oversight

Audit of the U.S. Office of Personnel Management's Purchase Card Program

Published by the Office of Personnel Management, Office of Inspector General on 2017-07-07.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

        U.S. OFFICE OF PERSONNEL MANAGEMENT
           OFFICE OF THE INSPECTOR GENERAL
                    OFFICE OF AUDITS




               Final Audit Report
       AUDIT OF THE U.S. OFFICE OF PERSONNEL MANAGEMENT’S
                     PURCHASE CARD PROGRAM


                                          Report Number 4A-OO-00-16-046
                                                   July 7, 2017




                                                                 --CAUTION--
This report has been distributed to Federal officials who are responsible for the administration of the subject program. This non-public version may
contain confidential and/or proprietary information, including information protected by the Trade Secrets Act, 18 U.S.C. § 1905, and the Privacy Act,
5 U.S.C. § 552a. Therefore, while a redacted version of this report is available under the Freedom of Information Act and made publicly available on
the OIG webpage (http://www.opm.gov/our-inspector-general), this non-public version should not be further released unless authorized by the OIG.
            EXECUTIVE SUMMARY
          Audit of the U.S. Office of Personnel Management’s Purchase Card Program

 Report No. 4A-OO-00-16-046                                                                                                                       July 7, 2017


Why Did We Conduct the Audit?                              What Did We Find?

The objective of our audit was to                          We determined that OPO needs to strengthen its controls over its
determine if the Office of Procurement                     Purchase Card Operation’s processes. Our audit identified five areas
Operations’ (OPO) internal controls for                    requiring improvement, as follows:
purchase cards were effectively
developed and implemented to prevent                             1.	 Of the 164 active purchase cards in OPM at the time of our
and detect purchase card fraud, misuse,                              audit, we found that 23, which had been issued to a former
or abuse.                                                            agency program coordinator, were not immediately canceled
                                                                     when the employee separated from OPM. Five of the cards
What Did We Audit?                                                   were used for purchases, totaling $54,212, by unauthorized
                                                                     users.
The Office of the Inspector General                              2.	 For Agency Reporting, we found that OPO could not provide
completed a performance audit on the                                 documentation to support the $238,400 outstanding balance
U.S. Office of Personnel Management’s                                reported in Table 19 of OPM’s fiscal year (FY) 2015 Agency
(OPM) purchase card program. Our                                     Financial Report. In addition, OPO’s FY 2016, third quarter
audit fieldwork was conducted from                                   (April 1 through June 30, 2016) statistical report was
August 10, 2016, through March 6, 2017,                              incomplete.
at OPM headquarters, located in                                  3.	 OPO had not blocked, in JPMorgan Chase’s PaymentNet,
Washington D.C.                                                      seven merchant category codes for items that were restricted
                                                                     or prohibited from being purchased with a Government
                                                                     purchase card. None of the restricted and prohibited codes
                                                                     were used during the scope of the audit.
                                                                 4.	 Training records for purchase card program participants were
                                                                     either outdated or incomplete.
                                                                 5.	 We found no evidence that cardholders were using their
                                                                     Government purchase card to purchase items that did not
                                                                     represent a legitimate business need; however, OPO’s internal
                                                                     controls need improvement in the areas of: transaction
                                                                     documentation retention; payment of sales taxes; and
                                                                     reallocating and approving transactions in OPM’s financial
                                                                     system.

_______________________
Michael R. Esser
Assistant Inspector General for Audits

                                                                            i
             This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                             information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
                                       ABBREVIATIONS



AFR                           Agency Financial Report
CBIS                          Consolidated Business Information System
FY                            Fiscal Year
GAO                           U.S. Government Accountability Office
GSA                           U.S. General Services Administration
MCC                           Merchant Category Codes
NFR                           Notification of Findings and Recommendations
OCFO                          Office of the Chief Financial Officer
OMB                           U.S. Office of Management and Budget
OPM                           U.S. Office of Personnel Management
OPO                           Office of Procurement Operations
The Charge
Card Act                      The Government Charge Card Abuse Prevention Act of 2012




                                                              ii
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
                                    TABLE OF CONTENTS


                                                                                                                                          Page

                EXECUTIVE SUMMARY ......................................................................................... i 


                ABBREVIATIONS ..................................................................................................... ii 


    I.          BACKGROUND ..........................................................................................................1 


    II.         OBJECTIVE, SCOPE, AND METHODOLOGY ....................................................6 


    III.        AUDIT FINDINGS AND RECOMMENDATIONS...............................................10


                1. Cancellation of Purchase Cards .............................................................................10 


                2. Agency Reporting:
                   A. Agency Financial Report .................................................................................11 

                   B. Statistical Reporting .........................................................................................13 


                3. Merchant Category Codes......................................................................................14 


                4. Training..................................................................................................................17 


                5. Controls over Purchase Card Transactions ............................................................19 

                   A. Purchase Card Transactions.............................................................................20 

                   B. Questionable Transactions ...............................................................................20 

                   C. Split Transactions.............................................................................................21 

                   D. Convenience Check Transactions ....................................................................22 


                APPENDIX	 The Office of Procurement Operations’ response to the draft report,
                         dated April 28, 2017.

                REPORT FRAUD, WASTE, AND MISMANAGEMENT




This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
                                            I. BACKGROUND

This final audit report details the findings, conclusions, and recommendations resulting from our
performance audit of the U.S. Office of Personnel Management’s (OPM) purchase card program.
The audit was performed by OPM’s Office of the Inspector General, as authorized by the
Inspector General Act of 1978, as amended.

The Federal Acquisition Regulations Part 13.301, authorizes the use of government-wide
commercial purchase cards for making and/or paying for purchases of supplies, services, or
construction. Government-wide commercial purchase cards may be used to:

          Make micro-purchases1,

          Place a task or delivery order, or

          Make payments, when the contractor agrees to accept payment by the card.

A third party financial institution issues cards to approved employees. Charges made on the card
by the employee authorize the third party financial institution to make immediate payment to the
vendor for approved purchases. The Government reimburses the third party financial institution
at a later date for its payment to the vendor. Since 2007, JPMorgan Chase has been OPM’s third
party financial institution card issuing bank under the U.S. General Services Administration’s
(GSA) SmartPay 2 program.2 OPM’s purchase card program’s intent is to save the Government
time, money and resources by limiting its involvement in the payment process of its frequent
purchase of products and services. The program provides OPM with financial management
controls over low dollar, high volume procurements, and serves as a payment tool for large
transactions.

PROGRAM PARTICIPANTS

OPM’s purchase card program is administered by the Office of Procurement Operations (OPO),
under the oversight of the Director of Contracting. OPO provides oversight and administrative
assistance for the purchase card program throughout OPM at the agency level, as follows:


1
  Micro-purchases are acquisitions of supplies or services using simplified acquisition procedures, the aggregate
amount of which does not exceed the micro-purchase threshold. The micro-purchase threshold is $3,500.
2
  GSA SmartPay2 is the name of the Federal government’s purchase, travel, and fleet charge card program. Each
Federal agency issued a task order to one of the three card-issuing banks (Citibank, JPMorgan Chase, and U.S.
Bank) contracted with the Federal government to provide purchase, travel, and fleet card services.

                                                                    1                                Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
Director of Contracting: Possesses overall authority for the purchase card program. The
Director is responsible for approving cardholder applications, delegating purchase card authority
to prospective cardholders, and ensuring effective management and oversight of the purchase
card program.

Agency Program Coordinator: Responsible for effectively managing card issuance and
providing oversight of the agency’s purchase card program to ensure compliance with all
authoritative guidance. The agency program coordinator is also the primary liaison between
OPM and JPMorgan Chase.

Support Personnel: Analysts who assist in conducting contract file reviews during OPO’s
quarterly transaction reviews.

The Office of the Chief Financial Officer (OCFO) provides financial support for the purchase
card program. The OCFO is responsible for processing purchase card information (e.g.,
purchase card number and card expiration date) into the Consolidated Business Information
System3 (CBIS), assisting with issues and inquiries related to CBIS, and issuing reports to
cardholders and approving officials for transactions requiring reallocation and approval within
CBIS.

Numerous individuals are also involved in the purchase card program at the program level,
including:

Purchase Cardholder: The individual who is issued and authorized to use a purchase card
bearing the cardholder’s name, for the sole purpose of acquiring authorized OPM purchases.
The cardholder must reconcile and reallocate transactions in CBIS to confirm that the transaction
is valid, resolve or dispute billing or transaction problems, and maintain records for
reconciliation.

Approving Official: The approving official is the individual, typically a supervisor, responsible
for verifying and approving the purchase cardholder’s transactions in CBIS. An approving
official can be assigned to one or more purchase cardholders in their office. The approving
official also verifies that the cardholder reallocates and accepts transactions in CBIS.




