This is the accessible text file for GAO report number GAO-08-333 
entitled 'Governmentwide Purchase Cards: Actions Needed to Strengthen 
Internal Controls to Reduce Fraudulent, Improper, and Abusive 
Purchases' which was released on April 9, 2008. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Report to the Permanent Subcommittee on Investigations, Committee on 
Homeland Security and Governmental Affairs, U.S. Senate: 

United States Government Accountability Office: 

GAO: 

March 2008: 

Governmentwide Purchase Cards: 

Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, 
Improper, and Abusive Purchases: 

Governmentwide Purchase Cards: 

GAO-08-333: 

GAO Highlights: 

Highlights of GAO-08-333, a report to the Permanent Subcommittee on 
Investigations, Committee on Homeland Security and Governmental 
Affairs, U.S. Senate. 

Why GAO Did This Study: 

Over the past several years, GAO has issued numerous reports and 
testimonies on internal control breakdowns in certain individual 
agencies’ purchase card programs. In light of these findings, GAO was 
asked to analyze purchase card transactions governmentwide to (1) 
determine whether internal control weaknesses existed in the government 
purchase card program and (2) if so, identify examples of fraudulent, 
improper, and abusive activity. 

GAO used statistical sampling to systematically test internal controls 
and data mining procedures to identify fraudulent, improper, and 
abusive activity. GAO’s work was not designed to determine the overall 
extent of fraudulent, improper, or abusive transactions. 

What GAO Found: 

Internal control weaknesses in agency purchase card programs exposed 
the federal government to fraud, waste, abuse, and loss of assets. When 
testing internal controls, GAO asked agencies to provide documentation 
on selected transactions to prove that the purchase of goods or 
services had been properly authorized and that when the good or service 
was delivered, an individual other than the cardholder received and 
signed for it. Using a statistical sample of purchase card transactions 
from July 1, 2005, through June 30, 2006, GAO estimated that nearly 41 
percent of the transactions failed to meet either of these basic 
internal control standards. Using a second sample of transactions over 
$2,500, GAO found a similar failure rate—agencies could not demonstrate 
that 48 percent of these large purchases met the standard of proper 
authorization, independent receipt and acceptance, or both. 

Breakdowns in internal controls, including authorization and 
independent receipt and acceptance, resulted in numerous examples of 
fraudulent, improper, and abusive purchase card use. These examples 
included instances where cardholders used purchase cards to subscribe 
to Internet dating services, buy video iPods for personal use, and pay 
for lavish dinners that included top-shelf liquor. The table below 
shows some of the case studies GAO identified, including one case where 
a cardholder used the purchase card program to embezzle over $642,000 
over a period of 6 years from the Department of Agriculture’s Forest 
Service firefighting fund. This cardholder was sentenced to 21 months 
in prison and ordered to pay full restitution. 

Table: Fraudulent, Improper, and Abusive3 Purchases by Cardholders: 

Type of Purchase: Fraudulent; 
Agency: Department of Agriculture; 
Amount: $642,000; 
Activity: Cardholder used convenience checks to embezzle public funds 
for over 6 years. The $642,000 was used for personal expenditures, such 
as gambling, car and mortgage payments, and other retail purchases. 

Type of Purchase: Improper; 
Agency: Department of Energy; 
Amount: $112,300; 
Activity: Cardholder improperly used convenience checks—and 
consequently had to pay thousands in fees—for relocation services. 
Agency policy generally prohibits convenience checks above $3,000. 

Type of Purchase: Abusive; 
Agency: Department of Defense; 
Amount: $77,700; 
Activity: Four cardholders purchased expensive suits and accessories 
from Brooks Brothers and other high-end clothing stores to outfit 
several servicemembers. 

Source: GAO analysis of bank data and supporting documentation. 

[End of table] 

In addition, agencies were unable to locate 458 items of 1,058 total 
accountable and pilferable items totaling over $2.7 million that GAO 
selected for testing. These missing items, which GAO considered to be 
lost or stolen, totaled over $1.8 million and included computer 
servers, laptop computers, iPods, and digital cameras. For example, the 
Department of the Army could not adequately account for 256 items 
making up 16 server configurations, each of which cost nearly $100,000. 

What GAO Recommends: 

To reduce fraud, waste, and abuse governmentwide, GAO made 13 
recommendations to the Office of Management and Budget (OMB) and the 
General Services Administration (GSA) to instruct agencies to 
strengthen purchase card controls in the areas of convenience checks 
and property, and impose financial liability for unauthorized 
purchases, among other things. OMB agreed and GSA partially agreed. 
Although it manages the purchase card program, GSA did not agree that 
it had the authority to help agencies improve controls over independent 
receipt and acceptance or asset accountability—two areas where the use 
of purchase cards poses unique internal control challenges. 

To view the full product, including the scope and methodology, click on 
[hyperlink,http://www.gao.gov/cgi-bin/getrpt?GAO-08-333]. For more 
information, contact Gregory Kutz at (202) 512-6722 or kutzg@gao.gov. 

[End of section] 

Contents: 

Letter: 

Results in Brief: 

Background: 

Key Internal Controls Were Ineffective: 

Fraudulent and Potentially Fraudulent, Improper, and Abusive 
Transactions: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Prior GAO Purchase Card Audits: 

Appendix II: Objectives, Scope, and Methodology: 

Appendix III: Comments from the Office of Management and Budget: 

Appendix IV: Comments from the General Services Administration: 

Appendix IV: GAO Contact and Staff Acknowledgments: 

Tables: 

Table 1: Statistical Testing Results--All Purchase Card Activity over 
$50: 

Table 2: Comparison of Governmentwide Sampling Results to Previous 
Rates at Certain Individual Agencies and Locations: 

Table 3: Statistical Testing Results--Purchase Transactions over 
$2,500: 

Table 4: Fraudulent and Potentially Fraudulent Activity: 

Table 5: Examples of Improper and Abusive Purchases: 

Figures: 

Figure 1: Purchase Card Expenditures, Fiscal Years 1989 through 2006: 

Figure 2 Purchase Card Accounts, Fiscal Years 1989 through 2006: 

United States Government Accountability Office: 

Washington, DC 20548: 

March 14, 2008: 

The Honorable Carl Levin: 
Chairman: 
The Honorable Norm Coleman: 
Ranking Member: 
Permanent Subcommittee on Investigations: 
Committee on Homeland Security and Governmental Affairs: 
United States Senate: 

The serious fiscal challenges facing the federal government demand that 
agencies do everything they can to operate as efficiently as possible. 
The federal government spends billions annually through its purchase 
card programs, using purchase cards and convenience checks[Footnote 1] 
to acquire millions of items--everything from paper and pencils to 
computers--and to make payments on government contracts for a variety 
of goods and services, such as vehicles and relocation services. The 
primary responsibility for purchasing these items rests with 
cardholders and the officials who approve their purchases. Because of 
the position of public trust held by federal employees, Congress and 
the American people expect cardholders and approving officials to 
maintain stewardship over the federal funds at their disposal. 
Specifically, purchase cardholders and approving officials are expected 
to follow published acquisition requirements and exercise a standard of 
care in acquiring goods and services that is necessary and reasonable 
(i.e., not extravagant or excessive) for the proper operation of an 
agency. Because every federal dollar that is spent on fraudulent, 
improper, and abusive purchases is a dollar that cannot be used for 
necessary government goods and services, ensuring that purchase cards 
are used responsibly is of particular concern at a time when the United 
States is experiencing substantial fiscal challenges. 

Our previous work has shown that using the purchase card for small 
purchases has reduced administrative costs and increased the 
flexibility to meet a variety of government needs. If properly used, 
purchase cards can also help to fulfill other objectives, such as 
providing opportunities for small, disadvantaged businesses.[Footnote 
2] The Federal Acquisition Regulation (FAR) designates the purchase 
card as the preferred method for making micropurchases.[Footnote 3] At 
the time of our audit, a micropurchase was defined as any purchase 
under $2,500.[Footnote 4] In addition to making micropurchases, 
government purchase cards may also be used to make payments under 
established contracts. According to the General Services Administration 
(GSA), the purchase card program had substantially improved procurement 
efficiencies, which resulted in about $1.8 billion in annual savings, 
as compared to prior paper-based procurement processes. GSA also 
asserted that in fiscal year 2007, the five credit card banks provided 
government agencies with refunds exceeding $170 million[Footnote 5] 
from card activity. 

The purchase card program had brought substantial cost reduction to the 
federal procurement process. However, since calendar year 2001, we have 
testified and reported on the purchase card programs at a number of 
agencies, which demonstrated that if not properly managed and 
controlled, use of the purchase card results in fraud, waste, and abuse 
(see app. I for previous GAO reports). For example, in September 2006, 
we reported that weaknesses in the Department of Homeland Security's 
(DHS) purchase card program resulted in over 100 lost (and presumed 
stolen) laptop computers; unauthorized acquisition and excessive cost 
related to the purchase of 20 flat-bottom boats, 12 of which were 
missing; and thousands of meals ready-to-eat stored in a warehouse in 
El Paso, Texas, more than 7 months after they were purchased for DHS 
employees assisting with the response to hurricanes Katrina and 
Rita.[Footnote 6] 

In response to our findings of fraud, waste, and abuse at the 
Department of Defense (DOD), Congress enacted legislation specifically 
directed at improving the management of DOD's purchase card 
program.[Footnote 7] However, concerns remain over whether purchase 
card usage continues to expose the federal government to increased risk 
of fraud, waste, and abuse. Therefore, you asked us to (1) determine 
whether internal control weaknesses in the purchase card program 
existed governmentwide and (2) if so, identify specific examples of 
fraudulent, improper, and abusive activity.[Footnote 8] 

To identify control weaknesses and specific examples of fraudulent, 
improper, and abusive activity, we reviewed applicable federal laws and 
regulations related to the FAR and purchase card uses. We also 
identified and applied the internal control principles contained in 
Standards for Internal Control in the Federal Government,[Footnote 9] 
Audit Guide: Auditing and Investigating the Internal Control of 
Government Purchase Card Programs,[Footnote 10] and selected agencies' 
purchase card policies and procedures.[Footnote 11] We then obtained 
purchase card transaction data from the five banks that supplied 
purchase cards governmentwide. Using these data, we selected two 
probability (statistical) samples[Footnote 12] of purchase card 
activities--one covering the population of purchase card activity over 
$50 from July 1, 2005, through June 30, 2006, totaling almost $14 
billion, and a second sample covering acquisitions over the 
micropurchase threshold during the same time period. In our statistical 
samples, we included purchase card transactions from federal agencies 
that are required to follow the FAR, including executive departments, 
independent establishments, and wholly owned federal government 
corporations as defined by the United States Code.[Footnote 13] We 
refer to these entities as executive agencies. We excluded transactions 
from the legislative and judicial branches, entities under treaty with 
the United States, and federal agencies with specific authority over 
their own purchase card programs.[Footnote 14] We tested these samples 
for proper authorization and independent receipt and acceptance. Where 
the purchase involved the acquisition of accountable or highly 
pilferable items that can easily be converted to personal use, such as 
cameras, laptops, cell phones, and iPods, we performed work to verify 
that the government could account for or had possession of these 
items.[Footnote 15] 

To identify additional examples of fraudulent, improper, and abusive 
purchase card activity, we data mined purchase card transactions from 
July 1, 2005, through September 30, 2006. This period included an 
additional 3 months of data subsequent to the period included in our 
statistical samples. We data mined using a number of criteria, 
including identifying vendors of goods or services prohibited by the 
agency or likely to be for personal use, split purchases, year-end 
purchases, and pilferable and accountable property purchases, among 
others. We also data mined transactions from federal agencies that had 
been granted specific authority over their own purchase card programs, 
such as the U.S. Postal Service (USPS).[Footnote 16] For these 
transactions, we requested and reviewed supporting documentation 
provided by the agency and conducted investigative work. Where a data- 
mining transaction was related to the acquisition of accountable and 
pilferable property, we also performed work to verify that the 
government had possession of the purchased items. While we identified 
fraudulent, improper, and abusive transactions, our work was not 
designed to identify, and we cannot determine, the extent of fraud, 
waste, and abuse occurring in the population of governmentwide purchase 
card transactions. 

We conducted this performance audit from September 2006 through 
February 2008 in accordance with U.S. generally accepted government 
auditing standards. Those standards require that we plan and perform 
the audit to obtain sufficient, appropriate evidence to provide a 
reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We performed our investigative work in accordance with standards 
prescribed by the President's Council on Integrity and Efficiency. 
Appendix II provides further detail on our scope and methodology. 

Results in Brief: 

Internal control weaknesses in agency purchase card programs exposed 
the federal government to fraudulent, improper, and abusive purchases 
and loss of assets. Based on our statistical testing of all purchase 
card transactions, we estimated that 41 percent of the transactions 
were not properly authorized, or there was no evidence that the goods 
and services were received by an independent party (independent receipt 
and acceptance). For purchases exceeding the micropurchase threshold of 
$2,500, we estimated that 48 percent did not have proper authorization 
or independent receipt and acceptance. With respect to purchases over 
the micropurchase threshold, we also tested whether agency officials 
obtained the requisite number of bids or quotes prior to purchase, or 
showed evidence that competition was not required, as part of our test 
for proper authorization. Additionally, our inventory work on a 
nonrepresentative selection of assets found that control weaknesses 
over accountable property procured with the purchase card resulted in 
missing or stolen assets; some of these assets appeared to have been 
acquired for personal use. We also found that agencies could not 
provide evidence showing that they had possession of, or could 
otherwise account for, 458 of 1,058 accountable and pilferable items. 
The missing items were valued at over $1.8 million, out of over $2.7 
million tested. 

Overall, the results of this audit show that the governmentwide failure 
rate is unacceptably high. However, it is lower than the failure rates 
we have previously reported at certain individual agencies. For 
example, in 2002, we reported that the estimated failure rate for 
independent receipt and acceptance was 87 percent at one Department of 
the Army (Army) location,[Footnote 17] and in 2006, we estimated that 
63 percent of DHS purchase card transactions failed the same control 
test.[Footnote 18] In comparison, for this audit, we estimate that 34 
percent of governmentwide transactions did not have receipt and 
acceptance. Because prior audits had been restricted to individual 
agencies, we cannot state conclusively that the lower failure rate is 
attributable to improvements in internal controls governmentwide. 
However, some agencies with large purchase card activities, such as 
DOD, have implemented improved internal controls in response to our 
previous recommendations. The Office of Management and Budget (OMB) 
also increased scrutiny over the program, as evidenced by the issuance 
in 2005 of Appendix B of OMB Circular No. A-123, Improving the 
Management of the Government Charge Card Program, prescribing purchase 
card program guidance and requirements. 

