oversight

Performance Audit of the Charge Card Program (OIG Report No. 2012-08-PURCH)

Published by the Equal Employment Opportunity Commission, Office of Inspector General on 2013-03-28.

Below is a raw (and likely hideous) rendition of the original report.

Performance Audit of the Charge Card Program
Skip top navigation
Skip to content
Español | Other Languages
U.S. Equal EmploymentOpportunity Commission
Home
About EEOC
Overview
The Commission
Meetings of the Commission
Open Government
Newsroom
Laws, Regulations, Guidance & MOUs
Budget & Performance
Enforcement & Litigation
Initiatives
Interagency Programs
Publications
Statistics
Outreach & Education
Legislative Affairs
FOIA & Privacy Act
Doing Business with EEOC
Jobs & Internships
EEOC History
Office of Inspector General
Employees & Applicants
Overview
Coverage
Timeliness
Filing A Charge
How to File
Charge Handling
Confidentiality
Mediation
Remedies
Existing Charges
Filing a Lawsuit
Discrimination by Type
Age
Disability
Equal Compensation
Genetic Information
Harassment
National Origin
Pregnancy
Race/Color
Religion
Retaliation
Sex
Sexual Harassment
Prohibited Practices
Employers
Overview
Coverage
Charge Handling
Resolving a Charge
Remedies
Discrimination by Type
Age
Disability
Equal Compensation
Genetic Information
Harassment
National Origin
Pregnancy
Race/Color
Religion
Retaliation
Sex
Sexual Harassment
Prohibited Practices
Recordkeeping
EEO Reports/Surveys
"EEO Is The Law" Poster
Training
Other Employment Issues
Federal Agencies
Overview
Federal Employees & Applicants
Federal Complaint Process
Discrimination by Type
Other Federal Protections
Prohibited Practices
Federal EEO Coordination
Federal Agency EEO Directors
Laws, Regulations, Guidance & MOUs
Management Directives & Federal Sector Guidance
Federal Sector Alternative Dispute Resolution
Federal Sector Reports
Appellate Decisions
Digest of EEO Law
Form 462 Reporting
Federal Training & Outreach
Contact Us
Contact EEOC
Find Your Nearest Office
Frequently Asked Questions
About EEOC
Overview
The Commission
Meetings of the Commission
Open Government
Newsroom
Laws, Regulations, Guidance & MOUs
Budget & Performance
Enforcement & Litigation
Initiatives
Interagency Programs
Publications
Statistics
Outreach & Education
Legislative Affairs
FOIA & Privacy Act
Doing Business with EEOC
Jobs & Internships
EEOC History
Office of Inspector General
Home > About EEOC > Office of Inspector General
MEMORANDUM
TO:
Germaine Roseboro
Chief Financial Officer
FROM:
Milton A. Mayo, Jr.
Inspector General
SUBJECT:
Performance Audit of the Equal Employment Opportunity Commission's Charge Card Program (OIG Report No. 2012-08-PURCH)
The Office of Inspector General (OIG) engaged the independent certified public accounting firm of Harper, Rains, Knight and Company, P.A (HRK) to conduct a performance audit of the agency's charge card program which included both purchase and
travel cards. The audit covers agency charge card activity for fiscal years 2011-12. The contract required that the audit be done in accordance with U.S. generally accepted government auditing standards contained in Government Auditing Standards
issued by the Comptroller General of the United States.
In their report HRK notes deficiencies in key controls relating to the charge card program. Findings were issued in the following areas:
Lack of internal controls in place to ensure policies and procedures over the charge card program are current and sufficient
Internal Controls over the operating effectiveness of EEOC charge card policies and procedures are not operating effectively
Non-compliance with required charge card training policy and procedures
Non-compliance with account creation policies and procedures
Lack of sufficient documentation evidencing transaction approval
Lack of documentation to support a purchase card transaction
Non-compliance with cardholder account closure policies and procedures
Lack of monitoring controls in place over Merchant Category Codes (MCC)
Lack of monitoring controls in place over monthly spending limits.
Based on the above findings and the results of their testing of operating effectiveness of the EEOC purchase card/convenience check program, HRK concluded that the EEOC's purchase card/convenience check program is not operating in compliance with
applicable laws and regulations.
EEOC management was given the opportunity to review the draft report and to provide comments. Management comments are included in Appendix D of the report.