3
  CBIS is OPM’s financial management system that aids in the management of the agency’s financial resources,
including management of the general ledger, accounts payable, and purchasing.

                                                                    2                                Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
POLICIES AND PROCEDURES

OPO is regulated by the Government Charge Card Abuse Prevention Act of 2012 (the Charge
Card Act) and the U.S. Office of Management and Budget (OMB) Circular A-123, Appendix B
(OMB A-123). The Charge Card Act requires all Federal agencies to establish and maintain
safeguards and internal controls, while OMB A-123 set the policies and procedures used to
maintain internal controls that reduce the risk of fraud, waste, and error in the Government
charge card programs. OMB A-123 also establishes statistical reporting requirements and
suggested best practices for card use.

To provide guidance to purchase card program participants on purchase card usage and roles and
responsibilities, the following documents have been issued:

Contracting Policy 13.301 Revision 4, dated July 2, 2014 (Contracting Policy), specifically,
discusses:

          Responsibilities of all program participants, including purchase cardholders, approving
           officials, agency program coordinators, and the Director of Contracting;

          Conditions for using purchase cards;

          Spending limits;

          Convenience check usage;

          Training requirements;

          Unauthorized purchase card use;

          OPM Standards of Conduct;

          Record keeping;

          Cancellation of purchase cards;

          Reviews and audits of purchase card transactions;

          Administrative actions taken for card misuse; and


                                                                    3                                Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
          Templates to be used by program participants, to include but not limited to the purchase
           card transaction log, convenience check transaction log, and simplified acquisition
           checklist.

OPM’s Purchase Card Management Plan is a section of OPM’s Charge Card Management
Plan4 and outlines the policies and procedures for the management of the purchase card program
and specifically addresses personnel management; training; and risk management.

OPM’s Financial Management Manual, Chapter 11, provides purchase card guidance to be
followed by purchase cardholders, including cardholder account set-up and procedures for
reallocating and approving transactions in CBIS.

AUDITS AND REVIEWS

OPO conducts quarterly purchase card transaction reviews to detect card misuse, abuse, and
fraud. OPO’s review process is designed to review at least one transaction for every cardholder
each year. At a minimum, purchases below the micro-purchase threshold will be reviewed at
least twice a year (two quarters), and purchases above the micro-purchase threshold at least once
a year (one quarter). Convenience check reviews are also conducted once a year (one quarter).
The reviewer of convenience checks must be independent of the agency program coordinator.

OPO uses the purchase card transaction and convenience check reviews for the semi-annual Joint
Purchase Card Violation Report5. OPO had not completed a review of convenience checks for
the scope of our audit, October 1, 2015 through June 30, 2016.

REPORTING

OPO reports purchase card data in the following reports:



4
  The Charge Card Management Plan is required by OMB Circular A-123 Appendix B. Each agency must develop
and maintain written policies and procedures for the appropriate use of charge cards consistent with the
requirements of the guidance. Agencies must submit a copy of their plan to the OMB MAX website on an annual
basis, and no later than January 31 of each calendar year.
5
  The Charge Card Act mandates the submission of a semi-annual Joint Purchase Card Violation Report for agencies
with more than $10 million in purchase card spending for the prior FY. The report describes confirmed violations
involving misuse of a purchase card following the completion of an agency or the Office of the Inspector General’s
review and summary description of all adverse personnel actions and punishment taken in response to each
violation.

                                                                    4                                Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
          OPM’s Agency Financial Report: OPO annually reports the percentage of the total
           outstanding balances that are 61 or more days old in OPM's Agency Financial Report;

          Quarterly OMB Statistical Report: OPO quarterly reports statistical purchase card data to
           OMB; and

          OPO’s Narrative Report: OPO annually reports narrative purchase card information to
           OMB regarding the current process for monitoring delinquencies, independent reviews
           conducted on the program, and methods to detect fraud misuse and abuse.

PREVIOUS OFFICE OF THE INSPECTOR GENERAL REPORTS

In FY 2001, the OIG conducted an audit of Internal Controls over OPM’s purchase card
program. 6 The final report was issued in 2002 and all recommendations from the previous audit
have been closed.




6
    OPM-Office of the Inspector General Audit Report Number 4A-CA-00-02-018.

                                                                    5                                Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
II. OBJECTIVE, SCOPE, AND METHODOLOGY

OBJECTIVE

The objective of our audit was to determine whether OPO’s internal controls over purchase cards
were effectively developed and implemented to prevent and detect purchase card fraud, misuse,
or abuse.

The recommendations included in this final report address the objective.

SCOPE AND METHODOLOGY

We conducted this performance audit in accordance with generally accepted government
auditing standards as established by the Comptroller General of the United States. These
standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to
provide a reasonable basis for our findings and conclusions based on our audit objective.

The scope of our audit covered the purchase card program’s policies and procedures and purchase
card transactions from October 1, 2015, through June 30, 2016. A total of 14,867 transactions,
totaling $7,969,765, were processed by 139 purchase cardholders from October 1, 2015, through
June 30, 2016. We performed our audit fieldwork from August 10, 2016, through March 6, 2017,
at OPM headquarters, located in Washington, D.C.

To accomplish our audit objective noted above, we:

          Interviewed OPO personnel;

          Reviewed training certificates and other documentation provided to ensure that training
           requirements were met for the sampled agency program coordinators, approving officials,
           and purchase card holders;

          Sampled and tested purchase card transactions to determine if the transactions were
           properly reallocated and authorized in CBIS, adequately documented, and were for
           legitimate business purposes;

          Analyzed Merchant Category Codes (MCC) to determine if any restricted MCC were
           processed and if cardholders have access to restricted MCC;



                                                                    6	                               Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
          Reviewed OPM’s Purchase Card Management Plan and its fiscal year (FY) 2016 third
           quarter Quarterly OMB Statistical Report to determine if OPO was in compliance with
           mandated reporting requirements; and

          Performed an analysis on the necessity and number of purchase cards.

In planning our work and gaining an understanding of the internal controls over OPM’s purchase
card program, we considered, but did not rely on, OPO’s internal control structure to the extent
necessary to develop our audit procedures. These procedures were analytical and substantive in
nature. We gained an understanding of management procedures and controls to the extent
necessary to achieve our audit objective. The purpose of our audit was not to provide an opinion
on internal controls but merely to evaluate controls over OPM’s purchase card program.

Our audit included such tests and analysis of OPO’s records; documented policies and
procedures; transactional data; and other applicable information, as we considered necessary
under the circumstances. The results of our tests indicate that with respect to the items tested,
OPO needs to strengthen controls over the purchase card program.

In conducting our audit, we relied to varying degrees on computer-generated data. To assess the
reliability of computer-processed data obtained from PaymentNet7, we looked for obvious errors
in accuracy and completeness, interviewed OPO officials who were knowledgeable about the
data, and directly tested data against supporting documentation. We determined that the data
was sufficiently reliable for the purpose of achieving our audit objective. We did not evaluate
the effectiveness of the general application controls over computer-processed performance data.

In order to accomplish our audit objectives, we selected a number of samples from the universe
of purchase card transactions from October 1, 2015, through June 30, 2016. Sample sizes were
designed to verify adherence to the various processes tested.

Purchase Card Transactions

In order to verify that purchase card transactions were properly documented, reallocated and
authorized, and were for a legitimate business purpose we used Microsoft Excel and an OPM
statistician to select the following random and judgmental samples:




7
 JPMorgan Chase’s purchase card account management system used by OPO to order new cards, assign merchant
category codes, cancel cards, modify spending limits, review transactions, and generate management reports.

                                                                    7                                Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
          Randomly selected a statistical sample of 100 transactions below the micro-purchase
           threshold, totaling $52,719, out of 12,803 transactions totaling $5,860,805;

          Randomly selected a statistical sample of 50 transactions above the micro-purchase
           threshold, totaling $448,692, out of 175 transactions totaling $1,582,287;

          Randomly sampled 20 convenience check transactions totaling $10,741, out of 1,409
           transactions totaling $366,006;

          Judgmentally selected 35 transactions, totaling $36,836, out of 162 transactions, totaling
           $136,529, which were related to purchases from vendors of travel related items, food and
           beverage, and electronics; and

          Judgmentally selected 10 transactions, totaling $20,874, out of 18 transactions, totaling
           $34,850, which we identified as sets of potential split transactions. To identify potential
           split transactions and select our sample, we reviewed all transactions from October 1,
           2015, through June 30, 2016, and created a universe of transactions that met the
           following criteria:

                 	 the total of the transactions exceeded the micro-purchase threshold of $3,500 and
                    the cardholder’s single purchase limit;

                 	 the transactions’ dates are within two days of each other;

                 	 the transactions are by the same cardholder; and

                 	 the transactions are with the same vendor.


