OFFICE OF INSPECTOR GENERAL Audit Report Farm Credit Administration’s Purchase Card Program A-14-02 Auditor-in-Charge Sonya Cerne Issued September 5, 2014 FARM CREDIT ADMINISTRATION Farm Credit Administration Office of Inspector General 1501 Farm Credit Drive McLean, Virginia 22102-5090 September 5, 2014 The Honorable Jill Long Thompson, Board Chair The Honorable Kenneth A. Spearman, Board Member The Honorable Leland A. Strom, Board Member Farm Credit Administration 1501 Farm Credit Drive McLean, Virginia 22102‐5090 Dear Board Chair Long Thompson and FCA Board Members Spearman and Strom: The Office of Inspector General (OIG) completed an audit of the FCA’s Purchase Card Program. The objective of this audit was to determine whether FCA’s oversight of the purchase card program is effective. During our review, we found that FCA’s oversight is effective. FCA established and implemented controls over the purchase cards, which lowers the risk to FCA. Both approving and OMS officials review purchase card activity. Overall purchase cardholder requirements are fully described. We would like to highlight the responsive actions Office of Management Services (OMS) plans to take to address the issues identified during the audit. OMS agreed to the following actions to improve the purchase card program: 1. Provide education to cardholders and Approving Officials on the light refreshments policy and the preapproval, purchase activity log, convenience check, and documentation requirements. 2. Distribute a template of an acceptable standard agency buy form. 3. Document justifications for cardholders with higher limits. 4. Document exceptions to current processes and ensure purchase cardholders and Approving Officials understand the need for documenting approvals when departing from policies and procedures. We appreciate the courtesies and professionalism extended to OIG staff by FCA personnel. If you have any questions about this audit, I would be pleased to meet with you at your convenience. Respectfully, Elizabeth M. Dean Inspector General Enclosure OBJECTIVE: To determine whether FCA’s oversight of the purchase card program is effective. BACKGROUND: During our review, we found the Farm Credit Administration’s (FCA) oversight is For some purchases, FCA effective. FCA established and implemented controls over the purchase card participates in the program; therefore, lowering the risk to FCA. FCA established a process for government-wide General reviewing purchase card activity. Approving Officials have a defined role in the Services Administration’s purchase card program and are required to review all purchase activity for their (GSA) SmartPay Purchase respective cardholders. Office of Management Services (OMS) officials also review Card Program and currently the purchase card activity monthly. Overall purchase cardholder requirements are contracts with the Bureau of fully described. Only current FCA employees have purchase card accesses and the Fiscal Service (BFS) for cardholders generally had supporting invoices for purchases. No exceptions were purchase card services. noted during our review of selected training records and no instances of Under the GSA Master potentially fraudulent or illegal purchases were identified. Contract, BFS uses Citibank as the purchase card service However, additional changes will improve the purchase card program. We found: contractor. FCA pays all purchase cards directly. • Purchase cardholders had not consistently followed established policies OMS is responsible for the and procedures. We judgmentally sampled 471 transactions and found 54 overall administration of the transactions by cardholders that had not followed FCA policies and charge card programs and procedures. We identified nine transactions related to food purchases management of the that did not follow FCA’s policy on light refreshments. We also identified purchase card program. 45 transactions with missing preapprovals, purchase activity log errors, and files lacking supporting documentation. The Government Charge Card Abuse Prevention Act • Certain processes and decisions involving purchase cards need to be of 2012 and the Office of documented. OMS had not documented the reasoning behind certain Management and Budget’s cardholders with higher limits than the standard amount. Certain Memorandum M-13-21, exceptions to FCA policy were in place but not documented. One Implementation of the cardholder has approval to deviate from policy for certain transactions; Government Charge Card yet, the justification of the approved exceptions are not in writing. Other Abuse Prevention Act of cardholders obtained approvals from officials other than the documented 2012, mandated each Approving Official. However, these accepted exceptions were not Inspector General perform, documented. at least annually, an assessment of charge card There are four agreed-upon actions to improve the oversight of the purchase card programs. Therefore, we program. OMS agreed with the report and provided specific tasks to be completed completed a risk assessment to strengthen FCA’s purchase card program. and initiated this audit as part of our ongoing efforts in this area. Table of Contents BACKGROUND ______________________________________________________________________ 