OIG Risk Assessment of the Department's Purchase Card Program for Fiscal Year 2015

Published by the Department of Education, Office of Inspector General on 2016-01-15.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                                         OFFICE OF INSPECTOR GENERAL

                                                                                                                AUDIT SERVICES

January 15, 2016

TO:              Thomas P. Skelly
                 Delegated to Perform the Functions and Duties of the Chief Financial Officer
                 Office of the Chief Financial Officer

FROM:            Patrick J. Howard /s/
                 Assistant Inspector General for Audit

SUBJECT:         Completion of OIG Risk Assessment of the Department’s Purchase Card Program for
                 Fiscal Year 2015
                 Control Number ED-OIG/S19P0009

The purpose of this memorandum is to inform you of the results of the Office of Inspector General’s
(OIG) risk assessment of the Department of Education’s (Department) purchase card program, as
required by the Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act). The Charge
Card Act requires Inspectors General (IGs) to conduct periodic risk assessments of their agency’s
purchase card program to identify and analyze the risks of illegal, improper, or erroneous purchases and
payments. IGs will use these risk assessments to determine the necessary scope, frequency, and
number of IG audits or reviews of the program.

In order to assess the risk of illegal, improper, and erroneous purchases made through the Department’s
purchase card program, we reviewed the Department’s policies and procedures in conjunction with
purchase card internal control requirements identified in the Charge Card Act and related Office of
Management and Budget (OMB) guidance, 1 examined documentation from the Department’s purchase
card monitoring efforts, reviewed data on disciplinary action taken by the Department resulting from
purchase card misuse, and determined whether suggestions resulting from our previous risk assessment
of the Department’s purchase card program have been implemented. Additionally, we contacted OIG
Investigations and Hotline staff regarding information on purchase card misuse and reviewed the OIG
Data Analytics System (ODAS) 2 to identify and assess high-risk categories of potentially inappropriate

 OMB Memo M-13-21 and OMB Circular A-123, Appendix B
 ODAS includes a download provided by the charge card vendor of all Department purchase card transactions for
a given fiscal year.
                                400 MARYLAND AVENUE, S.W., WASHINGTON, DC 20202-1510

                Promoting the efficiency, effectiveness, and integrity of the Department’s programs and operations.
Page 2 – Thomas P. Skelly

Based on our review, we determined that the purchase card program does not pose a high risk to the
Department and an audit of the program is not necessary. We found that the Department has policies
and procedures in place that address the applicable purchase card internal control requirements
identified in the Charge Card Act and related OMB guidance. We also noted that the Department has
adequate monitoring procedures in place to reduce the risk that illegal, improper, and erroneous
purchases are made within the purchase card program. However, we did identify one area where the
Department could strengthen its controls over the purchase card program.

In our previous risk assessment we noted that the Department’s Contracts and Acquisition Management
group (CAM) within the Office of the Chief Financial Officer (OCFO) does not utilize all potential
resources when reporting data on disciplinary actions. CAM reports data on disciplinary actions taken to
OMB each quarter based on inquiries it makes to each Principal Office (PO). CAM does not contact the
Department’s Human Capital and Client Services group (HCCS) for any data it maintains on disciplinary
actions. We suggested that in order to strengthen the purchase card program OCFO should coordinate
with HCCS regarding the required reporting of data to OMB on disciplinary actions. HCCS agreed it
would be an appropriate source to contact for this type of information. We noted that CAM has not
currently implemented this suggestion. CAM noted that there is no need to involve HCCS before a
serious violation is identified and explained that it has not included HCCS to date because no serious
infractions have been identified that would require disciplinary action. If or when a serious violation
occurs, CAM stated that it would work with OIG and HCCS with regard to disciplinary action. However,
per Department policy it appears that the determination for what constitutes a significant violation
requiring disciplinary action rests with the PO and HCCS. We believe that it would be appropriate for
CAM to include HCCS on the quarterly emails it sends to the POs requesting data on actions taken.

As a result of the item noted above, we are providing the following suggestion to OCFO to assist in
strengthening the purchase card program:

        •   Coordinate with HCCS regarding the required reporting of data to OMB on disciplinary
            actions. This could entail adding HCCS to the email distribution list for the data requests
            sent each quarter to the Executive Officers in each PO.

No response to this memorandum is necessary. We appreciate the cooperation given us during this
review. If you have any questions, please call Michele Weaver-Dugan at (202) 245-6941.

James Hairfield, Director, CAM/OCFO