Training

We used Microsoft Excel to test a random sample of purchase card program participants to
determine if training requirements were met. Specifically:

          33 out of 139 purchase card holders;

          25 out of 65 approving officials;

          All 3 agency program coordinators; and

                                                                    8	                               Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
          All 13 warranted8 purchase cardholders.

The results from the random statistical samples were projected to the population. The results
from the remaining samples were not projected to the population.




8
    Purchase cardholders that are allowed to make single purchases above the micro-purchase threshold.



                                                                    9                                Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
III. AUDIT FINDINGS AND RECOMMENDATIONS

 The sections below detail the results of our audit on OPM’s purchase card program.

 1. Cancellation of Purchase Cards

         OPO did not immediately cancel purchase cards when an employee separated from the 

         agency. 


         Of the 164 active purchase cards in OPM at the time of our audit, we found that 23, which had
         been issued to a former agency program coordinator9, were not immediately canceled when the
         employee separated from OPM on April 3, 2012. OPO canceled all of the purchase cards after
         we notified them that the cards were still showing as active on the Cardholder Profile Report.
         Specifically, OPO canceled 5 cards on May 11, 2016, which was 1,032 work days after the
         separation date, and the remaining 18 cards were canceled on June 20, 2016, which was 1,059
         work days after the employee’s separation date.

         Additionally, we noted that five of the cards were used in FY
         2015 for eight purchases, totaling $54,212, by other OPM
                                                                                                                Transactions totaling
         employees. OPO provided documentation for five of the eight
                                                                                                                $54,212 were made by
         purchases which represented a legitimate business need;
                                                                                                                 unauthorized users.
         however, they were made by an unauthorized person after the 

         cardholder separated from the agency. OPO could not provide 

         supporting documentation, including who made the purchases, 

         for the remaining three purchases, which totaled $15,600.


         Public Law 112-194 Section 1909 (a)(12)(A) requires OPM to cancel the purchase card of an
         employee who “ceases to be employed by the agency, immediately upon termination of the
         employment of the employee … .”

         OPM’s Contracting Policy 13.301 Revision 4, Section 8.10, Safeguarding the Purchase Card,
         limits the use of purchase cards to only the cardholder.

         The U.S. Government Accountability Office’s (GAO) Standards for Internal Control in the
         Federal Government, Principle 10 – Design Control Activities, advises management to limit
         “access to resources and records to authorized individuals, and assigns and maintains

 9
  OPM’s normal practice is to issue one purchase card per cardholder. In this instance, the agency program coordinator
 was issued 23 purchase cards that were for 23 different program offices within OPM to be used for purchases that
 exceeded the $3,500 micro-purchase limit.

                                                                       10                                   Report No. 4A-OO-00-16-046
     This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                     information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
    accountability for their custody and use. Management may periodically compare resources
    with the recorded accountability to help reduce the risk of errors, fraud, misuse, or unauthorized
    alteration.” Additionally, management is advised to “clearly [document] internal control and
    all transactions and other significant events in a manner that allows the documentation to be
    readily available for examination.”

    As a result of the purchase cards not being immediately cancelled when the employee separated
    from OPM, transactions totaling $54,212 were made by unauthorized users. Separated
    employees’ purchase card accounts that remain active provide an increased risk for abuse or
    misuse of the purchase card and subsequently agency resources.

    Recommendation 1

    We recommend that OPO perform verification and validation activities, such as utilizing
    available agency employee separation reports, to ensure that separated employees’ purchase
    cards are immediately cancelled.

    OPO’s Response:

    OPO concurs with the recommendation. “agency reports and cardholder data captured by
    the bank has been utilized by OPO in appropriately conducting verification and validation
    activities. … Additionally, OPO has been working with the Authorizing Officials (AOs) to
    ensure they contact OPO when a cardholder has separated from the agency. … OPO also
    plans to setup formal training events to be provided to AOs and account holders, which will
    further emphasize this requirement.”

2. Agency Reporting

    A. Agency Financial Report

          OPO could not provide documentation to support the $238,400 outstanding balance
          reported in Table 19 - Purchase Cards, in the FY 2015 Agency Financial Report (AFR), as
          illustrated below:




                                                                  11                                   Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
          TABLE 19 - Purchase Cards
                       ($ in Thousands)                                                  September 2015               September 2014
        Outstanding Balance                                                                              $238.4                        $735.2
        Outstanding more than 61 days                                                                      $0.0                         $0.0
        % outstanding more than 61days (OPM)                                                             0.00%                        0.00%
        % outstanding more than 61 days(Government wide)                                                 0.19%                        0.38%



          The GAO’s Standards for Internal Control in the Federal Government, principle 10,
          advises that management “clearly documents internal control and all transactions and other
          significant events in a manner that allows the documentation to be readily available for
          examination. Documentation and records are properly managed and maintained.”
          Principle 13 - Use Quality Information/ Relevant Data from Reliable Sources, states
          “Management should use quality information to achieve the entity’s objectives.” More
          specifically, that “[m]anagement obtains relevant data from reliable internal and external
          sources in a timely manner based on the identified information requirements. Relevant data
          have logical connection with, or bearing upon, the identified information requirements.
          Reliable internal and external sources provide data that are reasonably free from error and
          bias and faithfully represent what they purport to represent.”

          Without proper documentation to support the purchase card data reported in OPM’s
          FY 2015 AFR, there is a risk that the data may be erroneous.

          Recommendation 2

          We recommend that OPO improve policies and procedures over its purchase card reporting
          process to ensure that data is supported and accurately reported.

          OPO’s Response:

          OPO concurs with the recommendation. OPO Acquisition, Policy, and Innovation has
          begun documenting all of its policies and procedures. This includes a complete update
          of CP [Contracting Policy] 13.301, Revision 4. “Regarding data call preparation and
          delivery efforts, the revised policy will include program requirements to provide annual
          updates to the agency charge card management plan, semi-annual OIG violations
          reporting, and quarterly statistical reporting.”




                                                                  12                                   Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
           Recommendation 3

           We recommend that OCFO verify and validate purchase card information prior to reporting
           it in the AFR to ensure the integrity of the data reported.

           OPO’s Response:

           OPO and OCFO concur[s] with the recommendation. “OPO in collaboration with
           OCFO has since obtained a greater understanding of the purchase card program data
           associated with the AFR and is now in a position to verify and validate the purchase
           card information prior to reporting and to better document the reporting process going
           forward. OCFO will update, as appropriate, its procedures to document due diligence in
           ascertaining the validity of the data reported.”

     B. Statistical Reporting

           OPO’s FY 2016, third quarter (April 1 through June 30, 2016) statistical report is
           incomplete. We found that 2 out of 16 requirements were not reported. Specifically, OPO
           did not report the:

                         Number of purchase cardholders with contracting warrants above $3,500, and

                         Number of purchase cardholders with transaction limits of $3,500 or more that do
                          not hold contracting warrants.

           OPO does not have documented policies and procedures outlining how to prepare their
           OMB statistical report. When OPO assumed responsibility of the purchase card program in
           October 2015, management decided that the reports should remain consistent with the prior
           quarterly reports submitted to OMB.

           OMB requires agencies to report statistical purchase card information on a quarterly basis.10
           By not reporting on all the requirements, users of OPO’s statistical reports are not obtaining
           a complete picture of the purchase card program.




10
   OMB Circular A-123, Appendix B (January 2009), Section 5.3.1, pages 17 through 18, requires agencies to report 16
statistical data elements.

                                                                   13 	                                 Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
           Recommendation 4

           We recommend that OPO immediately ensure that all OMB statistical reporting
           requirements are met, starting with their FY 2017 third quarter statistical report.

           Recommendation 5

           We recommend that OPO develop and implement policies and procedures for creating the
           quarterly OMB statistical report. At a minimum, the policies and procedures should include
           a discussion of all the statistical data elements required by OMB.

           OPO’s Response:

           OPO concurs with both recommendations. “OPO has since updated the structure and
           format of the quarterly statistical report, covering all required response areas, and that
           format has been used in the fourth quarter of fiscal year 2016 and first and second
           quarters of fiscal year 2017. … Agency specific procedures regarding quarterly statistical
           reporting, which supplement A-123 guidance, are in development.”

3. Merchant Category Codes

     We found that OPO had not blocked, in JPMorgan Chase’s PaymentNet, seven merchant
     category codes11 for items that were restricted12 or prohibited13 from being purchased with a
     Government purchase card. We analyzed all 14,867 transactions, totaling $7,969,765, from
     October 1, 2015, through June 30, 2016, and found that none of the restricted and prohibited
     codes were processed during the scope of the audit.




