Purchase Cards:

Control Weaknesses Leave DHS Highly Vulnerable to Fraudulent, Improper, and Abusive Activity

GAO-06-1117: Published: Sep 28, 2006. Publicly Released: Sep 28, 2006.

Additional Materials:

Contact:

Gregory D. Kutz
(202) 512-9505
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

In the wake of the 2005 hurricanes in the Gulf Region, GAO and the Department of Homeland Security Office of Inspector General (DHS OIG) initiated a number of audits and investigations addressing the federal government's response to those events. On July 19, 2006, GAO testified on the results of its purchase card work. This report summarizes the testimony and provides recommendations. Department of Homeland Security (DHS) cardholders made thousands of transactions related to hurricane relief operations. GAO analyzed transactions between June and November of 2005 to determine if (1) DHS's control environment and management of purchase card usage were effective; (2) DHS's key internal control activities operated effectively and provided reasonable assurance that purchase cards were used appropriately; and (3) potentially fraudulent, improper, and abusive purchase card activity existed at DHS.

A weak control environment and breakdowns in key controls exposed DHS to fraud and abuse in its use of the purchase card. While DHS's draft Purchase Card Manual generally contained effective control procedures, it was not finalized due to a lack of leadership by the Chief Financial Officer in resolving disagreements over its implementation. This led to DHS cardholders following different procedures. Inadequate staffing, insufficient training, and ineffective monitoring, along with inconsistent purchase card policies contributed to a weak control environment and breakdowns in specific key controls. GAO and DHS OIG found a lack of documentation that key purchase card internal controls were performed. Based on a statistical sample, GAO and DHS OIG estimated that 45 percent of DHS's purchase card transactions were not properly authorized, 63 percent did not have evidence that the goods or services were received, and 53 percent did not give priority to designated procurement sources. GAO and DHS OIG also found cardholders who failed to dispute improper charges, which resulted in losses to the federal government. Because of the urgent needs caused by the hurricanes, DHS made a number of noncompetitive purchase card acquisitions. GAO recognizes that DHS had the authority to make noncompetitive purchases; however, GAO found transactions where DHS cardholders could have exercised greater prudence without jeopardizing relief efforts. The weak control environment and ineffective internal control activities allowed potentially fraudulent, improper, and abusive or questionable transactions to occur. Although this work was not designed to identify, and we cannot determine the full extent of fraud, waste, and abuse, GAO and the DHS OIG identified numerous examples of potentially fraudulent, improper, and abusive or questionable transactions. This report lists examples of potentially fraudulent activity related to items acquired with DHS purchase cards. In addition, poor control over accountable property acquired with purchase cards may have resulted in lost or misappropriated assets. GAO and DHS OIG also found examples of improper use of the purchase card such as the use of convenience checks to pay $460,000 for pre-packaged meals. Other instances of abusive or questionable transactions included the purchase of a beer brewing kit, a 63-inch plasma television costing $8,000 which was found unused in its original box 6 months after being purchased, and tens of thousands of dollars for training at golf and tennis resorts. GAO referred cardholders responsible for many of these and other purchases to DHS management for administrative action.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: The DHS Purchase Card Manual published in November 2006 included policies and procedures to limit approving officials' spans of control and to ensure approving officials have an appropriate number of transactions so that they can conduct a thorough and proper review of supporting documentation for each transaction. Specifically, language regarding span of control in the 2006 Purchase Card Manual stated that organizational program coordinators (OPCs) would determine the actual number of cardholders managed by each approving official (AO) and that each AO would provide approval, validation, oversight, and monitoring of purchase card activity over their designated cardholders. The manual stated that a single individual may not be an AO for more than 7 cardholders, or approve more than 300 transactions a month on a regular basis. Subsequent versions of the DHS Purchase Card Manual that were published in 2008 and most recently in October 2009 contain these same requirements.

    Recommendation: To provide reasonable assurance that fraud, waste, and abuse related to DHS's purchase card program are minimized and that government assets acquired with purchase cards are controlled, the Secretary of DHS should develop policies and procedures to limit approving officials' span of control. The number of cardholders and card accounts that any one approving official is responsible for should be reasonable and should be established in consideration of the approving official's other responsibilities. In addition, approving officials should have an appropriate number of transactions so that they may conduct a thorough and proper review of supporting documentation for each transaction.

