DOT Needs To Enhance Oversight of Its Purchase Card Program To Mitigate Internal Control Weaknesses
Background: According to U.S. Bank, Department of Transportation (DOT) employees made more than 327,000 purchase card transactions—totaling $223.7 million—from October 2016 through March 2018. In 2013, we reported several internal control weaknesses in the Department’s purchase card program, such as lack of prior approval or funding certification for purchases; use of cards by individuals other than cardholders; split purchases to circumvent single purchase limits; payments of incorrect amounts; and purchases of items not included in purchase requests. In addition, our annual charge card risk assessments disclosed areas that constitute risk to the Department’s charge card program such as purchase cardholders (PCH) not meeting training requirements and using their DOT-issued purchase cards to commit acts of fraud. As a result, we determined that another audit of this program was needed. Our objectives were to (1) test existing controls to determine if they provide reasonable assurance that improper purchases are prevented or detected in the normal course of business and (2) evaluate DOT’s policies and procedures for oversight of its purchase card program. We looked at purchase card program policies and procedures and supporting documentation for purchases.
Recommendations: We made 13 recommendations to assist DOT in improving its oversight of the purchase card program and increasing the effectiveness of its internal controls. DOT fully concurred with 10 recommendations and partially concurred with 3.
DISASTER RESPONSE: Agencies Should Assess Contracting Workforce Needs and Purchase Card Fraud Risk
Background: GAO selected six agencies based on contract obligations for 2017 and 2018 disasters; analyzed federal procurement and agency data; reviewed agencies’ policies on workforce planning, purchase card use, and fraud risk; and analyzed purchase card data. FEMA was not included in the examination of workforce planning due to prior GAO work.
Recommendations: GAO is making 12 recommendations, including to three agencies to assess disaster response contracting needs in workforce planning, and to five agencies to assess fraud risk for purchase card use in support of disaster response.
Controls Over the SEC’s Travel Charge Card Program Could Be Strengthened To More Fully Comply With Requirements and Maximize Benefits
Background: An audit was conducted to assess the SEC’s controls over its travel charge card program
during FY 2018 and FY 2019 Q1-2, and to determine whether the agency complied with applicable laws, regulations, policies, and procedures.
Recommendation: 15 recommendations were made, including that the SEC update out-of-date or conflicting policies, increase outreach efforts to make travelers and authorizing officials aware of their responsibilities and obligations, and consider cost savings opportunities. Management concurred with the recommendations, which will be closed upon completion and verification of corrective action.
U.S. Department of Housing and Urban Development, Washington, DC - Government Purchase Cards
Background: We audited the U.S. Department of Housing and Urban Development’s (HUD) purchase cards for fiscal years 2017 and 2018, based on our annual risk assessment, as required by the Government Charge Card Abuse Prevention Act of 2012, Public Law 112-194, and Office of Management and Budget Memorandum M-13-21. The risk assessment (2019-KC-0801) found that there was a moderate risk of illegal, improper, or erroneous purchases and payments occurring in HUD’s purchase card program. Our audit objective was to determine whether HUD maintained accurate records of cardholders and transactions; HUD employees took purchase card training when required; and HUD purchase cards were used for illegal, improper, or erroneous transactions.
Recommendations for Executive Action(s):We recommend that the Chief Procurement Officer (1) implement processes to periodically audit or reconcile the shared service provider’s records, (2) review hierarchies, (3) ensure that training is taken when required, (4) suspend cardholders or approving officials who fail to take training or repeatedly cause HUD to pay interest, and (5) research the incomplete monthly transactional data and identify a solution. In addition, we recommend that the Chief Procurement Officer (1) enhance the process to periodically analyze data for split transactions or improper MCCs, (2) improve notifications to employees, and (3) follow up on any potential issues identified.