11
   Merchant category codes are established by the card issuing bank and are assigned to vendors as a means to identify

the merchant type. Each cardholder account is set up with default merchant category codes that will allow the 

processing of transactions that fall under the specified merchant category code. If a transaction is attempted with any

merchant that is categorized by a merchant category code blocked by OPO, the transaction will be electronically denied

at the point of attempted purchase.

12
   Restricted items that can only be purchased with an Agency Program Coordinator authorized override. 

13
   Prohibited items that cannot be purchased with a Government purchase card.


                                                                   14                                   Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
                                                    Merchant Category Codes

                                                   8651 Transaction with political organizations
                                                   9211 Court costs, alimony, and child support
                             Prohibited            9222 Fines
                                                   9223 Bail and bond payments
                                                   9311 Tax payments



                                                   5921 Package stores, Beer, Wine, Liquor
                             Restricted
                                                   7276 Tax Preparation


     OPO could not determine how and when the restricted and prohibited merchant category codes
     were added to the group of allowable merchant category codes, as the codes were established
     before they assumed responsibility of the purchase card program. Furthermore, OPO does not
     have documented policies and procedures for reviewing and updating allowable merchant
     category codes, which can be used by purchase cardholders.

     OPO's Prohibited Items List14 prohibits purchase cardholders from purchasing 16 specific
     items, which include but are not limited to:

               Cash advances;

               Betting casino gaming chips, and off-track betting;

               Transactions with political organizations;

               Court costs, alimony, and child support;

               Fines;

               Bail and bond payments; and

               Tax payments.



14
 OPO compiled a comprehensive list of items that cannot be purchased with a Government purchase card based on
GAO’s Principles of Federal Appropriations Law and United States Code Titles 5 and 31.

                                                                   15                                   Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
    OPM’s Purchase Card Management Plan, Section 4.4, Appropriate Authorization Controls
    Establishment, dated January 2016, states that merchant category codes “are established by the
    card network and are assigned to vendors as a mean to identify the merchant type. Each
    cardholder account is set up with default MCC that will allow the processing of transactions
    that fall under the specified MCC. The network blocks certain MCC to restrict the ability of
    particular charges, [to include]:

              4411 -- Cruise Lines;

              5861 -- Furriers and Fur Shops;

              5813 -- Bars, Cocktail Lounges, Discotheques, etc.;

              5921 -- Package Stores, Beer, Wine, Liquor;

              5944 -- Clock, Jewelry, Watch, and Silverware Stores;

              7273 -- Dating and Escort Services;

              7276 -- Tax Preparation Service; and

              7297 -- Massage Parlors.”

    The GAO’s Standards for Internal Control in the Federal Government, principle 10 - Design
    Control Activities, advises that management designs control activities in response to the entity’s
    objectives and risks to achieve an effective internal control system. Control activities are the
    policies, procedures, techniques, and mechanisms that enforce management’s directives to
    achieve the entity’s objectives and address related risks. More specifically, that “[m]anagement
    establishes activities to monitor performance measures and indicators. These may include
    comparisons and assessments relating different sets of data to one another so that analyses of
    relationships can be made and appropriate actions taken. Management designs controls aimed
    at validating the propriety and integrity of both entity and individual performance measures and
    indicators.”

    By purchase cardholders having access to merchant category codes that are restricted and/or
    related to prohibited items, there is an increased likelihood that unauthorized charges could be
    processed, resulting in misuse of Government funds.




                                                                  16                                   Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
    Recommendation 6

    We recommend that OPO strengthen its oversight over merchant category codes accessible by
    purchase cardholders, to include developing and implementing policies and procedures for
    performing periodic reviews of merchant category codes, and eliminating cardholder’s access
    to all restricted and prohibited codes from JPMorgan Chase’s PaymentNet banking system.

    OPO’s Response:

    OPO concurs with the recommendation. “OPO now periodically reviews the MCC listing to
    ensure that it is consistent with the agency charge card management plan, and that no new
    codes which may present risk to the agency program have been introduced. … OPO has
    collaborated with the bank in appropriately updating its list of restricted MCCs. This list
    now complies with the agency charge card management plan and is continually reviewed.
    Additionally, OPO efforts in reviewing codes and in collaborating with the bank to
    potentially restrict certain unallowable MCCs is being documented, and will be referenced
    within the updated CP 13.301 Revision 4, to be completed in fiscal year 2017 with a formal,
    agency-wide release date at the commencement of fiscal year 2018.”

4.	 Training

    We randomly selected 61 out of 139 purchase card program participants to determine if initial
    and refresher training requirements were met. Specifically, we found that:

              3 out of 61 purchase card program participants completed GSA SmartPay Purchase
               Account Agency Program Coordinator instead of the GSA SmartPay Account Holder
               training as refresher training.

              10 out of 61 purchase card program participants did 

               not have documentation to support completion of 

                                                                                                    Training records were
               training.
                                                                                                        outdated and
                                                                                                         incomplete.
              23 out of 61 purchase card program participants 

               completed initial training after being appointed as a 

               purchase card program participant, or refresher 

               training more than three years after the last refresher training.


    Details of our review were provided to OPO separate from this report.

                                                                  17 	                                 Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
    Due to poor monitoring and oversight, purchase card participants took incorrect training and
    training records for purchase card program participants were outdated or incomplete.

    OMB’s Circular No. A-123, Appendix B, January 2009, Section 3.4, requires all purchase card
    program participants to be “trained prior to appointment” and to take refresher training at least
    every three years.

    OPM’s Purchase Card Management Plan, January 2016, Section 3.2, Cardholders, requires
    purchase cardholders and their approving officials to complete the GSA Smartpay Purchase
    Card Training modules for account holders. Section 3.3, Agency/Organization Program
    Coordinators, requires agency program coordinators to take GSA Smartpay Purchase Card
    Training modules for agency program coordinators. Furthermore, Section 3.4, Record
    Keeping, requires OPO to “maintain and retain copies of the training certifications for three
    years.”

    OPM’s Contracting Policy 13.301, Revision 4, Section 8.18, dated July 2, 2014, states that a
    purchase card is cancelled “if the cardholder leaves OPM, misuses the card, does not follow
    [Federal Acquisition Regulation] requirements and OPM polices, or transfers to a different
    program office.” Failure to complete required refresher training should have led to suspension
    of the purchase card account or suspension of oversight responsibilities.

    Attachment 2 of the Contracting Policy requires applicants for new purchase cards to submit the
    following six items before receiving a purchase card:

              Purchase card request form,

              Responsibility acknowledgement form,

              GSA SmartPay Purchase Card Training certificate,

              Section 508 Micro Purchase Training certificate,

              CBIS module training certificates and accounting string, and

              Justification of purchase card need.

    Without adequate training and the absence of documents to support that purchase card program
    participants have been trained, there is an increased risk that there are purchase card program

                                                                  18                                   Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
    participants who have not been properly trained in the proper usage of the purchase card.
    Individuals not properly trained can lead to an increase in card misuse and abuse and failure to
    comply with requirements of the purchase card program.

    Recommendation 7

    We recommend that OPO have all three purchase card program participants that took the GSA
    SmartPay Purchase Account Agency Program Coordinator training course immediately take the
    GSA SmartPay Account Holder training course or suspend their oversight duties until training
    is completed.

    Recommendation 8

    We recommend that OPO implement controls to ensure that purchase card program participants
    receive all required training on the appropriate use, controls, and consequences of abuse before
    appointment to their position, and receive refresher training every three years. Documentation
    should be maintained to support the completion of initial and refresher training.

    Recommendation 9

    We recommend that OPO suspend purchase card accounts and oversight duties of purchase
    card program participants that are not in compliance with refresher training requirements.

    OPO’s Response:

    OPO concurs with recommendations 8, 9, and 10. “OPO has spent extensive time securing
    referenced training certifications from all purchase cardholders and AOs and in properly
    organizing and filing them … OPO has put cardholders and AOs on notice that training
    certifications not received in a timely manner will result in account suspensions … updated
    certification information has allowed OPO to create a tracking instrument which is routinely
    updated. This tracking mechanism allows OPO to effectively oversee cardholders and AOs
    and in particular their required training.”

5. Controls over Purchase Card Transactions

    Controls over purchase card transactions, such as transaction documentation retention and
    reallocating and approving transactions in OPM’s financial system, need improvement to
    reduce the risk of fraud, waste, and abuse. For the transactions sampled and reviewed, we
    found no evidence that cardholders were abusing their Government purchase card privileges for

                                                                  19                                   Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
     personal or inappropriate use. Details of our review were provided to OPO separate from this
     report; however, areas of improvement are discussed below.

