Our AP department is looking for the best practices on cyber security and what is acceptable documentation for employee meals?


Regarding cyber security, what exactly is your concern? In what area of your operations are you concerned? To begin with, we imagine you have certain system controls in place that limit access to appropriate people, i.e., your individual AP user logons. But do you have policies and practices to ensure that the access limits work? For example, do AP staffers log out before leaving their work stations for a break or lunch?  You don’t want to leave your access open and available to anyone else that might happen by (or might be watching you for an opportunity). Are your computer screens in AP set to “time out” after a period of inactivity, as a back up, so that if you are away but did not log out, the screen will lock up automatically?  These are fundamental steps you want to have in place.

You also want to take care with things like email. For example, don’t open email attachments unless you are certain what they are and whom they are from; and be wary of emails that don’t look or “feel” right. See this article about some recent scams.  Your IT department can offer more security guidelines. Higher level system security from hackers, etc., is generally the responsibility of the IT department.

Regarding documentation of meals, do you use per diem or reimburse based on an accountable plan?  For information on an accountable plan, see How to Prove Certain Business Expenses and IRS Publication 463. Under an accountable plan, the employee must document the expense—this is typically done by submitting a receipt. The IRS only requires receipts for expenses totaling $75 or more, though most companies use a much lower threshold—either $25 or $0 (i.e. they want all receipts turned in for all reimbursements claimed).

Have more questions? Submit a request