1 Prior OIG Audit ____________________________________________________________________ 1 Prior OIG Inspections _______________________________________________________________ 2 OBJECTIVE, SCOPE, AND METHODOLOGY _________________________________________________ 2 AUDIT RESULTS ______________________________________________________________________ 4 Established Purchase Card Policies and Procedures ________________________________________ 4 Agreed Upon Actions 1-2 ____________________________________________________________ 6 Undocumented Processes ___________________________________________________________ 7 Agreed-Upon Actions 3-4 ____________________________________________________________ 8 ACRONYMS _________________________________________________________________________ 9 BACKGROUND The Farm Credit Administration (FCA) participates in the General Services Administration’s (GSA) SmartPay Program. FCA uses three types of charge card programs for official purchases related to the mission of the organization: purchase, travel, and fleet. Purchase card programs provide cards to Federal employees to make official Government purchases for supplies, goods, and services under the micro-purchase threshold of $3,000. Cardholders can purchase any commercially available supply or service within the spending limits and not prohibited by either Federal or agency-specific procurement regulations. Travel cards are used only for official travel and authorized travel-related expenses to include transportation, lodging, meals, and incidentals. Fleet cards are used for fuel, maintenance and repair of government owned/operated motor vehicles, aircraft, boats, and motorized equipment. For some purchases, FCA participates in the government-wide GSA SmartPay Purchase Card Program and currently contracts with the Bureau of the Fiscal Service (BFS) for purchase card services. Under the GSA Master Contract, BFS uses Citibank as the purchase card service contractor. FCA pays all purchase cards directly. FCA’s Office of Management Services (OMS) is responsible for the overall administration of the charge card programs and management of the purchase card program. FCA maintains written policies and procedures related to the charge card programs in accordance with the requirements set forth in the Office of Management and Budget (OMB) Circular A-123, Appendix B, Improving the Management of Government Charge Card Programs. The requirements include an annual submission of the agency’s Charge Card Management Plan to OMB that outlines the agency’s system of internal controls over the charge card programs. In addition, the Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) supplemented the requirements with additional reporting and audit requirements and augmentation of existing controls. The Charge Card Act and the OMB Memorandum M-13-21, Implementation of the Government Charge Card Abuse Prevention Act of 2012, also mandated each Inspector General perform, at least annually, an assessment of charge card programs 1. Therefore, the Office of Inspector General completed a risk assessment and subsequently initiated this audit as part of our ongoing efforts in this area. Prior OIG Audit We issued an audit report in August 1998, FCA’s IMPAC (International Merchant Purchase Authorization Card) Program (A-98-03). The audit’s objective was to evaluate the effectiveness of the IMPAC program and review the policies and procedures for efficiency of operations. The audit found cardholders were not using the IMPAC as frequently as they should and procedures for receiving, reporting, and recording could be improved. The audit also found FCA needed to strengthen policies and procedures and 1 The Charge Card Act did not establish a threshold for purchase card programs; therefore, Inspectors General must perform an annual assessment of purchase cards. As part of our ongoing efforts, the FCA OIG performed an assessment of both travel and purchase charge card programs. 1 randomly audit cardholders’ records. Lastly, the accounting codes needed to be simplified. FCA agreed to, and initiated action on, all recommendations. Prior OIG Inspections We also completed inspections on the purchase card program. The following list shows the two inspections performed: • Distribution, Usage and Control of Purchase and Travel Cards at the FCA (I-09-01) - The objective of the inspection was to determine the effectiveness and efficiency of the implementation of the government purchase and travel cards at FCA. For purchase cards, the inspection found FCA had adequate safeguards and controls but needed to update the purchase card policy. FCA agreed and completed the actions. • Government Purchase Card Program Inspection (I-02-07) – The objective was to determine the effectiveness and efficiency of the purchase card program at FCA. The inspection found the program was efficient and effective and continued to streamline the procurement process. However, the inspection found efficiencies could be gained. The review found: o Cardholders used checks in instances where it was possible to pay by credit card; o One noncredit cardholder used a card of another cardholder; o Internal audits had not always been performed; o Cardholders had not kept purchase activity logs or supporting