MANAGEMENT ADVISORY OFFICE OF INSPECTOR GENERAL U.S. DEPARTMENT OF THE INTERIOR Apparent Misuse of and Lack of Internal Controls Over the Government Purchase Card Program During the Coronavirus Pandemic Case No.: 20-0436 March 2021 OFFICE OF INSPECTOR GENERAL U.S. DEPARTMENT OF THE INTERIOR Memorandum MAR 3 0 2021 To: Andrea Brandon Deputy Assistant Secretary, Budget, Finance, Performance and Acquisition From: Mark Lee Greenblatt Inspector General Subject: Management Advisory – Apparent Misuse of and Lack of Internal Controls Over the Government Purchase Card Program During the Coronavirus Pandemic Our ongoing review of the use of Coronavirus Aid, Relief, and Economic Security (CARES) Act funds has identified a significant number of transactions that appear to be impermissible split purchases and that reflect possible misuse of U.S. Department of the Interior (DOI) purchase cards. Although we briefed agency leadership on our overall conclusions in January 2021, we detail our findings below and note that we are examining some of these transactions as potential fraud. Previous investigative and audit reports from our office have identified gaps in bureau oversight of the DOI’s Government Purchase Card Program, and we make three recommendations in this management advisory to improve oversight and internal controls over purchase cards. 1 Background After the CARES Act was passed, the U.S. Office of Management and Budget (OMB) issued Memorandum M-20-18, Managing Federal Contract Performance Issues Associated with the Novel Coronavirus (COVID-19), on March 20, 2020. Subsequently, the DOI’s Policy, Management and Budget Division, located within the Office of the Secretary, published Class Determinations and Findings Acquisitions that Support Coronavirus Disease, signed March 20, 2020. This memorandum increased the procurement threshold on acquisitions related to COVID- 19 from $10,000 to $20,000 inside the United States and to $30,000 for purchases outside the United States. It also established a new National Interest Action (NIA) code to track these expenditures in the Federal Procurement Data System. These increased procurement thresholds were temporary and remained in effect until July 1, 2020. Our past work, as well as ongoing projects, indicates that purchase card transactions in these situations are at a high risk for fraud, waste, and abuse. For instance, past and ongoing audits, investigations, and reviews have identified that having numerous cardholders within the same unit increases the risk of split purchasing and misuse. The DOI’s Purchase Card Program Policy explicitly prohibits split purchases, which it defines as the intentional division of a large 1 Previous investigative and audit reports include Case No. OI-VA-17-0844-I (issued August 2020), Case No. OI-CA-18-1034-I (issued November 2019), Report No. 2018-FIN-059 (issued November 2019), Report No. 2017-ER-015 (issued March 2019), Report No. 2015-ER-011 (issued September 2016), and Case No. OI-VA-15-0805-I (issued February 2016). Office of Inspector General | Washington, DC transaction into multiple, smaller transactions to stay within the cardholder’s single purchase limit in an effort to circumvent the requirements established in the Federal Acquisition Regulation. These concerns are heightened under the present circumstances—in particular, the elevated thresholds coupled with the increasing number of active cardholders in the DOI (currently over 24,000, as compared with 20,293 in March 2019 2). The DOI is part of a multi-agency purchase card contract, which in November 2018 transitioned from J.P. Morgan Chase to Citibank. Under the previous card provider, the DOI’s transaction-related documents (e.g., quotes, invoices, vouchers, and statements) were centralized in an online system that granted all levels of supervisors who had a need to provide oversight with access to monitor and audit. The current Citibank systems (IntelliLink and CitiManager) do not, however, provide the DOI with such a centralized online system to store related documents or provide oversight of the transactions. Review of COVID-19 Related Purchase Card Transactions We reviewed transactions in the DOI’s Financial and Business Management System (FBMS) from March 15, 2020, to March 14, 2021, and found that the DOI classified nearly 30,000 purchase card transactions, totaling over $19.7 million, as COVID-19 related purchases. The DOI’s purchase card transactions within IntelliLink (Visa’s spend management system) during the duration of the OMB Memorandum M-20-18 authority (March 20 to July 1, 2020) demonstrated that DOI cardholders made 154 purchases related to COVID-19 that exceeded the former $10,000 threshold. Cumulatively, these transactions totaled over $2.8 million (see Figure 1). As noted previously, we view these transactions as warranting closer attention because of the increased risk of misuse or fraud. Figure 1: IntelliLink Transactions Over $10,000 Under M-20-18 Authority No. of Bureau Transactions Total Amount Bureau of Indian Affairs 117 $2,176,097.99 Bureau of Land Management 8 $138,454.24 Bureau of Ocean Energy Management 1 $12,950.40 Bureau of Reclamation 7 $125,320.69 Bureau of Safety and Environmental Enforcement 1 $14,098.33 U.S. Fish and Wildlife Service 2 $24,791.15 National Park Service 13 $227,800.48 Office of the Secretary/Departmental Offices 1 $19,766.62 U.S. Geological Survey 4 $69,796.54 Total 154 $2,809,076.44 2 See Report No. 2017-ER-015. 