     A. Purchase Card Transactions

           We selected a random statistical sample of 150 purchase card transactions. Specifically, we
           selected 100 transactions below the micro-purchase threshold, totaling $52,719, and we
           selected 50 transactions above the micro-purchase threshold, totaling $448,692.

           For each transaction, we reviewed documentation to determine if the transaction file was
           complete, the transaction was reallocated by the cardholder and approved by the approving
           official in CBIS, and to determine if the purchase was for a legitimate business purpose, as
           required by Contracting Policy 13.301. The results of our test work are outlined in Table 1.

                                               Table 1: Review of Purchase Card Transactions
                                                  Below Micro-Purchase                                   Above Micro-Purchase
                                                       Threshold                                              Threshold

                                                                         Total Dollar                                             Total Dollar
              Attributes15                     Transactions                                          Transactions
                                                                            Value                                                    Value

            Transaction
            documentation                            49                     $28,523                         27                      $285,901
            incomplete16
            Transaction not
            approved by                              13                     $10,192                         10                      $161,155
            approving official


           For the transactions reviewed, we found no evidence that the transactions were not for
           legitimate business purposes.

     B. Questionable Transactions

           We judgmentally selected 35 purchase card transactions, totaling $36,836, which were
           related to purchases from vendors of electronics, food and beverages, and travel related
           items. For each transaction, we reviewed documentation to determine if the transaction file
           was complete, the transaction was reallocated by the cardholder and approved by the
15
  The results in the table for each attribute tested are independent of each other. 

16
  The transaction was missing one or more attributes as required by Contracting Policy 13.301, Revision 4,

Section 8.5, dated July 2, 2014. 


                                                                   20                                   Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
          approving official in CBIS, and if the purchase was for a legitimate business purpose, as
          required by Contracting Policy 13.301. The results of our test work are outlined in Table 2.

                                                      Table 2: Questionable Transactions

                      Attributes15                            Transactions                                  Total Dollar Value

           No support documentation
                                                                       5                                            $4,370
           provided
           Transaction documentation
                                                                     25                                            $28,330
           incomplete16

           Transaction not approved
                                                                       2                                              $94
           by approving official


          For the transactions reviewed, we found no evidence that the transactions were not for
          legitimate business purposes.

    C. Split Transactions

          We judgmentally selected 10 purchase card transactions, totaling $20,874, to determine if
          the transactions were split. Additionally, for each transaction, we reviewed documentation
          to determine if the transaction file was complete, the transaction was reallocated by the
          cardholder and approved by the approving official in CBIS, and to determine if the
          purchase was for a legitimate business purpose, as required by Contracting Policy 13.301.
          The results of our test work are outlined in Table 3.

                                                            Table 3: Split Transactions

                      Attributes15                              Transactions                                  Total Dollar Value

           No support documentation
                                                                       7                                             $16,495
           provided
           Transaction documentation
                                                                       3                                              $4,379
           incomplete.16

           Transaction not approved
                                                                       2                                              $7,000
           by approving official.


          Of the three transactions that we were able to review, we did not find that the transactions
          were split. To make our determination, we reviewed the items purchased to identify any

                                                                  21                                   Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
          similarities between the items and the purpose for the purchased items. Additionally, we
          found no evidence that the transactions were not for legitimate business purposes.

    D. Convenience Check Transactions

          We selected a random sample of 20 convenience check transactions, from 4 convenience
          check writers, totaling $10,741. For each convenience check transaction, we reviewed
          documentation to determine if the transaction file was complete, the transaction was
          reallocated by the cardholder and approved by the approving official in CBIS, and to
          determine if the purchase was for a legitimate business purpose, as required by Contracting
          Policy 13.301. The results of our test work are outlined in Table 4.

                                                  Table 4: Convenience Check Transactions

                      Attributes15                              Transactions                                  Total Dollar Value

           No support documentation
                                                                       5                                              $6,051
           provided
           Transaction documentation
                                                                       5                                               $422
           incomplete.16
           Transaction not approved
                                                                        4                                             $1,195
           by approving official.


          For the transactions reviewed, we found no evidence that the transactions were not for
          legitimate business purposes.

          For all purchase card and convenience check transactions that we sampled, for sections A
          through D, we were not able to verify that the transactions were reallocated in CBIS
          because the OCFO did not provide sufficient documentation for us to make the
          determination.

          OPO stated that historically, reviews of purchase card transactions were not enforced which
          led to cardholders and approving officials not being held accountable for the purchases that
          were made.

          OPM's Contracting Policy 13.301, Revision 4, Section 8.5, dated July 2, 2014, states the
          cardholders must maintain the following six documents:

                    Purchase card or convenience check transaction log;

                                                                  22                                   Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
                    Evidence demonstrating the price paid is reasonable;

                    Copy of receipt or other documentation received from the supplier;

                    Memorandums or notes authorizing the purchase;

                    Copy of the bank account invoice or CBIS record print out; and

                    Explanatory material for unusual situations.

          Section 8.12 of the Contracting Policy, and OPO's Prohibited Items List, details items that
          cardholders cannot purchase, to include, but not be limited to: cash advances; rental or lease
          of motor vehicles when the cardholder is on travel status; purchase of meals, drinks,
          entertainment, or lodging at hotels or motels when the cardholder is on travel status; and
          personal purchases.

          OPM’s Memorandum, Guidelines on Food at Meetings and Conferences, dated April 18,
          2012, states that as a “general principle of appropriation law, food is a personal expense for
          all Federal employees and, as such, may not be purchased using appropriated funds. The
          same is true for snacks and refreshments … This general prohibition arises out of 5 U.S.C
          [Section] 5536, which prohibits an employee from receiving compensation beyond the pay
          and allowances fixed by law.” The guideline goes on to explain that appropriated funds can
          be used to purchase food and beverages for training, “where the agency determines that the
          provision of meals is necessary to achieve the objectives of the training program.” For
          meetings and conferences, appropriated funds can be used if the “meal is a necessary part of
          a formal meeting or conference.” For award ceremonies, appropriated funds can be used if
          the ceremony is conducted to “present awards that are covered by the Incentive Awards
          Act, 5 U.S.C. [Section] 4501 – 4506.” Finally, for cultural awareness ceremonies,
          appropriated funds can be used if it is “incidental” to the ceremony, and is intended to
          “make the audience aware of the cultural or ethnic history being celebrated … .”

          OPM's Contracting Policy 13.301, Revision 4, Section 8.14 (c), dated July 2, 2014, states
          cardholders must process reallocations of purchase and convenience check transactions in
          CBIS. Section 8.15 of the Contracting Policy states approving officials must review and
          approve transactions in CBIS. The transactions should be reallocated and approved within
          30 days of the transaction posting date in CBIS. Furthermore, the Anti-Deficiency Act (31
          U.S.C Section 1341(a)(1)(A)) prohibits Federal employees from “[making] or [authorizing]
          an expenditure or obligation exceeding an amount available in an appropriation or fund for
          the expenditure or obligation.”

                                                                  23                                   Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
          Lastly, Section 8.21 of the Contracting Policy states that, “Cardholders must retain all
          records and documentation pertaining to a completed purchase transaction for a period of
          [three] years after payment for the goods and services. If a cardholder leaves his or her
          program office, the cardholder's program office is responsible for maintaining the purchase
          card records.”

          Based on our projection of the sample results for the transactions below and above the
          micro-purchase threshold in Table 1, we are 95 percent confident that the true percentage of
          transactions in the population that were not adequately documented is at least 39.3 percent,
          accounting for a total dollar value of $4,676,251. Furthermore, we are 95 percent confident
          that the true percentage of transactions in the population that were not properly authorized
          was at least 6.5 percent, accounting for a total dollar value of $1,892,684.

          The 17 unsupported transactions identified in Table 2, 3, and 4, totaling $26,916, provides
          an increased risk for abuse or misuse of the purchase card and subsequently agency
          resources. Additionally, delays or failure to reallocate purchase card transactions can cause
          problems with budget execution and increase the risk of Anti-Deficiency Act violations.

          Recommendation 10

          We recommend that OPO ensure that cardholders and/or program offices maintain
          documentation supporting transactions in accordance with purchase card policies and
          procedures.

          OPO’s Response:

          OPO concurs with the recommendation. “To date, OPO efforts in ensuring every
          account holder is developing and maintaining a proper file for ALL transactions
          completed has been enforced through both routine and random transaction file reviews
          as required by CP 13.301, Revision 4, Section 8(22) Monitoring and Oversight. Where
          transaction files have been requested and could not be produced, accounts can and have
          been suspended, per CP 13.301, Revision 4, Section 8(19), Review and Audit. …
          Additionally, OPO is preparing agency specific training associated with transaction file
          review findings and the recommendations … .”