documentation, as required; o The process for prospective purchases was not always followed; and, o Use of the corporate credit card needed to be addressed. FCA agreed to and resolved all of the recommended actions. OBJECTIVE, SCOPE, AND METHODOLOGY The objective of this audit was to determine whether FCA’s oversight of the purchase card program is effective. We conducted field work at FCA’s Headquarters in McLean, VA from May through August 2014. We limited our scope to Fiscal Year 2013 and October 1 - May 15 of Fiscal Year 2014. The following steps were taken to accomplish the objective: • Reviewed applicable laws and regulations and relevant guidance related to charge card programs. • Reviewed FCA policies and procedures related to charge card programs. • Obtained background information for the GSA SmartPay programs. • Interviewed FCA officials on internal policies and procedures. 2 • Requested and reviewed the listing of all active purchase card accounts, limits, and approving authorities as of May 2014. • Judgmentally sampled 3 of the 19 cardholders’ training records based on position, transactions, and overall activity levels. Because our sample was judgmental and not statistically sampled, we cannot project our conclusions to the entire population. • Analyzed FCA’s purchase card transactions for compliance with laws, regulations, and FCA policies and procedures. We judgmentally sampled 471 transactions based on: transaction amounts, merchant code categories, purchase descriptions, and dates. Because our sample was judgmental and not statistically sampled, we cannot project our conclusions to the entire population. • Reviewed selected transactions for approvals, documentation supporting purchases, and annotations on the purchase activity logs. • Reviewed Citibank statements for selected transactions. This audit was performed in accordance with Generally Accepted Government Auditing Standards. Those standards require we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We assessed internal controls and compliance with laws and regulations to the extent necessary to satisfy the objective. Our review would not necessarily have disclosed all internal control deficiencies that may have existed at the time of our audit. We assessed the computer-processed data relevant to our audit objective and determined the data was sufficiently reliable. Overall, we believe the evidence obtained provides a reasonable basis for our conclusions based on our audit objective. 3 AUDIT RESULTS During our review, we found FCA’s oversight is effective. FCA established and implemented controls over the purchase card program; therefore lowering the risk to the agency. Specifically, FCA established a process for reviewing purchase card activity. Approving Officials have a defined role in the purchase card program and are required to review all purchase activity for their respective cardholders. OMS officials also review the purchase card activity monthly. Overall purchase cardholder requirements are fully described. Only current FCA employees have purchase card accesses and no exceptions were noted during our review of selected training records. Both FCA and BFS completed reviews of the purchase card program. Lastly, cardholders generally had supporting invoices for purchases. We only noted one exception relating to supporting invoices and receipts. We found no instance of potentially fraudulent or illegal activity. However, changes will improve the purchase card program. We found a limited number of cardholders had not consistently followed established policies and procedures and certain processes need to be documented. Established Purchase Card Policies and Procedures For the audit, we reviewed purchase activity for the Fiscal Year 2013 and October 1-May 15 of Fiscal Year 2014. We judgmentally sampled 471 transactions for further review. From our judgmental sample, we found 54 transactions from cardholders that had not followed FCA policies and procedures. We identified nine transactions totaling $1,968 from four field office cardholders related to unauthorized food purchases. Although this is a small amount, cardholders purchased meals for field offices, not light refreshments as defined in the FCA policies and procedures. For example, one cardholder charged $400 for a catered barbecue lunch, which included a $46 tip. Another cardholder charged a catered lunch from an Italian restaurant for $238, including a $22 Total Food tip. Seven of the nine transactions related to food FY 13 $843.44 Charges FY 14 $1,124.26 purchases for FCA’s award ceremony for 2012 and 2013. $1,968.70 The other two transactions related to food purchases for a Diversity Day celebration in 2012. Approvals were given to the field offices to charge expenses for the events. However, FCA’s policy on charge card operating procedures, Office Directive 6, states office directors can approve purchases of light refreshments for on-site meetings or training with the purchase card. Further, FCA’s Policies and Procedures Manual (PPM) 708 states payment for light refreshments may be approved when allowed by statute, such as necessary expenses for the honorary recognition of its employees. PPM 708 also defines light refreshments as light snacks and beverages other than