oversight

OIG Review of OBEMLA's Internal Controls Over the Procurement of Goods and Services (A&I 2000-003) Date Issued: 5/23/2000 PDF (45K)

Published by the Department of Education, Office of Inspector General on 2000-05-23.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

MEMORANDUM

TO            :       Arthur Love
                      Acting Director
                      Office of Bilingual Education and Minority Languages Affairs

FROM          :       John P. Higgins, Jr.
                      Acting Assistant Inspector General
                      Analysis and Inspection Services

SUBJECT       :       Results of the OIG Review of OBEMLA's Internal Controls Over
                      the Procurement of Goods and Services (A&I 2000-003)


INTRODUCTION

This memorandum transmits the results of our review of OBEMLA's internal controls
over the procurement of goods and services. This review is part of OIG's Department-
wide review of this area. The Department’s management is responsible for establishing
and maintaining internal controls. We will transmit the Department-wide results to the
Deputy Secretary with copies to the Assistant Secretaries when we complete our review.
On May 23, 2000, OIG staff met with you to discuss the results of this review.

RESULTS

During our review in OBEMLA, we identified a significant instance of noncompliance
with the Federal Acquisition Regulation (FAR) and current Department policies and
procedures:

3 Prior to January 7, 1999, an order was placed without the approval of the OBEMLA
  Executive Officer for the purchase of Hispanic Heritage posters for $9,998.00. The
  order was placed without the solicitation of at least three bids or justification for a
  sole-source purchase. When the Executive Officer questioned the invoice she was
  ordered to pay the bill by a former Director of OBEMLA. The bill was paid with a
  check dated March 3, 1999, which is the same date that appears on the supporting
  purchase order. There is no documentation to demonstrate that an individual with
  properly delegated purchasing authority placed the order. In addition, the FAR
  requires the solicitation of quotes or offers from a reasonable number of sources or
  sole-source justification for any purchase of more than $2,500.
Based on our review, we identified certain deficiencies, in addition to the instance of non-
compliance identified above, that prevent OBEMLA from satisfying GAO’s Standards
for Internal Control in the Federal Government. For your information and corrective
action, those deficiencies are listed in the attached chart (Attachment A). In the future,
we anticipate conducting a follow-up review to assess the actions you have taken to
correct the deficiencies identified in Attachment A.

In addition, we want to advise you and OBEMLA managers of inherent vulnerabilities
we identified in several Department procurement systems.

ü Purchase Cards – For efficiency reasons, the Department designed a purchase card
  system where cardholders can order, receive and approve payments for goods and
  services. Consequently, as a control, the Department established approving officials
  to review the use of purchase cards. Therefore, it is important that approving officials
  properly review all cardholder statements, including invoices, before forwarding them
  to OCFO for payment.

ü Third Party Draft System (TPDS) – An individual with signature authority can issue
  TPDS checks without the involvement of anyone else. Therefore, it is important that,
  at a minimum, the supervisor of the individual with signature authority conduct
  periodic reviews of sample TPDS disbursements.

OBJECTIVE

Our review objective was to assess the internal controls over compliance with laws and
regulations for the procurement of goods and services other than studies or evaluations.

SCOPE

We limited our work to procurements by the Third Party Draft System (TPDS) and
Purchase Cards. We did not conduct testing on OBEMLA’s use of contracting or the
“Corporate” Government Travel Account.

METHODOLOGY

To achieve our objectives, we conducted interviews with OBEMLA staff who were
involved with the procurement process and reviewed relevant documents. As part of our
work, we reviewed a randomly selected sample of 50 TPDS checks issued between
October 1998 through September 1999 (FY 1999) and October 1999 through January
2000 (FY 2000). We also judgmentally selected a sample of 11 bank statements and then
selected 48 purchases of two purchase cardholders to review for the periods ending
October 16, 1998 and February 16, 2000, thus disregarding any transactions dated prior
to October 1, 1998 and after January 31, 2000. We based our conclusions about
OBEMLA's internal controls on the information gathered during our interviews and
transaction testing. We conducted our interviews and transaction testing between March
2, 2000 and April 19, 2000.
We assessed OBEMLA's internal controls based on GAO's Standards for Internal
Control in the Federal Government issued November 1999. Attachment B to this
memorandum contains a summary of the GAO Standards. We conducted our work in
accordance with the President's Council on Integrity and Efficiency (PCIE) Quality
Standards for Inspection dated March 1993.

We appreciate the cooperation shown by your staff during our review. If you have any
questions regarding the results of this review, please call me at 205-5439.


Attachments


cc:   Deputy Secretary
                                                                          Attachment B

                           Components of Internal Control

•   Control Environment – Management and employees should establish and maintain
    an environment throughout the organization that sets a positive and supportive
    attitude toward internal controls and conscientious management.

    Factors:

    3 Management and staff maintain and demonstrate integrity and ethical values.

    3 Management maintains an active commitment to competence.

    3 Management’s philosophy and operating style exerts a positive influence on the
      organization (especially toward information systems, accounting, personnel
      functions, monitoring and audits).

    3 Organizational structure is appropriately centralized or decentralized, and
      facilitates the flow of information across all activities.

    3 Agency delegates authority and responsibility and establishes related policies
      throughout the organization in a manner that provides for accountability and
      control.

    3 Agency establishes human resource policies and practices that enable it to recruit
      and retain competent people to achieve its goals.

•   Risk Assessment – Internal controls should provide for an assessment of the risks the
    agency faces from both external and internal sources.

       Precondition: establishment of clear and consistent agency objectives.

       Risk assessment : the comprehensive identification and analysis of relevant risks
       associated with achieving agency objectives, like those defined in strategic and
       GPRA annual performance plans, and forming a basis for determining how the
       agency should manage risks.

