Below are copies of the slide deck for the town hall meetings co-hosted by OMB and GSA in both PowerPoint and PDF. The purpose of the town hall meetings and the following brief is to provide notification of updates needed for agency implementation of the M-13-21 and further develop Frequently Asked Questions (FAQs).
Sept 2013 OMB M-13-21 Slide Teck for Town Hall (PPT)
Sept 2013 OMB M-13-21 Slide Teck for Town Hall (PDF)
The slide deck below contains a quick summary of reports required by Public Law 112-194. Agencies can use this tool to gain information on due dates, important links, and references to assist in reporting preparation.
PL 112-194 Report Requirements GSA (PPT)
Frequently Asked Questions (FAQs):
Below is a list of the Frequently Asked Questions received on Public Law 112-194, Charge Card Abuse Prevention Act of 2012 and OMB Memorandum M-13-21, Implementation of the Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act):
1. Is the annual certification a document or format that each agency must develop? Is there a standard document/format for all agencies to use?
Answer: "The annual certification should be included as part of the existing annual assurance statement under the Federal Managers' Financial Integrity Act (FMFIA) of 1982 (31 U.S.C. 3512(d)(2))." Agencies should incorporate verification of compliance with M-13-21 into their existing internal control reviews for annual FMFIA assurance statements as prepared for the agency PAR or AFR. No new statement is needed. Guidance is provided in OMB A-123, and A-136 under Section II.2.8 Analysis of Entity’s Systems, Controls and Legal Compliance.
2. Do AOPCs need to establish clear lines of communication with Human Resources professionals, OIGs, offices of financial and acquisition management to ensure consistent and appropriate development and application of internal controls and policies and procedures to comply with the new Charge Card Act?
Answer: Yes, the integrity enhancements to card programs are cross-cutting. AOPCs need to ensure that appropriate communication channels are established between the card programs and Human Resources offices, to facilitate any needed changes to policies and procedures related to employee sanctions for card usage violations, and to facilitate joint violations reporting requirements between card programs, Offices of Inspectors General, and Human Resources.
3. Is the Compliance Matrix mandatory?
Answer: The compliance matrix was designed to assist agencies and does not need to be submitted to OMB or GSA. However, an agency should summarize the overall results in the completed compliance summaries and internal control assurance assessments in the annual Charge Card Management Plans, due January 31 of each calendar year. See the Compliance Summary Matrix.
4. Is the $10 million threshold for purchase card violations reporting cumulative across all business lines?
Answer: The $10 million purchase card spending threshold applies to the agency as a whole, and relates to the violations reporting requirement for purchase cards only. All executive departments and agencies are required to implement the Charge Card Act's required internal controls for purchase cards, travel cards, and centrally billed accounts.
5. Is the prior fiscal year an indicator of whether an agency needs to submit a purchase card violation report?
Answer: Yes, the amount spent with purchase cards the prior fiscal year is the basis for the reporting indicator.
6. Are agencies given the flexibility to determine what violations are reportable?
Answer: The purchase card violations report should include a summary description of confirmed violations involving misuse of a purchase card or integrated card, following the completion of agency or IG review. A sample report is provided here.
7. What is a confirmed violation?
Answer: A confirmed violation is a documented violation of a control, a control deficiency, or combination of control deficiencies, that in management’s judgment, should be communicated because they represent significant weaknesses in the design or operation of charge card internal controls, or charge card use that could adversely affect the organization’s ability to meet its internal control objectives as envisioned by Public Law 112-194, the Government Charge Card Abuse Prevention Act of 2012, to prevent fraud or abuse of Government charge cards.
Control deficiencies exist when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect instances of noncompliance on a timely basis. A design deficiency exists when a control necessary to meet the control objective is missing or an existing control is not properly designed, so that even if the control operates as designed the control objective is not always met. An operation deficiency exists when a properly designed control does not operate as designed or when the person performing the control is not qualified or properly skilled to perform the control effectively.
8. Should OIGs provide information on all audit recommendations, or only those that pertain to purchase card and travel card audits?