meals. We found these charges only in field offices, not FCA headquarters. We also found cardholders had not kept supporting documentation for 45 transactions, as required. Office Directive 6 provides for specific documentation requirements and the overall purchasing process with the purchase card. The following chart summarizes the overall purchasing process: 4 Obtain and Ensure document Identify need Confirm funding compatibility, if approval prior to applicable purchase Complete entry in Ensure Document Complete Purchase Activity appropriate transaction transaction Log source Provide log and Retain files and Reconcile all backup supporting statement documentation to documentation Approving Official During our review, we found cardholders had not always followed the process. Specifically, we found: • Four cardholders had not documented approvals received prior to purchases. FCA policy states cardholders are responsible for making purchases only for official government use and after approval by the Approving Official. FCA’s Purchase Activity Log, Form 458, also states the Approving Official’s signature is required prior to purchase. We identified 25 transactions that lacked supporting documentation showing approval prior to the purchases. We also found this was an area annotated as a finding in the 2011 and 2012 reviews conducted by BFS, showing a systemic weakness. • One cardholder, which has the second-highest purchase card limit in FCA, had not always used the purchase activity log as required. FCA’s Office Directive 6 states cardholders must complete an entry in the purchase activity log for each purchase and forward the log and all backup documentation to the Approving Official each month. We found three transactions not annotated on the log, with one transaction totaling over $24,000. For two of the transactions, the cardholder did not keep a purchase activity log for the month. For the remaining transaction, the cardholder had not entered the selected transaction on the monthly log. • Two cardholders did not have preapprovals documented or have purchase activity log annotations for ten transactions. One individual used a credit card log for transactions, but not the required purchase activity log. The log used did not contain the same information or have the required fields. In addition, this cardholder’s Approving Official had not reviewed the purchase activity log and supporting documentation as required, and the cardholder had not documented preapprovals for the selected transactions. The other cardholder maintained a purchase activity log, but had not documented certain transactions and the corresponding preapprovals. 5 • Five cardholders had not justified the use of a convenience check in supporting documentation. FCA’s 2014 Charge Card Management Plan states convenience checks are a tool intended only for use with merchants that do not accept purchase cards and as a last resort. The purchase activity log states documentation is needed that the vendor would not accept the purchase card and no other sources were available. While the use of the convenience checks seemed reasonable, documentation justifying the use was missing. • Two cardholders each had one transaction containing errors. One of the cardholder had an amount incorrectly annotated on the purchase activity log as $1550 instead of the actual $1900 charge. Another cardholder had documentation supporting an expense of $600 instead of the $800 paid. The cardholder stated there was an additional cost from agreed-upon price, but the files did not contain any documentation supporting the $200 increase. We found there is a limited understanding of policies and procedures. For example, the field office cardholders who purchased food documented the purchase approvals. It appeared the cardholders lacked an understanding of the light refreshments policy. Cardholders are required to take training at issuance of the purchase card and a refresher training is only required every three years. FCA has not issued any communications, reminders, or updates to cardholders specific to use and control over the purchase card except emails approving light refreshments as part of the award ceremony. We also found several cardholders did not fully understand standard agency buys. Specifically, the purchase activity log states preapprovals are not necessary if the items are standard agency buys and the designation form from the Approving Official lists the items/services that are considered standard agency buys. For example, standard agency buy lists could include low-risk purchases such as office supplies and mailing expenses. Several cardholders inconsistently completed a standard agency buy form with one listing items allowed in a document and another listing purchase examples in an email. One cardholder listed purchases as standard agency buys, but did not have a signed designation form from the Approving Official. A different cardholder listed a purchase as a standard agency buy and had a signed designation, but the purchased item was not on the list. Standard agency buy designations streamline the approval process. A standardized form could result in efficiencies to FCA by reducing the amount of oversight and documentation required for standard, low-risk purchases. Agreed Upon Actions 1-2 To enhance cardholders’ understanding of FCA policies and procedures, OMS will: 1. Provide education to cardholders and Approving Officials on the light refreshments policy and the preapproval, purchase activity log, convenience check, and documentation requirements. 