A WaveRunner personal watercraft, a Phillips wide-screen high-density TV, a Makita power generator, a Bunn frozen drink system -- those are just a few of the 3,800 items that a university employee is accused of charging to her state-issued purchasing card, according to this article from The Atlanta Journal-Constitution.

The alleged $316,000 spending spree lasted a jaw-dropping five years and only ended when a tipster contacted the university's internal audit department.

I'm indebted for this story to a new report from JPMorgan, which points out that while such cases are rare, they're enough to cause any treasurer or p-card program administrator to "pause and question."

JPMorgan surveyed dozens of its own customers to identify best practices for building and maintaining a solid purchasing card program and came up with the following:

1. Secure senior management support while involving key players. Senior leaders have a key role in setting and enforcing card policies and procedures. In addition, program managers should work with their peers in finance, procurement, HR, and other departments to drive compliance.

2. Establish checks and balances. Segregation of duties for request, authorization, and execution is critical. At agricultural giant Monsanto Co., key responsibilities are divided between the program manager and an audit executive, who meet every other week to review potential violations.

3. Establish consistent policies across the organization. All cardholders should be covered by the same set of rules. When a company makes a new acquisition, it's a good idea to establish a companywide policy quickly so that rules can be enforced without confusion.

4. Mandate training for cardholders and card managers before a card is issued. Best-in-class companies train early and often. At George Washington University, for example, card applicants must participate in a one-hour class before they receive their card.

5. Establish protective controls up front. These might include, for instance, cardholder transaction limits, monthly spending limits, and blocks on unauthorized merchant category codes (MCCs).

6. Use technology to streamline back-end auditing. Tools that analyze card program data can identify indicators of potential problems, such as unusual increases in the cardholder's average spend, purchase amounts within 1 percent to 3 percent below purchase limits, and purchases from unauthorized suppliers.

7. Audit beyond the traditional. The University of North Texas audits transactions made in the evening or on weekends as well as purchases that are shipped to the cardholder's home. Some audit controls are unique to particular industries; for example, many health-care companies audit their spend to ensure that it's compliant with government pharmaceutical regulations.

8. Foster positive relationships with cardholders. It can't all be investigation and confrontation; you have to create an atmosphere in which cardholders feel comfortable reaching out with questions and concerns. One major U.S. airline takes a "three strikes and you're out" approach, working through the issues with the cardholder for the first two violations, but denying card privileges after a third.

9. Conduct periodic peer reviews before official audits occur. Program administrators can perform relatively informal audits and mini-reviews of cardholder and record-documentation in addition to internal audit's periodic audits.

10. Network to gain new ideas. Conferences and networking can help p-card professionals understand best practices and improve their organization's processes.

Download a copy of JPMorgan's "Purchasing Card Auditing and Compliance Strategies" here (requires free registration).