U.S. Department of Housing and Urban Development, Washington, DC - Government Travel Cards
Background: We performed a risk assessment and audit of the U.S. Department of Housing and Urban Development’s (HUD) travel card program for fiscal year 2018, as required by the Charge Card Abuse Prevention Act of 2012. We assessed the risk in the travel card program to be moderate and conducted the audit to focus on the high-risk areas identified during the risk assessment. Accordingly, our audit objective was to determine whether HUD travel cards were used for potentially illegal, improper, or erroneous purchases and whether travel cards were used when required.
Recommendations for Executive Action(s): We recommend that the Office of Chief Financial Officer (1) coordinate with the related program offices, the Office of the Chief Human Capital Officer, and the Office of Employee Labor Relations to take appropriate actions against the employees identified in this report; (2) improve controls to ensure the proper use of the travel cards and prevent or detect employees who did not use their government travel cards when required; and (3) provide employees with appropriate training on the issues identified in this report and ensure that all cardholder training is up to date.
Audit of GSA’s Fiscal Year 2018 Travel Card Program: Report Number A190030/O/5/F19003
Background: Office of Management and Budget Memorandum M‐13‐21, Implementation of the Government Charge Card Abuse Prevention Act of 2012, requires audits of travel card programs with $10 million dollars in prior year travel spending. In Fiscal Year 2018, GSA’s travel card spending totaled approximately $10.8 million dollars. The objectives of our audit were to determine if, in Fiscal Year 2018: (1) GSA’s travel card program had controls in place to ensure compliance with GSA, Office of Management and Budget, and federal guidelines; and (2) GSA travel card transactions were properly and fully supported, reported, and approved..
Recommendations: We recommend the Chief Administrative Services Officer, Office of Administrative Services:
- Strengthen controls to improve the timeliness and reliability of OAS’s process to review questionable travel card charges.
- Strengthen controls to improve the timeliness and effectiveness of OAS’s process to resolve delinquencies.
- Use travel voucher data to identify travel card policy violations and establish controls to address the violations identified.
- Perform voucher audits to identify travel card policy violations and address recurring issues.
- Implement controls to verify travel card
GSA Office of Inspector General’s Fiscal Year 2018 Risk Assessment of GSA’s Charge Card Program
Background: The Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) was enacted to prevent waste, fraud, and abuse that may exist in federal charge card programs. The Charge Card Act and OMB Memorandum M-13-12, Implementation of the Government Charge Card Abuse Prevention Act of 2012, require Inspectors General to annually conduct risk assessments of purchase and travel card programs. These assessments analyze the risks of illegal, improper, or erroneous purchases and payments. Inspectors General are required to use these risk assessments to determine the necessary scope, frequency, and number of audits to be performed in these areas.
- We assessed the risk for GSA’s purchase card program as moderate. Through our limited purchase card testing, we noted the Office of Administrative Services (OAS) improved its followup rate for high-risk transactions that it had deemed questionable (e.g., purchases containing the words casino, hotel, or party). However, we also found that OAS should improve its purchase card controls to ensure that cardholders upload supporting documentation into GSA’ssystem of record.
- In our travel card audit, we did not find any travel card transactions that were not properly and fully supported, reported, and approved. However, we identified opportunities for improvement and provided recommendations to strengthen controls over the travel card program to ensure compliance with GSA, Office of Management and Budget (OMB), and federal guidelines. As travel cards are individually billed accounts, and liability rests with the cardholder and not the Agency, they continue to be inherently low risk to GSA.
DOD Should Strengthen Its Ongoing Actions to Reduce Improper Travel Payments (August 2019)
Background: This report examines (1) the amount DOD spent on DTS travel payments for fiscal years 2016 through 2018 and how much of those payments DOD estimated to be improper and the extent to which DOD has (2) implemented its Remediation Plan and (3) identified travel payment errors, the root causes of those errors, and the cost-effectiveness of addressing root causes. GAO analyzed fiscal years 2016 through 2018 data on DTS payments, reviewed DOD’s Plan and documentation, interviewed officials about implementation efforts, and surveyed 52 DOD components about steps taken to address improper travel payments.