                                                                  24                                   Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
          Recommendation 11

          We recommend that OPO strengthen its oversight and monitoring of purchase card
          transactions, to include but not be limited to, verifying that transactions are reallocated by
          cardholders and approved by approving officials in OPM’s financial system.

          OPO’s Response:

          OPO concurs with the recommendation. “OPO now reviews unallocated/unapproved
          reports provided for by the bank on a monthly basis, determines which transactions are
          30/60/90 days past due, and in turn reaches out to the cardholders and AOs on these
          transactions. … In an attempt to better manage and oversee the program and those
          specific transaction functions referenced within this recommendation, OPO has
          collaborated more with OCFO, the owner of the agency CBIS financial system.”

          Recommendation 12

          We recommend that OPO provide documentation for the 17 unsupported transactions
          identified in Tables 2, 3, and 4.

          OPO’s Response:

          OPO concurs with the recommendation. “OPO is in the process of securing the
          referenced 17 unsupported transaction files … .”




                                                                  25                                   Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 522a.
                                                      APPENDIX




Thank you for providing OPM the opportunity to respond to the Office of the Inspector General
(OIG) draft report, Audit of the U.S. Office of Personnel Management Purchase Card Program,
4A-OO-00-16-046, dated March 31, 2017.

Since the reorganization of the Office of Procurement Operations (OPO) in September 2015 and
Acquisition, Policy, and Innovation formally taking control of the oversight and management
responsibilities of the agency purchase card program starting fiscal year 2016, critical
improvement efforts were developed and have since been initiated. We recognize that even the
most well run programs benefit from external evaluations and we appreciate your input as we
continue to enhance our program.

RESPONSES TO THE DRAFT REPORT RECOMMENDATIONS

Recommendation 1
We recommend that OPO perform verification and validation activities, such as utilizing available
agency employee separation reports, to ensure that separated employees’ purchase cards are
immediately cancelled.

Management Response:

We concur. Specifically as represented within the draft report, available information, such as
agency reports and cardholder data captured by the bank has been utilized by OPO in
appropriately conducting verification and validation activities. For example, in ensuring that an
account associated with a separated employee is immediately cancelled, OPO regularly requests

                                                                                                      Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 552a.
the agency’s separation report which can be validated against the list of current account holders as
represented by the bank. OPO periodically obtains the separation report from the Office of Human
Resources (OHR) through the Office of the Chief Information Officer (OCIO). In the event an
account holder with an active account is identified on the separation report, their account is
immediately cancelled. OPO continues to work with OHR/OCIO representatives in securing the
aforementioned separation report on a more frequent basis. To date receipt has been inconsistent,
and often requires several requests from OPO.

Additionally, OPO has been working with the Authorizing Officials (AOs) to ensure they contact
OPO when a cardholder has separated from the agency. This line of communication also allows
OPO to cancel an account in a timely manner, which often occurs prior to the receipt of the most
up to date OHR separation report. OPO also plans to setup formal training events to be provided
to AOs and account holders, which will further emphasize this requirement. A copy of CP 13.301
has been provided to all account holders and is available to all OPM employees through the
agency website.

Recommendation 2
We recommend that OPO provide documentation, including the individual(s) responsible for
making the purchases, for the three unsupported transactions, totaling $15,600.

Management Response:

We do not concur. OPO performed an exhaustive search of both paper and electronic files and
has been unable to locate transaction files associated with the three FY 2015 transactions
represented within the draft report. From the limited information that we do have we were able to
determine that all of the purchases were made under an allowable Merchant Category Code (9399
- Gov’t Services Not Elsewhere Classified). Limited available details associated with the subject
transactions, which we were able to obtain through JPMC’s online charge card management
system, PaymentNet, are provided below.


                Tran Date         Post Date         Merchant               MCC          Debit Amount            Tran Type
                05/14/2015        05/15/2015        OPM-HRS-EMDC           9399         $3,450.00               Purchase
                06/01/2015        06/02/2015        OPM-HRS-EMDC           9399         $5,650.00               Purchase
                08/13/2015        08/14/2015        OPM-HRS-EMDC           9399         $6,500.00               Purchase

                                                                                        $15,600.00               

Development and maintenance of transaction files is of critical importance and remains an area of
required improvement across the agency. To date, OPO efforts in ensuring every account holder
is developing and maintaining a proper file for ALL transactions completed has been enforced
through both routine and random transaction file reviews as required by CP 13.301, Revision 4,
Section 8(22) Monitoring and Oversight. Where transaction files have been requested and could
not be produced, accounts can and have been suspended, CP 13.301, Revision 4, Section 8(19),
Review and Audit.

Based on CP 13.301, Revision 4, Section 8(22), Monitoring and Oversight, micro-purchase

                                                                                                      Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 552a.
transactions are to be reviewed at least twice each fiscal year and transactions above the micro-
purchase threshold at least once each fiscal year. Additionally, convenience check transactions
are to be reviewed as needed, but at least once annually. In an effort to provide increased
oversight of the program and to better detect card misuse, abuse, and fraud, OPO has increased
the frequency and quantity of transaction file reviews being performed. Purchase card transaction
reviews are performed on a quarterly basis for both micro-purchase transactions and transactions
above the micro-purchase threshold. The review process is designed to ensure that at least one
transaction is reviewed for every cardholder each fiscal year. Additional reviews may also be
performed on an ad hoc basis, as outlined within CP 13.301, Revision 4, Section 8(22),
Monitoring and Oversight.

We believe that our ability to review a larger quantity of transaction files will drive, over time,
superior file development and maintenance. Recent improvement efforts in this area, as
referenced above, are a positive step in the right direction. However, OPO is not currently staffed
to increase the quantity and frequency of files reviewed beyond its recent improvement efforts in
this area. The ability of OPO to review a higher quantity of transaction files would increase the
quality and consistency of transaction files developed and maintained while reducing the overall
risk to the agency of, for example, absent or incomplete transaction files.

Recommendation 3
We recommend that OPO improve policies and procedures over its purchase card reporting
process to ensure that data is supported and accurately reported.

Management Response:

We concur. As it specifically pertains to the OIG finding associated with this Recommendation
3, OPO was able to verify and validate the referenced annual financial report (AFR) data in
question. The information came from the General Services Administration (GSA), Center for
Charge Card Management. The above GSA team is responsible for data management of the
charge card programs across numerous agencies. OPO was able to confirm with GSA that the
data provided to the Office of the Chief Financial Officer (OCFO) to be included within the AFR
was accurate, and that similar data is routinely collected and can be reported on a monthly basis.
OPO is also able to reconcile that monthly data provided by GSA to the PaymentNet “Transaction
Detail Report”, which further validates the accuracy of the data reported on the AFR.

Since formally taking over the management and oversight of the agency purchase card program,
OPO Acquisition, Policy, and Innovation has begun documenting all of its policies and
procedures. Such documentation efforts had not previously been made within the agency’s office
supporting the purchase card program. This includes a complete update of the above referenced
CP 13.301, Revision 4, to be completed in fiscal year 2017 with a formal, agency-wide release
date at the commencement of fiscal year 2018. Additionally, the updated CP 13.301 will
incorporate procedural documents associated with the transaction file review process. Regarding
data call preparation and delivery efforts, the revised policy will include program requirements to
provide annual updates to the agency charge card management plan, semi-annual OIG violations
reporting, and quarterly statistical reporting. Many of these process documents are currently in

                                                                                                      Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 552a.
draft form and were shared with the OIG team during the subject audit.

The development and implementation of policies and procedures associated with the successful
management and oversight of the agency purchase card program requires a sufficient level of
resources. The absence of those resources in the past has made such efforts impossible. Although
OPO is focusing more intently on this critical agency requirement, resourcing constraints continue
to inhibit the ability to develop and consistently implement necessary policies and procedures
while managing and overseeing all other aspects of the purchase card program.

Recommendation 4
We recommend that OCFO verify and validate purchase card information prior to reporting it in
the AFR to ensure the integrity of the data reported.

Management Response:

We concur. OCFO and OPO agree with this recommendation. OPO in collaboration with OCFO
has since obtained a greater understanding of the purchase card program data associated with the
AFR and is now in a position to verify and validate the purchase card information prior to
reporting and to better document the reporting process going forward. OCFO will update, as
appropriate, its procedures to document due diligence in ascertaining the validity of the data
reported.

Recommendation 5
We recommend that OPO immediately ensure that all OMB statistical reporting requirements are
met, starting with their FY 2017 third quarter statistical report.

