Do these apply to a 20-person startup?

Most do. You can skip #4 (locked cards) until you have a corporate card programme, and #8 (sampling) becomes 100% review at small scale. The single most important rule for early-stage teams is #6 (SLAs) and #9 (non-reimbursable list) because they prevent founder-employee disputes that scale poorly.

Where do I see real numbers?

The State of Expense 2025 report at /state-of-expense-2025 has benchmarks for each best practice across the US, MX, CO, and BR — cycle times, approval rates, audit-finding rates, and the median spend per category by industry.

What if my CFO insists on the long-form policy?

Keep it. Make a one-page summary that links to the long-form. The summary is what employees read; the long-form is what auditors read. Both can coexist if version-controlled in the same document.

How often should we re-audit our own policy?

Quarterly review of the threshold table for inflation/headcount changes; annual review of the structural sections (categories, approval flow, exception process). LATAM teams should add a semi-annual review of the fiscal-document references because tax authority guidance updates more frequently than US IRS guidance.

Which of the 12 has the highest ROI to fix first?

For US-only teams, #2 (approval thresholds) — disputes drop ~40% in the first quarter. For LATAM teams, #5 (fiscal documentation thresholds) — annual deduction recovery typically pays for the policy refresh project ten times over in the first year.

What's the most common mistake in an expense policy?

Replacing concrete caps with the phrase 'use good judgment'. Vague language is the single biggest driver of dispute volume; replace with explicit per-category dollar thresholds.

How do I reduce expense disputes?

Publish numeric caps per category, commit to a reimbursement SLA, embed the relevant clause inline at submission, and have a single named exception path. These four moves close 80%+ of disputes.

What's a healthy policy violation rate?

3-7% of submitted expenses, with most violations being minor over-cap items. Above 10% the policy itself is probably mis-calibrated; below 1% it is probably under-enforced.

Expense Policy Best Practices (2025)

What separates an expense policy that gets read from one that collects dust? After interviewing 100+ finance leaders, the same 12 patterns keep showing up. This is the reference list — short, opinionated, and built for 2025.

Why these 12 — and why now

Expense policies failed audits at a 38% rate in 2024 (GBTA), and the most common root cause is structural, not behavioural: vague language, missing thresholds, no SLAs. Each rule below maps to one of those structural failure modes. The numbers come from finance interviews and from Clara Intelligence's anonymised platform data across 1,200+ teams in the US, Mexico, Colombia, Brazil, and Argentina. Read it once, mark the gaps in your current policy, then run /expense-policy-template to generate a baseline you can edit on top of.

1. One page or it doesn't exist

If your expense policy is over 12 pages, employees will not read it. Strip the legal hedging into an appendix and put the rules — limits, deadlines, who-approves-what — on a single page. The single page should answer five questions in under 60 seconds: how much can I spend, what proof do I need, who approves, when am I paid, and what happens if I break the rules. Everything else (definitions, escalation paths, exception process, jurisdictional notes) belongs in linked appendices. Teams that adopt the one-page format see 47% fewer policy-related help-desk tickets in the first quarter, because employees can self-serve answers without DM-ing finance. The policy itself does not get shorter — the surface employees touch does.

2. Approval thresholds beat manager judgment

Define exact dollar limits per role. 'Use good judgment' creates more disputes than it prevents because it asks every manager to invent the same policy from scratch. A modern threshold table has four tiers — IC ($250), team lead ($1,000), director ($5,000), VP+ (above) — keyed to expense category, not just amount. Publish a table employees can scan in five seconds. Couple the thresholds to a published exception path: who can approve a one-off above the cap, in what timeframe, and what record is kept. Without an exception path, every edge case becomes a precedent and the threshold erodes silently within two quarters.

3. Per-diems > actuals (mostly)

Per-diems remove receipt friction and make spend predictable. For lodging, actuals usually make sense because city-tier variance is high and lodging is the largest line item; for meals and incidentals, per-diems win because the admin overhead of receipt-collecting tiny amounts costs more than the spend itself. The reference table to start from is GSA's domestic per-diems for the US, the SAT's viáticos table for Mexico, and Receita Federal's diárias bands for Brazil. Adjust by 10-15% upward for tier-1 cities (CDMX, São Paulo, NYC) and downward for tier-3. Publish the table inline in the policy with a stated review cadence — annual is the floor; semi-annual is better for inflationary economies.

4. Lock the corporate card

Modern card platforms (Clara, Brex, Ramp, Mercury, Conta Simples) let you lock cards by MCC code and category at issuance. Use it. Block adult-content (MCC 5967), gambling (7995), cash-advance (6010-6011), and any MCC outside your published category list. The point is not to catch fraud after the fact — it is to make the unauthorised transaction fail at the merchant terminal, so it never enters your reconciliation queue at all. Card-program controls reduce out-of-policy spend by 60-72% on average vs reimbursement-only programmes, because the policy is enforced by the rails, not by a human reviewer at month-end.