THE U.S. DEPARTMENT OF THE INTERIOR NEEDS TO IMPROVE INTERNAL CONTROLS OVER THE PURCHASE CARD PROGRAM (November 2019)
Background: This report presents the results of our audit of purchase card transactions and governing internal controls at the U.S. Department of the Interior (DOI).
GOVERNANCE: Improving Controls Over the Use of Procurement Cards Could Better Ensure Compliance and Limit Potential Misuse
Objective: To assess the effectiveness of the company’s internal controls over the use of procurement cards. Analyzed approximately 87,000 procurement card transactions, including purchases and returns that the company’s 876 card holders made from FY 2016 through FY 2018.
Summary of Results: The company’s policies and practices for controlling its use of procurement cards appear to be generally effective. Nevertheless, we found performance gaps and opportunities for improvement in key areas. Weaknesses were identified in three of the company’s key controls designed to ensure policy compliance and consistency with industry standards for use of procurement cards:
- Program oversight
- Card holder training
- Supervisor training
Recommendation: The Executive Vice President / Chief Administration Officer ensure that program administrators monitor transactions⎯particularly those in high-risk categories⎯for policy noncompliance and potential misuse and take steps to address any issues, require card holders and supervisors to take training on their responsibilities, and update the policy to reflect these new requirements.
Audit of the Air Force Nonappropriated Fund Government Purchase Card Program DODIG-2019-113
Objective: Determined whether Government purchase card (GPC) cardholders under the Air Force Nonappropriated Fund Purchasing Office properly made and documented purchases in accordance with applicable laws and regulations.
Findings: Although Air Force NAF GPC cardholders made purchases supporting the Air Force Morale, Welfare, and Recreation program and other support activities, not all purchases were proper and documented in compliance with applicable laws and regulations.
DEFENSE TRAVEL: DOD Should Strengthen Its Ongoing Actions to Reduce Improper Travel Payments
Background: The objectives were to examine (1) the amount the Department of Defense (DOD) spent on Defense Travel System (DTS) travel payments for fiscal years 2016 through 2018 and how much of those payments DOD estimated to be improper; (2) the extent to which DOD implemented its Remediation Plan; and (3) the extent to which DOD established mechanisms to identify errors leading to improper travel payments, the root causes of those errors, and the cost effectiveness of addressing root causes..
Recommendations: GAO made 5 recommendations, including that DOD consider data on improper payment rates in its remediation approach; define the term “root cause”, and consider cost effectiveness in deciding how to address improper payments. DOD generally concurred with 4 recommendations, but did not concur with revising its approach for selecting components to implement its Remediation Plan, stating that it has already taken actions that address this issue. GAO believes the recommendation remains valid
Audit of the DoD’s Management of the Cybersecurity Risks for Government Purchase Card Purchases of Commercial Off-the-Shelf Items DODIG-2019-106
The objective of this audit was to determine whether the DoD assessed and mitigated cybersecurity risks when purchasing commercial off-the-shelf (COTS) information technology items. Although primarily focused on Government purchase card (GPC) purchases, it also assessed risks affecting traditional acquisition processes.
NSA Audit of the Agency’s Travel Program AU-18-0003
Background: The Office of the Inspector General (OIG) conducted this audit of the Agency’s travel program because of the inherent risk related to reimbursing travel expenses using Government Travel Charge Cards, and other OIGs, such as Department of Defense (DoD) Office of the Inspector General, have found control weaknesses and abuses in their Government Travel Charge Card program.
- Travel charge cardholders use their travel charge cards for improper personal use.
- The Agency cannot reconcile the centrally billed travel charge card account.
- Former Agency military affiliates’ travel charge cards were not closed.ties, and supervisory reviews to mitigate risks.
- Agency employees are not trained.