Management Response:

We concur. The statistical report delivered in the third quarter of fiscal year 2016 followed the
format and structure consistently used in all prior reporting periods. OPO acknowledges that the
format used previously was incomplete, and did not appropriately represent the number of
cardholders with warrant authority above the micro-purchase threshold as well as the number of
cardholders absent warrant authority but with transaction limits above the micro-purchase
threshold. OPO has since updated the structure and format of the quarterly statistical report,
covering all required response areas, and that format has been used in the fourth quarter of fiscal
year 2016 and first and second quarters of fiscal year 2017. Referenced statistical reports can be
found on the Office of Management and Budget (OMB) MAX.gov website

Recommendation 6
We recommend that OPO develop and implement policies and procedures for creating the
quarterly OMB statistical report. At a minimum, the policies and procedures should include a
discussion of all the statistical data elements required by OMB.

Management Response:



                                                                                                      Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 552a.
We concur. Please reference OPO response above, associated with Recommendation 3. Since
formally taking over the management and oversight of the agency purchase card program, OPO
Acquisition, Policy, and Innovation has begun documenting all of its policies and procedures.
This includes a complete update of the above referenced CP 13.301 Revision 4, to be completed in
fiscal year 2017 with a formal, agency-wide release date at the commencement of fiscal year
2018. Additionally, the updated CP 13.301 will incorporate procedural documents associated with
the transaction file review process. Regarding data call preparation and delivery efforts, the
revised policy will include program requirements, to provide annual updates to the agency charge
card management plan, semi-annual OIG violations reporting, and quarterly statistical reporting.
Many of these process documents are currently in draft form and were shared with the OIG team
during the subject audit.

The development and implementation of policies and procedures associated with the successful
management and oversight of the agency purchase card program requires a sufficient level of
resources. The absence of those resources in the past has made such efforts impossible. Although
OPO is focusing more intently on this critical agency requirement, resourcing constraints continue
to inhibit the ability to develop and consistently implement necessary policies and procedures
while managing and overseeing all other aspects of the purchase card program.
Procedures and requirements associated with OMB quarterly statistical reporting are stated within
the OMB A-123, Appendix B circular. Agency specific procedures regarding quarterly statistical
reporting, which supplement A-123 guidance, are in development.

Recommendation 7
We recommend that OPO strengthen its oversight over merchant category codes accessible by
purchase cardholders, to include developing and implementing policies and procedures for
performing periodic reviews of merchant category codes, and eliminating cardholder’s access to
all restricted and prohibited codes from J.P. Morgan Chase’s PaymentNet banking system.

Management Response:

We concur. Since OPO Acquisition, Policy, and Innovation formally took control of the
oversight and management responsibilities of the agency purchase card program in fiscal year
2016, and through the OIG audit efforts detailed within this draft report, a greater understanding
of the restricted merchant category codes (MCCs) has been obtained. OPO now periodically
reviews the MCC listing to ensure that it is consistent with the agency charge card management
plan, and that no new codes which may present risk to the agency program have been introduced.
For example, OPO efforts in routinely reviewing MCCs enabled its ability to restrict the 9999
Convenience check code. That particular MCC was not a code identified by the OIG as being
restricted. However, all cardholders had access to the subject code, and not all cardholders have
the authority to write convenience checks. The 9999 convenience check code now has its own
grouping, which can only be accessed by cardholders with convenience check authority.

OPO has collaborated with the bank in appropriately updating its list of restricted MCCs. This list
now complies with the agency charge card management plan and is continually reviewed.
Additionally, OPO efforts in reviewing codes and in collaborating with the bank to potentially


                                                                                                      Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 552a.
restrict certain unallowable MCCs is being documented, and will be referenced within the
updated CP 13.301 Revision 4, to be completed in fiscal year 2017 with a formal, agency-wide
release date at the commencement of fiscal year 2018.

Recommendation 8
We recommend that OPO have all three purchase card program participants that took the GSA
SmartPay Purchase Account Agency Program Coordinator training course immediately take the
GSA SmartPay Account Holder training course or suspend their oversight duties until training is
completed.

Management Response:

We concur. OPO has spent extensive time securing referenced training certifications from all
purchase cardholders and AOs and in properly organizing and filing them. Because of those
efforts, which had not been conducted previously, training certification information is up to date.
Specifically, this includes all 98 active cardholders and 52 AOs. In properly managing the agency
purchase card program, OPO has put cardholders and AOs on notice that training certifications
not received in a timely manner will result in account suspensions, as represented within CP
13.301, Revision 4, Section 8(14)(c), Reconciling and Accepting Transactions. In addition to the
required training referenced above, OPO is preparing agency specific training associated with
transaction file review findings and the recommendations reflected in this draft audit report.
Training is scheduled to commence fiscal year 2017.

Recommendation 9
We recommend that OPO implement controls to ensure that purchase card program participants
receive all required training on the appropriate use, controls, and consequences of abuse before
appointment to their position; and receive refresher training every three years. Documentation
should be maintained to support the completion of initial and refresher training.

Management Response:

We concur. Since OPO Acquisition, Policy, and Innovation assumed the management
responsibilities of the agency purchase card program, it has ensured that all new cardholder
applicants and their AOs have completed and submitted all required forms and training
certificates before receiving a delegation of purchase card authority. Also, as explained above in
the OPO Recommendation 8 response, OPO has spent extensive time securing referenced training
certifications from all prior existing purchase cardholders and AOs and in properly organizing
and filing them to ensure reliable records are maintained. Because of those efforts, which had not
been conducted previously, training certification information is up to date across the agency and
can more easily be managed. Specifically, as it pertains to this recommendation, updated
certification information has allowed OPO to create a tracking instrument which is routinely
updated. This tracking mechanism allows OPO to effectively oversee cardholders and AOs and in
particular their required training.

Additionally, in properly managing the agency purchase card program, OPO has put cardholders


                                                                                                      Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 552a.
and AOs on notice that training certifications not received in a timely manner will result in
account suspensions, as represented within CP 13.301, Revision 4, Section 8(14)(a), Maintaining
Cardholder Privileges. To supplement the required training referenced above, OPO is preparing
agency specific training associated with transaction file review findings and the recommendations
reflected in this draft audit report. Training is scheduled to commence fiscal year 2017.

Recommendation 10
We recommend that OPO suspend purchase card accounts and oversight duties of purchase card
program participants that are not in compliance with refresher training requirements.

Management Response:

We concur. As explained above in the OPO Recommendations 8 and 9 responses, OPO has spent
extensive time securing referenced training certifications from all purchase cardholders and AOs
and in properly organizing and filing them to ensure reliable records are maintained.
Because of those efforts, which had not been conducted previously, training certification
information is up to date across the agency and can more easily be managed. Specifically, as it
pertains to this recommendation, updated certification information has allowed OPO to create a
tracking instrument which is routinely updated. This tracking mechanism allows OPO to
effectively oversee cardholders and AOs, and in particular, their required training.
Additionally, in properly managing the agency purchase card program, OPO has put cardholders
and AOs on notice that training certifications not received in a timely manner will result in
account suspensions, as represented within CP 13.301, Revision 4, Section 8(14)(a), Maintaining
Cardholder Privileges. Very recently, OPO has suspended accounts where transaction file detail
had not been provided in response to quarterly transaction file reviews. Account suspension is an
available tool documented within the established CP 13.301, Revision 4, which had not been
utilized in the past. As in the case of the transaction file reviews, OPO will, as necessary, exercise
its ability to suspend accounts where required training has not been completed in a timely manner.

Recommendation 11
We recommend that OPO ensure that cardholders and/or program offices maintain documentation
supporting transactions in accordance with purchase card policies and procedures.

Management Response:

We concur. As explained above in the OPO Recommendation 2 response, the development and
maintenance of transaction files is of critical importance and remains an area of required
improvement across the agency. To date, OPO efforts in ensuring every account holder is
developing and maintaining a proper file for ALL transactions completed has been enforced
through both routine and random transaction file reviews as required by CP 13.301, Revision 4,
Section 8(22) Monitoring and Oversight. Where transaction files have been requested and could
not be produced, accounts can and have been suspended, per CP 13.301, Revision 4, Section
8(19), Review and Audit.

