The default bundle size is 1,000. If you experience performance issues, change the bundle size. Smaller bundles use more concurrent processing threads than larger bundles and will cause bundle evaluation to complete faster.

When you submit a batch, all expense reports that meet the specified date range will be evaluated against all rule types that are defined in the audit policy rule. The results for each policy rule type within the audit policy will create an audit case.

Audit cases

An audit case stores the results of expense report evaluations. Each expense report that matches the audit policy rule type criteria is linked to the case by using an association. The case is assigned to the employee that creates the case batch. This employee investigates each expense report that's associated with the case to investigate policy violations.

The case collects expense reports or lines that have a violation if the case is active. For example, it can show an expense report that violates a USD 1,000 per year mileage reimbursement. An association will be made with the worker and with the actual expense report.

Group cases

To lessen the number of cases that the system creates, you can group cases together based on an audit policy rule or a set of attributes. For example, you might want to create a case for each employee with all matching expense reports for the employee.


The criteria that's available for matching is based on the document type that the policy rule type is evaluating.