2 Multiple Transactions Appear To Be Prohibited Split Purchases Our review of FBMS and IntelliLink transactions identified multiple instances where DOI cardholders appeared to be making split purchases, either alone or with other cardholders in their units and bureaus, to procure goods or services that exceeded the micropurchase threshold. Within the reviewed purchase card transaction data, we found a number of transactions that appeared to be prohibited split purchases: • Bureau of Indian Affairs (BIA), National Park Service (NPS), and Bureau of Reclamation (BOR) cardholders conducted multiple transactions on the same day with the same vendors. • Individual cardholders from the BIA, the NPS, and the BOR conducted multiple transactions with the same vendors within 3-day and 5-day periods. • Multiple cardholders in the same unit/office made purchases on the same day from the same vendor. • More than a dozen cardholders in the same bureau made purchases from the same vendor in a 2-day period with identical transaction amounts, totaling over $200,000. The transactions that appeared to be prohibited split purchases during April to June 2020 totaled over $500,000. 3 Questionable Transactions Suggest a Lack of Internal Controls The DOI’s Purchase Card Program Policy (Section X, “Internal Controls”) gives each bureau the autonomy to establish, monitor, assess, and periodically review its controls to ensure cardholders, approving officials, agency/organization program coordinators, and others with purchase card responsibilities adhere to applicable requirements. There is, however, no requirement that bureaus develop such controls, and the above-mentioned purchases by multiple bureaus appear to reflect ineffective or missing internal controls over purchase card use by those bureaus. Our review identified at least three transactions over $10,000 that IntelliLink flagged based on a misuse/fraud predictor score established by the DOI. The DOI Charge Card Program Manager reviewed the transactions within IntelliLink and recommended that the affected bureaus audit them. Our own review of the IntelliLink records for these three transactions, however, revealed the points of contact at the bureaus approved the transactions and closed the audits without uploading any supporting documentation of the work performed to validate the transactions. Moreover, our review found that the three transactions also had indicators suggesting that they might qualify as prohibited split purchases. Our ability to engage in a detailed analysis of these transactions within IntelliLink was limited because the system does not contain supporting documentation for purchase transactions or 3 We note that these transactions are under further review by our office. 3 for the audits done by bureau points of contact. The system itself permits documents to be uploaded, but we note that not all cardholders currently have access to do so. This limits transparency and oversight. Moreover, the DOI’s current practice of allowing the bureaus to decide what transactions to audit and the manner in which they audit and document their findings leads to inconsistent policy enforcement. Until effective controls are implemented and enforced consistently throughout all bureaus and offices, the DOI’s Government Purchase Card Program will continue to be at risk for improper purchases and other noncompliance with applicable laws and regulations. Recommendations As noted previously, we briefed DOI leadership on our conclusions, and in response, the DOI issued a memorandum addressing some of these matters. However, based on the findings identified in our review of purchase card transactions, we also recommend that the DOI take the following actions to prevent fraud, waste, and mismanagement in its Government Purchase Card Program: 1. Update the DOI Purchase Card Program Policy and establish a universal audit framework to be applied equally across all DOI bureaus, requiring audits with established procedures on all transactions that meet the high-risk factors established by the Office of Acquisition and Property Management, including transactions that appear to be prohibited split purchases. 2. Require that all records related to purchase card transactions (e.g., quotes, invoices, vouchers) be entered and maintained in a centralized online system (such as CitiManager or the FBMS) for ease of oversight and to improve internal controls. 3. Require that all bureau audits of transactions be captured and fully documented in a centralized online system to improve oversight and internal controls. Please provide us with a written response within 30 days (by April 29, 2021). The response should provide information on the actions you have taken or planned to address each recommendation, as well as target dates and titles of the officials responsible for implementing these actions. Please email your response to email@example.com. The information in this management advisory will be included in our semiannual report to Congress and posted on our website no later than 3 days from the date we issue it to you. If you have any questions or need further information concerning this matter, please contact Matthew Elliott, Assistant Inspector General for Investigations, at 202-208-5745. cc: George Triebsch, Chief of Staff, Assistant Secretary for Policy, Management and Budget Megan Olsen, Director, Office of Acquisition and Property Management Kathryn Bender, Chief of Staff, Office of Acquisition and Property Management Kenneth Casey, Charge Card Program Manager, Office of Acquisition and Property Management 4 Report Fraud, Waste, and Mismanagement Fraud, waste, and mismanagement in Government concern everyone: Office of Inspector General staff, departmental employees, and the general public. We actively solicit allegations of any inefficient and wasteful practices, fraud, and mismanagement related to departmental or Insular Area programs and operations. You can report allegations to us in several ways. By Internet: www.doioig.gov By Phone: 24-Hour Toll Free: 800-424-5081 Washington Metro Area: 202-208-5300 By Fax: 703-487-5402 By Mail: U.S. Department of the Interior Office of Inspector General Mail Stop 4428 MIB 1849 C Street, NW. Washington, DC 20240
Apparent Misuse of and Lack of Internal Controls Over the Government Purchase Card Program During the Coronavirus Pandemic
Published by the Department of the Interior, Office of Inspector General on 2021-03-30.
Below is a raw (and likely hideous) rendition of the original report. (PDF)