The Office of Management and Budget issued Circular Number A-50, Audit Follow Up, to ensure that corrective action on audit findings and recommendations proceed as rapidly as possible. EEOC Order 192.002, Audit Follow up Program, implements
Circular Number A-50 and requires that for resolved recommendations, a corrective action work plan should be submitted within 30 days of the final audit report date describing specific tasks and completion dates necessary to implement audit
recommendations. Circular Number A-50 requires prompt resolution and corrective action on audit recommendations. Resolutions should be made within six months of final report issuance.
cc:
Claudia Withers
Raj Mohan
George Betters
Leta Jackson
U.S. EQUAL EMPLOYMENT
OPPORTUNITY COMMISSION
WASHINGTON, DC
PERFORMANCE AUDIT OF THE
CHARGE CARD PROGRAM
MARCH 26, 2013
HARPER, RAINS, KNIGHT & COMPANY, P.A.
CERTIFIED PUBLIC ACCOUNTANTS
RIDGELAND, MISSISSIPPI
Table of Contents
Independent Auditors' Report
Results in Brief.
Objective 1 - To determine whether internal controls are in place to detect and prevent fraud, waste, abuse and misuse in the EEOC's purchase card program.
Objective 2 - To evaluate the effectiveness of the processes and procedures over EEOC's purchase card program. Specifically, determine if procedures for issuing purchase cards/convenience checks, monitoring the use of the
purchase cards/convenience checks, and providing training to employees having responsibilities for purchase cards/convenience checks are adequate.
Objective 3 - To determine if the EEOC's purchase card/convenience check program is operating in compliance with laws and regulations.
Recommendations.
Appendices.
Appendix A.
Appendix B.
Appendix C.
Appendix D.
Milton A. Mayo, Jr.
Inspector General
U.S. Equal Employment Opportunity Commission
131 M Street, NE
Washington, D.C. 20507
Independent Auditors' Report
We were engaged by the U.S. Equal Employment Opportunity Commission ("EEOC"), Office of Inspector General ("OIG"), to conduct a performance audit of EEOC's charge card program, which includes both purchase and travel cards. EEOC uses purchase
cards to reduce the administrative cost of processing small dollar purchases and travel cards to reduce the cost of official travel and for the convenience of the traveler.
Purchase and travel cards are at a high risk for misuse, fraud, waste, and abuse. Accordingly, if the internal controls governing EEOC's purchase and travel card programs are not sufficient, properly designed, and fully implemented, EEOC will not
be able to detect and prevent fraudulent purchases or other improper uses and abuses of the cards.
Our audit objectives over the purchase and travel card programs were:
(1) To determine whether internal controls are in place to detect and prevent fraud, waste, abuse and misuse in the EEOC's purchase card program.
(2) To evaluate the effectiveness of the processes and procedures over EEOC's purchase card program. Specifically, determine if procedures for issuing purchase cards/convenience checks, monitoring the use of the purchase cards/convenience
checks, and providing training to employees having responsibilities for purchase cards/convenience checks are adequate.
(3) To determine if the EEOC's purchase card/convenience check program is operating in compliance with laws and regulations.
To perform our audit, we interviewed personnel at EEOC's Central Services Division (CSD) within the Office of the Chief Financial Officer (OCFO). We reviewed the existing EEOC charge card policies and procedures, guidance issued by regulatory
agencies, and charge card data supplied EEOC's third party service providers. We selected samples of the agency's controls over both the issuance and closing of purchase and travel cardholder accounts. We selected a statistical sample of charge card
activity made during fiscal years (FY) 2011 and 2012 to conduct control and substantive tests over EEOC's program. The audit work was completed in January 2013.
We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our
findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Further background information appears in Appendix A. Our
complete scope, methodology, and criteria are contained in Appendix B.
Results in Brief
EEOC has developed standard operating procedures (SOPs) for EEOC's Government Commercial Purchase Card and Government-wide Travel Card Programs on the proper use of purchase and travel cards, however the version provided to us during our test
period was out of date and did not include any updates for the current accounting system in operation as of October 1, 2011. We did find that the SOPs were substantially compliant with OMB A-123, Appendix B; however the documents did not address all
requirements.
Our audit found deficiencies in key controls related to the charge card program, such as support for issued cardholder accounts, account activation and closure support, approvals of transactions, required training, charge card limits, and
supporting documentation for transactions. These violations of policies were generally unnoticed due to a lack of oversight and monitoring procedures in place to ensure internal controls are operating effectively. HRK issued nine (9) Statement of
Fact (SOF) Memorandums to EEOC concerning the identified deficiencies and best practices.
Though EEOC's SOPs substantially comply with OMB A-123, Appendix B and other Federal guidance, the identified deficiencies in the operating effectiveness of internal controls over EEOC's charge card programs suggest that significant steps be
taken to ensure that controls are operating effectively.