    Agency Affected: Department of Homeland Security

  2. Status: Closed - Implemented

    Comments: DHS concurred with the recommendation to adopt prudent purchasing practices through arrangements with dependable government sources and/or private-sector vendors. The agency began a re-tooling effort to establish contractual relationships for known emergency supplies and services prior to a disaster so there would be fewer unplanned transactions. It developed procedures to standardize the procurement process for emergency requirements using required sources of supply, instituted training programs consistent with the new procedures, and provided specific information to contracting personnel on contractual vehicles to be used for emergency contracting situations. For example, in FY 2008, DHS developed the FEMA Disaster Plan for Purchase Card Usage which sets out standard operating procedures for purchase card use during a presidential emergency or disaster declaration to ensure that policies and procedures are consistently applied and acquisitions are made in compliance with federal acquisition regulations. Also in 2008, DHS's Strategic Sourcing Office retracted its mandate for ordering certain supplies and services from one designated single source in order to allow DHS customers to use multiple ordering mediums for commonly purchased supplies/services, and emphasized the use of DHS blanket purchase agreements, wherever possible, to achieve more favorable prices.

    Recommendation: To provide reasonable assurance that fraud, waste, and abuse related to DHS's purchase card program are minimized and that government assets acquired with purchase cards are controlled, the Secretary of DHS should adopt prudent purchasing practices by entering into arrangements with dependable sources in the government or vendors who can provide reasonable pricing for specific goods and services with a foreseeable demand in the event of an emergency. In anticipation of future emergencies, DHS should identify specific sources in the federal government or vendors in the private sector that can reliably supply the necessary goods and services for DHS to accomplish its mission in emergency situations. In addition, DHS should, in the case of vendors in the private sector, negotiate pricing and delivery terms with these sources using the federal government's substantial purchasing power so that in a time of crisis DHS will be able to efficiently obtain the necessary goods and services.

    Agency Affected: Department of Homeland Security

  3. Status: Closed - Implemented

    Comments: DHS concurred with this recommendation and indicated the Office of the Chief Financial Officer (CFO) would conduct reviews to determine if adequate resources are devoted to the purchase card program at both the agency and component level and develop oversight responsibilities for the program. In May 2007, the CFO conducted an organizational design and leading practice study of the Office of Financial Management. The study resulted in increasing staff resources to the Department's Charge Card Program. In addition, an Internal Control Division was established to dedicate staff towards improving Department-wide internal control, including controls over purchase cards. In FY 2008 and 2009, the Internal Control Division and Office of Financial Management executed internal control tools to assess purchase and other charge card programs to support the implementation and promotion of charge card policies. Development of an overall Charge Card Management Plan has included establishing a key internal control checklist for purchase cards, using the checklist to complete annual reviews and assessments of purchase card controls for each DHS component agency, statistical sampling of each component's card transactions, and post payment audit procedures to improve monitoring and oversight of transactions for fraud, waste, and abuse.

    Recommendation: To provide reasonable assurance that fraud, waste, and abuse related to DHS's purchase card program are minimized and that government assets acquired with purchase cards are controlled, the Secretary of DHS should conduct a review to determine if adequate resources are devoted to administering, maintaining, and enforcing the purchase card program at both the agency level and the organizational element level. DHS should further develop specific oversight responsibilities that need to be carried out at both the agency level and at the organizational element level.

    Agency Affected: Department of Homeland Security

  4. Status: Closed - Implemented

    Comments: DHS concurred with the recommendation to improve the existing electronic systems to allow better oversight of the reconciliation and certifying duties conducted by cardholders and approving officials. At the time, under SmartPay1, DHS worked with then-contractor U.S. Bank to improve the existing electronic system structure for reporting and oversight. Currently, under the SmartPay2 program, DHS's contractor, J.P. Morgan Chase, provides PaymentNet, an electronic bankcard transaction and management system that allows for oversight of the review and approval process. Of particular relevance, PaymentNet has a Certification Report, which identifies cardholders and approving officials that have not reviewed and approved transactions in the PaymentNet system. By enhancing the capabilities of their purchase card management system, DHS can now fully access and review the reconciliation and certification activities of cardholders and approving officials.

    Recommendation: To provide reasonable assurance that fraud, waste, and abuse related to DHS's purchase card program are minimized and that government assets acquired with purchase cards are controlled, the Secretary of DHS should improve the existing electronic systems to allow those with oversight responsibilities the ability to determine if cardholders and approving officials performed their reconciliation and certifying duties in a meaningful way.