Weak internal controls over proper authorization and independent 
receipt of purchase card acquisitions expose the government to 
fraudulent, improper, and abusive purchase card activity and loss of 
assets. Examples of fraudulent, improper, and abusive activity we 
identified through statistical sampling and data mining of purchase 
card transactions governmentwide[Footnote 19] included the following: 

* A postmaster at USPS used his government purchase card to 
fraudulently subscribe to two Internet dating services over 15 
consecutive months (April 2004 through October 2006). The monthly 
charges for these dating services were the only charges that appeared 
on the cardholder's monthly statements during this period; yet each of 
these charges was authorized and paid for by USPS. The cardholder paid 
restitution of over $1,100 but faced no disciplinary action for this 
fraud. 

* From October 2000 through September 2006, a cardholder at the 
Department of Agriculture (USDA) fraudulently paid over $642,000 to a 
live-in boyfriend who shared the same bank account as the cardholder. 
The $642,000 was used for personal expenditures, such as gambling, car 
loan and mortgage payments, and other retail purchases. The activities 
took place over a 6-year period, but were not detected by the agency 
until a whistleblower reported the cardholder to the agency's Office of 
Inspector General in 2006. The cardholder was sentenced to 21 months in 
prison and ordered to pay restitution of over $642,000. 

* One USDA cardholder used year-end funds to acquire a Toyota Sienna 
and a Toyota Land Cruiser totaling nearly $80,000. Although the 
purchases were made at the request of two Foreign Agricultural Service 
offices, the cardholder violated agency policy by failing to acquire a 
GSA waiver.[Footnote 20] The cardholder also used four convenience 
checks, purchasing the Toyota Sienna with one check and splitting the 
payment for the Land Cruiser into three separate checks because its 
purchase price exceeded the convenience checks' maximum purchase limit. 
Although documentation from USDA showed that the vehicles were shipped 
overseas to the units that requested them, we did not perform 
additional work to determine whether these vehicles represented a valid 
government need. 

* One cardholder at DHS improperly bypassed competitive requirements of 
the FAR to purchase three personal computers totaling over $8,000. In 
this instance, the person who requested the computers provided the 
purchase cardholder with the specifications and a request that the 
items be purchased from the requesting individual's preferred vendor. 
The cardholder did not apply due diligence by obtaining competitive 
quotes from additional vendors. Instead, the cardholder asked the 
requesting official to provide two "higher priced" quotes from 
additional vendors. In doing so, the cardholder circumvented the rules 
and obtained the items without competitive sourcing as required by the 
FAR. 

* USPS paid over $13,000 for 81[Footnote 21] conference attendees to 
dine at an upscale steak restaurant in Orlando, Florida, in 2006. The 
dinner, which cost over $160 per person, included steaks, crab, 
appetizers, and over $3,000 in alcoholic beverages purchased over a 5- 
hour period. We define this transaction as abusive. 

* At the National Aeronautics and Space Administration (NASA), a 
cardholder used the government purchase card to acquire two 60GB iPods. 
Although NASA officials maintained that the iPods were essential for 
official data storage, we found that the cardholder personalized the 
iPods with the requester's and agency's names and used the iPods to 
store songs and music videos. Although the iPods had some business 
files on them, we concluded that the purchase was abusive because other 
data storage devices without video and audio capabilities were 
available at lower costs. 

This report contains recommendations to OMB and GSA aimed at minimizing 
improper and abusive purchase card activities. Our recommendations 
address the need for OMB and GSA to provide guidance and instructions 
directing agencies to strengthen internal controls over the purchase 
card programs, including controls over convenience checks and 
accountable property acquired with the purchase card, and to impose 
liability for unauthorized purchases. Further, we discussed cases of 
potential fraud, waste, and abuse we identified in this report with 
respective agency management or inspector general offices for further 
actions, including, if warranted, repayment of the cost of improper 
purchase card use and disciplinary actions against those who have 
abused their purchase cards. 

In written comments on a draft of this report, OMB agreed and GSA 
partially agreed with our recommendations. GSA wholly or partially 
concurred with 4 recommendations, but disagreed with the majority of 
our recommendations. GSA stated that it was not within the scope of its 
authority to issue guidance and reminders encouraging agencies to 
document independent receipt and acceptance of items purchased with a 
government purchase card, and improving accountability over accountable 
and pilferable items purchased with government purchase cards, 
including sensitive and pilferable property. GSA stated that receipt 
and acceptance and property accountability are the responsibilities of 
the agencies, and that our recommendations should be modified to 
reflect this. GSA partially concurred with our recommendation that 
travelers be reminded to reduce per diem if a traveler is provided with 
government meals, stating that it would issue guidance in this matter, 
but arguing that the per diem issue was not specific to purchase cards. 
We disagree with GSA's assessments of its authority and reiterate 
support for our recommendations. We agree with GSA that the problems we 
identified with property accountability and receipt and acceptance go 
beyond the bounds of strictly purchase card issues. However, our work 
over the last several years has also identified substantial problems 
with property accountability and independent receipt and acceptance of 
goods and services bought with purchase cards; these problems are 
inherent to the flexibility provided by the purchase card program. The 
fact that governmentwide policies in these areas do not currently exist 
demonstrates that GSA needs to formulate guidance that is consistent 
and available to every agency. We believe that these recommendations 
are consistent with GSA's mandate as the overall manager for the 
purchase card program. As an agency with overall responsibility for the 
purchase card program, GSA should assume a proactive approach in 
identifying--and helping agencies address--challenges to agencies' 
internal control systems that have arisen partly as a result of 
purchase card use. As its response indicates, OMB is taking a proactive 
approach to purchase card management, and may be in a position to help 
GSA overcome the perceived lack of authority. See the Agency Comments 
and Our Evaluation section of this report for a more detailed 
discussion of the agency comments. We have reprinted the OMB and GSA 
written comments in appendixes III and IV, respectively. 

Background: 

GSA administers the federal government's SmartPay® purchase card 
program, which has been in existence since the late 1980s. The purchase 
card program was created as a way for agencies to streamline federal 
acquisition processes by providing a low-cost, efficient vehicle for 
obtaining goods and services directly from vendors. The purchase card 
can be used for simplified acquisitions, including micropurchases, as 
well as to place orders and make payments on contract activities. The 
FAR designated the purchase card as the preferred method of making 
micropurchases. In addition, part 13 of the FAR, "Simplified 
Acquisition Procedures," establishes criteria for using purchase cards 
to place orders and make payments. Figure 1 shows the dramatic increase 
in purchase card use since the inception of the SmartPay® program. 

Figure 1: Purchase Card Expenditures, Fiscal Years 1989 through 2006: 

This figure is a line graph showing purchase card expenditures, fiscal 
years 1989 through 2006. The X axis is the fiscal year, and the Y axis 
will be the dollars spent (in billions). 

Fiscal year: "1989"; 
Dollars spent: 0.009. 

Fiscal year: "1990"; 
Dollars spent: 0.068. 

Fiscal year: "1991"; 
Dollars spent: 0.168. 

Fiscal year: "1992"; 
Dollars spent: 0.307. 

Fiscal year: "1993"; 
Dollars spent: 0.538. 

Fiscal year: "1994"; 
Dollars spent: 0.922. 

Fiscal year: "1995"; 
Dollars spent: 1.59. 

Fiscal year: "1996"; 
Dollars spent: 2.97. 

Fiscal year: "1997"; 
Dollars spent: 4.95. 

Fiscal year: "1998"; 
Dollars spent: 7.95. 

Fiscal year: "1999"; 
Dollars spent: 10.2. 

Fiscal year: "2000"; 
Dollars spent: 12.3. 

Fiscal year: "2001"; 
Dollars spent: 13.8. 

Fiscal year: "2002"; 
Dollars spent: 15.2. 

Fiscal year: "2003"; 
Dollars spent: 16.2. 

Fiscal year: "2004"; 
Dollars spent: 17.08. 

Fiscal year: "2005"; 
Dollars spent: 17.43. 

Fiscal year: "2006"; 
Dollars spent: 17.76. 

[See PDF for image] 

Source: GSA. 

[End of figure] 

As shown in figure 1, during the 10-year period from fiscal year 1996 
through 2006, acquisitions made using purchase cards increased almost 
fivefold--from $3 billion in fiscal year 1996 to $17.7 billion in 
fiscal year 2006. Figure 2 provides further information on the number 
of purchase cardholder accounts. As shown, the number of purchase 
cardholder accounts peaked in 2000 at more than 670,000, but since then 
the number of purchase cardholder accounts has steadily decreased to 
around 300,000. 

Figure 2: Purchase Card Accounts, Fiscal Years 1989 through 2006: 

This figure is a line graph showing purchase card accounts, fiscal 
years 1989 through 2006. The X axis is the fiscal year, and the Y axis 
is the number of cardholders (in thousands). 
	
Fiscal year: "1989"; 
Number of cardholders: 10. 

Fiscal year: "1990"; 
Number of cardholders: 18. 

Fiscal year: "1991"; 
Number of cardholders: 30. 

Fiscal year: "1992"; 
Number of cardholders: 45. 

Fiscal year: "1993"; 
Number of cardholders: 75. 

Fiscal year: "1994"; 
Number of cardholders: 83. 

Fiscal year: "1995"; 
Number of cardholders: 130. 

Fiscal year: "1996"; 
Number of cardholders: 209. 

Fiscal year: "1997"; 
Number of cardholders: 265. 

Fiscal year: "1998"; 
Number of cardholders: 340. 

Fiscal year: "1999"; 
Number of cardholders: 517. 

Fiscal year: "2000"; 
Number of cardholders: 670. 

Fiscal year: "2001"; 
Number of cardholders: 406. 

Fiscal year: "2002"; 
Number of cardholders: 393. 

Fiscal year: "2003"; 
Number of cardholders: 327. 

Fiscal year: "2004"; 
Number of cardholders: 311. 

Fiscal year: "2005"; 
Number of cardholders: 301. 

Fiscal year: "2006"; 
Number of cardholders: 300. 

[See PDF for image] 

Source: GSA. 

[End of figure] 

As the contract administrator of the program, GSA contracts with five 
different commercial banks in order to provide purchase cards to 
federal employees. The five banks with purchase card contracts are (1) 
Bank of America, (2) Citibank, (3) Mellon Bank, (4) JPMorgan Chase, and 
(5) U.S. Bank.[Footnote 22] GSA also has created several tools, such as 
the Schedules Program, so that cardholders can take advantage of 
favorable pricing for goods and services. Oversight of the purchase 
card program is also the responsibility of OMB. OMB provides overall 
direction for governmentwide procurement policies, regulations, and 
procedures to promote economy, efficiency, and effectiveness in the 
acquisition processes. Specifically, in August 2005, OMB issued 
Appendix B to Circular No. A-123, Improving the Management of 
Government Charge Card Programs, that established minimum requirements 
and suggested best practices for government charge card programs. 

From July 1, 2005, through June 30, 2006, GSA reported that federal 
agencies purchased over $17 billion of goods and services using 
government purchase cards.[Footnote 23] Our analysis of transaction 
data provided by the five banks found that micropurchases represented 
97 percent of purchase card transactions and accounted for almost 57 
percent of the dollars expended. Using purchase cards for acquisitions 
and payments over the micropurchase limit of $2,500 represented about 3 
percent of purchase transactions and accounted for more than 44 percent 
of the dollars spent from July 1, 2005, through June 30, 2006. 

Key Internal Controls Were Ineffective: 

Internal control weaknesses in agency purchase card programs exposed 
the federal government to fraudulent, improper, and abusive purchases 
and loss of assets. Our statistical testing of two key transaction- 
level controls over purchase card transactions over $50 from July 1, 
2005, through June 30, 2006, found that both controls were ineffective. 
In aggregate, we estimated that 41 percent of purchase card 
transactions were not properly authorized or purchased goods or 
services were not properly received by an independent party 
(independent receipt and acceptance). We also estimated that 48 percent 
of purchases over the micropurchase threshold were either not properly 
authorized or independently received. Further, we found that agencies 
could not provide evidence that they had possession of, or could 
otherwise account for, 458 of 1,058 accountable and pilferable items. 

Overall Results of Transaction-Based Internal Control Testing: 

According to Standards for Internal Control in the Federal Government, 
internal control activities help ensure that management's directives 
are carried out. The control activities should be effective and 
efficient in accomplishing the agency's control objectives and should 
occur at all levels and functions of an agency. The controls include a 
wide range of activities, such as approvals, authorizations, 
verifications, reconciliations, performance reviews, and the production 
of records and documentation. 

For this audit, we tested those control activities that we considered 
to be key in creating a system that prevents and detects fraudulent, 
improper, and abusive purchase card activity. To this end, we tested 
whether (1) cardholders were properly authorized to make their 
purchases and (2) goods and services were independently received and 
accepted. As shown in table 1, we estimated that the overall failure 
rate for the attributes we tested was 41 percent, with failure rates of 
15 percent for authorization and 34 percent for receipt and acceptance. 

Table 1: Statistical Testing Results--All Purchase Card Activity over 
$50: 

Control activities: Appropriate authorization; 
Estimated percentage failure rate in key controls: 15; 
Ninety-five percent confidence interval: 8-23. 

Control activities: Independent receipt and acceptance; 
Estimated percentage failure rate in key controls: 34; 
Ninety-five percent confidence interval: 25-44. 

Control activities: Overall failure rate; 
Estimated percentage failure rate in key controls: 41; 
Ninety-five percent confidence interval: 31- 51. 

Source: GAO testing and statistical analysis of executive agencies' 
purchase card transactions and convenience checks provided by Bank of 
America, Citibank, JPMorgan Chase, Mellon Bank, and U.S. Bank. 

[End of table] 

Lack of proper authorization. As shown in table 1, 15 percent of all 
transactions failed proper authorization. According to Standards for 
Internal Control in the Federal Government, transactions and other 
significant events should be authorized and executed only by persons 
acting within the scope of their authority, as this is the principal 
means of assuring that only valid transactions to exchange, transfer, 
use, or commit resources and other events are initiated or entered 
into. To test authorization, we accepted as reasonable evidence various 
types of documentation,[Footnote 24] such as purchase requests or 
requisitions from a responsible official, e-mails, and other documents 
that identify an official government need, including blanket 
authorizations for routine purchases with subsequent review by an 
approving official. 

The lack of proper authorization occurred because (1) the cardholder 
failed to maintain sufficient documentation, (2) the agency's policy 
did not require authorization, or (3) the agency lacked the internal 
controls and management oversight to identify purchases that were not 
authorized--increasing the risk that agency cardholders will misuse the 
purchase card. Failure to require cardholders to obtain appropriate 
authorization and lack of management oversight increase the risk that 
fraudulent, improper, and other abusive activity will occur without 
detection. 