We recommended EEOC update their SOPs to the current operating environment and establish oversight and monitoring controls to address identified weaknesses.
EEOC Response
EEOC generally concurred with our findings and stated it is taking actions to address the effectiveness of the internal control environment over the charge card program.
EEOC's responses are included in their entirety as Appendix D.
Auditor Conclusion
Management's responses, once implemented, should strengthen the Agency's control environment over charge card activity and address the deficiencies identified in our performance audit. However no audit procedures have been applied to management's
responses presented in this report.
Results and Findings
Objective 1 - To determine whether internal controls are in place to detect and prevent fraud, waste, abuse and misuse in the EEOC's purchase card
program.
We found EEOC has standard operating procedures (SOPs) CSD-704 and 705 covering the Government-wide Travel Card and Government Commercial Purchase Card programs, respectively.
Finding No.1 - Lack of internal controls in place to ensure policies and procedures over the charge card program are current and sufficient.
While we found EEOC to have SOPs, the documents provided were dated as of June 2011. On October 1, 2011, EEOC moved from the Department of the Interior's Business Center (IBC) accounting system (Momentum) to Global Computer Enterprises' (GCE)
Financial Cloud Solutions (FCS). While EEOC has updated their SOPs as of November 12, 2012, these updated SOPs were never provided to the auditor and EEOC operated under the outdated SOPs for all of FY 2012.
In addition, we found EEOC lacked the following OMB A-123, Appendix B requirements in their SOPs:
Timely payments of travel card payments and disciplinary actions for untimely payments.
OMB Memorandum on Strategic Sourcing requirements.
Certain requirements for convenience checks, such as 1) reconciliation of check register information to transaction data on statements and 2) procedures for cardholders and/or custodians of the property to follow when property is determined to
be missing, stolen or damaged.
The lack of these OMB requirements, in and of themselves, does not indicate a lack of compliance, however it does identify weakened policies and procedures to detect and prevent fraud, waste, abuse and misuse.
Finding No.2 - The internal controls over the operating effectiveness of EEOC charge card policies and procedures are not operating effectively.
We identified two key deficiencies in EEOC's internal control over the operating effectiveness of the charge card program: (1) heavy reliance on third party providers to implement and manage the program with no oversight at EEOC; and (2) lack of
monitoring of the controls identified in the SOPs. During our testing, EEOC personnel were unable to provide support for issuance of cardholder accounts, approvals of cardholder transactions, and documentation of required training of active
cardholders. EEOC personnel indicated this information is maintained solely by its service providers. We could not find any evidence that EEOC monitors the cardholder information for accuracy or completeness or that they have any oversight of
activities conducted by the service provider.
Objective 2 - To evaluate the effectiveness of the processes and procedures over EEOC's purchase card program.
Specifically, determine if procedures for issuing purchase cards/convenience checks, monitoring the use of the purchase cards/convenience checks, and providing training to employees having responsibilities for purchase cards/convenience checks are
adequate.
Finding No.3 - Non-compliance with required charge card training policy and procedures.
We tested the effectiveness of the documentation of training controls over new and existing accounts by requesting supporting documentation supporting the timely completion of training.
For new accounts, we haphazardly selected a statistical sample 28 accounts out of a universe of 762 to test the documentation of the certification of completion of initial GSA SmartPay Purchase Cardholder Training. EEOC could not provide us
documentation evidencing the completion of training for any of the cardholders selected.
For existing accounts we inquired with EEOC on how the refresher course training is tracked and how they demonstrate the control over refresher course training is operating effectively. EEOC provided us two memoranda from the OCFO to all
non-responders, the first was dated March 5, 2012 requesting the training to be completed by April 2, 2012, and the second was dated October 11, 2012 requesting the training to be completed by November 10, 2012. The three-year refresher course was
originally to be completed during February and March of 2012. As of November 7, 2012 of the 618 cardholders, 210 (34%) had not completed training.
Finding No.4 - Non-compliance with account creation policies and procedures.
We tested the statistic sample of 28 cards activated in FY 2011 and FY 2012 for compliance with cardholder account activation requirements indentified in EEOC SOPs CSD-704 and 705. Per the SOPs, the activation packet should contain: the Citibank
Government Purchase Card Setup Form (Cardholder Application), certification of completion of GSA SmartPay Purchase Cardholder Training, the Account Setup Form Completed by the Credit Card Purchase Manager, the signed Delegation of Authority
memorandum, and the signed Employee Acknowledgement Form. Additionally, we requested and obtained a listing of the purchase authority delegated to each of the cardholders in the sample to determine if the levels of credit are in line with EEOC
position and policies.