- Submission of air travel claims creates risk of improper payment.
- Travel management information systems are in need of modernization.
Conclusion: The findings identified by the OIG in this audit create risks of improper entitlement payments and ineffective management of a program that in FY17 processed 43,579 claims totaling $69.4 million dollars. These risks potentially impact the Agency’s financial liability and public trust in its stewardship of taxpayer dollars. The OIG made 10 recommendations to assist the NSA in ensuring that its travel program is managed appropriately and compliantly. The actions planned by management meet the intent of all recommendations.
Report on the Government Purchase Card Initiative
Background: The objective of the Council of the Inspectors General on Integrity and Efficiency (CIGIE) purchase card initiative was to analyze and review Government purchase card data to determine the risks associated with purchase card transactions.
- 20 OIGs selected and tested a sample of 1,255 high-risk purchase card transactions of over $1.3 million.
- The OIGs found no evidence of fraudulent behavior.
- Agencies should take steps to improve controls such as training, policies and procedures, separation of duties, and supervisory reviews to mitigate risks.
DoD Reporting of Charge Card Misuse to OMB (4/3/2018)
Background: OMB reporting requirements use the word misuse as a broad term that includes various categories of improper transactions such as fraud, waste, abuse, personal use, other loss, and misappropriations of funds or assets. This audit is the third report the DoD OIG has produced regarding travel card misuse. It focuses on purchase card and travel card reports that the DoD was required to submit to OMB.
Recommendations: The recommendations were:
- Obtain, review, and oversee transaction level details for misuse to improve reporting; and
- Complete an evaluation of the costs and benefits of PCOLS.
Recommend that the Director, DTMO, revise the Government Travel Charge Card Regulations to require CPMs and designated agency program coordinators to use available contractual tools, to include the Visa IntelliLink rules, queries, and case disposition modules.
Veterans Health Administration: Review of Alleged Irregular Use of Purchase Cards by the Engineering Service at the Carl Vinson VA Medical Center in Dublin, Georgia
Background: The Office of Inspector General conducted this review in response to allegations that Dublin VA Medical Center (VAMC) purchase cardholders split purchases and made duplicate payments to Ryland Contracting Incorporated and Sterilizer Technical Specialists.
Recommendations for Executive Action(s): We recommended the Veterans Integrated Service Network 7 Director review transactions for unauthorized commitments, submit ratification requests, emphasize the importance of monitoring cardholders, provide training, and ensure approving officials do not exceed the limit of assigned cardholders. In addition, we recommended the Director ensure contracts are established in accordance with VHA policy and take appropriate administrative action for each cardholder who made unauthorized commitments.
2017 ANNUAL REPORT: Additional Opportunities to Reduce Fragmentation, Overlap, and Duplication and Achieve Other Financial Benefits
Background: The federal government faces a long-term, unsustainable fiscal path based on an imbalance between federal revenues and spending. While addressing this structural imbalance will require fiscal policy changes, in the near term opportunities exist to take action in a number of areas to improve this situation, including where federal programs or activities are fragmented, overlapping, or duplicative. To call attention to these opportunities, Congress included a provision in statute for GAO to identify and report on federal programs, agencies, offices, and initiatives—either within departments or government-wide—that have duplicative goals or activities.
Recommendations for Executive Action(s): In this report, GAO presents 79 new actions that Congress or executive branch agencies could take across 29 new areas. Of these, they suggest 26 actions to address 15 areas in which we found evidence of fragmentation, overlap, or duplication in government missions and functions.
USPS Fleet Specialty Credit Cards – Eastern Area
Background: This fleet specialty credit card is issued to each facility with assigned vehicles and to Vehicle Maintenance Facilities (VMF) to pay for maintenance or repairs over $300. Controls over fleet specialty credit cards in the Eastern Area were not always effective.