Lack of independent receipt and acceptance. As depicted in table 1, our 
statistical sampling of executive agency purchase card transactions 
also found that 34 percent of transactions failed independent receipt 
and acceptance, that is, goods or services ordered and charged to a 
government purchase card account were not received by someone other 
than the cardholder. According to Standards for Internal Control in the 
Federal Government, the key duties and responsibilities need to be 
divided or segregated among different people to reduce the risk of 
error or fraud. Segregating duties entails separating the 
responsibilities for authorizing transactions, processing and recording 
them, reviewing the transactions, and handling related assets. The 
standards further state that no one individual should control all key 
aspects of a transaction or event. 

As evidence of independent receipt and acceptance, we accepted any 
signature or initials of someone other than the cardholder on the sales 
invoice, packing slip, bill of lading, or any other shipping or 
receiving document. We found that lack of documented, independent 
receipt extended to all types of purchases, including pilferable items 
such as laptop computers. Independent receipt and acceptance helps 
provide assurance that purchased items are only acquired for legitimate 
government need and not for personal use. 

Historical Results of Transaction-Based Internal Control Testing: 

Although we did not test the same number of attributes as in previous 
audits of specific agencies' purchase card programs, for those 
attributes we tested, the estimated governmentwide failure rates shown 
in this report are lower than the failure rates we have previously 
reported for certain individual agencies. Table 2 provides failure 
rates from our prior work related to proper approval and independent 
receipt and acceptance for certain individual agencies. 

Table 2: Comparison of Governmentwide Sampling Results to Previous 
Rates at Certain Individual Agencies and Locations: 

Current report: Governmentwide; 
Report year: 2008; 
Estimated percentage failure rate in key control activities (point 
estimate[A]): Appropriate authorization: 15; 
Estimated percentage failure rate in key control activities (point 
estimate[A]): Independent receipt: 34. 

Prior reports: Department of Homeland Security; 
Report year: 2006; 
Estimated percentage failure rate in key control activities (point 
estimate[A]): Appropriate authorization: 45; 
Estimated percentage failure rate in key control activities (point 
estimate[A]): Independent receipt: 63. 

Prior reports: Department of the Air Force[B]; 
Report year: 2002; 
Estimated percentage failure rate in key control activities (point 
estimate[A]): Appropriate authorization: 69-87; 
Estimated percentage failure rate in key control activities (point 
estimate[A]): Independent receipt: 53- 68. 

Prior reports: Department of the Navy[C]; 
Report year: 2002; 
Estimated percentage failure rate in key control activities (point 
estimate[A]): Appropriate authorization: 80-98; 
Estimated percentage failure rate in key control activities (point 
estimate[A]): Independent receipt: 58- 67. 

Prior reports: Department of the Army[D]; 
Report year: 2002; 
Estimated percentage failure rate in key control activities (point 
estimate[A]): Appropriate authorization: 25-69; 
Estimated percentage failure rate in key control activities (point 
estimate[A]): Independent receipt: 55- 87. 

Source: GAO. 

[A] The numbers represent the point estimates based on statistical 
sample testing. All percentage estimates have margins of plus or minus 
14 percentage points or less. 

[B] The numbers represent the range from the highest to lowest point 
estimates at four Air Force locations. 

[C] The numbers represent the range from the highest to lowest point 
estimates at four Navy locations. 

[D] The numbers represent the range from the highest to lowest point 
estimates at five Army locations. 

[End of table] 

As shown, estimated failure rates for independent receipt and 
acceptance from previous audits were as high as 87 percent for one Army 
location (as reported in 2002) [Footnote 25] and, most recently, 63 
percent for DHS (as reported in 2006). In contrast, we are estimating a 
34 percent failure rate for this audit. Because prior audits have been 
restricted to individual agencies, we cannot state conclusively that 
the lower failure rate is attributable to improvements in internal 
controls governmentwide. However, some agencies with large purchase 
card programs, such as DOD, have implemented improved internal controls 
in response to our previous recommendations. Further, in 2005, OMB also 
issued Appendix B to Circular No. A-123[Footnote 26] prescribing 
purchase card program guidance and requirements. These changes are 
positive steps in improving internal controls over the purchase card 
program. 

Results of Transaction-Based Internal Control Testing Exceeding 
Micropurchase Limit: 

While only 3 percent of governmentwide purchase card transactions from 
July 1, 2005, through June 30, 2006, were purchases above the 
micropurchase threshold of $2,500, these transactions accounted for 44 
percent of the dollars spent during that period. Because of the large 
dollar amount associated with these transactions, and additional 
requirements related to authorization[Footnote 27] than are required 
for micropurchases, we drew a separate statistical sample to test 
controls over these larger purchases. Specifically, we tested (1) 
proper purchase authorization and (2) independent receipt and 
acceptance. As part of our test of proper purchase authorization, we 
looked for evidence that adequate competition was obtained. If 
competition was not obtained, we asked for supporting documentation 
showing that competition was not required, for example, that the 
purchase was acquired from sole-source vendors. 

We estimated that 48 percent of the purchase card transactions over the 
micropurchase threshold failed our attribute tests. As shown in table 
3, for 35 percent of purchases over the micropurchase threshold, 
cardholders failed to obtain proper authorization. Additionally, in 30 
percent of the transactions, cardholders failed to provide sufficient 
evidence of independent receipt of the goods or services. 

Table 3: Statistical Testing Results--Purchase Transactions over 
$2,500: 

Control activities: Appropriate authorization; 
Estimated percentage failure rate in key controls: 35; 
Ninety-five percent confidence interval: 26-45. 

Control activities: Independent receipt and acceptance; 
Estimated percentage failure rate in key controls: 30; 
Ninety-five percent confidence interval: 21-39. 

Control activities: Overall failure rate; 
Estimated percentage failure rate in key controls: 48; 
Ninety-five percent confidence interval: 38- 58. 

Source: GAO testing and statistical analysis of executive agency 
purchase card transactions and convenience checks provided by Bank of 
America, Citibank, JPMorgan Chase, Mellon Bank, and U.S. Bank. 

[End of table] 

Lack of proper authorization for purchases over the micropurchase 
limit. As table 3 indicates, 35 percent of purchases over the 
micropurchase limit were not properly authorized. To test for proper 
authorization, we looked for evidence of prior approval, such as a 
contract or other requisition document. For purchases above the 
micropurchase threshold, we also required evidence that the cardholder 
either solicited competition or provided reasonable evidence for 
deviation from this requirement, such as sole source justification. 

Of the 34 transactions that failed proper authorization, 10 
transactions lacked evidence of competition. For example, one Army 
cardholder purchased computer equipment totaling over $12,000 without 
obtaining and documenting price quotes from three vendors as required 
by the FAR. The purchase included computers costing over $4,000 each, 
expensive cameras that cost $1,000 each, and software and other 
accessories--items that are supplied by a large number of vendors. In 
another example of failed competition, one cardholder at DHS purchased 
three personal computers totaling over $8,000. The requesting official 
provided the purchase cardholder with the computers' specifications and 
a request that the item be purchased from the requesting official's 
preferred vendor. We found that the cardholder did not apply due 
diligence by obtaining competitive quotes from additional vendors. 
Instead, the cardholder asked the requesting official to provide two 
"higher priced" quotes from additional vendors in order to justify 
obtaining the computers from the requesting official's preferred 
source. In doing so, the cardholder circumvented the rules and obtained 
the items without competitive sourcing as required by the FAR. 

Lack of independent receipt and acceptance. As shown in table 3, we 
projected that 30 percent of the purchases above the micropurchase 
threshold did not have documented evidence that goods or services 
ordered and charged to a government purchase card account were received 
by someone other than the cardholder. 

Failure to Maintain Accountability over Physical Assets: 

Our testing[Footnote 28] of a nonrepresentative selection of 
accountable and pilferable property acquired with government purchase 
cards found that agencies failed to account for 458 of the 1,058 
accountable and pilferable property items we tested. The total value of 
the items was over $2.7 million, and the purchase amount of the missing 
items was over $1.8 million. We used a nonrepresentative selection 
methodology for testing accountable property because purchase card data 
did not always contain adequate detail to enable us to isolate property 
transactions for statistical testing. Because we were not able to take 
a statistical sample of these transactions, we were not able to project 
inventory failure rates for accountable and pilferable property. 
Similarly, because the scope of our work was restricted to purchase 
card acquisitions, we did not audit agencies' controls over accountable 
property acquired using other procurement methods. However, the extent 
of the missing property we are reporting on may not be restricted to 
items acquired with the government purchase cards, but may reflect 
control weaknesses in agencies' management of accountable property 
governmentwide. 

The lost or stolen items included computer servers, laptop computers, 
iPods, and digital cameras. Our prior reports have shown that weak 
controls over accountable property purchased with government purchase 
cards increases the risk that items will not be reported and accounted 
for in property management systems. We acknowledge agency officials' 
position that the purchase card program was designed to facilitate 
acquisition of goods and services, including property, and not 
specifically to maintain accountability over property. However, the 
sheer number of accountable property purchases made "over the counter" 
or directly from a vendor increases the risk that the accountable or 
pilferable property would not be reported to property managers for 
inclusion in the property tracking system. Unrecorded assets decrease 
the likelihood of detecting lost or stolen government property. In 
addition, if these items were used to store sensitive data, this 
information could be lost, stolen, or both without the knowledge of the 
government. Failure to properly account for pilferable and accountable 
property also increases the risk that agencies will purchase property 
they already own but cannot locate--further wasting tax dollars. 

Although each agency establishes its own threshold for recording and 
tracking accountable property, additional scrutiny is necessary for 
sensitive items (such as computers and related equipment) and items 
that are easily pilfered (such as cameras, iPods, and personal digital 
assistants (PDA)). Consequently, for this audit, we selected $350 as 
the threshold for our accountable property test. Standards for Internal 
Control in the Federal Government provides that an agency must 
establish physical control to secure and safeguard vulnerable assets. 
Examples include security for, and limited access to, assets such as 
cash, securities, inventories, and equipment, which might be vulnerable 
to risk of loss or unauthorized use. Failure to maintain accountability 
over property, including highly pilferable items, increases the risk of 
unauthorized use and lost and stolen property. 

Our accountable asset work consisted of identifying accountable and 
pilferable properties associated with transactions from both the 
statistical sample and data-mining transactions, requesting serial 
numbers from the agency and vendors, and obtaining evidence--such as a 
photograph provided by the agency--that the property was recorded, 
could be located, or both. In some instances, we obtained the 
photographs ourselves. We then evaluated each photograph to determine 
whether the photograph represented the accountable or pilferable item 
we selected for testing. Property items failed our physical property 
inventory tests for various reasons, including the following: 

* the agency could not locate the item upon request and reported the 
item as missing, 

* the agency failed to provide photographs, or: 

* the agency provided photographs of items where the serial numbers did 
not match the items purchased. 

In many instances, we found that agencies failed to provide evidence 
that the property was independently received or entered into the agency 
property book. Weak controls over accountable and pilferable property 
increase the risk that property will be lost or stolen and also 
increase the chance that the agency will purchase more of the same item 
because it is not aware that the item has already been purchased. The 
following descriptions further illustrate transactions that failed our 
property tests: 

* The Army could not properly account for 16 server configurations 
containing 256 items that it purchased for over $1.5 million dollars. 
Despite multiple inquiries, the Army provided photographs of only 1 
configuration out of 16, but did not provide serial numbers for that 
configuration to show that the photograph represented the items 
acquired as part of the transaction we selected for testing. Further, 
when we asked for inventory records as an acceptable alternative, the 
Army could not provide us evidence showing that it had possession of 
the 16 server configurations. 

* A Navy cardholder purchased general office supplies totaling over 
$900. As part of this purchase, the cardholder bought a Sony digital 
camera costing $400 and an iPod for $200. In supporting documentation 
provided, the Navy stated that the cardholder, approving official, and 
requester had no recollection of requesting or receiving the iPods. To 
find out whether these pilferable items could have been converted for 
personal use and effectively stolen, we asked the Navy to provide a 
photograph of the camera and iPod, including the serial number. 
However, the Navy informed us that the items were not reported on a 
property tracking system and therefore could not be located. 

Fraudulent and Potentially Fraudulent, Improper, and Abusive 
Transactions: 

We found numerous instances of fraud, waste, and abuse related to the 
purchase card program at dozens of agencies across the government. 
Internal control weaknesses in agency purchase card programs directly 
increase the risk of fraudulent, improper, and abusive transactions. 
For instance, the lack of controls over proper authorization increases 
an agency's risk that cardholders will improperly use the purchase 
card. As discussed in appendix II, our work was not designed to 
identify all instances of fraudulent, improper, and abusive government 
purchase card activity or estimate their full extent. Therefore, we did 
not determine and make no representations regarding the overall extent 
of fraudulent, improper, and abusive transactions governmentwide. The 
case studies identified in the tables that follow represent some of the 
examples that we found during our audit and investigation of the 
governmentwide purchase card program. 

Fraudulent and Potentially Fraudulent Activities: 

We found numerous examples of fraudulent and potentially fraudulent 
purchase card activities. For the purpose of this report, we define 
fraudulent transactions as those where a fraud case had been 
adjudicated or was undisputed or a purchase card account had been 
compromised. Potentially fraudulent transactions are those transactions 
where there is a high probability of fraud, but where sufficient 
evidence did not exist for us to determine that fraud had indeed 
occurred. As shown in table 4, these transactions included (1) 
acquisitions by cardholders that were unauthorized and intended for 
personal use and (2) purchases appropriately charged to the purchase 
card but involving potentially fraudulent activity that went undetected 
because of the lack of integration among the processes related to the 
purchase, such as travel claims or missing property. 

In a few instances, agencies have taken actions on the fraudulent and 
potentially fraudulent transactions we identified. For example, some 
agency officials properly followed policies and procedures and filed 
disputes with the bank against fraudulent purchases that appeared on 
the card, and subsequently obtained refunds. However, in the most 
egregious circumstances, such as repeated fraudulent activities by the 
cardholders, sometimes over several years, the agencies did not take 
actions until months after the fraudulent activity occurred, or after 
we selected the transactions and requested documentation from the 
agencies for the suspicious transactions. Table 4 illustrates instances 
where we found fraud, or indications of fraud, from our data mining and 
investigative work. 

Table 4: Fraudulent and Potentially Fraudulent Activity: 

Case: 1; 
Description of activity: Convenience checks; 
Fraudulent use; 
Vendor: None; 
Agency: Forest Service, USDA; 
Amount: $642,000; 
Additional facts: 
* During a 6-year period, the cardholder fraudulently wrote 
approximately 180 checks to an individual with whom the cardholder 
lived and shared a bank account. All transactions were undetected by 
the agency; 
* USDA's Office of Inspector General received a tip from a 
whistleblower that started the investigation leading to the 
cardholder's indictment in November 2006; 
* In June 2007, the cardholder pled guilty to embezzlement and tax 
fraud charges; 
* The cardholder was sentenced in November 2007 to 21 months 
imprisonment followed by 36 months of supervised release and was 
required to pay over $642,000 in restitution. 