We found a significant lack of documentation to evidence the application packet policies and procedures had been performed. Of the 28 samples, EEOC was unable to provide us any documentation for 18 of the cardholders. EEOC was able to
provide copies of the Cardholder Application for the remaining 10 cardholders tested, however no other documentation was provided for these 10 cardholders. We did not find any exceptions in the appropriateness of level of credit for each
cardholder.
Finding No.5 - Lack of sufficient documentation evidencing transaction approval requirements.
We selected a statistical sample of 72 charge card transactions from FY 2011 and 2012. We identified 46 instances of missing documentation to evidence the approval of an Authorizing Official (AO) and 51 instances of missing evidence to support
the availability of funds prior to purchase.
Finding No.6 - Lack of documentation to support a purchase card transaction.
We selected a statistical sample of 72 purchase and travel card transactions, consisting of 61 purchase card transactions and eleven travel card transactions. EEOC was not able to provide any support for 17 of the purchase card transactions.
These 17 purchase card transactions totaled to $263,466.89 of the $510,688.12 sampled dollars.
Finding No.7 - Non-compliance with cardholder account closure policies and procedures.
For account closures, we selected a statistical sample of 24 closures during FY 2011 and 2012. EEOC was unable to provide documentation to evidence the controls over account closure for 17 of the accounts in our sample. EEOC was able to
provide complete documentation the remaining 7 accounts.
In addition, we performed an analytical review of closed accounts to determine if there was any charge card activity after the account was closed. We identified one account that was reported closed as of June 26, 2012 where a cash
advance in the amount of $1,875.75 and an associated fee for $42.20 was recorded on August 2, 2012.
Finding No.8 - Lack of monitoring controls in place over Merchant Category Codes (MCC).
We found that EEOC relies heavily on the Citibank standard Federal government MCC codes as a primary control over the identification and prevention of fraud, waste, abuse, and misuse; however, we found that EEOC does not regularly
monitor the use of MCC nor has EEOC created an agency-specific list to prevent improper purchases relevant to EEOC. We identified nine allowable MCC codes ranging from Barber and Beauty Shops (MCC 7230) to Medical Services Health Practitioners - Not
Elsewhere Classified (MCC 8099), that have the potential for being improper in the normal business activities of EEOC.
Finding No.9 - Lack of monitoring controls in place over monthly spending limits.
We identified three instances of cardholders exceeding the monthly spending limit established by EEOC. In July and September of 2011, one cardholder had monthly activity of $27,184.82 and $59,146.46, respectively. In March of 2012, another
cardholder had monthly activity of $25,523.47. Both cardholders have monthly limits if $25,000.
Objective 3 - To determine if the EEOC's purchase card/convenience check program is operating in compliance with laws and regulations.
OMB A-123, Appendix B Improving the Management of Government Charge Card Programs, section 4.3 describes the responsibilities of management over the agency's charge card program:
"The general responsibilities of charge card managers in implementing risk management controls, policies and practices are:
Implementing the appropriate controls to ensure compliance with Federal laws, Federal and agency regulations, and for monitoring program effectiveness;
Ensuring that any risk management polices and practices established in the agency's charge card management plan are carried out effectively and that the charge card management plan is updated with enhanced risk management policies and practices,
as applicable."
As reported under Objective 1, EEOC has implemented appropriate controls to ensure compliance with Federal laws as well as Federal and agency regulations. However, we did identify issues with the timeliness of updates to the SOPs. Our testing of
operating effectiveness reported in Objective 2, identified deficiencies in EEOC's ability to provide oversight on the effectiveness of these programs and to ensure policies and practices established in its charge card SOPs are monitored and
violations addressed.
Based on the findings identified above, EEOC's purchase card/convenience check program is not operating in compliance with OMB A-123, Appendix B established under the authority of 31 U.S.C. 1111, Executive Order 11541, the Chief Financial
Officers Act of 1990 (P.L. 101-576) and the Office of Federal Procurement Policy Act (41 U.S.C. Chapter 7).
Recommendations
We recommend that the Chief Financial Officer of the U.S. Equal Employment Opportunity Commission:
1) Perform further analysis on its government charge card operations to identify all of the controls that should be implemented per OMB directives. This would include the identification of procedures performed utilizing the new accounting system
(FCS) as well as current duties of personnel interacting with the system. Specifically, EEOC should:
Meet with all process lead personnel to determine what controls are or should be in place to ensure that fraud, waste, abuse and misuse are not present in the charge card program;
Identify all requirements in OMB Circular A-123, Appendix B and determine the procedures necessary to comply with the requirements; and
Ensure policies and procedures are reviewed on an annual basis or more frequently if substantial changes have occurred in EEOC's systems or laws and regulations have been issued to ensure that policies and procedures are appropriate for the
current environment.