Recommendations for Executive Action(s): OIG recommended management issue a directive instructing site managers to ensure fleet specialty credit card transactions and related supporting documentation are reviewed at least monthly, maintained for 2 years, and provided to the appropriate VMFs. OIG also recommended management direct all site managers to follow fleet specialty credit card guidance to properly manage and secure PINs and fleet specialty credit cards.
GOVERNMENT PURCHASE CARDS: Opportunities Exist to Leverage Buying Power
Background: GAO was asked to review whether agencies are effectively leveraging their buying power when using purchase cards.
Recommendations for Executive Action(s): Analyze purchase card data. Develop guidance to encourage local officials to examine purchase card spend patterns and share this information.
FEDERAL TRAVEL: Opportunities Exist to Improve Data and Information Sharing
Background: The administration and GSA have encouraged agencies to take steps to adopt cost-savings efforts and promote efficient travel spending.
Recommendations for Executive Action(s): Develop a travel data management approach that would provide GSA with more consistent travel cost data. Identify and implement promising practices to help agencies leverage travel resources and achieve cost savings.
GOVERNMENT PURCHASE CARDS: Little Evidence of Potential Fraud Found in Small Purchases, but Documentation Issues Exist
Background: GAO examined (1) what actions GSA and OMB have taken since 2008 to enhance program controls over micro-purchases and (2) whether weaknesses exist in the approval process for them and, if so, whether there are indicators of improper or potentially fraudulent purchases.
Recommendations for Executive Action(s): Reemphasize OMB guidance to obtain and retain complete documentation of micro-purchases. Require cardholders to document purchase request and preapproval for self generated purchases.
Financial Management: Actions Needed to Strengthen GAO's Purchase Card Program Controls
Background: This report addresses the extent to which GAO maintained effective internal controls for preventing, detecting, and responding to potential misuse, waste, and abuse of GAO purchase cards.
Recommendations for Executive Action(s): Revise purchase card policy and procedures to address key requirements. Develop, document, and implement a process to efficiently identify and monitor compliance with training requirements.
DoD Officials Did Not Take Appropriate Action When Notified of Potential Travel Card Misuse at Casinos and Adult Entertainment Establishments
Background: DoD cardholders who used Government travel cards at casinos and adult entertainment establishments for personal use sought or received reimbursement for their charges.
Recommendations for Executive Action(s): Report travel card misuse under investigation to the appropriate facility and the report outcome of the investigation. Report misuse of travel cards in a timely manner on individuals without a security clearance. Improve the identification of personal use of the travel card and disciplinary actions taken by revising the “Government Travel Charge Card Regulations.”
EPA Oversight of Travel Cards Needs to Improve
Background: The EPA does not check travel card bank rebates for accuracy. As a result, the agency does not know whether travel card rebates received from the bank are accurate.
Recommendations for Executive Action(s): Verify the bank refund with the agency’s calculation and spending.
The Department of State’s Major Management And Performance Challenges
Background: The Department of State continues to improve security related training, but it lacks consistent implementation of personnel safety standards, faces significant challenges managing posts and programs in conflict areas, needs to adequately protect its information systems and electronic data from internal and external threats, needs to fully address the proper management, oversight, and accountability of contracts and procurements, and continues to make progress resolving financial management concerns, but challenges remain.
Recommendations for Executive Action(s): Developed new training and expanded content of current trainings. Conducted a webinar on coordinating with various offices and bureaus. Update emergency action plans and has updated consular emergency preparedness documents, processes and training for numerous overseas missions. Created an office responsible for developing, coordinating, and implementing the risk assessments and mitigation plans for critical environment contracts. Updated its Management Policies and Procedures Manual. Invested in technology that enhanced records-keeping and reporting. Developed an annual acquisition plan. Establishing management and monitoring procedures. Providing guidance to CORs and GTMs on performing assigned duties. Issued guidance defining the procedures for reporting deficiencies.