Case: 2; 
Description of activity: Lost computer equipment; 
Potentially fraudulent transaction; 
Vendor: CompUSA; 
Agency: Navy; 
Amount: 2,200; 
Additional facts: 
* Cardholder purchased 19 pilferable items, including 2 LCD monitors, 5 
iPods, a laser jet printer, a PDA, and other computer accessories, 18 
of which are now lost and presumed stolen; 
* The cardholder is no longer with the Navy command; 
* The Navy could not provide documentation showing that the purchase 
was properly approved, that the requester received the items, or that 
the Navy had possession of 18 of the 19 items. 

Case: 3; 
Description of activity: Cosmetics; 
Compromised account; 
Vendor: Tina Nails, MAC; 
Agency: National Science Foundation; 
Amount: 1,800; 
Additional facts: 
* The government purchase card was used to transact over $1,800 in 
fraudulent purchases at a nail salon and women's accessory and 
specialty store; 
* After discovering the fraudulent charges, the cardholder properly 
disputed the charges and obtained a credit for the purchases; 
* The account was closed subsequent to the fraudulent activity. 

Case: 4; 
Description of activity: Internet dating services; 
Fraudulent card use; 
Vendor: Various online dating services and pornographic sites; 
Agency: USPS; 
Amount: 1,100; 
Additional facts: 
* Over a 15-month period, a postmaster used the government purchase 
card to subscribe to two Internet dating services; 
* The cardholder also used a government computer to access pornographic 
sites; 
* The dating service charges were the only charges on this card during 
our audit period, yet the activity went unnoticed by the agency for 
over 1 year; 
* The USPS Office of Inspector General conducted an investigation and 
issued a demand letter, and the cardholder paid restitution in full. 

Case: 5; 
Description of activity: Airline ticket; 
Fraudulent charge; 
Vendor: Malev Hungarian Airlines; 
Agency: Department of State; 
Amount: 890; 
Additional facts: 
* In supporting documentation provided to GAO, embassy officials stated 
that the airfare was fraudulently charged to the cardholder's account; 
* However, embassy officials could not provide evidence that the 
cardholder disputed the charge and that a credit was received; 
* An embassy official also stated that purchase reviews and approvals 
were not performed on a consistent basis during the time of the charge; 
* During the same period, the cardholder disputed and obtained credits 
for over $9,000 in other fraudulent charges; 
* The cardholder did not close the account until August 2006, when a 
second string of fraud occurred on this account. 

Case: 6; 
Description of activity: Multiple goods and services; 
Fraudulent charges; 
Vendor: Various vendors; 
Agency: Department of State; 
Amount: 735; 
Additional facts: 
* Fraudulent charges appeared on the account, including for vendors 
such as Match.com, Old Navy-online, and AIPTEK (a camera and other 
electronic equipment manufacturer); 
* Upon discovery of the fraudulent charges, the cardholder 
appropriately followed agency procedures and contacted the purchase 
card bank, which closed the account. 

Case: 7; 
Description of activity: Per diem; 
Potentially fraudulent claim; 
Vendor: Ritz Carlton Hotel; 
Agency: GSA; 
Amount: 380; 
Additional facts: 
* GSA purchased continental breakfasts for 18 conference attendees for 
3 days; 
* Sixteen of the 18 conference attendees claimed reimbursement for the 
breakfasts, which were provided by the government. Effectively, GSA 
paid for these meals twice; 
* Although the cardholder was authorized to purchase conference meals 
with the purchase card, the travelers submitted potentially fraudulent 
claim of $380--the amount that should have been deducted from the 
travelers' per diem; 
* In agency comments, GSA disagreed that continental breakfasts 
constituted full breakfasts, even when it paid $23 per person per day 
for this meal. Consequently, GSA plans to consult with other members of 
the travel community to decide on the treatment of continental 
breakfasts. 

Case: 8; 
Description of activity: Meals; 
Potentially fraudulent charges; 
Vendor: Grape and Wine Conference; 
Agency: Alcohol and Tobacco Tax and Trade Bureau, Department of the 
Treasury; 
Amount: 280; 
Additional facts: 
* In 2004 and again in 2006, the cardholder used the government card to 
purchase meals at two different conferences; 
* Although the cardholder did not claim reimbursement for the meals, 
the amounts he inappropriately charged to his purchase card well 
exceeded authorized meals and incidental expense amounts; 
* The agency did not discover these unauthorized purchases until a 
fiscal year 2006 audit review; 
* The cardholder repaid the agency in February 2007, over 2 years after 
the first unauthorized--and potentially fraudulent-- purchase; 
* The cardholder received a written counseling letter and voluntarily 
turned in his purchase card, and the account was closed. 

Case: 9; 
Description of activity: Per diem; 
Potentially fraudulent claim; 
Vendor: Radisson Hotel; 
Agency: GSA; 
Amount: 150; 
Additional facts: 
* Five conference participants claimed reimbursement for meals that 
were provided by the government; 
* The cardholder was authorized to purchase conference meals with the 
purchase card; however, the traveler claimed full per diem for a dinner 
meal that had already been paid for with the purchase card. 

Case: 10; 
Description of activity: Internet dating; 
Compromised accounts; 
Vendor: Match.com; 
Agency: Army; 
Amount: 83; 
Additional facts: 
* Fraudulent charges appeared on the account in August 2005 for an 
Internet dating Web service; 
* The cardholder properly disputed the charge and obtained a credit in 
September 2005; 
* However, the account was still open as of September 2006, even though 
the standard practice in a case of fraudulent use of a card would be to 
close the account; the cardholder was still using the account a year 
later. 

Source: GAO analysis, investigation, and review of purchase card data 
and supporting documentation. 

[End of table] 

The following text further describes three of the fraudulent cases from 
table 4: 

* Case 1 involves a cardholder who embezzled over $642,000 from the 
Forest Service's national fire suppression budget from October 10, 
2000, through September 28, 2006. This cardholder, a purchasing agent 
and agency purchase card program coordinator, wrote approximately 180 
checks to a live-in boyfriend with whom the cardholder shared a bank 
account. Proceeds from the checks were used for personal expenditures, 
such as gambling, car and mortgage payments, dinners, and retail 
purchases. Although the activities occurred repeatedly over a 6-year 
period, the embezzled funds were undetected by the agency until USDA's 
Office of Inspector General received a tip from a whistleblower in 
2006. In June 2007, the cardholder pled guilty to one count of 
embezzlement and one count of tax fraud. As part of the plea agreement, 
the cardholder agreed to pay restitution of $642,000. Further, in 
November 2007, the cardholder was sentenced to 21 months imprisonment 
followed by 36 months supervised release. 

* Case 2 involves a potential theft of government property. A Navy 
cardholder purchased 19 pilferable items totaling $2,200 from CompUSA 
without proper authorization or subsequent review of the purchase 
transaction. After extensive searches, the Navy provided evidence that 
only 1 of the 19 items listed on the invoice--an HP LaserJet printer 
purchased for $150--was found. Other items that were lost or stolen 
included five iPods; a PDA; iPod travel chargers, adapters, flash 
drives, leather accessories, and two 17-inch LCD monitors--all highly 
pilferable property that can be easily diverted for personal use. 
According to officials from the Navy, at the time of the purchase, the 
command did not have a requirement for tracking highly pilferable 
items. Additionally, all members involved in the transaction had since 
transferred and the agency did not have the capability to track where 
the items might have gone. Navy officials also informed us that the 
command issued a new policy requiring that pilferable items be tracked. 

* Case 4 involves a USPS postmaster who fraudulently used the 
government purchase card for personal gain. Specifically, from April 
2004, through October 2006, the cardholder made more than 15 
unauthorized charges from various online dating services totaling more 
than $1,100. These were the only purchases made by this cardholder 
during our audit period, yet the cardholder's approving official did 
not detect any of the fraudulent credit card activity. According to 
USPS officials, this person was also under an internal administrative 
investigation for viewing pornography on a government computer. Based 
on the administrative review, the cardholder was removed from his 
position in November 2006 after working out an agreement with USPS in 
which he was authorized to remain on sick leave until his retirement 
date in May 2007. In April the USPS Office of Inspector General issued 
a demand letter and recovered the fraudulent Internet dating service 
charges. 

Improper and Abusive Purchases: 

Our data mining identified numerous examples of improper and abusive 
transactions. Improper transactions are those purchases that although 
intended for government use, are not permitted by law, regulation, or 
government/agency policy. Examples we found included (1) purchases that 
were prohibited or otherwise not authorized by federal law, regulation, 
or government/agency policy[Footnote 29] and (2) split purchases made 
to circumvent the cardholder single-purchase limit or to avoid the need 
to obtain competition on purchases over the $2,500 micropurchase 
threshold.[Footnote 30] Abusive purchases are those where the conduct 
of a government organization, program, activity, or function fell short 
of societal expectations of prudent behavior. We found examples of 
abusive purchases where the cardholder (1) purchased goods or services 
at an excessive cost (e.g., gold plated) or (2) purchased an item for 
which government need was questionable. Table 5 identifies examples of 
improper and abusive purchases. 

Table 5: Examples of Improper and Abusive Purchases: 

Case: 1; 
Description of activity: Tire store; 
Multiple improper charges for unnecessary services; 
Agency: Forest Service, USDA; 
Total amount: $115,000; 
Additional facts: 
* From July 2005 to March 2006, the subcontractor Superior 24 Hour 
charged a USDA purchase card account 91 times for work performed to 
install new tires on USDA vehicles; 
* Our review of supporting documentation provided by the agency showed 
that the charges in 2006 were not authorized. Further, USDA could not 
validate whether the transactions in 2005 were authorized; 
* Neither the cardholder nor the approving official discovered the 
improper charges until March 2006, 9 months after the subcontractor 
first charged the account; 
* Because bank policy requires that unauthorized charges be disputed 
within 60 days of their occurrence, the cardholder could only recover 
$39,000 of the unauthorized charges through the dispute process. 

Case: 2; 
Description of activity: Toyota dealer; 
Violation of policy; 
Improper use of convenience checks; 
Split purchase; 
Excessive; 
Agency: Foreign Agricultural Service (FAS), USDA; 
Total amount: 80,000; 
Additional facts: 
* At the request of two FAS offices, the cardholder purchased a Land 
Cruiser and a Toyota Sienna at the end of the fiscal year directly from 
a Toyota dealer, without obtaining the required waiver from GSA; 
* The cardholder circumvented agency policy, split the purchase of the 
Land Cruiser by writing three convenience checks, and used year-end 
funds; 
* As a result of the use of convenience checks, USDA had to pay 
convenience check fees of over $1,000. 

Case: 3; 
Description of activity: Various clothing and sporting goods stores; 
Improper use of credit card; 
Agency: DOD; 
Total amount: 77,700; 
Additional facts: 
* During fiscal year 2006, four cardholders purchased clothing and 
accessories for servicemembers, including expensive clothing totaling 
over $45,000 from high-end vendors, for example, Brooks Brothers, 
Talbot's, and Johnston Murphy; 
* The cost of suits and accessories at Brooks Brothers totaled $2,300 
per individual; 
* The four cardholders also purchased over $32,000 at other clothing 
and "outfitting" establishments. 

Case: 4; 
Description of activity: Relocation services; 
Violation of agency policy; 
Agency: Department of Energy (DOE); 
Total amount: 60,000; 
52,000; 
Additional facts: 
* One cardholder paid relocation services for two employees totaling 
over $110,000 with convenience checks, thus violating agency policy; 
* DOE purchase card policy limits convenience checks to amounts no 
greater than $3,000, except in emergency situations when the purchase 
card program coordinator may approve a check up to $10,000; 
* According to DOE officials, the agency no longer uses convenience 
checks to pay for relocation services. 

Case: 5; 
Description of activity: Automatic teller machines; 
Improper cash advances; 
Agency: Department of the Interior (DOI); 
Total amount: 24,300; 
Additional facts: 
* From July 2005 through September 2006, the cardholder obtained over 
$24,000 for personal gain by taking over 100 cash advances.[A]; 
* The cardholder resigned rather than face disciplinary action, and the 
vendor bank is holding the cardholder liable for repaying the improper 
advances. 

Case: 6; 
Description of activity: Multiple merchants; 
Web-based awards system inconsistent with published agency policy[B]; 
Agency: USPS; 
Total amount: 15,700; 
Additional facts: 
* USPS purchased noncash award items--some costing over $600--including 
briefcases, music systems, 30 GB iPods, and iPod docking stations; 
* The USPS Employment and Labor Relations Manual (ELM) 18, subchapter 
470, specifies that noncash awards should not exceed $50; 
* USPS officials maintain that their internal Web-based awards system 
allows for noncash awards up to $3,000, which is inconsistent with the 
published ELM policy; 
* According to USPS officials, a January 2006 memo overrode the ELM and 
allowed for noncash awards over $50; 
* We found that although the internally issued memo addressed income 
tax consequence of awards, the memo did not specifically state that it 
was meant to supersede the ELM, address the inconsistency in policy, or 
establish a noncash awards threshold; 
* USPS officials informed us that a correction of its award policy is 
currently under way to address the inconsistencies described above. 

Case: 7; 
Description of activity: Ruth's Chris Steakhouse; 
Excessive cost; Agency: USPS; 
Total amount: 13,500; 
Additional facts: 
* The cardholders charged dinner for 81 individuals at more than $160 
per person; 
* Dinner included steaks, crab, and alcohol charged over a 5- hour 
period. 

Case: 8; 
Description of activity: Ritz Carlton; 
Excessive cost; 
Agency: Federal Bureau of Investigation, Department of Justice; 
Total amount: 11,000; 
Additional facts: 
* A cardholder charged coffee and "light" refreshments for 50 to 70 
conference attendees for 4 days averaging about $50 per day per person; 
* The total bill was just over $15,000; 
* Seventy percent of the total conference billing was for food and 
beverages, while audio visual and other support service requirements 
for this event totaled only about $4,000, or the other 30 percent of 
the charges. 

Case: 9; 
Description of activity: Apple Computer; 
Questionable government need; 
Agency: NASA; 
Total amount: 800; 
Additional facts: 
* NASA cardholder purchased two 60GB iPods at the request of his 
supervisor; 
* Although NASA officials told us that the iPods were purchased to 
store official information, our investigation found that the supervisor 
also stored personal photos, songs, and videos on the iPods; 
* Both iPods were also engraved with the supervisor's name and NASA 
center. 

Case: 10; 
Description of activity: Seduccion Boutique; 
Questionable government need; 
Agency: Department of State; 
Total amount: 360; 
Additional facts: 
* Cardholder purchased women's underwear/lingerie for use during jungle 
training by trainees of a drug enforcement program in Ecuador; 
* A Department of State official agreed that the charge was 
questionable and stated that he would not have approved this purchase; 

* This official did not have jurisdiction over this purchase card 
account, yet is a program coordinator for a similar account at the same 
post. 