2) Develop a system to either 1) identify and track all of its charge card activity, including open accounts, closed accounts, cardholder approver levels, and cardholder training; or 2) perform an evaluation of its service providers controls
over the charge card program to ensure that controls are appropriate and operating effectively. Additionally, EEOC should monitor all of its controls, whether performed at EEOC or at a service provider at least annually to ensure that the controls
remain adequate and continue to operate effectively.
3) Develop policies and procedures to identify and track all cardholder-required training. Documentation should be maintained following NARA requirements for cardholders who have successfully completed training requirements. For cardholders who
have not successfully completed training requirements, EEOC should document notification(s) of the required training and all corrective actions taken against the cardholder, until the successful completion of training can be demonstrated.
4) Further develop its controls over the retention of application documents for charge card accounts. The Purchase Card Program Manager should maintain the documentation identified above for all account applications electronically or in hard
copy. The policy or procedure should establish an appropriate period of time for retention of records.
5) Monitor its controls over transaction approval, whether performed at EEOC or at a service provider, at least annually to ensure that the controls remain adequate and continue to operate effectively.
6) Implement policies and procedures over record retention for purchase and travel card transactions. EEOC should monitor these controls at least annually to ensure that the controls remain adequate and continue to operate effectively.
7) Improve its controls over the closure of charge card accounts. The Purchase Card Program Manager should maintain documentation of all account closures electronically or in hard copy. Documentation should include evidence of the name of the
DRM or A/OPC who received the employee's charge card, the date the card was turned into the DRM or A/OPC , the date the card was physically destroyed, and the date that account closure was confirmed by the Charge Card Vendor.
8) Develop and implement policies and procedures to require reviews of total cardholder activity to ensure compliance with monthly spending authority for all cardholders. Documentation of authority to exceed cardholders spending limits should be
maintained by management. Penalties for exceeding authorized spending limits should be established and enforced.
9) Develop additional monitoring controls as a best practice. The Office of Management and Budget does not currently require these controls. EEOC should consider developing and implementing policies and procedures to use data mining to monitor
charge cardholder activity. Data mining should target the nature and frequency of purchases and fees. Effective use of data mining techniques can help to prevent and identify improper purchases, unnecessary fees, split transactions, and progress of
refund requests. This control would improve the agency's ability to prevent and detect improper or unnecessary charges.
10) Consider supplementing the listing of disallowed merchant category codes used by its charge card vendor with additional disallowed codes based on EEOC's policies on purchases and travel expenses.
We appreciate the cooperation and courtesies that EEOC personnel extended to us during this audit.
Harper, Rains, Knight & Company, P.A.
Appendices
Appendix A
Background
A U.S. government purchase card is an internationally accepted credit card issued by individual contractors and available to personnel in all federal agencies under a single General Services Administration (GSA) contract. The purpose of Charge
Card Programs is to minimize the paperwork needed to make purchases with proper authorization.
Effective Charge Card Programs depend on the users having been properly trained to manage their card use. Treasury Financial Manual, Vol.1, Part 4, Section 4525, requires each agency to have its own internal procedures for using purchase cards,
so cardholders must be made aware of the applicable laws, regulations, and procedures developed by their agency. Management's understanding of internal controls is essential in ensuring accountability at all levels of charge card use.
Charge cards allow the same individual to order, pay for, and receive goods and services. Purchase and travel cards are at a high risk for misuse, fraud, waste, and abuse. Accordingly, if the internal controls governing the Equal Employment
Opportunity Commission's (EEOC) purchase and travel card programs are not sufficient, properly designed, and fully implemented, EEOC will not be able to detect and prevent fraudulent purchases or other improper use of the cards.
The Office of the Chief Financial Officer (OCFO) at EEOC has responsibility for overall management of the commercial purchase card program. The OCFO has established policies and procedures relating to the program which are contained in the EEOC's
Government-wide Travel Card and Government Commercial Purchase Card programs standard operating procedures (SOPs). Included in the user's guide are responsibilities for individuals and EEOC offices, guidance on authorized use of the purchase card,
purchase limits, reconciliation and payments and training requirements for those involved with the use of the agency's purchase card.