Answer: Public Law 112-194 provides Agency IGs specific guidance on purchase cards and travel cards in separate sections:
For purchase cards, under Section 2(d) Risk Assessments and Audits, the law directs Agency IGs to:
(1) conduct periodic assessments of the agency purchase card or convenience check programs to identify and analyze risks of illegal, improper, or erroneous purchases and payments in order to develop a plan for using such risk assessments to determine the scope, frequency, and number of periodic audits of purchase card or convenience check transactions;
(2) perform analysis or audits, as necessary, of purchase card transactions designed to identify—
(A) potentially illegal, improper, or erroneous uses of purchase cards;
(B) any patterns of such uses; and
(C) categories of purchases that could be made by means other than purchase cards in order to better aggregate purchases and obtain lower prices (excluding transactions made under card-based strategic sourcing arrangements);
(3) report to the head of the executive agency concerned on the results of such analysis or audits; and
(4) report to the Director of the Office of Management and Budget on the implementation of recommendations made to the head of the executive agency to address findings of any analysis or audit of purchase card and convenience check transactions or programs for compilation and transmission by the Director to Congress and the Comptroller General.
For travel cards, Public Law 112-194 Section 3 amends the Travel and Transportation Reform Act of 1998 by adding Section 2 (h) Management of Travel Charge Cards. The new Section 2(h)(3) ‘Inspector General Audit’ directs:
The Inspector General of each executive agency with more than $10,000,000 in travel card spending shall conduct periodic audits or reviews of travel card programs to analyze risks of illegal, improper, or erroneous purchases and payments. The findings of such audits or reviews along with recommendations to prevent improper use of travel cards shall be reported to the Director of the Office of Management and Budget and Congress.
9. Will agencies be required to report on the status of closed recommendations for charge card audits?
Answer: Executive agency OIGs should provide OMB a report on the implementation of recommendations made for purchase cards and travel cards 120 days after the end of each fiscal year on agency progress in implementing audit recommendations, beginning with the fiscal year 2013 submission due January 31, 2014. These include open recommendations and recommendations closed during the prior FY.
10. Does my agency need to do a travel card audit every year? Does my agency need to do a risk assessment if there is less than the $10 million of activity?
Answer: Public Law 112-194 provides:
The Inspector General of each executive agency with more than $10,000,000 in travel card spending shall conduct periodic audits or reviews of travel card programs to analyze risks of illegal, improper, or erroneous purchases and payments. The findings of such audits or reviews along with recommendations to prevent improper use of travel cards shall be reported to the Director of the Office of Management and Budget and Congress.
OMB M-13-21 directs:
At a minimum, risk assessments should be completed on an annual basis.
The results of the audits and agency steps to implement recommendations should be reported to OMB in January for the prior FY. Agency IGs with less than $10 million in annual travel card spending may perform risk assessments or audits at their discretion.
11. Does my agency IG need to conduct an annual risk assessment for purchase cards?
Answer: Public Law 112-194 Section 2(d) Risk Assessments and Audits, on purchase cards, directs Agency IGs to:
(1) conduct periodic assessments of the agency purchase card or convenience check programs to identify and analyze risks of illegal, improper, or erroneous purchases and payments in order to develop a plan for using such risk assessments to determine the scope, frequency, and number of periodic audits of purchase card or convenience check transactions;
OMB M-13-21 directs:
At a minimum, risk assessments should be completed on an annual basis.
Agency IGs should conduct annual risk assessments of agency purchase cards, including convenience checks, and combined integrated card programs to analyze the risks of illegal, improper, or erroneous purchases. Agency IGs will use the annual risk assessment to determine the need for an audit.
12. Do risk assessments need to be provided to OMB?
Answer: Executive agency OIGs should provide a report to the head of the executive agency concerned on the results of such analysis or audits. Executive agency OIGs should report to the Director of the Office of Management and Budget on the implementation of recommendations made to the head of the executive agency to address findings of any analysis or audit of purchase card and convenience check transactions or programs for compilation and transmission by the Director to Congress and the Comptroller General. Risk assessments do not need to be delivered to OMB. The agency OIGs should provide OMB agency progress in implementing audit recommendations 120 days after the end of the fiscal year.
13. Does the Charge Card law include fleet card activity?
Answer: No, the Charge Card law does not pertain to fleet card activity.
14. Is the $10 million threshold for violations reporting cumulative across all business lines?
Answer: The $10 million purchase card spending threshold relates to the violations reporting requirement for purchase cards only. All executive departments and agencies are required to implement the Charge Card Act's required internal controls for purchase cards, travel cards, and centrally billed accounts.