       Risk identification: methods may include qualitative and quantitative ranking
       activities, management conferences, forecasting and strategic planning, and
       consideration of findings from audits and other assessments.

       Risk analysis: generally includes estimating the risk’s significance, assessing the
       likelihood of its occurrence, and deciding how the agency should manage its risk.
•   Control Activities – Internal control activities help ensure that employees carry out
    management directives. The control activities should effectively and efficiently
    accomplish agency control objectives.

    3 The control activities are the policies, procedures, techniques, and mechanisms
      that enforce management’s directives. They help ensure that employees take
      actions to address risks.

    3 Control activities occur at all levels and functions of the entity, and include a wide
      range of diverse activities such as approvals, authorizations, verifications,
      reconciliations, performance reviews, maintenance of security, and creation and
      maintenance of related records that document the execution of these activities.

•   Information and Communications – Employees should record and communicate
    information to management and others within the entity who need it in a form and
    within a time frame that enables them to carry out their internal control (and other)
    responsibilities effectively and efficiently.

    3 An organization must have relevant, reliable, and timely communications relating
      to internal as well as external events. Information is needed throughout the
      agency to achieve all its operational and financial objectives.

    3 Effective communications should occur in a broad sense with information flowing
      down, across, and up the organization.

    3 Management should ensure there are adequate means of communicating with, and
      obtaining information from, external stakeholders that may have a significant
      impact on the agency achieving its goals.

•   Monitoring – Internal control monitoring should assess the quality of performance
    over time and ensure that audit and other review findings are promptly resolved.

    3 Includes regular management and supervisory activities, comparisons,
      reconciliations, and other actions employees take in performing their duties.

    3 Should include policies and procedures for ensuring that audit and other review
      findings are promptly resolved.
  Internal Control Evaluation Form for the Office of Bilingual Education and Minority Language Affairs
                                             Attachment A

Control Component     Deficiencies
Control Environment   • Noncompliance with Procurement Rules
                          üPrior to January 7, 1999, an order was placed without the approval of the OBEMLA Executive Officer
                            for the purchase of Hispanic Heritage posters for $9,998.00. The order was placed without the
                            solicitation of at least three bids or justification for a sole-source purchase. When the Executive
                            Officer questioned the invoice she was ordered to pay the bill by a former Director of OBEMLA. The
                            bill was paid with a check dated March 3, 1999, which is the same date that appears on the supporting
                            purchase order. There is no documentation to demonstrate that an individual with properly delegated
                            purchasing authority placed the order. In addition, the FAR requires the solicitation of quotes or
                            offers from a reasonable number of sources or sole-source justification for any purchase of more than
                            $2,500.00.

                      •   Organizational Structure
                          üThere is no individual designated as the alternate for the Approving Official.

                      •   Training
                          üThe Executive Officer has not taken any recent or refresher training in procurement. In addition, all
                           procurement staff could benefit from refresher training.

Risk Assessment       •   Identification of Risks
                          üOBEMLA has no formal procedures for risk assessment in the procurement area.
                          üThe Executive Officer/Approving Official has been assigned a moderate risk level when the position
                            responsibilities suggest that a high risk level is more appropriate.
                          üOne procurement staff member has been assigned a low risk level when the employee’s responsibilities
                            suggest that a moderate risk level is more appropriate.

Control Activities    •   Policies and Procedures
                          üWhile we recognize that OBEMLA is a small office with only four individuals involved in the
                            procurement process, the Department’s Directive on Commercial Credit Card Service (C:FIM:6-102)
                       dated March 12, 1990 (Directive) requires that Program Offices establish internal procedures on the
                       safeguarding and authorized use of credit cards. OBEMLA has no written policies and procedures on
                       the purchase card process.

                 •   Recordkeeping – Purchase Cards
                     üWe were informed that cardholders do not use the EDCAPS log to reconcile monthly statements.
                       Instead, we were informed that transactions are recorded in OBEMLA’s internal budget system, which
                       is reconciled to EDCAPS. We were unable to trace transactions from the monthly card statements to
                       determine if these procedures would result in proper accounting in EDCAPS. The Department’s
                       Directive requires that “appropriate object class codes and accounting data” be entered on monthly
                       purchase card statements. We noted that the accounting data was not consistently on the monthly
                       purchase card statements.
                     üIn a judgmental sample of 48 charges to OBEMLA’s purchase cards, we noted 15 cases totaling
                       $2,755.24 for which supporting documents could not be found. In addition, for the two (2) credits we
                       selected to review, there were no data input sheets available. There were five (5) General Service
                       Administration (GSA) charges totaling $1,803.61 which we were unable to reconcile to supporting
                       documentation.

                 •   Recordkeeping – TPDS Checks
                     üOBEMLA did not have a log to track unissued TPDS checks. Such a log would allow OBEMLA to
                       identify any missing checks. We also noted that OBEMLA’s voided checks were not maintained in
                       the payment files.
                     üIn an OCFO December 1997 memorandum, it was noted that four invoices were not date stamped.
                      OIG noted during transaction testing that one invoice was not date stamped.
                     üIn a December 1997 memorandum, OCFO noted 25 instances where OBEMLA had not voided
                      outstanding checks that were more than 90 days old. OIG identified one TPDS check that was
                      outstanding for more than 90 days. This check should be voided in the system to de-obligate the funds.

Information &    •   Communication of Key Information
Communications       üOBEMLA procurement staff were not familiar with the requirements of the Department’s Directive.
                     üWe were told that a possible cause of the noncompliant transaction for the purchase of posters
                       described above was a lack of communication between procurement and program staff members.
Monitoring   •   On-going Monitoring
                 üThe supervisor of the individual with signature authority for TPDS checks does not perform periodic
                   reviews of the EDCAPS reports on the checks issued by OBEMLA.