Key roles within the EEOC's purchase card program include the Charge Card Program Manager (CCPM), Agency /Organization (A/OPC) Program Coordinator, Approving Officials (AO), and Cardholders. The CCPM is responsible for the day to day oversight
and administration of purchase card operations within the agency. This includes establishing new purchase card accounts, closing accounts, and increasing or decreasing purchase limits and monitoring merchant category restrictions. AOs are usually
the office director or supervisor designated to approve purchase card transactions, monitor purchase card activity in an organization, and certify the invoice for payment for the purchase card services. Each cardholder is assigned an approving
official who will review cardholder transactions to ensure that the purchases are valid and allowable. Purchase cards reflect the cardholder's name and may only be used by the named employee. Cardholders may purchase supplies and services within
their delegated procurement authority. The purchase charge card is the primary method for making purchases valued up to $3,000 for supplies, $2,500 or less for services and $2,000 for construction.
Convenience checks are payment instruments drawn on the purchase card account. Convenience checks may be written only to vendors who do not accept the purchase charge card, for emergency incident response, and for other Commission approved
purposes that comply with Public Law 104-134, the Debt Collection Improvement Act of 1996.
Appendix B
Objective, Scope, Methodology, and Criteria
Objective
The audit objectives were as follows:
(1) To determine whether internal controls are in place to detect and prevent fraud, waste, abuse and misuse in the EEOC's purchase card program.
(2) To evaluate the effectiveness of the processes and procedures over EEOC's purchase card program. Specifically, determine if procedures for issuing purchase cards/convenience checks, monitoring the use of the purchase cards/convenience
checks, and providing training to employees having responsibilities for purchase cards/convenience checks are adequate.
(3) To determine if the EEOC's purchase card/convenience check program is operating in compliance with laws and regulations.
Scope
The scope of this audit covered testing of purchase card program transactions covering the fiscal years (FY 2011-FY 2012). The audit was conducted in accordance with generally accepted government auditing standards: the audit was planned to
obtain sufficient, appropriate, evidence to provide a reasonable basis for findings and conclusions based on the objectives.
Our performance audit was not designed to, and we did not, perform a financial audit of the amounts obligated or expended by EEOC.
We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for
findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.
Methodology
We conducted interviews and process walkthroughs with officials at EEOC's Central Services Division (CSD) within the OCFO organization, to understand the internal controls, processes, systems, and procedures used to manage the agency's charge
card program. Our consideration of internal controls relevant to our audit objectives would not necessarily disclose all matters that might be significant deficiencies. Because of inherent limitations in internal controls, noncompliance may
nevertheless occur and not be detected.
We selected statistical samples of the agencies controls over the issuance of purchase and travel accounts and closing of cardholder accounts at separation. Sample items were tested for compliance with EEOC policies and procedures as well as
compliance with the requirements of OMB Circular A-123, Appendix B.
We selected a statistical sample of purchase and travel card transactions during FY 2011 and 2012. Testing performed over the sample included verification of: transaction support, transaction approval, allowable MCC codes, evidence to support
amounts were available prior to purchase, appropriate purchases for government use, dispute of unauthorized charges, purchases were from the required sources of supply and service, cardholder not splitting purchases, and balances paid timely. Based
upon these tests and assessments, we concluded the data was sufficiently reliable to be used in meeting the objectives.
Criteria
We used the following to perform the audit:
GAO Government Auditing Standards, 2011 Revision
Chapter 7: Field Work Standards for Performance Audits
Chapter 8: Reporting Standards for Performance Audits
GAO Standards for Internal Control in the Federal Government, November 1999
OMB Circular A-123, Appendix B Improving the Management of Government Charge Card Programs, Revised January 15, 2009
Treasury Financial Manual, Vol.1, Part 4, Section 4525
31 U.S.C. §§ 3321, 3322, 3327, 3335, 3901
Public Law 112-194 "Government Charge Card Abuse Prevention Act of 2012"
Appendix C
Acronyms and Abbreviations
A/OPC
Agency/Organization Purchase Manager
CCPM
Charge Card Purchase Manager
CPA
Certified Public Accountant
CSD
Central Services Division
EEOC
Equal Employment Opportunity Commission
FY
Fiscal Year
GAGAS
Generally Accepted Government Auditing Standards
GAO
U.S. Government Accountability Office
GSA
General Services Administration
MCC
Merchant Category Code
OCFO
Office of Chief Financial Officer
OIG
Office of Inspector General
OMB
Office of Management and Budget
P.A.
Professional Association
U.S.C.
