OMB Memorandum M-13-21
OMB Memorandum M-13-21 is a response to Public Law (P.L.) 112-194, the Government Charge Card Abuse Prevention Act of 2012. OMB Memorandum M-13-21 provides supplemental guidance to the OMB Circular A-123, Appendix B in the following areas:
- Requires all Federal agencies to establish certain safeguards and internal controls for the government payment solutions program;
- Reports on purchase and integrated violations, and establishes penalties for violators, including dismissal when circumstances warrant (purchase transactions only); and
- Increases oversight by requiring that each agency Inspector General (IG) periodically conduct risk assessments and audits to identify fraud and improper use of the government payment solutions.
Note: A Title XVIII NDAA report is required for each Federal agency (see Section 2 of Public Law 112-194, for agencies that must report). Post your agency’s Title XVIII NDAA report at the following location: https://community.max.gov/display/OMB/Title+XVIII+NDAA+FY18+Agency+Repo…
- NDAA Title XVIII required agency reports:
(b) AGENCY REPORTS AND CONSOLIDATED REPORT TO CONGRESS.—Not later than one year after the date of the enactment of this Act, the head of each Federal agency described in section 2 of the Government Charge Card Abuse Prevention Act of 2012 (Public Law 112–194) shall submit a report to the Director of the Office of Management and Budget on that agency’s activities to implement this title.
Compliance Summary Matrix
OMB Memorandum M-13-21 directs agencies to use the “Compliance Summary Matrix” below to help ensure the required safeguards and internal controls are in place. The matrix details the internal control requirements stated in P.L. 112-194. Agencies are not required to submit the matrix to OMB. Agencies/organizations should review these requirements and compare them to existing internal controls within their implementation charge card program in order to document the operational effectiveness of current control activities. Instances of non-compliance should be documented as well as a summary of corrective actions to be taken to address shortcomings.
Executive agencies should maintain this compliance summary on-file along with related supporting documentation, as evidence of adequate control assurances. This compliance summary should also be available for IG reviews. Agencies should summarize the overall results in their completed compliance summary and internal 3 control assurance assessments in their annual charge card management plans, beginning with their January 31, 2014 submission to OMB.
Note that the compliance matrix is designed to assist agencies in employing an effective charge card internal control program which is in balance with the need to maintain card flexibility and ease of use in support of agency mission activities. As a result, compliance with individual matrix criteria in and of itself is not as important as the effectiveness of an agency’s charge card internal control program overall.
Implementation of the Charge Card Prevention Act
The following chart provides information on all reporting requirements for agencies under OMB Circular A-123, Appendix B and Public Law 112-194, Charge Card Abuse Prevention Act.
Note: OMB Memo M-17-26 removed the agency reporting requirement for the Statistical and Narrative Reports to OMB. However, agencies are still required to maintain statistical and narrative information for their own use and management of their charge card program. OMB is finalizing an update to Appendix B of OMB Circular A-123 (2009). This update will streamline reporting requirements and consolidate existing requirements in a central location.
Reports of Purchase Card Violations
Beginning with fiscal year 2013, each agency with more than $10 million in purchase card spending the prior fiscal year is required to submit sem-annual reports of employee purchase or integrated card violations and the disposition of these violations, including disciplinary actions taken. Consistent with Section 6 of the Charge Card Act, the semi-annual reports shall not disclose personally-identifying information protected from disclosure under the Privacy Act of 1974 (5 U.S.C. 552a).
At a minimum, the report shall provide the following:
- A summary description of confirmed violations involving misuse of a purchase or integrated solution, following the completion of agency or IG review.
- A summary description of all adverse personnel actions, punishment, or other actions taken in response to each reportable violation involving misuse of a purchase or integrated solution.
- An administrative or internal control process inconsistency that does not result in fraud, loss to the Government, or misappropriation of funds or assets (whether or not recouped) is not a reportable violation for purposes of the semi-annual report.
The semi-annual Joint Purchase and Integrated Card Violation Report is to be prepared by the agency head and the IG for submission to OMB 120 days after the end of the reporting periods (i.e., April 1 to September 30 and October 1 to March 30), beginning with the January 31, 2014 submission. The submission should be incorporated into the existing Charge Card Management Plans. The template was updated to align with the definitions in Attachment A.6 of OMB Circular A-123, Appendix B (revised August 27, 2019).
Charge Card Narrative Report
Agencies listed in the original Chief Financial Officers Act of 1990 and the Department of Homeland Security are required to report on the following narrative information on an annual basis at the same time the first quarter statistical reports are submitted. All other agencies are required to report on these items on a bi-annual basis:
- The date(s) of most recent and next scheduled independent review (e.g., Office of the Inspector General) for all agency charge card programs;
- A description of the current process for monitoring delinquency, including what reports the agency reviews and what actions are taken when a problem is discovered;
- A description of the steps the agency takes to address turnaround time (> than 15 working days) following voucher submission for travel voucher reimbursement, if applicable;
- A description of the method the agency utilizes to identify and detect possible card misuse, including the use of any specialized information technology solutions as well as any requests to charge card vendors for data reports;
- Agency future plans (within the next 12 months) to enhance charge card systems by automating reviews to detect instances of abuse, misuse, and fraud;
- A description of any best practices the agency employs in charge card management;
- Any plans for implementing paperless statements; and
- Any additional useful information regarding charge card programs.