Source: GAO analysis and review of governmentwide purchase card 
transactions and supporting documentation. 

[A] DOI uses an integrated card, which is a combination purchase, 
travel, and fleet card. 

[B] USPS does not consider these inconsistencies a violation of its 
policy, 

[End of table] 

The following text further describes four of the cases in table 5: 

* Case 2 relates to a cardholder who is a 20-year veteran at FAS, a 
unit within USDA. At the end of fiscal year 2006, the cardholder 
purchased two vehicles--a Toyota Land Cruiser and Toyota Sienna--on two 
separate days for two separate USDA offices overseas. Although the 
vehicles appeared to have been shipped overseas for a legitimate 
government need, our investigative work found that these purchases were 
made in violation of USDA purchase card policies and with the implicit 
agreement by FAS policyholders as follows: 

- According to written communications at FAS, the requester for one of 
the cars had a "large chunk of money that needed to be used before the 
end of the fiscal year (2006)." The requester requested that the 
vehicle be purchased in the United States, and then shipped overseas 
because it was not possible to finalize the purchase during fiscal year 
2006 if the agency was to purchase the vehicle in the country where the 
office was located. 

- The cardholder stated that he wrote three checks (two at $25,000 each 
and a third at $7,811) to purchase the Land Cruiser because the checks 
have a $25,000 limit printed on them. The convenience check fee on the 
three checks was over $1,000. 

- Pursuant to our investigation, the cardholder informed his supervisor 
that he intentionally violated agency policy, which requires that 
vehicles be acquired through the GSA unless a waiver is obtained. The 
cardholder stated that he disagreed with USDA policy requiring GSA 
involvement in car acquisition because it was too cumbersome and that 
USDA needed to issue new policies. 

- We reviewed supporting documentation showing that the vehicles were 
shipped overseas to the units that purchased them, but we did not 
perform work to determine whether the year-end purchase was necessary. 

- Agency management did not take action when they were made aware of 
the cardholder's significant violation of agency policy. 

* In case 3, four DOD cardholders purchased over $77,000 in clothing 
and accessories at high-end clothing and other sporting goods stores, 
including over $45,000 at high-end retailers such as Brooks Brothers. 
The Brooks Brothers invoices showed that the cardholders paid about 
$2,300 per person for a number of servicemembers for tailor-made suits 
and accessories--$7,000 of which were purchased a week before 
Christmas. According to the purchase card holder, DOD purchased these 
items to provide servicemembers working at American embassies with 
civilian attire. While the Department of Defense Financial Management 
Regulation authorizes a "civilian clothing allowance" when 
servicemembers are directed to dress in civilian clothing when 
performing official duty, the purchase card transactions made by these 
individuals are far greater than the maximum allowable initial civilian 
clothing allowance of $860 per person. 

* Case 7 relates to the $13,500 that USPS spent on food at the National 
Postal Forum in Orlando, Florida, in 2006. For this occasion, USPS paid 
for 81 dinners averaging over $160 per person[Footnote 31] for 
customers of the Postal Customer Council[Footnote 32] at an upscale 
steak restaurant. Further, USPS paid for over 200 appetizers and over 
$3,000 of alcohol, including more than 40 bottles of wine costing more 
than $50 each and brand-name liquor such as Courvoisier, Belvedere, and 
Johnny Walker Gold. 

* In case 9, a NASA cardholder purchased two 60GB iPods for official 
data storage. During the course of our audit, we found that the iPods 
were used for personal use, such as to store personal photos, songs, 
and video clips. Further, we question the federal government's need to 
purchase iPods for data storage when other data storage devices without 
audio and video capabilities were available at lower cost. 

Conclusions: 

The purchase card continues to be an effective tool that helps agencies 
reduce transaction costs for small purchases and provides flexibility 
in making acquisitions. While the overall failure rates associated with 
governmentwide purchase card transactions have improved in comparison 
to previous failure rates at specific agencies, breakdowns in internal 
controls over the use of purchase cards leave the government highly 
vulnerable to fraud, waste, and abuse. Problems continue to exist in 
the area of authorization of transactions, receipt and acceptance, and 
accountability of property bought with purchase cards. This audit 
demonstrates that continued vigilance over purchase card use is 
necessary if agencies are to realize the full potential of the benefits 
provided by purchase cards. 

Recommendations for Executive Action: 

We are making the following 13 recommendations to improve internal 
control over the government purchase card program and to strengthen 
monitoring and oversight of purchase cards as part of an overall effort 
to reduce instances of fraudulent, improper, and abusive purchase card 
activity. 

We recommend that the Director of OMB: 

* Issue a memorandum reminding agencies that internal controls over 
purchase card activities, as detailed in Appendix B of OMB Circular No. 
A-123, extend to the use of convenience checks. 

* Issue a memorandum to agency heads requesting the following: 

- Cardholders, approving officials, or both reimburse the government 
for any unauthorized or erroneous purchase card transactions that were 
not disputed. 

- When an official directs a cardholder to purchase a personal item for 
that official, and management later determines that the purchase was 
improper, the official who requested the item should reimburse the 
government for the cost of the improper item. 

Consistent with the goals of the purchase card program, to streamline 
the acquisition process, we recommend that the Administrator of GSA, in 
consultation with the Department of the Treasury's Financial Management 
Service:[Footnote 33] 

* Provide agencies guidance on how cardholders can document independent 
receipt and acceptance of items obtained with a purchase card. The 
guidelines should encourage agencies to: 

- identify a de minimis amount, types of purchases that do not require 
documenting independent receipt and acceptance, or both and: 

- indicate that the approving official or supervisor took the necessary 
steps to ensure that items purchased were actually received. 

* Provide agencies guidance regarding what should be considered 
sensitive and pilferable property. Because purchase cards are 
frequently used to obtain sensitive and pilferable property, remind 
agencies that computers, palm pilots, digital cameras, fax machines, 
printers and copiers, iPods, and so forth are sensitive and pilferable 
property that can easily be converted to personal use. 

* Instruct agencies to remind government travelers that when they 
receive government-paid-for meals at conferences or other events, they 
must reduce the per diem claimed on their travel vouchers by the 
specified amount that GSA allocates for the provided meal. 

* Provide written guidance or reminders to agencies: 

- That cardholders need to obtain prior approval or subsequent review 
of purchase activity for purchase transactions that are under the 
micropurchase threshold. 

- That property accountability controls need to be maintained for 
pilferable property, including those items obtained with a purchase 
card. 

- That cardholders need to timely notify the property accountability 
officer of pilferable property obtained with the purchase card. 

- That property accountability officers need to promptly record, in 
agency property systems, sensitive and pilferable property that is 
obtained with a purchase card. 

- That, consistent with the guidance on third-party drafts in the 
Department of the Treasury's Treasury Financial Manual, volume 5, 
chapter 4-3000, convenience checks issued on the purchase card accounts 
should be minimized, and that convenience checks are only to be used 
when (1) a vendor does not accept the purchase cards, (2) no other 
vendor that can provide the goods or services can reasonably be 
located, and (3) it is not practical to pay for the item using the 
traditional procurement method. 

- That convenience check privileges of cardholders who improperly use 
convenience checks be canceled. 

Agency Comments and Our Evaluation: 

We received written comments on a draft of this report from the Acting 
Controller of OMB (see app. III) and the Administrator of GSA (see app. 
IV). 

Response from OMB and Our Evaluation: 

In response to a draft of our report, OMB agreed with all three 
recommendations. OMB agreed that the efficiencies of the purchase card 
program are not fully realized unless federal agencies implement strong 
and effective controls to prevent purchase card waste, fraud, and 
abuse. To that end, OMB noted that it had proactively designated 
government charge card management as a major focus area under Appendix 
B of Circular No. A-123, Improving the Management of Government Charge 
Card Programs. With respect to the recommendations contained in this 
report, OMB is proposing to issue further guidance reminding agencies 
that Appendix B extends to convenience checks as well as government 
charge cards, and that agency personnel have financial responsibility 
with regard to unauthorized and erroneous purchase card transactions. 

Response from GSA and Our Evaluation: 

While GSA wholly or partially concurred with four recommendations, GSA 
generally disagreed with the majority of our recommendations. 
Specifically, GSA stated that it was not within the scope of its 
authority to issue guidance to agencies with respect to asset 
accountability and receipt and acceptance of items purchased with 
government purchase cards, as these are not strictly purchase card 
issues. Further, GSA stated that there are more effective ways to deal 
with purchase card misuse or abuse than issuing "redundant" policy 
reminders or guidance. It also took exception to our testing 
methodology. We agree with GSA that the problems we identified with 
property accountability and receipt and acceptance go beyond the bounds 
of strictly purchase card issues. However, our work over the last 
several years has consistently shown substantial problems with property 
accountability and independent receipt and acceptance of goods and 
services, problems that arose because of the flexibility provided by 
the purchase card program.[Footnote 34] We do not believe that our 
recommendations related to policy guidance and reminders to strengthen 
internal controls are redundant--our previous recommendations in this 
area had been targeted at specific agencies we audited. With respect to 
governmentwide purchase card issues, GSA's role as the purchase card 
program manager puts it in a unique position to identify challenges to 
agency internal control systems and assist agencies with improving 
their internal controls governmentwide. We are encouraged by OMB's 
support for aggressive and effective controls over purchase cards, and 
believe that GSA can seek OMB support to overcome the perceived lack of 
authority. We believe that GSA has a number of tools already at its 
disposal, such as online training and annual conferences, where GSA 
could easily remind cardholders and approving officials to pay 
particular attention to governmentwide issues, including asset 
accountability and independent receipt and acceptance of goods and 
services identified in this report. We also reiterate support for our 
testing methodology, which included systematic testing of key internal 
controls through statistical sampling. The following contains more 
detailed information on GSA's comments, along with our response. 

GSA concurred with 3 of 10 recommendations. Specifically, GSA concurred 
with 2 recommendations to improve controls over convenience checks and 
1 recommendation related to approval of purchases below the 
micropurchase threshold. Specifically, GSA agreed to provide written 
guidance to agencies that convenience check use should be minimized, 
and that improper use of convenience checks would result in 
cancellation of convenience check privileges. As part of its 
concurrence, GSA provided that it is not practical to strictly prohibit 
the use of convenience checks given the unique nature of some suppliers 
or services acquired by agencies and vendor refusal to accept purchase 
cards. It was not our intent to completely eliminate the use of 
convenience checks. As such, we clarified our recommendation to require 
only that the cardholder make a "reasonable"--not absolute--effort to 
locate other vendors that can provide the same goods and services and 
that accept the purchase card prior to using convenience check. The 
requested revision is consistent with our intent and therefore we have 
made the necessary change to our recommendations. With respect to the 
third recommendation related to approval of micropurchases, GSA agreed 
that cardholders need to obtain prior approval or subsequent review of 
purchase card activity for purchase transactions that are under the 
micropurchase threshold. However, GSA believed that OMB needed to take 
the lead and incorporate this change in its Circular No. A-123. GSA 
offered to help OMB revise Circular No. A-123 in this regard. 

GSA stated that it partially concurred with our recommendation to 
remind travelers to reduce the per diem claims on their travel vouchers 
when meals are provided by the government. However, based on its 
response, it appears that GSA substantially agrees with our 
recommendation, and that the GSA Office of Governmentwide Policy will 
issue this guidance. In actuality, GSA concurred with our 
recommendation but disagreed that this was a purchase card issue. 
Further, GSA took exception as to whether the requirement to deduct per 
diem applies to continental breakfasts, stating that continental 
breakfasts did not constitute "full breakfasts." Thus, GSA stated that 
it needs to convene stakeholders in the GSA travel policy community to 
consider whether the requirement for deducting per diem should be 
applied to continental breakfasts. We disagree with this assessment. If 
the costs of the continental breakfasts were in fact not significant, 
we would not have reported on this finding; however, the basis of our 
recommendation rests primarily on the fact that GSA itself paid for 
continental breakfasts costing $23 per person, which was greater than 
the portion of government per diem established by GSA for breakfast in 
any city in the United States. GSA then proceeded to reimburse the same 
employees the breakfast portion of per diem--in effect paying twice for 
breakfasts. We disagree with GSA that this is an appropriate treatment 
of continental breakfast, as it implies that it is appropriate for 
taxpayers to pay twice for a government traveler's meal. Consequently, 
we reiterate the need for GSA to promote prudent management of 
taxpayer's money, and our support for requiring travelers to reduce 
their per diem if they took advantage of the continental breakfasts 
provided. 

GSA disagreed with all of our recommendations related to receipt and 
acceptance and controls over accountable and pilferable property. GSA 
stated that these issues were not within the purview of the GSA 
SmartPay® program or the scope of GSA SmartPay® contracts. Further, GSA 
stated that other approaches would be more effective at addressing 
purchase card abuse and misuse than issuing "redundant" policy guidance 
and reminders. With respect to receipt and acceptance, GSA stated that 
it did not have the authority to encourage agencies to identify a de 
minimis amount, types of items that do not require receipt and 
acceptance, or both, or to determine how approving officials should 
document receipt and acceptance. With respect to accountable property, 
GSA did not believe that it should provide reminders to agencies that 
computers and similar items are sensitive and pilferable property that 
can easily be converted to personal use. GSA argued that what 
constitutes sensitive and pilferable property is defined by agencies 
and is not within its purview. GSA also believes that it does not have 
authority to remind cardholders to maintain accountability of, and 
notify property managers when, pilferable property is acquired with 
purchase cards. Finally, GSA does not believe that it can issue 
reminders to property managers to record, in a timely manner, 
pilferable property acquired with purchase cards in their property 
management systems. GSA suggested we modify these recommendations 
accordingly. 

With respect to receipt and acceptance, we agree that GSA alone should 
not issue guidance concerning agencies' internal controls over purchase 
cards and related payment process. We reiterate that we did not ask GSA 
to take actions in isolation--instead, we recommended that GSA work 
with the Department of the Treasury's Financial Management Service to 
provide guidance on improving internal controls while at the same time 
streamlining the acquisition process. After all, streamlining the 
acquisition process is a key objective of the purchase card program. We 
believe this could be achieved, in part, by requiring independent 
receipt and acceptance only for items above a de minimis amount. 
Further, governmentwide guidance in this area would not be redundant-- 
the fact that no current guidance exists demonstrates the need for 
consistent policy governmentwide that all agencies can follow. 
Consistent guidance is crucial to engendering taxpayers' confidence in 
the purchase card program--as we stated above, our previous audits and 
our current work showed that ineffective receipt and acceptance of 
goods and services acquired with the purchase card is a widespread, 
governmentwide problem. Furthermore, OMB indicated that it was 
extremely concerned about purchase card abuse and supported our 
recommendations designed to improve internal controls over the program. 
We believe that GSA can adopt a proactive approach and coordinate with 
OMB to obtain its support to overcome the perceived obstacles. In our 
opinion, the purchase card program will continue to expose the federal 
government--and the taxpayers--to fraud, waste, and abuse, unless GSA 
helps facilitate a governmentwide solution. 