United States Code
Appendix D
Equal Employment Opportunity Commission Response
U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION
Washington, D.C. 20507
Office of the Chief Financial Officer
February 15, 2013
Mr. Matthew N. Farage, CPA.CITP, CISA
Harper, Rains, Knight, & Company, P.A.
700 12th Street, NW, Suite 700
Washington, DC 20005
Dear Mr. Farage:
Thank you for providing the U.S. Equal Employment Opportunity Commission (EEOC) with an opportunity to respond to the Statement of Facts (SOF) for the audit of EEOC's Purchase and Travel Card Programs. Generally, the Office of the Chief Financial
Officer agrees with each SOF cause, effect, and recommendation, except as indicated in the enclosed response.
Please feel free to contact me at germaine.roseboro@eeoc.gov, (202) 663-4238 should you have any questions or concerns.
Sincerely,
Germaine P. Roseboro
Chief Financial Officer
Enclosure
cc:
Willie Eggleston, EEOC
Office of Inspector General
George R. Betters, Director
Central Services Division, OCFO
L. Shelly Jackson, Supervisor
Central Services Division, OCFO
Raj Mohan, Director
Financial Operations Division
Response to Harper, Rains, Knight and Company
Statement of Fact (SOF) for
the U.S. Equal Employment Opportunity Commission
Purchase and Travel Card Programs
February 15, 2013
1. SOF #1: Documentation of Charge Card Policies and Procedures
a. EEOC agrees with the SOF, with the exception that EEOC currently performs annual reviews and updates of our policies and Procedures in accordance with OMB Circular 123. EEOC's last policy update was November 12, 2012. However, an older version
of our policy was provided to the auditors.
b. EEOC will comply with the recommendation by identifying the process lead personnel; posting the latest version of the user guide in a readily accessible location on our intranet; disseminating yearly reminders or as policy changes mandate of
individual responsibility and program maintenance requirements to process lead personnel and users; and implement reviews by the Office of the Chief Financial Officer (OCFO) of randomly selected Headquarters and Field Offices to assess the Agency's
overall compliancy with internal and OMB policies.
2. SOF #2: Documentation of Charge Card Policies and Procedures - Internal Controls
a. EEOC agrees with the SOF.
b. EEOC will comply with the recommendation by maintaining a record of Purchase and Travel Card user account activity for activation; account limit increase and decrease; training; account closures; and policy notifications within OCFO.
Additionally, EEOC will provide contractor's with a monthly report of personnel whose accounts should be closed; will review contractor quarterly reports for appropriate contract deliverables, and will implement measures to monitor the contractor's
performance, such as delinquency services and closing accounts, for compliancy with the contract requirements.
3. SOF #3: Charge Card Training Requirements
a. EEOC agrees with the SOF.
b. EEOC will comply with the recommendation by documenting and enforcing the training requirements for purchase card participants by maintaining copies within OCFO of employees' certificates of initial training before their accounts are processed
for activation; and maintaining a copy within OCFO of employees' refresher training certificates.
c. EEOC will comply with the recommendation by documenting and enforcing the training requirements for travel card participants by requiring program leads at Headquarters and the Field Offices to ensure users or the Program Leads maintain a copy
of travel card holders initial and refresher training certificates. Additionally, EEOC will conduct reviews of randomly selecting offices to assess the Agency's compliancy with enforcing and documenting the policy for travel card holders initial and
refresher training requirements.
d. OCFO will direct the service contractor to inactivate purchase and travel card holder accounts of EEOC users and approving officials who do not complete refresher training within a timely manner.
4. SOF#4: Compliance with SOP-CSD-704 and SOP-CSD-705-Opening Accounts
a. EEOC agrees with the SOF, except for establishing timeframes for retention of records. EEOC Records Order, 201.001 establishes timeframes for EEOC records retention.
b. EEOC will comply with the recommendation as stated above in SOF# 2 and SOF #3; and by maintaining within OCFO a complete copy of purchase card holder initial application packets; and requiring Headquarters and Field Office program leads to
ensure that the user or the program lead maintains a complete copy of travel card holder initial application packets.
c. EEOC will comply with the recommendation by conducting reviews of randomly selected offices to assess the Agency's compliancy with the policy for maintaining travel card user records; and as applicable, implement measures to monitor the
service contractor's performance for compliancy with contract requirements for record keeping/deliverables.
