Apparent Misuse of and Lack of Internal Controls Over the Government Purchase Card Program During the Coronavirus Pandemic

Published by the Department of the Interior, Office of Inspector General on 2021-03-30.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                                                  MANAGEMENT ADVISORY

                OFFICE OF
                INSPECTOR GENERAL

    Apparent Misuse of and Lack of
    Internal Controls Over the
    Government Purchase Card
    Program During the
    Coronavirus Pandemic

Case No.: 20-0436                                          March 2021
                 OFFICE OF
                 INSPECTOR GENERAL

                                                                                 MAR 3 0 2021

To:                Andrea Brandon
                   Deputy Assistant Secretary, Budget, Finance, Performance and Acquisition

From:              Mark Lee Greenblatt
                   Inspector General

Subject:           Management Advisory – Apparent Misuse of and Lack of Internal Controls Over
                   the Government Purchase Card Program During the Coronavirus Pandemic

        Our ongoing review of the use of Coronavirus Aid, Relief, and Economic Security
(CARES) Act funds has identified a significant number of transactions that appear to be
impermissible split purchases and that reflect possible misuse of U.S. Department of the Interior
(DOI) purchase cards. Although we briefed agency leadership on our overall conclusions in
January 2021, we detail our findings below and note that we are examining some of these
transactions as potential fraud. Previous investigative and audit reports from our office have
identified gaps in bureau oversight of the DOI’s Government Purchase Card Program, and we
make three recommendations in this management advisory to improve oversight and internal
controls over purchase cards. 1


       After the CARES Act was passed, the U.S. Office of Management and Budget (OMB)
issued Memorandum M-20-18, Managing Federal Contract Performance Issues Associated with
the Novel Coronavirus (COVID-19), on March 20, 2020. Subsequently, the DOI’s Policy,
Management and Budget Division, located within the Office of the Secretary, published Class
Determinations and Findings Acquisitions that Support Coronavirus Disease, signed March 20,
2020. This memorandum increased the procurement threshold on acquisitions related to COVID-
19 from $10,000 to $20,000 inside the United States and to $30,000 for purchases outside the
United States. It also established a new National Interest Action (NIA) code to track these
expenditures in the Federal Procurement Data System. These increased procurement thresholds
were temporary and remained in effect until July 1, 2020.

        Our past work, as well as ongoing projects, indicates that purchase card transactions in
these situations are at a high risk for fraud, waste, and abuse. For instance, past and ongoing
audits, investigations, and reviews have identified that having numerous cardholders within the
same unit increases the risk of split purchasing and misuse. The DOI’s Purchase Card Program
Policy explicitly prohibits split purchases, which it defines as the intentional division of a large

1 Previous investigative and audit reports include Case No. OI-VA-17-0844-I (issued August 2020), Case No. OI-CA-18-1034-I
(issued November 2019), Report No. 2018-FIN-059 (issued November 2019), Report No. 2017-ER-015 (issued March 2019),
Report No. 2015-ER-011 (issued September 2016), and Case No. OI-VA-15-0805-I (issued February 2016).

                                     Office of Inspector General | Washington, DC
transaction into multiple, smaller transactions to stay within the cardholder’s single purchase
limit in an effort to circumvent the requirements established in the Federal Acquisition
Regulation. These concerns are heightened under the present circumstances—in particular, the
elevated thresholds coupled with the increasing number of active cardholders in the DOI
(currently over 24,000, as compared with 20,293 in March 2019 2).

        The DOI is part of a multi-agency purchase card contract, which in November 2018
transitioned from J.P. Morgan Chase to Citibank. Under the previous card provider, the DOI’s
transaction-related documents (e.g., quotes, invoices, vouchers, and statements) were centralized
in an online system that granted all levels of supervisors who had a need to provide oversight
with access to monitor and audit. The current Citibank systems (IntelliLink and CitiManager) do
not, however, provide the DOI with such a centralized online system to store related documents
or provide oversight of the transactions.

Review of COVID-19 Related Purchase Card Transactions

       We reviewed transactions in the DOI’s Financial and Business Management System
(FBMS) from March 15, 2020, to March 14, 2021, and found that the DOI classified nearly
30,000 purchase card transactions, totaling over $19.7 million, as COVID-19 related purchases.

        The DOI’s purchase card transactions within IntelliLink (Visa’s spend management
system) during the duration of the OMB Memorandum M-20-18 authority (March 20 to July 1,
2020) demonstrated that DOI cardholders made 154 purchases related to COVID-19 that
exceeded the former $10,000 threshold. Cumulatively, these transactions totaled over
$2.8 million (see Figure 1). As noted previously, we view these transactions as warranting closer
attention because of the increased risk of misuse or fraud.

         Figure 1: IntelliLink Transactions Over $10,000 Under M-20-18 Authority

                                                             No. of
    Bureau                                                Transactions          Total Amount

    Bureau of Indian Affairs                                    117              $2,176,097.99
    Bureau of Land Management                                    8                 $138,454.24
    Bureau of Ocean Energy Management                            1                  $12,950.40
    Bureau of Reclamation                                        7                 $125,320.69
    Bureau of Safety and Environmental Enforcement               1                  $14,098.33
    U.S. Fish and Wildlife Service                               2                  $24,791.15
    National Park Service                                       13                 $227,800.48
    Office of the Secretary/Departmental Offices                 1                  $19,766.62
    U.S. Geological Survey                                       4                  $69,796.54

    Total                                                      154             $2,809,076.44

2   See Report No. 2017-ER-015.

Multiple Transactions Appear To Be Prohibited Split Purchases

        Our review of FBMS and IntelliLink transactions identified multiple instances where
DOI cardholders appeared to be making split purchases, either alone or with other cardholders in
their units and bureaus, to procure goods or services that exceeded the micropurchase threshold.