5. Receipt threshold ≠ documentation threshold

In LATAM, fiscal documentation (CFDI 4.0 in Mexico, factura electrónica DIAN in Colombia, NF-e/NFC-e/NFS-e in Brazil) is legally required for the company to deduct the expense, regardless of amount. You can absolutely waive employee-facing receipts under, say, $25 USD — but the underlying CFDI/factura/NF-e still needs to exist and be archived (5 years in MX/CO, 5 years in BR). This is the most common LATAM-specific failure: companies copy a US policy that says 'no receipt under $25', employees stop requesting CFDIs, and the company loses the deduction at year-end. The fix is two distinct thresholds in the policy: receipt-from-employee threshold (UX-driven) and fiscal-document threshold (always zero in LATAM).

6. SLAs are how policy becomes real

A 48-hour approval SLA, a 5-business-day submission SLA, a 30-day reimbursement SLA. Without these numbers, the document is aspirational. Track SLA breaches the same way you track any operational SLA: weekly dashboard, owner per breach, root-cause if a manager misses three approvals in a quarter. Reimbursement SLA is the one employees feel most — a 30-day SLA breached three times in a year correlates with a 19-point drop in eNPS for employees who travel monthly. Setting the number publicly also creates a cap on how bad it can get; without the number, the worst case is unbounded.

7. Tag every expense with a project/cost-center

Untagged expenses become 'miscellaneous' and miscellaneous becomes a black hole that obscures budget overruns until the close. Make project/cost-center mandatory at submission, not optional. The tagging field belongs at the moment of capture — phone receipt scan, card swipe, reimbursement request — not at month-end review. Modern platforms can suggest the tag from merchant + employee history with 85%+ accuracy, so the marginal cost to the employee is zero clicks 85% of the time. Untagged spend is also the leading cause of failed budget-vs-actual reporting, which is the single most-requested report type from CFOs in our survey.

8. Sample-audit instead of full-audit

Auditing 5% randomly each month catches more fraud than a 100% audit done quarterly, because the random selection (a) is statistically valid for any population over ~200 transactions, (b) preserves a credible deterrent at low cost, and (c) provides ongoing signal rather than a quarterly fire-drill. Document the sampling method in the policy itself — random number seed source, sample frame definition, escalation path on a finding. The methodology is more important than the rate: 5% sampled diligently beats 25% sampled inconsistently. Pair the sample with a 100% deterministic check on three high-risk categories: client entertainment, cash advances, and any expense above the VP-tier threshold.

9. Publish the non-reimbursable list

List the 8-12 things you won't reimburse explicitly. Vague 'inappropriate purchases' invites argument and creates friction at exactly the wrong moment — after the employee has already paid out-of-pocket. The canonical list to start from: alcohol (or with caps), traffic fines, personal entertainment, in-room movies, spa, laundry over X days, gifts to government officials, lobbying, charitable donations on personal cards, expenses without business purpose. Add or remove based on industry. Make the list a section heading in the policy, not a footnote, so employees scan it before submitting.

10. Localize the policy, don't translate it

ES and PT policies aren't EN policies translated. They reference CFDI/DIAN/Receita Federal directly, the deduction rules differ (IRRF in Brazil for certain reimbursements, IVA recovery in Mexico for travel), and the cultural defaults differ (cash advances are common in Argentina; virtually unused in the US). A translated EN policy is a tell that finance hasn't done the LATAM compliance work — and it's the single most common reason a multi-country policy fails its first regional audit. Use the country-specific templates at /politica-de-gastos-mexico, /politica-de-gastos-colombia, and /politica-de-despesas-brasil as starting points, not the EN template run through a translator.

11. Annual review with a date

The policy needs a 'next review' date in the document. If it's older than 12 months, it's not enforceable in spirit and increasingly not enforceable in law (LGPD in Brazil and several state-level laws in Mexico require periodic review of any policy that handles employee data, which an expense policy does). Set the next-review date as a calendar reminder owned by finance, not legal — finance is the one with the operational signal on what's broken. The annual review is the moment to recalibrate per-diems for inflation, refresh the threshold table for new headcount, and prune categories that no longer apply.

12. One expense system, one source of truth

Pick one platform for cards + reimbursement + approvals. Spreadsheet workflows kill audit trails because they have no version history that an auditor will accept. The choice itself matters less than the consolidation: any of Clara, Brex, Ramp, Mercury, Navan, Conta Simples will pass a Big-4 audit if used as the single source. The number to watch is 'percentage of expense activity captured in the canonical platform' — anything below 95% means you have a parallel shadow workflow that will eventually surface as an audit finding.