5. SOF#5: Transaction Approval Requirements
a. EEOC agrees with the SOF, except for travel card transactions. All temporary duty and permanent change of station travel requires a travel authorization prior to the commencement of travel. Carlson Wagonlit will not charge transportation
tickets without an approved authorization. Authorizations are approved for funding when it interfaces with the financial system.
b. EEOC will issue instructions in the Financial Management Guidance for the Fiscal Year 2013 audit to obligate funds for credit card purchases. EEOC will also emphasize to all card holders that support for all purchases should be maintained for
subsequent audits
6. SOF#6: Supporting Documentation for Charge Card Transactions
a. EEOC agrees with the SOF except for travel card transactions related to transportation purchases which are maintained in the E2 travel system indefinitely.
b. EEOC will comply with the recommendation as stated above in SOF#1; and by developing and posting on EEOCs intranet a Question and Answer (Q&A) Fact Sheet for quick reference of user and approving official responsibilities. In addition to
EEOC's User Guide, the Q&A will be included as a reference source in each user and approving official authorization letter.
7. SOF#7: Cardholder Account Closure Procedures
a. EEOC agrees with the SOF, except to also identify mishandling of the service contractor to issue payment against a card holder's account that had been closed 37 days prior to submission of the check for payment as a cause for ineffective
operation. Also, we need clarification regarding the 9 accounts closed for non-payment. We have no record of purchase card accounts closed due to non-payment.
b. EEOC will comply with the recommendation as stated above in SOF#2; and by requiring the Agency, Headquarters and Field Office Program Leads to maintain a log of purchase and travel card holder account closures with the data specified in the
audit recommendation; and implementing measures to monitor the service contractor's performance for compliance with the contractor requirements or unprecedented issues.
c. EEOC will comply with the recommendation by conducting reviews of randomly selected offices to assess the Agency's compliancy with the policy for maintaining purchase and travel card holder closed account documentation.
8. SOF#8: Purchase Card Best Practices
a. EEOC agrees with the SOF.
b. EEOC does not have the software to use data mining. At present, budgetary constraints forbid the consideration of this recommendation. EEOC will consider it at a later date.
c. EEOC has reviewed the recommendation, but will continue to use the existing list of disallowed Merchant Category Codes (MCC) specified by the service contractor. No further action will be taken to supplement the current disallowed MCC
list.
9. SOF#9: Cardholder Credit Card Limits
a. EEOC disagrees with the SOF. The Central Services Division Standard Operating Procedures (SOP)-CSD-705 procedures for card limit increases and decreases is followed for card holder limit change requests. The SOF Condition, Cause, and Effect
are related to EEOC's "
accounting system [that is] designed to make payments on its charge card accounts to Citibank daily, thus allowing charge cardholders to spend, in total, above their monthly limits
"
b. EEOC will discuss this with Citibank to determine the proper course of action to take since EEOC processes purchase card payments on a daily basis. EEOC will further discuss the possibility of establishing a weekly limit for purchase card
purchases.
U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION
Washington, D.C. 20507
Office of the Chief Financial Officer
March 7, 2013
Mr. Matthew N. Farage, CPA.CITP, CISA
Harper, Rains, Knight, & Company, P.A.
700 12th, NW, Suite 700
Washington, DC 20005
Dear Mr. Farage:
Thank you for providing additional information addressing your position for Statement of Facts (SOF) numbered 5, 7, and 8 for the audit of EEOC's Purchase and Travel Card Programs. Please see additional comments below.
SOF #5, Transaction Approval Requirements - The $859 was authorized. See attached screen shot from E2. Lodging and taxes total $829. The $30 for shuttle service, although not initially included on the authorization, was in fact approved by the
Administrative Officer/District Resources Manager (funds approval) and the Approving Official on the E2 travel voucher before the document interfaced with the financial system (at that time Momentum). All E2 travel authorizations and travel vouchers
must have funds and management approval before the documents can transmit to the financial system.
SOF #7, Card Holder Account Closure Procedures - We agree with your recommendation. The 9 questionable closed accounts were for travel and not purchase cards. After researching further Cunningham, Coffey, Lucero, Felix, Estevez and Hardy have
left the agency. Their accounts were closed due to separation. The 3 other employee accounts were closed for non-payment.
SOF #8, Purchase Card Best Practices - We agree with the recommendation to consider adding to the list of prohibited MCC's.
Please feel free to contact me at germaine.roseboro@eeoc.gov or (202) 663-4238 should you have additional questions or concerns.
Sincerely,
Germaine P. Roseboro
Chief Financial Officer
cc: Willie Eggleston, EEOC
Office of Inspector General
George R. Betters, Director
Central Services Division, OCFO
L. Shelly Jackson, Supervisor
Central Services Division, OCFO
Raj Mohan, Financial Operations Division
Privacy Policy | Disclaimer | USA.Gov