        Within the reviewed purchase card transaction data, we found a number of transactions
that appeared to be prohibited split purchases:

            •    Bureau of Indian Affairs (BIA), National Park Service (NPS), and Bureau of
                 Reclamation (BOR) cardholders conducted multiple transactions on the same day
                 with the same vendors.

            •    Individual cardholders from the BIA, the NPS, and the BOR conducted multiple
                 transactions with the same vendors within 3-day and 5-day periods.

            •    Multiple cardholders in the same unit/office made purchases on the same day from
                 the same vendor.

            •    More than a dozen cardholders in the same bureau made purchases from the same
                 vendor in a 2-day period with identical transaction amounts, totaling over $200,000.

        The transactions that appeared to be prohibited split purchases during April to June 2020
totaled over $500,000. 3

Questionable Transactions Suggest a Lack of Internal Controls

       The DOI’s Purchase Card Program Policy (Section X, “Internal Controls”) gives each
bureau the autonomy to establish, monitor, assess, and periodically review its controls to ensure
cardholders, approving officials, agency/organization program coordinators, and others with
purchase card responsibilities adhere to applicable requirements. There is, however, no
requirement that bureaus develop such controls, and the above-mentioned purchases by multiple
bureaus appear to reflect ineffective or missing internal controls over purchase card use by those

        Our review identified at least three transactions over $10,000 that IntelliLink flagged
based on a misuse/fraud predictor score established by the DOI. The DOI Charge Card Program
Manager reviewed the transactions within IntelliLink and recommended that the affected bureaus
audit them. Our own review of the IntelliLink records for these three transactions, however,
revealed the points of contact at the bureaus approved the transactions and closed the audits
without uploading any supporting documentation of the work performed to validate the
transactions. Moreover, our review found that the three transactions also had indicators
suggesting that they might qualify as prohibited split purchases.

        Our ability to engage in a detailed analysis of these transactions within IntelliLink was
limited because the system does not contain supporting documentation for purchase transactions or
3   We note that these transactions are under further review by our office.

for the audits done by bureau points of contact. The system itself permits documents to be uploaded,
but we note that not all cardholders currently have access to do so. This limits transparency and
oversight. Moreover, the DOI’s current practice of allowing the bureaus to decide what transactions
to audit and the manner in which they audit and document their findings leads to inconsistent policy
enforcement. Until effective controls are implemented and enforced consistently throughout all
bureaus and offices, the DOI’s Government Purchase Card Program will continue to be at risk for
improper purchases and other noncompliance with applicable laws and regulations.


        As noted previously, we briefed DOI leadership on our conclusions, and in response, the
DOI issued a memorandum addressing some of these matters. However, based on the findings
identified in our review of purchase card transactions, we also recommend that the DOI take the
following actions to prevent fraud, waste, and mismanagement in its Government Purchase Card

       1. Update the DOI Purchase Card Program Policy and establish a universal audit
          framework to be applied equally across all DOI bureaus, requiring audits with
          established procedures on all transactions that meet the high-risk factors established
          by the Office of Acquisition and Property Management, including transactions that
          appear to be prohibited split purchases.

       2. Require that all records related to purchase card transactions (e.g., quotes, invoices,
          vouchers) be entered and maintained in a centralized online system (such as
          CitiManager or the FBMS) for ease of oversight and to improve internal controls.

       3. Require that all bureau audits of transactions be captured and fully documented in a
          centralized online system to improve oversight and internal controls.

        Please provide us with a written response within 30 days (by April 29, 2021). The
response should provide information on the actions you have taken or planned to address each
recommendation, as well as target dates and titles of the officials responsible for implementing
these actions. Please email your response to doioigreferrals@doioig.gov.

       The information in this management advisory will be included in our semiannual report
to Congress and posted on our website no later than 3 days from the date we issue it to you. If
you have any questions or need further information concerning this matter, please contact
Matthew Elliott, Assistant Inspector General for Investigations, at 202-208-5745.

cc:    George Triebsch, Chief of Staff, Assistant Secretary for Policy, Management and Budget
       Megan Olsen, Director, Office of Acquisition and Property Management
       Kathryn Bender, Chief of Staff, Office of Acquisition and Property Management
       Kenneth Casey, Charge Card Program Manager, Office of Acquisition and Property

          Report Fraud, Waste,
          and Mismanagement
              Fraud, waste, and mismanagement in
             Government concern everyone: Office
            of Inspector General staff, departmental
             employees, and the general public. We
                actively solicit allegations of any
            inefficient and wasteful practices, fraud,
                 and mismanagement related to
             departmental or Insular Area programs
                 and operations. You can report
                allegations to us in several ways.

By Internet:       www.doioig.gov

By Phone:          24-Hour Toll Free:                800-424-5081
                   Washington Metro Area:            202-208-5300

By Fax:            703-487-5402

By Mail:           U.S. Department of the Interior
                   Office of Inspector General
                   Mail Stop 4428 MIB
                   1849 C Street, NW.
                   Washington, DC 20240