Similarly, GSA argued that it did not have the authority to take the 
recommended actions with respect to property accountability. As with 
independent receipt and acceptance, our work continues to demonstrate 
that accountability for property acquired with purchase cards is 
ineffective across many agencies. For example, the purchase card 
program provides cardholders the ability to acquire sensitive and 
pilferable items directly from vendors. This process results in 
cardholders bypassing the normal property receipt and acceptance 
procedures, which increases the risk that the item will not be recorded 
in an agency's list of accountable property. GSA needs to recognize 
this risk (and other inherent risks) created by purchase card use and 
proactively work with agencies to improve the accountability of 
property acquired with government purchase cards. We also believe that 
our recommendations fully take into account the extent of GSA's 
authority--to that end, our recommendation called for GSA to provide 
agencies guidance and reminders to improve internal controls over asset 
accountability. Even though GSA already issued guidance related to the 
proper use of the purchase card program through online training, 
refresher courses, and annual conferences, GSA should go a step further 
and address control weaknesses related to property accountability and 
receipt and acceptance. GSA's position contrasted sharply with OMB, 
which, in its comments on our report, expressed support for aggressive 
and effective controls over purchase cards. We believe that GSA can 
take advantage of the diverse tools already at its disposal, such as 
online training and annual conferences, with which GSA could easily 
remind cardholders and approving officials to pay particular attention 
to governmentwide issues, including asset accountability and 
independent receipt and acceptance of goods and services identified in 
this report. 

Overall, our recommendations are focused on GSA taking a proactive 
approach to improve the success of the purchase card program. Last 
year, the federal government spent nearly $18 billion using purchase 
cards. While the purchase card program has achieved significant 
savings, a program of this magnitude needs to focus on both preventive 
and detective controls to prevent fraud, waste, and abuse. In its 
response, GSA also pointed out that the new SmartPay® 2 contract should 
provide better management tools to agencies. However, the changes GSA 
identified in SmartPay® 2 were mostly related to data mining for fraud, 
waste, and abuse after a potentially fraudulent or improper transaction 
had taken place, but did not address the issues we raised in this 
report. As our previous work indicated, while detection can help reduce 
fraud, waste, and abuse, preventive controls are a more effective and 
less costly means to minimize fraud, waste, and abuse. The 
recommendations we made, to which GSA took exception, were meant to 
improve these up-front controls. 

GSA also took exception to our methodology, arguing that we improperly 
failed items as part of our control testing. GSA argued that some 
unauthorized purchases were still appropriate purchases. We believe 
that this argument is flawed. Standards for Internal Control in the 
Federal Government states that transactions should be authorized and 
executed only by persons acting within the scope of their authority. In 
other words, authorization is the principal means of assuring that only 
valid transactions are initiated or entered into and, consequently, 
without authorization, adequate assurance does not exist that the items 
purchased were for authorized purposes only. Our statistical sampling 
was designed to test authorization control, and the results we reported 
reflected items that did not pass this attribute. Such attribute 
testing is a widely accepted and statistically valid methodology for 
internal control evaluations. GSA also stated that our report did not 
adequately address the areas of personal responsibility and managerial 
oversight. We disagree. We recommended that OMB require agencies to 
hold cardholders financially responsible for improper and wasteful 
purchases, and OMB agreed to implement our recommendations; we believe 
that this would contribute to holding cardholders accountable to 
management for their actions. Further, our past reports on purchase 
card management have always focused on managerial oversight. However, 
it is not feasible within the scope of a governmentwide audit to test 
managerial oversight at every government agency. Consequently, we 
focused on providing GSA, the manager of the governmentwide purchase 
card program, with recommendations that could contribute to improving 
management oversight at the agencies. 

Finally, GSA disagreed with our characterization that travelers who did 
not reduce the per diem claimed on their travel voucher when dinners 
were provided may be engaging in potentially fraudulent activities. 
Because we are unable to establish that these travelers acted with the 
requisite knowledge and willfulness necessary to establish either a 
false statement under 18 U.S.C. §1001 or a false claim, we have 
characterized such activities as potentially fraudulent. 

GSA's and OMB's comments are reprinted in appendixes III and IV. 

As agreed with your offices, unless you announce the contents of this 
report earlier, we will not distribute it until 30 days from its date. 
At that time, we will send copies of this report to the Director of OMB 
and the Administrator of GSA. We will make copies available to others 
upon request. In addition, this report will be available at no charge 
on GAO's Web site at [hyperlink, http://www.gao.gov]. 

If you or your staff have any questions concerning this report, please 
contact me at (202) 512-6722 or kutzg@gao.gov. Contact points for our 
Offices of Congressional Relations and Public Affairs may be found on 
the last page of this report. GAO staff who made major contributions to 
this report are listed in appendix V. 

Signed by: 

Gregory D. Kutz: 

Managing Director: 

Forensic Audits and Special Investigations: 

[End of section] 

Appendix I: Prior GAO Purchase Card Audits: 

Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable to 
Fraudulent, Improper, and Abusive Activity. GAO-06-1117. Washington, 
D.C.: September 28, 2006. 

Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable to 
Fraudulent, Improper, and Abusive Activity. GAO-06-957T. Washington, 
D.C.: July 19, 2006. 

Lawrence Berkeley National Laboratory: Further Improvements Needed to 
Strengthen Controls Over the Purchase Card Program. GAO-04- 987R. 
Washington, D.C.: August 6, 2004. 

Lawrence Livermore National Laboratory: Further Improvements Needed to 
Strengthen Controls Over the Purchase Card Program. GAO-04-986R. 
Washington, D.C.: August 6, 2004. 

Pacific Northwest National Laboratory: Enhancements Needed to 
Strengthen Controls Over the Purchase Card Program. GAO-04- 988R. 
Washington, D.C.: August 6, 2004. 

Sandia National Laboratories: Further Improvements Needed to Strengthen 
Controls Over the Purchase Card Program. GAO-04-989R. Washington, D.C.: 
August 6, 2004. 

VHA Purchase Cards: Internal Controls Over the Purchase Card Program 
Need Improvement. GAO-04-737. Washington, D.C.: June 7, 2004. 

Purchase Cards: Increased Management Oversight and Control Could Save 
Hundreds of Millions of Dollars. GAO-04-717T. Washington, D.C.: April 
28, 2004. 

Purchase Cards: Steps Taken to Improve DOD Program Management, but 
Actions Needed to Address Misuse. GAO-04-156. Washington, D.C.: 
December 2, 2003. 

Forest Service Purchase Cards: Internal Control Weaknesses Resulted in 
Instances of Improper, Wasteful, and Questionable Purchases. GAO-03- 
786. Washington, D.C.: August 11, 2003. 

HUD Purchase Cards: Poor Internal Controls Resulted in Improper and 
Questionable Purchases. GAO-03-489. Washington, D.C.: April 11, 2003. 

FAA Purchase Cards: Weak Controls Resulted in Instances of Improper and 
Wasteful Purchases and Missing Assets. GAO-03-405. Washington, D.C.: 
March 21, 2003. 

Purchase Cards: Control Weaknesses Leave the Air Force Vulnerable to 
Fraud, Waste, and Abuse. GAO-03-292. Washington, D.C.: December 20, 
2002. 

Purchase Cards: Navy is Vulnerable to Fraud and Abuse but Is Taking 
Action to Resolve Control Weaknesses. GAO-02-1041. Washington, D.C.: 
September 27, 2002. 

Purchase Cards: Control Weaknesses Leave Army Vulnerable to Fraud, 
Waste, and Abuse. GAO-02-732. Washington, D.C.: June 27, 2002. 

Government Purchase Cards: Control Weaknesses Expose Agencies to Fraud 
and Abuse. GAO-02-676T. Washington, D.C.: May 1, 2002. 

Purchase Cards: Control Weaknesses Leave Two Navy Units Vulnerable to 
Fraud and Abuse. GAO-02-32. Washington, D.C.: November 30, 2001. 

[End of section] 

Appendix II: Objectives, Scope, and Methodology: 

We performed a forensic audit of executive agencies' purchase card 
activity for the 15 months ending September 30, 2006. Specifically, we 
(1) determined the effectiveness of internal controls intended to 
minimize fraudulent, improper, and abusive transactions by testing two 
internal control attributes related to transactions taken from two 
statistical samples and (2) identified specific examples of potentially 
fraudulent, improper, and abusive transactions through data mining and 
investigations. 

Statistical Sample of Internal Control Procedures: 

We obtained the databases containing agency purchase and other 
government charge card transactions for the 12-month period ending June 
30, 2006, from Bank of America, Citibank, JP Morgan Chase, Mellon Bank, 
and U.S. Bank. The databases contained purchase, travel, and fleet card 
transactions. Using information provided by the banks, we queried the 
databases to identify transactions specifically related to purchase 
cards. We performed other procedures--including reconciliation to 
purchase card data that the General Services Administration (GSA) 
published--to confirm that the data were sufficiently reliable for the 
purposes of our report. 

Our statistical sampling work covered purchase card activity at 
executive agencies. We define executive agencies as federal agencies 
that are required to follow the Federal Acquisition Regulation (FAR), 
including executive departments, independent establishments, and wholly 
owned federal government corporations as defined by the United States 
Code.[Footnote 35] We excluded transactions from the legislative and 
judicial branches, entities under treaty with the United States, and 
federal agencies with specific authority over their own purchase card 
programs.[Footnote 36] 

To assess compliance with key internal controls, we extracted and 
tested two statistical (probability) samples of 96 transactions each. 
The first sample consisted of transactions exceeding $50 taken from a 
population of over 16 million purchase card transactions totaling 
almost $14 billion. We also selected a second sample from the 
population of over 600,000 transactions totaling nearly $6 billion that 
exceeded the $2,500[Footnote 37] micropurchase threshold. We selected 
this second sample because of additional acquisition requirements 
associated with purchases over the micropurchase threshold, and the 
high dollar amount associated with these transactions. Specifically, 
while only 3 percent of governmentwide purchase card transactions from 
July 1, 2005, through June 30, 2006, were over the micropurchase 
threshold, they accounted for 44 percent of the total dollars spent 
during that period. 

With our probability sample, each transaction in the population had a 
nonzero probability of being included, and that probability could be 
computed for any transaction. Each sample element was subsequently 
weighted in the analysis to account statistically for all the 
transactions in the population, including those that were not selected. 
Because we followed a probability procedure based on random selection, 
our sample is only one of a large number of samples that we might have 
drawn. Since each sample could have provided different estimates, we 
express our confidence in the precision of our particular sample's 
results as a 95 percent interval (e.g., plus or minus 10 percentage 
points). This is the interval that would contain the actual population 
value for 95 percent of the samples we could have drawn. As a result, 
we are 95 percent confident that each of the confidence intervals in 
this report will include the true values in the study population. All 
percentage estimates from the samples of executive agency purchase card 
activity have sampling errors (confidence interval widths) of plus or 
minus 10 percentage points or less. 

Internal Control Testing: 

Our audit of key internal controls focused on whether agencies provided 
adequate documentation to substantiate that (1) purchase card 
transactions were properly authorized and (2) goods and services 
acquired with purchase cards were independently received and accepted. 
As part of our tests of internal controls, we reviewed applicable 
federal laws and regulations related to the FAR and purchase card uses. 
We also identified and applied the internal control principles 
contained in Standards for Internal Control in the Federal 
Government,[Footnote 38] Audit Guide: Auditing and Investigating the 
Internal Control of Government Purchase Card Programs,[Footnote 39] and 
agencies' purchase card policies and procedures. Furthermore, for 
purchases exceeding the micropurchase threshold of $2,500, we tested 
FAR requirements that the cardholder use required vendors and promote 
competition by soliciting bids--or justify the departure from this 
requirement in writing.[Footnote 40] 

Proper Authorization: 

To determine whether a transaction was properly authorized, we reviewed 
documentation to ascertain if an individual other than the cardholder 
was involved in the approval of the purchase. To determine that proper 
authorization existed, we used reasonable evidence for authorization of 
micropurchases from $50 to $2,500, such as purchase requests from 
responsible officials, requisitions, e-mails, and other documents that 
identify an official government need, including blanket authorizations 
for routine purchases with subsequent approval. For purchase card 
transactions exceeding the micropurchase threshold of $2,500, we 
required prior purchase authorization, such as a contract, a 
requisition, or other approval document. Additionally, we looked for 
evidence that the cardholder used required vendors (as required by the 
Javits-Wagner-O'Day Act (JWOD))[Footnote 41] and solicited quotes to 
promote competition (or provided evidence justifying departure from 
this requirement, such as an annotation justifying the use of a sole 
source). 

Receipt and Acceptance: 

To determine whether goods or services were independently received and 
accepted, we reviewed supporting documentation provided by the agency. 
For each transaction, we compared the quantity, price, and item 
descriptions on the vendor invoice and shipping receipt to the purchase 
requisition to verify that the items received and paid for were 
actually the items ordered. We also determined whether evidence existed 
that a person other than the cardholder was involved in the receipt of 
the goods or services purchased. We concluded that independent receipt 
and acceptance existed if the vendor invoice, shipping documents, and 
receipt materially matched the transaction data, and if the signature 
or initial of someone other than the cardholder was on the sales 
invoice, packing slip, bill of lading, or any other shipping or 
receiving document indicating receipt. 

Accountable Property: 

For statistical sample and data-mining transactions containing 
accountable or highly pilferable property, we performed an inventory to 
determine whether executive agencies maintained accountability over the 
physical property items obtained with government purchase cards. 
Because each agency had its own threshold for accountable property, we 
were not able to test accountable property against each agency's 
threshold for this governmentwide audit. Consequently, we defined 
accountable property as any property item exceeding a $350 threshold 
and containing a serial number. We defined highly pilferable items as 
items that can be easily converted to personal use, such as cameras, 
laptops, cell phones, and iPods. We selected highly pilferable property 
at any price if it was easily converted to personal use. 

The purchase card data provided by the banks did not always contain 
adequate details to enable us to isolate property transactions for 
statistical testing. Because we were not able to take a statistical 
sample of these transactions, we were not able to project failure rates 
for accountable and pilferable property. Consequently, our tests of 
property accountability were performed on a nonrepresentative selection 
of property that we identified when a transaction selected for 
statistical sampling or data mining contained accountable and 
pilferable property. For these property items, we identified serial 
numbers from supporting documentation provided by the agency and, in 
some cases, by contacting the vendors themselves. To minimize travel 
costs associated with conducting a physical inventory governmentwide, 
we requested that each agency provide photographs of the property 
items, which we compared against the serial numbers originally 
provided. When we were unable to obtain serial numbers from supporting 
documentation or from the vendors, we gave the agency the benefit of 
the doubt and accepted the serial numbers shown in agency-provided 
photographs as long as the product(s) and quantity matched. In some 
isolated instances, we performed the physical inventory ourselves. 