Audit of Engineering Service Purchase Card Practices at the Ralph H. Johnson VA Medical Center, Charleston, South Carolina
Background: VA’s Office of Inspector General Hotline Division received an allegation that Engineering Service employees at the Ralph H. Johnson, VA Medical Center (VAMC), Charleston, SC, were splitting purchases to circumvent the $3,000 micro-purchase limit.
Recommendations for Executive Action(s): Leverage data mining and detailed reviews of high risk transactions to review micro-purchase card transactions to identify unauthorized commitments, and submit ratification requests. Use data mining and detailed reviews of high-risk transactions to review micro-purchase card transactions for purchases lacking sufficient documentation and take steps to recover identified inappropriate payments. Develop monitoring mechanisms to ensure approving officials consistently use required Approving Official Checklist to identify split purchases, purchases that exceed the micro-purchase limit for services, and purchases without sufficient documentation. Ensure purchase cardholders and approving officials receive required refresher training every 2 years.
Fiscal Year 2015 Risk Assessment of the DHS Bank Card Program Indicates Moderate Risk
Background: The Department of Homeland Security (DHS) has established internal controls for its charge card programs. Components did not always follow DHS’ required procedures for credit card use. In addition, components did not always have their own procedures in place to supplement those developed by DHS.
Recommendations for Executive Action(s): The Bankcard and Review Branch is updating the DHS Purchase Card Manual. Once updated and finalized, DHS will require the components to incorporate the updates into their component-specific manuals within 6 months. DHS is also updating the charge card oversight plan to include compliance evaluation of the component-specific manuals.
Fiscal Year 2016 Risk Assessment of the Social Security Administration’s Charge Card Programs
Background: Analyze the risk of illegal, improper, and erroneous purchases made through the Social Security Administration’s (SSA) charge card programs.
Recommendations for Executive Action(s): Issue a reminder to help ensure compliance with policy and procedures for recording purchase card transactions in purchase order logs and retaining adequate records indicating receipt and acceptance of goods. Assess the split purchases identified to determine whether they were detected by monitoring processes, and then adjust the monitoring process to identify and resolve such transactions, as needed. Implement a verification process to ensure purchase card training completion, certification, and other related information are included in the applicable training records. Remind approving officials to timely complete all required actions of purchase card termination when an employee leaves to ensure the delegation of acquisition authority is terminated, purchase cards are destroyed, and accounts are canceled. Determine the appropriateness of, and take appropriate actions, regarding the questionable transaction that occurred over a weekend.
U.S. Department Of The Interior’s Internal Controls For Purchase Cards And Fleet Cards
Background: Determine whether internal controls for the Integrated Charge Card Program (ICCP) are adequately designed and appropriately implemented to effectively deter fraud, waste, or abuse.
Recommendations for Executive Action(s): Develop internal controls and increase accountability actions so that cardholders and AOs review statements and attach supporting documents. Recover the cost of any illegal, improper, or erroneous purchases. Conduct recurring management reviews of charge card transactions and clearly demonstrate actions taken when deficiencies are identified. Establish internal controls designed to identify purchases exceeding authorized limits. Develop and implement internal control procedures needed to ensure purchase logs are properly documented, maintained and current. Instruct cardholders and AOs regarding the authorized uses of convenience checks and take appropriate actions for those who do not comply with policy. Close cardholder accounts before employees separate to prevent fraudulent use. Establish a department-wide systematic review process for assigning MCC restricted groups. Verify the accuracy of MCCs and verify that appropriate restrictions have been placed on purchase card accounts.
Risk for EPA’s Fiscal Year 2016 Purchase Card and Convenience Check Program Warrants an Audit
Background: In accordance with the requirements of the Government Charge Card Abuse Prevention Act of 2012, it was determined that the EPA’s compliance with internal controls was lacking. As a result, they plan to conduct an audit of the purchase card and convenience check program for FY 2017.
Recommendations for Executive Action(s): There are no recommendations at this time.