2. Distribute a template of an acceptable standard agency buy form. Management Response OMS plans to issue information to all cardholders on the light refreshment policy and the purchase card documentation requirements. On September 4, 2014, OMS distributed a template of an acceptable standard agency buy form to all purchase cardholders. The distribution instructed cardholders to use 6 the form, have the form signed by the Approving Official, and maintain it with purchase card activity log documents. Undocumented Processes We also found certain purchase card processes need to be documented. OMS had not documented the reasoning behind three cardholders’ limits that were higher than the standard amount. Currently, 19 of the approximate 280 FCA employees have purchase cards. Of the 19 purchase cardholders, 14 have the standard limits of $3,000 per transaction and $10,000 per month. Five purchase cardholders have limits other than the standard amounts as noted in the chart below: Purchase Cardholder Limits $10,000 monthly and $3,000 per transaction limits $5,000 monthly and $3,000 per transaction limits $15,000 monthly and $3,000 per transaction limits $50,000 monthly and $10,000 per transaction limits $50,000 monthly and $50,000 per transaction limits $100,000 monthly and $100,000 per transaction limits Four cardholders have higher limits than the standard amounts. One FCA office requested that OMS grant a higher limit for one cardholder. The office provided a justification for the increase, which OMS approved. For the other three cardholders, OMS provided an explanation of each individual’s responsibilities within FCA showing the need for the purchase card. However, some of the information was conflicting. For example, OMS stated the agency’s contracting officer completes purchases for all offices with limits set at $100,000 per transaction and $100,000 per month. However, in an email regarding procurement controls, OMS stated this individual’s card should only be used in emergency situations or where a discussion has been initiated with the Chief Financial Officer or Chief Operating Officer. FCA’s Office Directive 6 states employees outside of OMS shall be limited to $3,000 per individual purchase, unless a bona fide need for a higher authorization is demonstrated. To increase accountability and transparency, all higher limits should be justified and documented. We identified a few current activities that deviate from policy. One mailroom cardholder excludes certain purchases from the purchase activity log and does not receive prior approval on those purchases. According to FCA officials, this procedure has been in place for many years and the Approving Official agrees with the departure from policy because of the unique circumstances involving 7 certain transactions. We also found purchase cardholders reporting directly to board members, but have the agency’s Contracting Officer as their Approving Official. While this is understandable given the duties of an Approving Official, we identified inconsistencies. Some of the cardholders received approvals or had final purchase documentation signed from the board members instead of their assigned Approving Official. However, according to FCA policy, the Approving Official is required to do the final approvals each month on the purchase activity. We understand circumstances may arise in which deviations are necessary for efficiency and effectiveness. However, it is important the approved deviations are documented and understood by all parties involved. Agreed-Upon Actions 3-4 To improve purchase card processes, OMS will: 3. Document justifications for cardholders with higher limits. 4. Document exceptions to current processes and ensure purchase cardholders and Approving Officials understand the need for documenting approvals when departing from policies and procedures. Management Response OMS agreed to provide documentation for cardholders with higher limits. OMS also agreed to document exceptions to current processes that would be signed by the purchase cardholders and Approving Officials. Overall, OMS agreed with the report and did not provide any comments. An exit conference was held with management on August 27, 2014. 8 ACRONYMS BFS Bureau of Fiscal Service FCA Farm Credit Administration GSA General Services Administration IMPAC International Merchant Purchase Authorization Card OIG Office of Inspector General OMB Office of Management and Budget OMS Office of Management Services 9 R E P O R T Fraud | Waste | Abuse | Mismanagement FARM CREDIT ADMINISTRATION OFFICE OF INSPECTOR GENERAL • Phone: Toll Free (800) 437-7322; (703) 883-4316 • Fax: (703) 883-4059 • E-mail: email@example.com • Mail: Farm Credit Administration Office of Inspector General 1501 Farm Credit Drive McLean, VA 22102-5090
Purchase Card Program
Published by the Farm Credit Administration, Office of Inspector General on 2014-09-05.
Below is a raw (and likely hideous) rendition of the original report. (PDF)