15. Does my sub-agency or bureau need to comply with the reports and reviews of M-13-21?
Answer: The Charge Card Act applies to all executive branch agencies. The definition of "executive agency" for purposes of the Charge Card Act is found at 41 U.S.C. 133. Sub-agencies or bureaus should coordinate with the executive agency management.
16. Is there a clear definition of “improper, or erroneous purchases”?
Answer: Yes, OMB Circular A-123, Appendix B, Section 4.6 defines an erroneous or improper purchase, and distinguishes between improper purchases that are unauthorized and incorrect.
17. How are abuse and fraud defined?
Answer: The U.S. Government Accountability Office Yellow Book Section 4.07 defines abuse as:
Abuse involves behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary business practice given the facts and circumstances. Abuse also includes misuse of authority or position for personal financial interests or those of an immediate or close family member or business associate.
OMB Circular A-123 Appendix B, section 4.6 identifies fraudulent card use as:
Fraudulent purchases include those made by cardholders that were unauthorized and intended for personal use, purchases made using government charge cards or account numbers that had been stolen or compromised, and purchases correctly charged to the charge card but that involve potentially fraudulent activity that went undetected.
18. Where do I submit my reports?
Answer: Agencies should address the reports to the Director of the Office of Management and Budget, c/o Mike Wetklow (mwetklow@omb.eop.gov) and Dan Keenaghan (dkeenaghan@omb.eop.gov), and submit reports electronically through the MAX Federal Community 'Financial Management space for charge cards: https://max.omb.gov/community/x/LgISCQ.
To register for a MAX Account, click "Register Now" located on the MAX Homepage.
All new users must complete the New User Registration Form to gain access to the MAX System.
After you fill out the form you will receive an email containing the next steps in completing your registration.
Once your registration is complete, you will receive an automated email confirming the creation of your MAX Account and instructions for creating your password.
After logging in, you will be able to see the applications and groups that you have access to.
The OMB Charge Card submissions should be uploaded to: https://max.omb.gov/community/x/LgISCQ
19. Is it the intent of Congress that agencies provide full disclose of all instances of purchase card misuse, abuse and fraud, and full disclosure of all agency actions taken?
Answer: The law requires a summary of all confirmed violations, which is what we seek for agencies to report. The intent is to ensure misuse is addressed and resolved by agencies in an appropriate manner, and that actions taken are reported at a summary level. P.L. 112-194 states: “At a minimum, the report shall set forth the following: ‘‘(A) A summary description of confirmed violations involving misuse of a purchase card following completion of a review by the agency or by the Inspector General of the agency. ‘‘(B) A summary description of all adverse personnel action, punishment, or other action taken based on each violation.”
A review of the Congressional committee reports on the Government Charge Card Abuse Prevention Act of 2012 reflects agencies need to report on purchase card violations.
20. In instances where cases of misuse are pending in one report, and the agency action was subsequently taken (i.e. They require employee to reimburse the government for a prohibited purchase or returned to item for a credit) shouldn’t this instance of misuse be reported as confirmed and the agency took action be reported in the subsequent IG/agency report to ensure agency accountability?
Answer: Yes. If the violation is confirmed, involves misuse of a purchase card, and follows completion of a review by the agency or by the Inspector General of the agency.
21. Is there a dollar threshold for IG reporting if the instances of misuse are low dollar amounts to ensure we are properly using our audit resources?
Answer: Each agency has a responsibility to ensure proper use of Federal funds. Some agency CFOs have made a management decision to issue agency specific guidance on purchase threshold amounts for cardholder purchases that do not require documenting independent receipt and acceptance. (Examples can be found online for agencies with a threshold of $75.) Any purchase that exceeds the agency identified amount must be received and accepted by someone other than the cardholder, and this independent receipt and acceptance of goods and services must be properly documented.
22. Who do I contact for help?
Answer: For assistance with understanging Public Law 112-194, OMB Memorandum M-13-21, or related questions, please contact:
Dan Keenaghan
202-395-5021
dkeenaghan@omb.eop.gov
Erin VanDagna
703-605-5589
erin.vandagna@gsa.gov