Putting it together

Score yourself: of these 12, how many can you point to a paragraph in your current policy that implements? Most teams land at 5-7 in our intake interviews; the gap to 12 is usually the policy refresh. Run the auditor at /auditor-de-politica (PT/ES) or use the policy generator at /expense-policy-template to draft a replacement. The compounding ROI from closing the last 3-4 gaps — usually #5 (LATAM fiscal docs), #8 (sampling), and #11 (annual review date) — is the largest, because those are the three that actually move audit outcomes.

FAQ

Do these apply to a 20-person startup?: Most do. You can skip #4 (locked cards) until you have a corporate card programme, and #8 (sampling) becomes 100% review at small scale. The single most important rule for early-stage teams is #6 (SLAs) and #9 (non-reimbursable list) because they prevent founder-employee disputes that scale poorly.
Where do I see real numbers?: The State of Expense 2025 report at /state-of-expense-2025 has benchmarks for each best practice across the US, MX, CO, and BR — cycle times, approval rates, audit-finding rates, and the median spend per category by industry.
What if my CFO insists on the long-form policy?: Keep it. Make a one-page summary that links to the long-form. The summary is what employees read; the long-form is what auditors read. Both can coexist if version-controlled in the same document.
How often should we re-audit our own policy?: Quarterly review of the threshold table for inflation/headcount changes; annual review of the structural sections (categories, approval flow, exception process). LATAM teams should add a semi-annual review of the fiscal-document references because tax authority guidance updates more frequently than US IRS guidance.
Which of the 12 has the highest ROI to fix first?: For US-only teams, #2 (approval thresholds) — disputes drop ~40% in the first quarter. For LATAM teams, #5 (fiscal documentation thresholds) — annual deduction recovery typically pays for the policy refresh project ten times over in the first year.

Why this expense-policy library exists

Every page on this site is built from the same opinionated framework: an explicit per-category cap, a named approver chain, a documented exception path, and a review cadence anchored to the controller's close calendar. We publish the framework openly so finance leaders, controllers, and operations teams can adopt it without a vendor lock-in or a six-figure consulting engagement. The expense-policy generator turns the framework into a finished document in three languages, with country-specific tax compliance baked in from the first draft.

Behind every URL is a typed registry — landing pages, glossary entries, calculators, country pillars, and learning hubs are all generated from the same data layer that powers the policy generator itself. That means the per-diem rate you see in the calculator, the GSA-aligned mileage benchmark in the rates table, and the threshold language in the generated PDF are all sourced from one canonical place and refreshed on the same cadence. There is no drift between what we write here and what the generator produces.

Trust signals are non-negotiable: every editorial page lists the reviewer, the review date, and the underlying source — IRS publication, HMRC manual, SAT criterio, Receita Federal IN, or peer-reviewed research. When a regulator updates a per-diem schedule, the change propagates to the calculator, the country pillar, the glossary entry, and the policy template in the same release. That is the bar we hold ourselves to, and the reason controllers across the US, UK, Mexico, Brazil, and the broader LATAM region rely on this library when they re-issue their expense policy each fiscal year.

The editorial program is organized into four parallel surfaces. The industry vertical (SaaS, FinTech, Manufacturing, Retail, Hospitality, Agency, Healthcare, Nonprofit) gives every reader a starting template tuned to the cost categories, regulators, and audit findings that dominate their sector. The country pillar (United States, United Kingdom, Mexico, Brazil, Colombia, Argentina, Chile, Peru, Spain, and Portugal) layers on the local tax-compliance overlay — CFDI, NF-e, DIAN, AFIP, SII, IRS Form 8027, HMRC P11D — so the generated policy is enforceable in every jurisdiction where you operate. The persona track (CFO, controller, finance manager, head of operations, founder) reframes the same building blocks around the buyer's specific quarterly priorities. Finally, the calculator suite (per-diem, mileage, VAT-recovery, T&E benchmark, carbon, tax-id validator) gives finance teams the specific numerical inputs they need to set thresholds, justify caps, and back-test the policy against actual spend before it ships.

Cross-linking between these surfaces is deliberate, not accidental. A SaaS reader landing on the industry page is one click from the country overlay that matches their primary entity, the calculator that backs the per-diem cap they are about to commit to in writing, and the glossary entry that defines whatever IRS or SAT term they have not seen before. We measure the ratio of internal links per page weekly and refuse to publish a new landing without at least four anchors into the topical hubs. That single discipline is why a CFO can land on any page in this library and reach the policy generator in under three clicks — no matter which surface their search engine routed them through.