    Agency Affected: Department of Homeland Security

  5. Status: Closed - Implemented

    Comments: DHS concurred with this recommendation and, in November 2006, finalized and published the DHS Purchase Card Manual containing policies and procedures that addressed, among other areas, training, independent receipt and acceptance, accountable property, and disciplinary or administrative actions. For example, in requirements for training, the manual established that employees nominated to be either approving officials (AOs) or cardholders (CHs) must complete approved purchase card training prior to issuance of the purchase card or designation as an AO. Such training includes the GSA on-line purchase card training program, supplemented by DHS-specific training, as well as annual refresher training. The manual also mandated targeted training to certain CHs and AOs needing purchase card authority above the micro-purchase threshold and/or using the purchase card as a payment mechanism against established contracts. Finally, the manual provided documentation requirements as a means to certify that individual CHs and AOs had completed their required training. The other three areas noted above were also adequately covered in the manual. Subsequent revisions of the manual were completed in 2008, and again in October 2009. Each revision reiterated and, in some areas, strengthened the policy and procedures established in November 2006.

    Recommendation: To provide reasonable assurance that fraud, waste, and abuse related to DHS's purchase card program are minimized and that government assets acquired with purchase cards are controlled, the Secretary of DHS should implement changes to DHS's draft Purchase Card Manual to include policies and procedures addressing the four areas detailed below. After implementing the changes, the Purchase Card Manual should be finalized agencywide. In regards to training, DHS should establish policies and procedures that document that all cardholders have completed the appropriate training. The documentation should include the date of the training, a description of the training, and the name of the recipient of the training. In regards to independent receipt and acceptance, DHS should develop policies and procedures for the performance and documentation of independent receipt and acceptance attesting to the receipt of goods or the complete rendering of services. This documentation would be maintained along with other required documentation supporting each transaction. In regards to accountable property, DHS should develop policies and procedures to provide reasonable assurance that highly pilferable assets such as laptop computers, cell phones, personal digital assistants, memory storage devices, and other pilferable property acquired with a purchase card are entered into an accountable property system immediately after being received. Cardholders should be required to contact accountable property officers (or others acting in a similar capacity) before acquiring accountable property, or within a reasonable time thereafter, so that the property is properly bar coded and tracked in the property system. This should be completed prior to placement of the asset in service. The property system should include accurate information on the location of the asset, the individual responsible for the asset, the manufacturer's serial number, as well as the agency's unique identification code for the asset (e.g., a bar code). And finally, in regards to disciplinary or administrative actions, DHS should develop a range of potential disciplinary and administrative actions that may occur as a result of a cardholder or others failing to comply with the policies and procedures in the Purchase Card Manual.

    Agency Affected: Department of Homeland Security

  6. Status: Closed - Implemented

    Comments: DHS concurred with the recommendation concerning the monitoring and reviewing of open accounts and reported in December 2006 that it had closed out about 2,000 cards. Subsequently, DHS transitioned to the current purchase card reporting system, SmartPay2, and has continued to review all open accounts, closing those accounts that were no longer active or necessary. DHS currently uses several reports to continuously monitor and review all open accounts--an Account Activity Report that identifies accounts with no activity and an Account Renewal Report that identifies the "date last used" for each account. Both of these reports are generated in real time by the system and can be accessed at any time by the purchase card program coordinators for card reissuance and/or cancellation. These reports are accessed and reviewed at least monthly, but they can be reviewed more frequently to meet program needs.

    Recommendation: To provide reasonable assurance that fraud, waste, and abuse related to DHS's purchase card program are minimized and that government assets acquired with purchase cards are controlled, the Secretary of DHS should continuously monitor and review open accounts to provide reasonable assurance that only cardholders who have a documented need to acquire items for the government are issued a purchase card. Instances where cards have not been used for over a year should be analyzed to determine if a valid need for the card exists. If a valid need can not be established, the purchase card should be suspended or the account closed.

    Agency Affected: Department of Homeland Security

 

Explore the full database of GAO's Open Recommendations »

Dec 12, 2014

Dec 9, 2014

Nov 17, 2014

Nov 12, 2014

Nov 10, 2014

Nov 7, 2014

Nov 6, 2014

Looking for more? Browse all our products here