Data Mining: 

To identify examples of fraudulent, improper, and abusive purchase card 
activity, we data mined purchase card transactions from July 1, 2005, 
through September 30, 2006. This period contained an additional 3 
months of data subsequent to the period included in our statistical 
samples. For data-mining purposes, we also included transactions from 
federal agencies that had been granted specific authority over their 
own purchase card programs, such as the U.S. Postal Service.[Footnote 
42] 

In general, we analyzed purchase card data for merchant category codes 
and vendor names that were more likely to offer goods, services, or 
both that are on executive agencies' restricted/prohibited lists, 
personal in nature, or of questionable government need. We identified 
split purchases by extracting multiple purchase transactions made by 
the same cardholder at the same vendor on the same day. For year-end 
purchases, we identified transactions from purchase card accounts where 
year-end activity is high compared to the rest of the year. With 
respect to convenience checks, we used various criteria, including 
identifying instances where convenience checks were written to cash or 
payees not normally associated with procurement needs and where a large 
number of convenience checks were written to a single payee, among 
others. We analyzed the banks' databases for detailed transaction data, 
whenever available, for accountable property and highly pilferable 
items. 

We then requested and reviewed supporting documentation for over 550 
transactions among the thousands we identified. We conducted 
investigative work, which included additional inquiries and data 
analysis, when applicable. While we identified fraudulent, improper, 
and abusive transactions, our work was not designed to identify and we 
cannot determine the extent of fraudulent, improper, or abusive 
transactions occurring in the population of governmentwide purchase 
card transactions. 

Data Reliability: 

We assessed the reliability of the data provided by (1) performing 
various testing of required data elements, (2) reviewing financial 
statements of the five banks for information about the data and systems 
that produced them, and (3) interviewing bank officials knowledgeable 
about the data. In addition, we verified that totals from the databases 
agreed with the total purchase card activity provided by GSA and 
published on its Web site, in totality and for selected agencies. We 
determined that the data were sufficiently reliable for the purposes of 
our report. 

We conducted this performance audit from September 2006 through 
February 2008, in accordance with U.S. generally accepted government 
auditing standards. Those standards require that we plan and perform 
the audit to obtain sufficient, appropriate evidence to provide a 
reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We performed our investigative work in accordance with standards 
prescribed by the President's Council on Integrity and Efficiency. 

[End of section] 

Appendix III: Comments from the Office of Management and Budget: 

Executive Office of the President: 
Office of Management and Budget: 
Washington, D.C. 205403: 

February 11, 2008: 

Mr. Gregory Kutz: 
Managing Director, Forensic Audits: 
U.S. Government Accountability Office: 
440 G. Street NW: 
Washington, DC 20548: 

Dear Mr. Kutz: 

Thank you for the opportunity to provide comments on the Government 
Accountability Office's (GAO's) draft report entitled "Government 
Purchase Cards are Needed to Strengthen Internal Controls to Reduce 
Fraudulent, Improper and Abusive Purchases." GAO-08-333. The Federal 
government's purchase card program provides an automated approach to 
acquisition that has led to $2 billion in annual savings when compared 
when compared to the paper-based process that proceeded it. However, 
these efficiencies are not fully realized unless Federal agencies 
implement strong and effective controls to prevent purchase card waste, 
fraud, and abuse. The Office of Management and Budget (OMB) is 
extremely concerned with the incidents of purchase card abuse 
highlighted in GAO's report and agrees with the recommended actions 
that OMB should take for improving government performance in this area. 

In fiscal year 0007, Federal agencies made more than 27 million 
purchase card transactions valued at nearly $20 billion. The 
inappropriate use of government purchase cards can result in 
significant dollar loss to the taxpayer, and in any event such activity 
can significantly impact and compromise the citizens' trust in 
government. For these reasons, OMB has designated government charge 
card management as a major focus area under Circular A-123, 
Management's Responsibility for Internal Controls. Specifically, 
Appendix B of Circular A-123, Improving the Management of Government 
Charge Card Programs, requires agencies to implement policies and 
procedures (e.g., planning, training, risk management, performance 
metrics, disciplinary action) that prevent, identify, and remediate 
inappropriate purchase card transactions. 

GAO's report recommends that OMB take the following two actions to 
facilitate agency compliance with Appendix B: (1): inform agencies that 
Appendix B extends to both convenience checks and government charge 
cards; and (2) remind agency personnel of their financial 
responsibility for unauthorized or erroneous purchase card 
transactions. As noted above, OMB concurs with these recommendations 
and will issue guidance reminding agency personnel of their 
responsibilities in this area in the near future. 

We appreciate the opportunity to comment on the draft report and look 
forward to our continuing collaboration to ensure better transparency 
and accountability across the Federal Government. If you have any 
questions please feel free to contact Sally Beecroft at 202.395.1040. 

Sincerely, 

Signed by: 

Danny Werfel: 

Acting Controller: 

[End of section] 

Appendix IV: Comments from the General Services Administration: 

GSA Administrator: 

U.S. General Services Administration: 
1800 F Street, NW: 
Washington, DC 20405-0002: 
Telephone: (202) 501-0800: 
Fax: (202) 219-1243 
[hyperlink: http://www.gsa.gov]: 

February 11, 2008: 

The Honorable David M. Walker: 
Comptroller General of the United States: 
Government Accountability Office: 
Washington, DC 20548: 

Dear Mr. Walker: 

The General Services Administration (GSA) appreciates the opportunity 
to comment on the draft report, "Governmentwide Purchase Cards: Actions 
Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, 
and Abusive Purchases" (GAO-08-333), The Government Accountability 
Office's (GAO's) draft report includes 13 recommendations between GSA 
and the Office of Management and Budget to improve internal controls 
over the Government purchase card program and to strengthen monitoring 
and oversight of purchase cards as part of an overall effort to reduce 
instances of fraudulent, improper, and abusive purchase card activity. 

In general, GSA does not dispute the issues GAO found in their review, 
but disagrees that the property accountability and travel voucher 
issues described in the report constitute purchase card problems. 

Technical comments that update and clarify statements in the draft 
report are enclosed and incorporated herein by reference. if you have 
any questions, please contact me. Staff inquiries may be directed to 
Mr. Kevin Messner, Associate Administrator, Office of Congressional and 
Intergovernmental Affairs, at (202) 501-0563. 

Cordially,

Signed by: 

Lurita Doan: 
Administrator: 
Enclosure: 

cc: John Kelly, Assistant Director, Forensic Audits and Special 
Investigations: 

Corrections/Updates to the Government Accountability Office (GAO) Draft 
Report, "Govemmentwide Purchase Cards: Actions Needed to Strengthen 
Internal Controls to Reduce Fraudulent, Improper, and Abusive 
Purchases" (GAO-08-333) – Dated January 16, 2008 General Services 
Administration: 

The General Services Administration (GSA) has concerns regarding GAO's 
"failure rate" approach in the report, believing it can easily be 
misunderstood. Specifically, we do not agree that all purchases should 
be subject to prior approval and independent receipt/acceptance 
processes. Clearly, these processes need to be thoughtfully applied in 
a manner consistent with the value of the item, risk of 
loss/abuse/misuse, and cost to manage. But to state that all items 
failed a test that may not be reasonably applicable to them in the 
first place, or to include items as failed regardless of whether or not 
they were appropriate purchases, provides what we consider to be an 
excessively negative view of purchase card transaction activity. We 
point out that, Office of Management and Budget (OMB) Circular A-123, 
Appendix B, entitled "Improving the Management of Government Charge 
Card Programs," already requires agencies to address charge card 
authorization controls in their charge card management plans. 

The report recommends that GSA issue guidance regarding matters that 
are not within the scope of its authority and that fail within the 
purview of the agencies themselves, which have typically already issued 
such guidance. While we strongly agree that any purchase card misuse 
and abuse needs to be dealt with aggressively, we believe there are 
more effective ways of dealing with these important issues than issuing 
redundant policy reminders or guidance as the report recommends. 
Examples of other approaches include enhancements GSA and its customer 
agencies are already in the process of implementing through the new GSA 
SmartPay@ 2 contract to help further improve purchase card management 
across the Government. For example, the GSA SmartPay® 2 contract 
provides for an automated e-mail message to be sent to a cardholder's 
supervisor whenever that card is used. For agencies with a high number 
of purchases, such information can also be provided to the supervisor 
in a summary report. 

In instances where new or additional Govemmentwide policy is truly 
needed, we believe it would be best addressed through either 
appropriate updates to the Federal Travel Regulation (in regard to 
travel voucher issues) or the Office of Management and Budget's (OMB) 
Circular A-123, Appendix B, which establishes charge card management 
policy, as appropriate. 

We further believe the report should more strongly address the areas of 
personal responsibility and effective managerial oversight. We agree 
that no level of abuse or misuse is acceptable. Cardholders need to be 
held accountable by management for their actions. They need to treat 
card use as the serious responsibility it is, make wise use of taxpayer 
funds, maintain proper records of purchases, and be vigilant against 
fraud, waste and abuse. This concept of personal accountability coupled 
with enlightened management oversight is central to the charge card 
program's continued success. The vast majority of purchase cardholders 
use their purchase cards properly. Last fiscal year alone, these 
cardholders made more than 27 million purchase card transactions 
(fiscal year 2007 total), The report, which indicated that it sampled 
data from "almost $14 billion" worth of transactions, appears to 
support this contention, although it does not focus on it. Concerning 
additional tools to support agencies in dealing with cardholders who do 
not use their purchase cards properly, GSA has supported proposed 
legislation to permit employee salaries to be offset to reimburse the 
Government for purchase card transactions that prove to be improper. 

The GAO report does not, in our view, adequately acknowledge the great 
strides agencies have made in overseeing purchase card transactions 
over the past 8 years, nor does it set these findings within the 
context of the overall purchase card program. GSA and its customer 
agencies continue to work together toward the objective of eliminating 
improper transactions altogether. 

More agencies are using data mining and other automated tools to detect 
questionable transactions. The industry itself is now making new 
software tools available, such as MasterCard's Expert Monitoring System 
(EMS) and Visa's Intelinet systems which allow agencies to enter their 
business rules and more easily identify questionable transactions. 
These tools are available to all GSA customer agencies under the new 
GSA SmartPay@ 2 contracts. We believe approaches such as these are more 
effective and will yield better results than providing guidance yet 
again on the same issues agencies are already addressing. 

The report also does not make mention of the fact that due to GSA's 
efforts, agencies enjoy the use of the streamlined charge card business 
process with no card fees, and that many agencies receive refunds based 
upon their payment performance. In fiscal year 2007 alone, agencies 
received $174 million in refunds, mainly stemming from purchase card 
transactions. Additionally, the streamlined purchase business processes 
the purchase cards employ are estimated to help agencies avoid $1.8 
billion in administrative processing costs each year as compared to 
prior, paper-intensive processes. While GSA and its customer agencies 
recognize the need for and are continuously pursuing program 
improvement, the purchase card program continues to offer tremendous 
value. We therefore believe mentioning these statistics in the report 
will present a more balanced view of the program. 

We also point out that prior to the existence of the purchase card 
program, much of the transaction data GAO used to conduct its review 
was at best difficult to obtain or at worst simply did not exist. This 
is yet another benefit of the purchase card program — access to a large 
amount of information to help all of us better understand and improve 
the program. 

Our comments regarding the 10 GSA-specific recommendations appear 
below. 

Recommendations 1-2: Provide agencies guidance on how cardholders can 
document independent receipt and acceptance of items obtained with a 
purchase card. These guidelines should encourage agencies to: 

* Identify a de minimis amount and/or types of purchases that do not 
require documenting independent receipt and acceptance, and: 

* Indicate that the approving official or supervisor took the necessary 
steps to assure that items purchased were actually received. 

GSA Response: GSA does not concur with the recommendations as written. 
We disagree with GAO's characterization of this finding as a purchase 
card issue, Agency receiving and acceptance policies and procedures are 
not within the purview of the GSA SmartPay@ Governmentwide purchase 
card program, nor is the issue within the scope of the GSA SmartPay® 
contracts. GSA does not set agency receipt and acceptance policy. These 
agency policies generally address property regardless of the method of 
acquisition and are therefore not purchase card specific. We therefore 
suggest GAO modify this recommendation accordingly. We also point out 
that, particularly in field locations, the approving official may not 
be collocated with the cardholder, making the recommendation 
challenging to implement unless some other third party can be used to 
independently confirm receipt, where appropriate. 

Recommendation 3: Provide agencies guidance regarding what should be 
considered sensitive and pilferable property. Because purchase cards 
are frequently used to obtain sensitive and pilferable property, remind 
agencies that computers, palm pilots, digital cameras, fax machines, 
printers and copiers, iPods, etc. are sensitive and pilferable property 
that can easily be converted to personal use. 

GSA Response: GSA does not concur with the recommendation as written. 
We disagree with GAO's characterization of this finding as a purchase 
card issue. The definition of sensitive and pilferable policy is not 
within the purview of the GSA SmartPay® Govemmentwide purchase card 
program, nor is the issue within the scope of the GSA SmartPay® 
contracts. What constitutes sensitive property is defined by the 
agencies as part of their property management policies, procedures and 
systems. These agency policies generally address property regardless of 
the method of acquisition and are therefore not purchase card specific. 
Given the wide variety of items acquired, it is appropriate that 
agencies identify items to be considered sensitive and the processes to 
account for them. We therefore recommend GAO modify this recommendation 
accordingly. 

Recommendation 4: Instruct agencies to remind Government travelers that 
when they receive a Government-paid for meal at a conference or other 
event, the traveler must reduce the per diem claimed on their travel 
voucher by the specified amount that GSA allocates for the provided 
meal. 

GSA response: GSA partially concurs with this recommendation. We 
disagree with GAO's characterization of this finding as a purchase card 
issue. Agency travel vouchering policies and procedures are not within 
the purview of the GSA SmartPay® Governmentwide purchase card program, 
nor is the issue within the scope of the GSA SmartPay® contracts. 
However, the GSA Office of Governmentwide Policy (OGP) does manage 
travel policy. We do agree that when a meal is provided to an employee 
in travel status at Government expense, that employee is required, 
consistent with existing policy, to deduct the appropriate amount for 
that meal from the amount claimed for Meals and Incidental Expenses 
(M&IE). But the GAO review raises a new issue regarding continental 
breakfasts, which typically does not constitute a full breakfast. We do 
not believe employees who neglected to deduct a continental breakfast 
from the daily M&IE acted with the requisite knowledge and willfulness 
necessary to establish either a false criminal statement under Title 
18, Section 1001, of the United States Code or a false claim. We will 
discuss the continental breakfast issue with stakeholders in the travel 
policy community and act on their recommendations in a timely manner. 