Based on CP 13.301, Revision 4, Section 8(22), Monitoring and Oversight, micro-purchase


                                                                                                      Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 552a.
transactions are to be reviewed at least twice each fiscal year and transactions above the micro-
purchase threshold at least once each fiscal year. Additionally, convenience check transactions are
to be reviewed as needed, but at least once annually. In an effort to provide increased oversight of
the program and to better detect card misuse, abuse, and fraud, OPO has increased the frequency
and quantity of transaction file reviews being performed. Purchase card transaction reviews are
performed on a quarterly basis for both micro-purchase transactions and transactions above the
micro-purchase threshold. The review process is designed to ensure that at least one transaction
is reviewed for every cardholder each fiscal year. Additional reviews may also be performed on
an ad hoc, random basis as outlined within CP 13.301, Revision 4, Section 8(22), Monitoring and
Oversight.

We believe that our ability to review a larger quantity of transaction files will drive, over time,
superior file development and maintenance. Recent improvement efforts in this area, as
referenced above, are a positive step in the right direction. However, OPO is not currently staffed
to increase the quantity and frequency of files reviewed beyond its recent improvement efforts in
this area. The ability of OPO to review a higher quantity of transaction files would increase the
quality and consistency of transaction files developed and maintained while reducing the overall
risk to the agency of, for example, absent or incomplete transaction files.

Additionally, OPO is preparing agency specific training associated with transaction file review
findings and the recommendations reflected in this draft audit report. Topics associated with
constant transaction file review findings will be presented during these training events, supported
by examples which appropriately apply Federal and CP 13.301 Revision 4 requirements.
Training is scheduled to commence fiscal year 2017.

Recommendation 12
We recommend that OPO strengthen its oversight and monitoring of purchase card transactions,
to include but not limited to, verifying that transactions are reallocated by cardholders and
approved by Approving Officials in OPM’s financial system.

Management Response:

We concur. Since OPO Acquisition, Policy, and Innovation formally took control of the
oversight and management responsibilities of the agency purchase card program in fiscal year
2016, and through the OIG audit efforts detailed within this draft report, which included
collaboration with OCFO, the owner of the CBIS financial system at OPM where reallocation
efforts are executed, a greater understanding of the reallocation process has been obtained. OPO
now reviews unallocated/unapproved reports provided for by the bank on a monthly basis,
determines which transactions are 30/60/90 days past due, and in turn reaches out to the
cardholders and AOs on these transactions. This type of review had not previously been
performed within the agency supporting the purchase card program. In accordance with CP
13.301, Revision 4, Section 8(14)(c), Reconciling and Accepting Transactions, OPO is able to
suspend the accounts of those cardholders that do not comply with the policy guidelines for
transaction reallocation.



                                                                                                      Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 552a.
In an attempt to better manage and oversee the program and those specific transaction functions
referenced within this recommendation, OPO has collaborated more with OCFO, the owner of the
agency CBIS financial system. OPO and OCFO efforts in better managing transaction
reallocations were introduced at the end of last fiscal year 2016 and have continued into this fiscal
year 2017. Although collaboration with OCFO has offered greater insight into the transaction
reallocation process, such teamwork has not alleviated recognized resourcing constraints which
continue to inhibit OPO’s ability to develop and consistently implement necessary policies and
procedures while managing and overseeing all other aspects of the purchase card program.

Recommendation 13
We recommend that OPO provide documentation for the 17 unsupported transactions identified
in Tables 2, 3, and 4.

Management Response:

We concur. OPO is in the process of securing the referenced 17 unsupported transaction files
represented within OIG Notification of Findings and Recommendations (NFR) #6 and as further
detailed within this draft audit report. Several cardholders have provided transaction files which
are being reviewed in accordance with CP 13.301, Revision 4. As represented in this response,
OPO has recently suspended accounts where transaction file detail had not been provided in
response to quarterly transaction file reviews. Account suspension is an available tool
documented within the established CP 13.301, Revision 4, which had not been utilized in the past.
As in the case of the previous transaction file reviews, OPO will, as necessary, exercise its ability
to suspend accounts of cardholders that do not provide transactions files selected for review in a
timely manner.

In reconciling the 17 unsupported transaction files reflected within this draft report, OPO
recognized cardholders with accounts already in a state of suspension, directly associated with
prior quarterly reviews. In the event OPO cannot secure the transaction files requested by the OIG
in support of this audit by the time OPO delivers its response herein, account suspension or even
account termination will be exercised as detailed within CP 13.301, Revision 4.

CONCLUSION

The findings documented, as a part of the subject audit and the subsequent recommendations
detailed within this draft report, are extremely beneficial to OPO in progressing its management
and oversight efforts supporting the agency purchase card program. Numerous corrective actions
are already underway, several of which have been successfully completed. Although OPO is
focusing more intently on this critical agency requirement, resourcing constraints continue to
inhibit the ability to develop and consistently implement necessary policies and procedures while
managing and overseeing all other aspects of the purchase card program.

OPO appreciates the opportunity to respond to the draft findings and recommendations. If you
have any questions regarding our response, please contact                 at
               or                  @opm.gov.


                                                                                                      Report No. 4A-OO-00-16-046
 This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                 information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 552a.
                                            TECHNICAL COMMENTS


Suggested revisions to OIG draft report, Audit of the U.S. Office of Personnel Management
Purchase Card Program, 4A-OO—00-16-046, dated March 31, 2017.

Overall the Office of Procurement Operations (OPO) is in agreement with the recommendations
presented in this draft report. In an attempt to strengthen the final document, we recognized
several areas where suggested revisions would more accurately reflect the data and
circumstances presented, thereby ensuring a complete report suitable for public release. Those
areas are provided below for further consideration.

                                                      Deleted by OIG 

                                                Not Relevant to Final Report


Page 8 of the draft audit report; please consider replacing “The cardholder must reallocate
and accept transactions in CBIS….” with “The cardholder must reconcile and reallocate
transactions in CBIS….” as it more accurately reflects the process and those purchase card
transaction efforts conducted within CBIS.

Page 3 of the draft audit report; please consider updating the bullets reflected under
“Contracting Policy 13.301, Revision 4, dated July 2, 2014 (Contracting Policy), specifically
discusses:” For example, the policy also includes valuable templates, like the Purchase
Card Transaction Log, Convenience Checks Transaction Log, and Simplified Acquisition
Checklist as attachments.

Page 3 Footnote #4; please consider replacing the first sentence. The “purchase card
management plan” is not also known as the “charge card management plan”. The
purchase card is just one aspect of the agency’s charge card management plan, which also
addresses the agency travel card and fleet card programs.

                                                      Deleted by OIG 

                                                Not Relevant to Final Report 


Page 4 of the draft audit report; please consider updating the bullets reflected under “OPO
reports purchase card data in the following reports:” For example, we provide reporting
responses in support of OMB A-123 to include the Charge Card Management Plan, and
bullet 2, should state “Quarterly OMB Statistical Report” which is the official name.

Page 5 of the draft audit report; please consider replacing “was” with “were” in the
sentence starting “A total of 14,867 transactions, totaling $7,969,765, was processed by
139…..”


                                                                                                     Report No. 4A-OO-00-16-046
This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 552a.
    Page 5 of the draft audit report; please consider updating bullet #5 under “To accomplish
    our audit objectives noted above, we:” with the appropriate document titles, “purchase
    card management plan as a part of the agency Charge Card Management Plan,” and
    “Quarterly OMB Statistical Report”
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 




                                                                                                         Report No. 4A-OO-00-16-046
    This report is non-public and should not be further released unless authorized by the OIG, because it may contain confidential and/or proprietary
                    information that may be protected by the Trade Secrets Act, 18 U.S.C. § 1905, or the Privacy Act, 5 U.S.C. § 552a.
            Report Fraud, Waste, and Mismanagement


                                Fraud, waste, and mismanagement in Government
                               concerns everyone: Office of the Inspector General
                              staff, agency employees, and the general public. We
                                 actively solicit allegations of any inefficient and
                              wasteful practices, fraud, and mismanagement related
                                to OPM programs and operations. You can report
                                         allegations to us in several ways:



      By Internet:                  http://www.opm.gov/our-inspector-general/hotline-to-report-fraud-waste-
                                    or-abuse


        By Phone:                   Toll Free Number:                               (877) 499-7295
                                    Washington Metro Area:                          (202) 606-2423


           By Mail:                 Office of the Inspector General
                                    U.S. Office of Personnel Management
                                    1900 E Street, NW
                                    Room 6400
                                    Washington, DC 20415-1100



                                                                                                                        


                                                             --CAUTION--
This report has been distributed to Federal officials who are responsible for the administration of the subject program. This non-public version
may contain confidential and/or proprietary information, including information protected by the Trade Secrets Act, 18 U.S.C. § 1905, and the
Privacy Act, 5 U.S.C. § 552a. Therefore, while a redacted version of this report is available under the Freedom of Information Act and made
publicly available on the OIG webpage (http://www.opm.gov/our-inspector-general), this non-public version should not be further released unless
authorized by the OIG