In regard to the GSA specific issues mentioned in the report, GSA has 
identified the Government travelers who claimed meals that were paid 
for by the Government at the respective conferences. GSA is currently 
seeking reimbursement from these travelers for the specified amount 
that GSA paid for the provided conference meals totaling $587.00. GSA 
has standing procedures in place that instruct Government travelers 
employed by GSA that receive a Government furnished meal at a 
conference or other event to reduce the per diem claimed on their 
travel voucher by the specified amount that GSA allocates for the 
provided meal. In the final conference instructions to participants, 
conference coordinators remind participants to reduce the per diem 
claimed on their travel voucher by the specified amount of conference 
meals. We will continue to enforce these procedures within GSA and with 
other Federal agencies. 

GSA again points out that insufficient evidence exists in the record to 
establish with any certainty that the employees who submitted 
reimbursement claims for full per diem acted with the requisite 
knowledge and willfulness necessary to establish either a criminal 
false statement under Title 18 Section 1001 of the United States Code 
or a false claim. 

Accordingly, GSA recommends that the first additional fact contained in 
case 9 of the chart be revised to state that the five conference 
participants erroneously claimed reimbursement for meals that were 
provided by the Government. 

In addition, it is not GSA's policy to allow employees to claim full 
per diem for meals that are otherwise provided by the Government; 
therefore, GSA recommends that GAO revise its statements in case 
numbers 7 and 9 as noted below: 

Table 4, Case Number 7: GAO should state... "however, travelers claimed 
full per diem even though meals were provided" in lieu of... "however, 
the agency allowed travelers full per diem even though meals were 
provided" 

Table 4, Case Number 9: GAO should state "however, attendees claimed 
full per diem for a dinner meal that had already been paid for with the 
purchase card" in lieu of... "however, the agency allowed the attendees 
to claim full per diem for a dinner meal that had already been paid for 
with the purchase card." We also point out that the proper purchase of 
the food using a purchase card has no bearing on the subsequent travel 
voucher errors. These errors could have occurred regardless of the 
acquisition method used to acquire the food. 

Recommendations 5-10: Provide written guidance or reminders to 
agencies: 

* That cardholders need to obtain prior approval or subsequent review 
of purchase activity for purchase transactions that are under the micro-
purchase threshold. 

* That property accountability controls need to be maintained for 
pilferable property, including those items obtained with a purchase 
card. 

* That cardholders need to timely notify the property accountability 
officer of pilferable property obtained with a purchase card. 

* That property accountability officers need to promptly record, in 
agency property systems, sensitive and pilferable property that is 
obtained with a purchase card. 

* That, consistent with the guidance on third-party drafts in the 
Department of Treasury's Treasury Financial Manual, Volume 5, Chapter 4-
3000, convenience checks issued on purchase card accounts should be 
minimized, and that convenience checks are only to be used when (1) a 
vendor does not accept the purchase cards, and (2) no other vendor can 
provide the goods or services, and (3) that it is not practical to pay 
for the item using the traditional procurement method. 

* That convenience check privileges of cardholders who improperly use 
convenience checks be canceled. 

GSA Response: GSA partially agrees with these recommendations. We are 
concerned that the recommendation to issue "reminders" regarding 
existing policies does little to move the issues toward resolution. GSA 
agrees that guidance on prior approval or subsequent review of purchase 
card transactions could be clarified. As a result, should OMB deem 
additional coverage in OMB Circular A-123, Appendix B is appropriate, 
GSA will assist, as needed, in developing the additional guidance in 
conformance with OMB's schedule for accomplishing any such revisions. 

In regard to the portions of this recommendation dealing with property 
accountability matters, GSA does not agree with GAO's characterization 
of them as purchase card issues. GSA does not set agency property 
management policies nor are such issues within the scope of the GSA 
SmartPay® program or its contracts. Agencies generally issue their own 
policies regarding these matters. As a result, GSA recommends that GAO 
modify this recommendation accordingly. 

GSA does agree with all of GAO's convenience check recommendations, 
with one exception, the prohibition "no other vendor can provide the 
goods or services." Although GSA would like to eliminate the use of 
convenience checks altogether, it is not practical to do so given the 
unique nature of some suppliers and/or services acquired by agencies 
and the associated vendor's refusal to accept purchase cards. In some 
of these cases, while other similar vendors that accept charge cards 
may exist, their use is not practical due to geographic considerations 
or other limiting factors. Blacksmithing services for horses and 
honoraria payments to expert speakers with unique expertise are but two 
examples. Due to these "niche" needs, our agency customers continue to 
tell us that they need the capability convenience checks offer. Note 
that in order to improve convenience check internal controls, the new 
GSA SmartPay® contracts require contractor banks to provide images of 
cleared checks to agencies. We are also offering a new product, stored 
value cards, under the GSA SmartPay® 2 contract, which may provide a 
viable alternative in many situations to continued convenience check 
use.

[End of section] 

Appendix V: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Gregory D. Kutz, (202) 512-6722 or kutzg@gao.gov. 

Acknowledgements: 

In addition to the contact above, Tuyet-Quan Thai, Assistant Director; 
James Ashley; Beverly Burke; Bruce Causseaux; Sunny Chang; Dennis 
Fauber; Danielle Free; Jessica Gray; Ryan Guthrie; Ken Hill; Ryan 
Holden; Aaron Holling; John Kelly; Delores Lee; Barbara Lewis; Andrew 
McIntosh; Richard McLean; Aaron Piazza; John Ryan; Barry Shillito; 
Chevalier Strong; Scott Wrightson; Tina Wu; and Michael Zola made key 
contributions to this report. 

[End of section] 

Footnotes: 

[1] Convenience checks are part of the purchase card program and are 
issued to authorized cardholders. Agency management determines to whom 
checks are issued. The checks are similar in appearance to personal 
checks and are written against the cardholder's purchase card account. 
The total amount that may be written cannot exceed the cardholder's 
single-transaction limit. Convenience checks are designed to be used in 
instances where a merchant does not accept purchase cards. 

[2] Other objectives of the simplified acquisition procedures include 
promoting efficiency and economy and avoiding unnecessary burden. 

[3] See 48 C.F.R. § 13.201. 

[4] Micropurchase means an acquisition of supplies or services using 
simplified acquisition procedures, the aggregate amount of which does 
not exceed the micropurchase threshold except for construction or in 
other specific instances. The threshold subsequently was increased on 
September 28, 2006, to $3,000. 

[5] The total amount of refunds obtained from the five credit card 
banks was not audited. 

[6] GAO and Department of Homeland Security, Office of the Inspector 
General, Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable 
to Fraudulent, Improper, and Abusive Activity, GAO-06-1117 (Washington, 
D.C.: Sept. 28, 2006). 

[7] The Bob Stump National Defense Authorization Act for Fiscal Year 
2003, Pub. L. No. 107-314, § 1007; Department of Defense Appropriations 
Act, 2003, Pub. L. No. 107-248, § 8149 as amended by Department of 
Defense Appropriations Act, 2004, Pub. L. No. 108.87, § 8144. 

[8] For this report, we define fraudulent purchases to include those 
made by cardholders that were unauthorized and intended for personal 
use, purchases made using purchase cards or account numbers that had 
been stolen or compromised, and purchases appropriately charged to the 
purchase card but that involve potentially fraudulent activity that 
went undetected because of the lack of integration among processes 
related to the purchase, such as travel claims or missing property. 
Improper transactions are those purchases that although intended for 
government use, are not permitted by law, regulation, or government/ 
agency policy. Abusive purchase card transactions involve transactions 
that are deficient and improper when compared with behavior that a 
prudent person would consider reasonable and necessary, for example, 
purchases that were made at excessive cost (wasteful) or were not 
needed by the government, or both. 

[9] GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999). 

[10] GAO-04-87G (Washington, D.C.: November 2003). 

[11] Whenever they were provided, we reviewed purchase card policies 
and procedures of purchase card programs at major departments, such as 
the Departments of Agriculture, Defense, Energy, and the Interior, to 
name a few. We also reviewed policies and procedures at a number of 
other agencies and independent establishments, such as the National 
Aeronautics and Space Administration and the U.S. Postal Service. 

[12] In a probability sample (sometimes referred to as a statistical or 
random sample), each item in the population has a known, non-zero 
probability of being selected. The results of a probability sample can 
be generalized to the population from which the sample was taken. 

[13] 5 U.S.C. §§ 101 and 104 and 31 U.S.C. § 9101 identify agencies 
required to follow the FAR. 

[14] Because of limitations in the data, we were unable to remove all 
transactions related to entities outside the scope of our audit from 
the sample populations. If any transactions that should have been 
excluded were selected as part of either sample, we replaced them. See 
app. II for further details of our scope and methodology. 

[15] Purchase card data provided by the banks did not always contain 
detailed information to allow for the complete identification of 
accountable and pilferable property. Thus, we were unable to 
statistically test property accountability. Consequently, our tests of 
property accountability were performed on a nonrepresentative selection 
of property that we identified when a transaction selected for 
statistical sampling or data mining contained accountable or pilferable 
property. 

[16] All USPS purchase acquisitions are excluded from adherence to FAR 
regulations. Handbook AS-709, Credit Card Policies and Procedures for 
Local Buying, explains the policies and procedures of the USPS purchase 
card program. 

[17] GAO, Purchase Cards: Control Weaknesses Leave Army Vulnerable to 
Fraud, Waste, and Abuse, GAO-02-732 (Washington, D.C.: June 27, 2002). 

[18] GAO-06-1117. 

[19] As stated previously, we statistically tested executive agency 
purchase card transactions from July 1, 2005, through June 30, 2006. 
With respect to data mining, we included transactions from July 1, 
2005, through September 30, 2006, and transactions from agencies that 
were exempt from the FAR. 

[20] 48 C.F.R. § 13.104. 

[21] According to USPS, 108 individuals were invited to the dinner and 
95 attended. While USPS provided us a list of the 108 invitees, it was 
not able to identify the 95 invitees whom it claimed actually attended. 
Further, independent, third-party evidence we obtained from Ruth's 
Chris Steakhouse showed that 81 individuals attended the dinner. Our 
review of the independent documentation also showed that 81 entrees, 81 
salads, and numerous other appetizers and side dishes were provided. 

[22] In June 2007, GSA awarded a new SmartPay®2 charge card service 
contract to four banks: Citibank; GE Capital Financial, Inc; JPMorgan 
Chase; and U.S. Bank. 

[23] The $17 billion in GSA purchase card data also includes purchases 
by federal agencies outside the scope of our audit and purchase 
transactions less than $50. 

[24] The General Records Schedule 3 states that contract records, 
including correspondence and related papers pertaining to award, 
administration, receipt, inspection, and payment for transactions that 
exceed the simplified acquisition threshold may be destroyed 6 years 
and 3 months after final payment; whereas, similar records for 
transactions at or below the simplified acquisition threshold may be 
destroyed 3 years after final payment. 

[25] In one instance, the rate of failure from previous reports was 
within range of the governmentwide results. We tested five Army 
installations and found that at the Soldier Biological and Chemical 
Command, the failure rate for proper authorization was 25 percent. 
However, our prior audits have also found that the failure rates for 
authorization and independent receipt and acceptance were generally 
higher than the governmentwide results for this audit. 

[26] Issued in August 2005, Appendix B requires agencies to maintain 
internal controls that reduce the risk of fraud, waste, and error in 
government charge card programs. 

[27] With certain exceptions, the FAR requires that cardholders obtain 
competition from separate sources prior to making purchases over the 
micropurchase threshold. 

[28] We performed work to determine whether accountable property 
totaling $350 or more and pilferable items that could be easily 
converted to personal use were accounted for and could be located. For 
details on our methodology, refer to app. II. 

[29] 48 C.F.R. § 13.301 provides that governmentwide commercial 
purchase cards may be used only for purchases that are otherwise 
authorized by law or regulations. Therefore, a procurement using a 
purchase card is lawful only if it would be lawful using conventional 
procurement methods. Under 31 U.S.C. 1301(a), "[a]ppropriations shall 
be applied only to the objects for which the appropriations were made." 

[30] We defined split purchases as multiple purchase transactions made 
by the same cardholder at the same vendor on the same day. From July 1, 
2005, through June 30, 2006, purchases that met this definition, and 
which appeared to have been transacted to circumvent the micropurchase 
threshold, totaled over $600 million. 

[31] According to USPS, 108 individuals were invited to the dinner, and 
95 attended. While USPS was able to provide documentation of the 108 
invitees, it was not able to identify the 95 who attended. Further, 
independent, third-party evidence we obtained from Ruth's Chris 
Steakhouse showed that 81 individuals attended the dinner. Our review 
of the independent documentation also showed that 81 entrees and 81 
salads were provided. Therefore, we used the information provided on 
the merchant receipt to calculate the per-person cost. 

[32] Postal Customer Councils are formed to establish dialogue and 
improve communications between USPS and its customers--including 
commercial mailers, organizations, service bureaus, and individuals who 
use services provided by USPS. 

[33] Treasury Financial Manual, issued by the Department of Treasury's 
Financial Management Service, policies, procedures, and instructions 
for Federal departments and agencies, Federal Reserve Banks (FRBs), and 
other concerned parties to follow in carrying out their fiscal 
responsibilities. 

[34] We believe that GSA possesses the authority to issue such guidance 
under its general authorities to prescribe property management policies 
under 40 U.S.C. §§121(c) and 501(b)(2). 

[35] 5 U.S.C. §§ 101, 104 and 31 U.S.C § 9101 identify agencies 
required to follow the FAR. 

[36] Because of limitations in the data, we were unable to remove all 
transactions related to entities outside the scope of our audit from 
the sample populations. If any transaction that should have been 
excluded were selected as part of either sample, we replaced them. 

[37] We used the micropurchase threshold of $2,500 existing at the time 
of the audit. This threshold was increased on September 28, 2006, to 
$3,000. 

[38] GAO/AIMD-00-21.3.1. 

[39] GAO-04-87G. 

[40] 48 C.F.R. §§ 13.003h(1), 13.104b, 13.501, and 13.102. 

[41] JWOD established the Committee for Purchase from People Who Are 
Blind or Severely Disabled and charters the committee to develop a 
procurement list of commodities produced and services provided by 
nonprofit agencies (41 U.S.C §§ 46 and 47). The act also directs 
agencies to buy items or services on the procurement list from 
nonprofit agencies for the blind or severely handicapped if the items 
are available within the period required by the government (41 U.S.C. § 
48). 

[42] All U.S. Postal Service purchase acquisitions are excluded from 
adherence to FAR regulations. Handbook AS-709, Credit Card Policies and 
Procedures for Local Buying, explains the policies and procedures of 
the U.S. Postal Service purchase card program. 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability.  

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates."  

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:  

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548:  

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061:  

To Report Fraud, Waste, and Abuse in Federal Programs:  

Contact:  

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470:  

Congressional Relations:  

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548:  

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: