Purchase Cards
Control Weaknesses Leave Army Vulnerable to Fraud, Waste, and Abuse Gao ID: GAO-02-732 June 27, 2002The Army's purchase card program--the largest within the Defense Department--offers significant benefits, but weak internal controls have left the Army vulnerable to fraudulent, improper, and abusive purchases. The Army has yet to issue servicewide regulations or operating procedures, instead relying on ad hoc memoranda and other informal guidance. The Army also does a poor job of overseeing the purchase card program. The Army lacks the infrastructure--guidance and human capital--needed for effective program oversight. GAO identified several improper transactions involving clothing, food, and other items. GAO also identified improper purchases in which cardholders made a large number of purchases of similar items to circumvent the mandated limit of $2,500 for a single purchase.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-02-732, Purchase Cards: Control Weaknesses Leave Army Vulnerable to Fraud, Waste, and Abuse
This is the accessible text file for GAO report number GAO-02-732
entitled 'Purchase Cards: Control Weaknesses Leave Army Vulnerable to
Fraud, Waste, and Abuse' which was released on July 17, 2002.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products‘ accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
Report to Congressional Requesters:
June 2002:
Purchase Cards:
Control Weaknesses Leave Army Vulnerable to Fraud, Waste, and Abuse:
GAO-02-732:
Contents:
Letter:
Results in Brief:
Background:
Weaknesses in Overall Control Environment for Army Purchase Card
Program:
Critical Internal Control Activities and Techniques Not Effectively
Implemented:
Potentially Fraudulent, Improper, and Abusive or Questionable
Transactions:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendixes:
Appendix I: Scope and Methodology:
Appendix II: Overview of Army Purchase Card Program:
Appendix III: Comments from the Department of Defense:
Appendix IV: GAO Contacts and Staff Acknowledgements:
Tables:
Table 1: Program Coordinators‘ Span of Control:
Table 2: Internal Control Activity Statistical Testing Failure Rates:
Table 3: Advance Approval Failure Rates:
Table 4: Independent Receiving Failure Rates:
Table 5: Approving Official Review Failure Rates:
Table 6: Existence of Invoice Failure Rates:
Table 7: Property Items Not Recorded in Property Books:
Table 8: Examples of Potentially Fraudulent Army Purchase Card
Transactions:
Table 9: Examples of Purchases Intended for Personal Use:
Table 10: Examples of Abusive or Questionable Purchases:
Table 11: Major Commands and Installations Audited:
Table 12: Number and Value of Army Transactions in Fiscal Year 2001:
Figures:
Figure 1: Army Purchase Card Program Management Structure:
Figure 2: Army Purchase Card Processes:
Abbreviations:
DOD: Department of Defense:
JWOD: Javits-Wagner-O‘Day Act:
Letter:
June 27, 2002:
The Honorable Charles E. Grassley
Ranking Minority Member
Committee on Finance
United States Senate:
The Honorable Stephen Horn
Chairman
The Honorable Janice D. Schakowsky
Ranking Minority Member
Subcommittee on Government Efficiency, Financial Management
and Intergovernmental Relations
Committee on Government Reform
House of Representatives:
The Department of Defense (DOD) is promoting departmentwide use of
purchase cards for obtaining goods and services. It reported that for
the year ended September 30, 2001, about 230,000 cardholders used
purchase cards to make about 10.7 million transactions at a cost of
over $6.1 billion. Purchase cards are to be used exclusively for
government-related purchases. Purchase card transactions include
acquisitions at or below the $2,500 micropurchase threshold, commercial
training requests valued at or below $25,000, and payments on
contracts. The use of purchase cards has dramatically increased in past
years as agencies have sought to eliminate the lengthy process and
paperwork long associated with making small purchases. The benefits of
using purchase cards versus traditional contracting and payment
processes are lower transaction processing costs and less ’red tape“
for both the government and the vendor community.
We support the use of a well-controlled purchase card program to
streamline the government‘s acquisition processes. However, it is
important that agencies have adequate internal control in place to
protect the government from fraud, waste, and abuse. In July 2001 and
March 2002, we testified on significant breakdowns in internal control
over purchase card transactions at two Navy sites in San Diego,
California.[Footnote 1] This work identified a weak internal control
environment; ineffective internal control; and potentially
fraudulent,[Footnote 2] improper, and abusive purchases.
As a result of our work at the two Navy sites and continuing concern
about fraud, waste, and abuse in DOD‘s purchase card program, you
requested that we expand our audits of purchase card controls. As the
initial part of this requested work, this report focuses on the Army,
which has the largest purchase card program in DOD. In fiscal year
2001, the Army had about 109,000 cardholders, 4.4 million transactions,
and $2.4 billion in purchases. We plan to report to you separately on
the results of our audits of the Navy and Air Force purchase card
programs.
The objective of our audit of the Army‘s purchase card program was to
assess the adequacy of internal control over the authorization,
purchase, and payment of purchase card transactions during fiscal year
2001. Specifically, we addressed whether (1) the Army‘s overall control
environment and management of the purchase card program were effective,
(2) the Army‘s key internal control activities operated effectively and
provide reasonable assurance that purchase cards were used
appropriately, and (3) indications existed of potentially fraudulent,
improper, and abusive and questionable transactions. We audited the
Army‘s internal control policies, procedures, and activities at five
major commands that account for about 66 percent of total purchases and
62 percent of total transactions. At one installation in each of the
commands, we tested a statistical sample of purchase card transactions
and conducted other audit work to evaluate the design and
implementation of key internal control procedures and activities. The
results of our review of the transactions comprising the statistical
samples can only be projected to the individual installation at which
we performed the testing and cannot be used to project to the command
level or to the Army as a whole. The cumulative results of all our work
offer significant perspective on the adequacy of the design and
implementation of purchase card program internal control within the
Army.
We also looked for indications of potentially fraudulent, improper, and
abusive or questionable purchases as part of our statistical sampling
and through nonrepresentative selections of transactions using data
mining of fiscal year 2001 transactions. Our data mining included
identifying transactions with certain vendors that had a more likely
chance of selling items that would be unauthorized or that would be
personal items. Because of the large number of transactions that met
these criteria, we did not look at all potential abuses of the purchase
card. While we identified some potentially fraudulent, improper, and
abusive or questionable purchases, our work was not designed to
identify, and we cannot determine, the extent of potentially
fraudulent, improper, and abusive or questionable purchases. See
appendix I for further details on our scope and methodology.
We requested comments from the Secretary of Defense or his designee on
a draft of this report. We received comments from the Acting Director
of the Army Contracting Agency dated June 17, 2002, and have reprinted
those comments in this report. We conducted our audit work from June
2001 through April 2002 in accordance with generally accepted
government auditing standards, and we performed our investigative work
in accordance with standards prescribed by the President‘s Council on
Integrity and Efficiency, as adapted for GAO‘s work.
Results in Brief:
The purchase card program offers significant benefits; however, a weak
overall control environment and breakdowns in key internal control
activities leave the Army vulnerable to potentially fraudulent,
improper, and abusive purchases. Our work at five Army major commands
and one installation in each of the commands showed that the Army has
not established an effective internal control environment. As the use
of purchase cards has greatly expanded, Army management has not
emphasized internal control activities that can provide reasonable
assurance that the individual transactions are for authorized purposes
or that they adhere to legal and regulatory requirements. At the
individual transaction level, we identified a substantial number of
purchases for which cardholders and approving officials had not adhered
to important internal control activities and that were not in
accordance with valid requirements, policies, and procedures.
A major contributor to the weak overall control environment and weak
program management is informal and incomplete operating procedures.
While existing governmentwide, DOD-wide, and Army-wide procurement
regulations are the foundation for the Army purchase card program, the
Army has not issued servicewide regulations or operating procedures,
but relies on ad hoc memorandums and other informal guidance. This
informal guidance does not provide the purchase card program with
consistent, comprehensive policies and procedures to guide those
implementing the program. For example, the scope of responsibilities
and specific duties of installation-level program coordinators, the
primary focal points for managing the purchase card program, are not
addressed in Army guidance. The major commands and installations we
audited had established policies and procedures; however, these
policies and procedures were inconsistent between commands and did not
provide adequate guidance on key control environment issues.
Another major contributor to the weak overall control environment is
ineffective oversight of the purchase card program. The Army purchase
card program did not have the infrastructure--guidance and human
capital--needed to implement the oversight activities that are
essential for effective internal control. Army and major command
management levels did not conduct meaningful oversight activities of
their own and did not provide direction to installation-level program
coordinators on needed oversight activities. At the local installation
level, the sporadic oversight activities performed did not provide
reasonable assurance that internal control procedures and activities
were followed. For example, program coordinators did not routinely
perform annual reviews of approving officials‘ activities as required,
and the reviews that were made were seldom documented. Program
coordinators told us that they did not have sufficient human capital to
conduct required annual reviews or to define and conduct other needed
oversight activities. In addition, approving officials‘ activities
usually were considered ’other duties as assigned“ and were not the
primary duties on which the officials were evaluated and rewarded. They
generally said that many other duties were of a higher priority than
monitoring purchases and reviewing monthly cardholder statements.
We identified a significant breakdown in key internal control
activities. Control activities tested were (1) advance approval of
purchases, (2) receiving of goods and services by someone other than
cardholders, (3) approving officials reviewing cardholders‘ monthly
reconciled bills and supporting documentation, and (4) whether
transaction
files contained invoices that supported the transactions. Our
statistical
sample results at the five installations showed significant failure
rates for all four tested control activities. The high failure rate--40
to 86 percent--for approving official review is of particular concern
because it is perhaps the most important control activity.
The weaknesses we identified in the control environment and the
breakdown in specific internal control activities had specific
consequences--potentially fraudulent, improper, and abusive and
questionable transactions were not being prevented or identified
promptly. Potentially fraudulent transactions are (1) cardholder
purchases that are intended for personal benefit, (2) unauthorized
transactions by vendors, or (3) other purchases using compromised
accounts. At three of the five installations, we found that potentially
fraudulent transactions went undetected because of breakdowns in
internal control. For example, Eisenhower Army Medical Center, at Fort
Gordon, Augusta, Georgia, had two fraud cases that were not identified
by appropriate approving official review. Each case involved tens of
thousands of dollars, with cardholders purchasing jewelry, clothing,
and other items for their personal use. Another fraud case under
investigation at the end of our fieldwork involved purchases of over
$100,000 of electronic equipment, computers, and other items. The
actions of the cardholder, approving official, and other service
members were being investigated. In our Army-wide data mining,[Footnote
3] potentially fraudulent transactions include the purchase of escort
services and the use of a compromised account to purchase athletic
shoes.
We also identified a number of improper transactions--meaning those in
which the purchase was intended for government use but was not
permitted by law, regulation, or DOD policy--involving clothing, food,
or other items. For example, at the Soldier, Biological and Chemical
Command - Natick, in Natick, Massachusetts, the purchase of L.L. Bean
Gore-Tex parkas for 10 civilian employees at a cost of $2,400 was not
an appropriate use of federal funds because the parkas were not treated
solely as government property available only for official use. Other
improper purchases included meals, fruit baskets, luggage, and
services. We also identified as improper numerous purchases in which
cardholders made a substantial number of purchases of similar items
(split purchases) to circumvent the legislatively mandated
micropurchase limit of $2,500 for a single purchase. Using contracts
for such purchases would comply with procurement requirements and could
result in lower prices for the purchased items.
We identified abusive and questionable transactions at each of the five
installations we audited as well as in our Army-wide data mining.
Abusive transactions are those that were authorized, but the items
purchased were at an excessive cost or for a questionable government
need, or both. Questionable transactions were those that cardholders
purchased items for which there was not a reasonable and/or documented
justification. Examples of abusive and/or questionable purchases
included sunglasses, fine china, cigars, wine, and a $2,250 tree. The
purchase card transaction files we examined generally did not include
explanations or advance approvals that would justify these types of
purchases and permit a determination that the purchases were not
improper or abusive. Explanations and advance approvals for purchases
of potentially questionable items could increase visibility and
oversight of such purchases and reduce the potential for abusive and
wasteful spending.
During our audit, the commands we audited began to address many of the
deficiencies we identified and implement many of the recommendations
applicable at their levels. In addition, DOD established a task force
to develop recommendations to improve procedures.
This report contains recommendations to the Army to improve the overall
control environment for the Army‘s purchase card program; to strengthen
key internal control activities; and to increase attention to
preventing potentially fraudulent, improper, and abusive and
questionable transactions. We also recommend that the task force assess
the DOD-wide applicability of the recommendations addressed to the
Army. In written comments on a draft of this report, DOD concurred with
our recommendations and described actions completed, under way, or
planned to implement them. Although it concurred with our
recommendation for an Army-wide standard operating procedure directing
the implementation of specific internal control activities, DOD took
exception to broad application of two of the five recommended
activities--advance approval and independent receiving. We agree that
not all purchases require advance approval and independent receiving.
However, we continue to believe these are important control activities
and that the Army-wide standard operating procedure should (1) discuss
the criteria for determining when these activities are applicable and
(2) articulate guidelines for implementing them.
Background:
The Army‘s purchase card program is part of the governmentwide
Commercial Purchase Card Program established to simplify federal agency
acquisition processes by providing a low-cost, efficient vehicle for
obtaining goods and services directly from vendors. DOD has mandated
the use of the purchase card for all purchases at or below $2,500 and
has authorized the use of the card to pay for specified larger
purchases. DOD has had significant growth in the program since its
inception and estimates that in fiscal year 2001 about 95 percent of
its transactions of $2,500 or less were made by purchase card.
The purpose of the program was to simplify the process of making small
purchases. It accomplished this goal by allowing cardholders to make
micropurchases of $2,500 or less--$25,000 or less for training--without
having to execute contracts. The government purchase card can also be
used for larger transactions, but they still require contracts. In
these cases, the Army often refers to the card as a payment card
because it pays for an acquisition made under a legally executed
contract.
The Army uses a combination of governmentwide, DOD, and Army guidance
as the policy and procedural foundation for its purchase card program.
The Army purchase card program operates under a governmentwide General
Services Administration purchase card contract, as do the purchase card
programs of all federal agencies. In addition, government acquisition
laws and regulations, such as the Federal Acquisition Regulation,
provide overall governmentwide guidance. DOD and the Army have
promulgated supplements to these regulations.
The Assistant Secretary of Defense for Acquisition, Technology, and
Logistics, in cooperation with the Under Secretary of Defense
(Comptroller), has overall responsibility for DOD‘s purchase card
program. The DOD Joint Purchase Card Program Management Office, in the
office of the Assistant Secretary of the Army for Acquisition Logistics
and Technology, is responsible for overseeing DOD‘s program. The Army
agency program coordinator, within the joint office, has oversight over
the Army‘s purchase card program. However, primary management
responsibility for the purchase card program lies with the contracting
offices in the major commands and local installations. Figure 1 depicts
the Army purchase card program management hierarchy as it was during
our audit work. For the major commands, the figure shows the number of
installation program coordinators within the command. For the five
installations we audited, the figure shows the number of approving
officials and cardholders at each installation.
On May 1, 2002, the Army created an Office of the Deputy Assistant
Secretary of the Army (Procurement) and the U.S. Army Contracting
Agency. The responsibility for the Army purchase card program and the
DOD Purchase Card Joint Program Management Office will be moved to the
newly created office. This new Deputy Assistant Secretary‘s office will
be in a ’transitional“ status until October 1, 2002.
Figure 1: Army Purchase Card Program Management Structure:
[See PDF for image]
Source: GAO analysis of Army purchase card program organization.
[End of figure]
At the installation, personnel in three positions--program coordinator,
cardholder, and approving official[Footnote 4]--are collectively
responsible for providing reasonable assurance that purchase card
transactions are appropriate and meet a valid government need. The
installation program coordinator, typically a full-time position under
the direction of the director of the contracting office, is responsible
for the day-to-day management, administration, and oversight of the
program. In our work, we noted that program coordinators develop local
standard operating procedures, issue and cancel cards, train
cardholders and approving officials, and coordinate with other Army
units and the card-issuing bank. Cardholders--soldiers and civilian
personnel--are to make purchases, maintain supporting documentation,
and reconcile their monthly statements. Approving officials, who
typically are responsible for more than one cardholder, are to review
cardholders‘ transactions and the cardholders‘ reconciled statements
and certify the official consolidated bill for payment. Approving
officials receive an official bill that consolidates their cardholders‘
purchases. Appendix II provides additional details on the Army purchase
card program.
Weaknesses in Overall Control Environment for Army Purchase Card
Program:
[See PDF for image]
[End of figure]
Weaknesses in the internal control environment for the Army purchase
card program at the five major commands and five installations we
audited contributed to internal control breakdowns and potentially
fraudulent, improper, and abusive purchases. The importance of the role
of management in establishing a positive internal control environment
cannot be overstated. GAO‘s Standards for Internal Control discusses
management‘s key role in demonstrating and maintaining an
organization‘s integrity and ethical values, especially in setting and
maintaining the organization‘s ethical tone, providing guidance for
proper behavior, and removing temptations for unethical behavior.
Army purchase card management has not encouraged a strong internal
control environment. It has not focused on ensuring an adequate
environment for a greatly expanding program. Instead, Army purchase
card management focused significant attention on maximizing the use of
the purchase card for small purchases and on paying bills quickly to
reduce delinquent payments, and it developed performance measures and
goals for them. However, purchase card management has not focused equal
attention on internal control, and it has not developed performance
measures to assess the adequacy of internal control activities or set
goals for them. As a result, our audit identified a weak internal
control environment characterized by a lack of (1) adequate operating
procedures specifying needed program management, oversight, and
internal control activities and (2) oversight by all management levels
over the program‘s implementation at the installation level. These
weaknesses are symptomatic of a purchase card infrastructure that is
insufficiently robust to build and sustain a strong internal control
environment. As discussed in the next section, strong internal control
activities are needed to effectively manage the Army‘s purchase card
program and provide reasonable assurance that the billions of dollars
spent under the program adhere to legal and regulatory requirements.
Developing performance measures and setting performance goals are
fundamental to implementing and maintaining strong internal control
activities.
Inadequate Program Operating Procedures:
[See PDF for image]
[End of figure]
The Army operates its purchase card program without a specific
servicewide regulation or standard operating procedures to govern
purchase card activities throughout the agency. Instead, the Army
relies on memorandums issued by the DOD and Army purchase card program
offices and procedures issued by major commands and installations. Our
assessment of the existing Army guidance is that it does not adequately
identify and direct the implementation of needed actions and control
activities.
The memorandums issued by the DOD and Army purchase card program
offices do not provide the Army purchase card program with a
comprehensive set of policies and operating procedures that identify
the actions and control activities needed to manage the program.
Instead, they address such topics as cash management of certified
purchase card invoices or suggest best practices, including discussions
of the importance of internal control activities. Also, the memorandums
often only request that Army commanding officers implement a suggested
action; they do not direct that specific actions be taken within
specific time frames. Such requests might not achieve the desired
results. For example, an August 3, 2001, Office of the Assistant
Secretary of the Army for Acquisition Logistics and Technology
memorandum requested Army units‘ assistance and support in implementing
the DOD program office‘s earlier request to assess the adequacy of
purchase card program human capital resources. Because they are only
requests, they do not have to result in action. For example, in the
example above, we found no evidence that the major commands or
installations had made an assessment of their overall purchase card
human capital resource needs.
Without agencywide operating procedures, the Army has relied on its
major command and local installation program coordinators to establish
purchase card policies and procedures to guide approving officials,
cardholders, and others involved in the purchase card program as they
implement the program. The standard operating procedures for the major
commands and installations we audited varied widely, and they were not
adequate. For example, the Army Materiel Command does not have standard
operating procedures, but uses a Web-based tutorial that is part of
required training to guide cardholders and approving officials. A
training tutorial does not carry the force of a regulation or a
standard operating procedure. Consequently, installation program
coordinators, such as at the Soldier, Biological and Chemical Command -
Natick, developed standard operating procedures that set program
implementation standards and requirements at the installation.
At the installation level, the contrast between three installations
illustrates the differences. As discussed above, the Soldier,
Biological and Chemical Command - Natick had a detailed operating
procedure that was revised during our work there to add further
detailed instructions. Fort Benning, in Columbus, Georgia, did not have
installation-level operating procedures. At Fort Hood, in Killeen,
Texas, the installation-level procedures were supplemented with
detailed procedures developed by the military units, for example,
battalions and brigades, located there. Thus, the procedures at these
three installations differed significantly and within Fort Hood
procedures were different. Collectively, the Army policy memorandums
and the major command and installation-level operating procedures do
not adequately address key control environment issues. Among the more
important issues not adequately addressed are:
* responsibilities and duties of installation-level program
coordinators,
* controls over the issuance and assessment of ongoing need for cards,
* appropriate span of control for approving officials, and:
* appropriate cardholder spending limits.
In addition to the above control environment issues, we identified
weaknesses in the individual control activities we tested, which we
discuss in the next section of this report.
Responsibilities and Duties of Installation-Level Program
Coordinators:
Army guidance has not addressed the scope of responsibilities and
specific duties of installation-level program coordinators, although
they are the primary focal point for managing the purchase card program
and generally spend all their time on the purchase card program. The
importance of these program coordinators to the purchase card program
cannot be overstated. During our work we noted that program
coordinators develop and enforce operating procedures, establish and
cancel cardholder and approving official accounts, train cardholders
and approving officials, interact with the bank, and field myriad
questions about the program from both cardholders and approving
officials. Yet, the Army does not have guidance on how to do these
activities, and it does not provide program coordinators with guidance
or assistance in developing oversight activities to monitor how well
their programs are functioning. Program coordinators told us that they
did not get formal training in what their duties are and how they
should be done. They said they had to do a lot of on-the-job learning
and they called other program coordinators for advice.
Controls over the Issuance and Assessment of Ongoing Need for Cards:
Little guidance exists to assist program coordinators and unit managers
in selecting who should be issued a purchase card. Carefully
controlling the issuance of cards and continually reassessing the need
and justification for outstanding cards are important issues in
controlling the government‘s risk in the purchase card program. At the
installations we audited, the operating procedures usually specified
that unit managers, after deciding who should be a cardholder and who
should be an approving official, request the installation program
coordinator to process the appointments. Yet, we found little guidance
at any level that provided criteria to these officials for determining
how many cards a unit should have or who should have them. The November
2001 operating procedure at the Soldier, Biological and Chemical
Command - Natick requires unit directors to provide written
justification for the selection of a cardholder or approving official.
However, without guidance from the Army, the command did not establish
criteria to guide the directors‘ decisions. In no case did we identify
guidance that required cardholders to have a continuing need to make
procurements for an office or organization, and none of the guidance
discussed the need to reassess the ongoing need for outstanding cards.
Span of Control for Approving Officials:
Standard operating procedures at the major commands and installations
we audited do not adequately discuss the span of control that is
appropriate for approving officials that could provide a reasonable
assurance that they can effectively perform their responsibilities. The
training program for Army Materiel Command and the standard procedures
at the Soldier, Biological and Chemical Command - Natick discuss that
an approving official should have only as many cardholders for whom he/
she can review all monthly transactions. Approving officials who have
more cardholders than they can effectively supervise is symptomatic of
a weak control environment. The Army did not provide criteria for
approving officials‘ span of control until July 2001,[Footnote 5] just
prior to our testimony on the purchase card program at two Navy
installations.[Footnote 6] The July guidance suggested a span of
control of five to seven cardholders. However, this guidance had not
been promulgated in major command or installation guidance as of the
end of our fieldwork.
Cardholder Spending Limits:
Policies and procedures that addressed controlling cardholders‘
spending limits were inadequate. Unit managers and approving officials
coordinate with the program coordinator to set both transaction and
monthly spending limits for cardholders. However, we found no policy
guidance or procedures that provided criteria to guide them in making
these decisions, except a recitation of the micropurchase spending
limits, until an August 13, 2001, memorandum from the Director of
Defense Procurement. This memorandum, which was in response to
congressional hearings on our Navy testimony,[Footnote 7] noted that
not every cardholder needs to have the maximum transaction or monthly
limit and that reasonable limits based on what the person needs to buy
should be set. We found that individual transaction limits were
generally set at the micropurchase maximum of $2,500. Installations
generally set monthly limits at a generic level, such as $10,000,
$25,000, or $100,000, for most of their cardholders. We saw little
evidence that limits were set based on an analysis of individual
cardholders‘ needs or past spending patterns. In some cases, we were
told that the monthly limits were based on the anticipated peak
spending to avoid possible limit changes. We also saw infrequently used
cards that, nevertheless, had spending limits set at the maximum.
Limits that are higher than justified by the cardholder‘s authorized
and expected usage unnecessarily increase the government‘s exposure to
potentially fraudulent, improper, and abusive purchases.
Army Addressing Control Issues:
As we were performing our review of the Army purchase card program and
in response to our July testimony on Navy purchase card activities, DOD
and Army officials have issued a number of memorandums that address
some of the weaknesses that we have discussed. For example, a
memorandum from the Director of Defense Procurement, issued in August
2001,[Footnote 8] said that only those personnel with a continuing need
to purchase goods or services as part of their jobs should be
cardholders. In another example, DOD‘s Joint Program Office, after we
requested data on inactive cards, sent a February 2002
memorandum[Footnote 9] to agency program coordinators asking that they
consider canceling cards with little activity or imposing other
controls, such as reducing the monthly limit to 1 dollar. However, at
the locations we audited, the guidance in these and other memorandums
had not been incorporated into operating procedures as of the end of
our fieldwork.
DOD and Army purchase card officials told us that they recognized the
need for the Army to issue standard operating procedures for the
purchase card program. They said that work had been ongoing on
developing such procedures, which could be issued in this fiscal year.
In addition, on March 19, 2002, the Secretary of Defense directed the
Under Secretary of Defense (Comptroller) to establish a Charge Card
Task Force to review the operations of both purchase and travel cards
and to develop recommendations to improve procedures.
Ineffective Program Monitoring and Oversight:
[See PDF for image]
[End of figure]
Ineffective oversight of the purchase card program also contributes to
weaknesses in the overall control environment. In general, effective
oversight activities would include management reviews and evaluations
of how well the purchase card program is operating, including the
internal control activities. We identified little monitoring or
oversight activity directed at assessing program results, evaluating
internal control, or identifying the extent of potentially fraudulent,
improper, and abusive or questionable purchases. At no management
level, Army headquarters, major command, or local installation, is the
infrastructure provided for such activities. At the installation level,
where the most responsibility for oversight appears to reside, guidance
or training on what oversight activities should be undertaken does not
exist, and the needed human capital resources to perform those
activities are not in place.
Army-Wide and Major Command Oversight Limited:
At the Army-wide level, the purchase card agency program coordinator--
the position involving direct oversight of the Army program--does not
conduct internal control oversight activities. The agency program
coordinator, who is in the DOD Joint Purchase Card Program Office, has
no human capital resources to conduct oversight activities. The
coordinator‘s activities are mainly directed at answering program
operation questions from and transmitting reports to major command and
installation-level program coordinators.
The major commands have direct authority over the installations that
report to them and have responsibility for the purchase card programs
of their installations. While the major commands that we audited had
procedures to guide the installations‘ activities, we found little
evidence of oversight activities by the commands to monitor the
installations‘ implementation of the procedures. The major commands‘
purchase card program office personnel do participate in contract
management reviews conducted at their installations every 2 years.
These reviews, which generally are completed in 1 week, are focused on
the installation‘s contracting operations and have a small purchase
card component. The program coordinators at the major commands we
audited confirmed that they conduct little oversight of internal
control activities at the local installation programs.
Installation-Level Oversight Activities Inadequate:
The only significant oversight activities we identified were at the
local installation level where the primary purchase card activities are
taking place. However, none of the installations we audited had a
comprehensive or effective program of oversight and monitoring. The
oversight and monitoring activities consisted primarily of isolated
inspections of approving official‘s compliance with monthly statement
certification requirements and monitoring resolution of disputed
transactions.
Audits and inspections of the purchase card program by internal
auditors can provide additional oversight of the installation level
purchase card program. For example, at the Soldier, Biological and
Chemical Command - Natick, where the command has recognized that the
program coordinator did not have the infrastructure to perform
oversight reviews, the internal auditor provided assistance. According
to the auditor, the audits are designed to ensure continued command
attention and to assist the program coordinator with developing
policies, procedures, and controls. However, at the installations we
visited, audits and inspections were generally limited in both scope
and number. For example, at Fort Hood, the internal auditors conducted
occasional purchase card reviews as part of the command inspection
program. Although these inspections occasionally surfaced control
problems, the results were not communicated to the purchase card
program coordinator so that systemic problems could be identified and
addressed.
The DOD Financial Management Regulation assigns installation program
coordinators the responsibility for the implementation and execution of
the purchase card program in accordance with established Office of the
Secretary of Defense and applicable DOD component regulations,
policies, and procedures. Thus, installation program coordinators, who
act under the direction of the installation‘s director of contracting,
are the pivotal officials in managing and overseeing the purchase card
program.
A comprehensive and robust management and oversight program could
include a number of activities. At the installations that we audited,
the program coordinators were devoting significant time and attention
to some basic activities such as establishing cardholders and approving
officials and providing required training to these individuals. In most
cases, cardholders and billing officials were being appropriately
established and were receiving the required initial training. However,
we found that refresher training, required by DOD guidance for
cardholders and approving officials every 2 years, was seldom provided
at the five installations we audited. Program coordinators at every
location except the Texas Army National Guard in Austin, Texas, told us
that this training seldom, if ever, occurred because of inadequate time
and human capital resources.
While devoting time and resources to establishing cardholders and
approving officials, other important activities were not receiving
attention. For example, the key oversight activity identified in Army
regulations is an annual review of the records of approving officials.
This key activity was not effectively carried out at any of the five
installations. In addition, program coordinators were not monitoring
potential abusive and questionable transactions, and taking prompt and
appropriate action to cancel accounts for departed and unneeded
cardholders.
Inspecting approving official activities. Army guidance, reiterated in
an August 2001 memorandum,[Footnote 10] provides for the installation‘s
program coordinator to annually inspect the records of approving
officials. Our work showed that none of the program coordinators at the
five installations had a comprehensive inspection program, although
three program coordinators had conducted some inspections. Our work
also showed that the few that had been conducted were focused on only a
limited number of cardholders and did not include remediation plans.
Without inspecting cardholders‘ and approving officials‘ activities and
developing remediation plans, program coordinators had no structured
way to determine either currently or over the long run how well their
approving officials were functioning or to follow up their inspections
and determine whether cardholders and approving officials had improved
their performance.
The following summarizes the ineffective and limited information on
inspections of approving officials‘ records at the audited
installations.
* At Eisenhower Army Medical Center, the program coordinator performed
a few targeted inspections in fiscal year 2001, rather than undertake a
comprehensive audit of approving officials‘ activities. These
inspections covered eight approving officials and 15 cardholders.
* At Fort Benning, the program coordinator told us that records of a
few approving officials are inspected each year but there is no
specific timetable for the inspections and the results are not
documented. An internal audit of the purchase card program at Fort
Benning prepared for the commanding general in 2001 concluded that the
program coordinator had not placed enough emphasis on oversight
responsibilities.
* At Fort Hood, the program coordinator conducted few inspections of
approving officials‘ activities due to a heavy workload in establishing
cardholders and approving officials and limited human capital
resources.
* At the Soldier, Biological and Chemical Command - Natick, the program
coordinator did not conduct inspections of approving officials‘
activities. However, internal review performed audits focused on
various purchase card areas to assist the program coordinator.
* An April 2001 internal review audit report of the Texas Army National
Guard program stated that there was no evidence reviews were conducted
to test management controls over the purchase card program. Subsequent
to the audit report, the program coordinator and the director of
contracting said that they had begun to occasionally conduct a small
number of reviews.
Monitoring potentially abusive and questionable transactions. Program
coordinators at the five installations have not routinely monitored
potentially abusive transactions. Their activities in this area were
generally confined to answering cardholder questions about potentially
questionable aspects of proposed purchases and occasionally scanning
bank data for questionable transactions. The program coordinators told
us that the Army and major command purchase card offices do not require
them to analyze purchase card transactions and have not provided
guidance on data to be analyzed or on analysis techniques. Our own data
mining efforts, including our analysis of Army-wide data, shows the
usefulness of these techniques and their potential for identifying
transactions that contain indicators of potentially fraudulent,
improper, and abusive and questionable transactions, as we discuss in a
later section of this report.
While cardholders and approving officials are the first line of defense
in preventing purchase card abuse, program coordinator activities
become especially critical if the approving official is not carrying
out required duties. For example, after noting that we were requesting
additional details on purchases from some questionable vendors, the
Fort Benning program coordinator noticed that a cardholder had
purchases from such vendors. Subsequent investigation of the cardholder
revealed potentially fraudulent purchases totaling $10,748. The
cardholder‘s potentially fraudulent activities were not detected
promptly because the approving official had not been monitoring the
cardholder‘s purchases or reviewing the monthly statement.
Program coordinators, in addition to analyzing questionable
transactions, need to analyze other purchase card data, such as bank
status reports on disputed transactions. The Fort Hood program
coordinator, who was not effectively monitoring bank status reports on
disputed transactions, did not identify that cardholder inaction beyond
the expiration date for disputes had resulted in the loss of ability to
recover funds on previously disputed charges. At our suggestion, the
coordinator followed up on an unresolved expired dispute and obtained
credit for over $1,000 in returned unordered merchandise. Such a
recovery demonstrates that a data analysis program for installation
program coordinators can produce savings for taxpayers.
Canceling accounts for departed cardholders. None of the program
coordinators at the five installations had focused effective attention
on canceling accounts of departed and unneeded cardholders prior to the
completion of our fieldwork. Program coordinators can reduce the
government‘s exposure to fraud, waste, and abuse by monitoring
cardholder account activity and determining whether issued cards
continue to be required. If cards are not active and unneeded because
of change in duties or other reassignments, timely cancellations of
cards is an important control. At all five installations, we identified
weaknesses in their processes for canceling accounts for inactive or
unneeded cardholders, and each location had significant numbers of
cards that were inactive and should have been canceled.
The most serious problem was when some accounts had not been canceled
even though the cardholder was no longer at the installation or even
with the Army. Each installation had a policy that the program
coordinator be notified when an account should be canceled, but they
were not effective. Even the existence of processes to identify when a
cardholder‘s account should be canceled were not always effective. For
example, the Soldier, Biological and Chemical Command - Natick had
developed a process to terminate the purchase card when the cardholder
departed. The process involved a checkout procedure that required each
departing cardholder to obtain a release from the program coordinator
prior to being allowed to leave the installation. Yet, even with this
process in place, the installation had 20 inactive cards that needed to
be canceled. Although the checkout process had been developed, data had
not been analyzed to evaluate if the process was effective.
This problem of unneeded cards was especially serious at Fort Hood,
which also had a checkout process that included the purchase card.
Available data showed that 317--26 percent--of 1,242 current
cardholders at Fort Hood were no longer assigned to the units that
issued their cards. Therefore, the cards should have been terminated.
Neither the installation nor purchase card program office had
established processes to ensure that purchase cards of departing or
reassigned personnel were canceled. As identified later in this report,
failure to terminate cards of reassigned cardholders can result in
potentially fraudulent transactions.
The problem at Fort Hood was exacerbated by the high turnover of active
duty military personnel rotating to and from the installation--Fort
Hood military personnel statistics show that about 1,600 soldiers
depart the installation monthly. The personnel office managing the
transfers of military personnel had established checklist procedures to
cancel government travel cards held by departing employees, but did not
have similar procedures for canceling purchase cards. They said that
the procedure was not established because the social security numbers
of cardholders are not provided for computerized matching to the social
security numbers of departing soldiers. Fort Hood‘s purchase card
program office agreed to review records and cancel cards for reassigned
personnel and to identify workaround procedures to ensure that cards of
departed personnel were terminated. Following the completion of our
fieldwork, Fort Hood program officials notified us in mid-May that they
had canceled 258 cardholder accounts and were continuing to identify
other accounts for cancelation. The command said it was also attempting
to improve its checkout procedures.
The above conditions illustrate that the Army as a whole may also need
to reduce its active cards. Since our testimonies and report on the
purchase card programs at two Navy locations,[Footnote 11] there has
been concern over whether DOD has too many purchase cards and
cardholders. Since that time, the Navy reports that it has reduced its
total active cards from about 58,000 to about 26,000. With the Army‘s
lack of guidance to installations on controlling the issuance of cards
and on reassessing the need for outstanding cards, the Army should also
have opportunities to reduce its reported 109,000 active cards. Army
officials reported that as of April 30, 2002, they had reduced the
number of active accounts to about 100,000 and would continue to assess
the need for cards.
Infrastructure Is Insufficient for Effective Monitoring and Oversight:
DOD, Army, and the major commands we audited have not provided
installation-level program coordinators the infrastructure needed for
program monitoring and oversight. The coordinators do not have guidance
or training on what they should be doing to monitor and oversee the
implementation of internal control activities, and they have not been
trained. They do not have the human capital resources to perform
significant monitoring and oversight activities. And finally, they do
not have grade-level positions that are commensurate with their
responsibilities and that would provide some additional authority to
achieve better purchase card internal control.
No program guidance or training. Although installation-level program
coordinators are tasked with major program management responsibilities,
applicable DOD, Army, and major command guidance does not provide a
statement of duties, position description, or other information on the
scope, duties, or specific responsibilities for the position. The
guidance also does not establish program coordinators‘ oversight
responsibilities. The Army and major command guidance to installation-
level program coordinators is generally limited to a requirement that
program coordinators review each approving officials‘ records and
activities annually. The Army and major commands also have not
developed data analysis techniques and tools for installation-level
program coordinators to use in analyzing bank electronic data as a part
of their oversight activities.
Also, the Army and major commands have not developed training courses
for program coordinators. At the five audited installations, the
coordinators told us they had not received any specific program
coordinator training. They said the available training was limited to
cardholders training sessions either on-line or conducted by other
coordinators and the General Services Administration‘s annual
governmentwide purchase card program conference. Thus, program
coordinators essentially have had to develop program management and
oversight activities and to decide how to conduct them.
Inadequate human capital resources. The Army has not provided
sufficient human capital resources at the installation level to enable
monitoring of purchases and develop a robust oversight program. The two
key positions for monitoring purchases and overseeing the program are
the program coordinator and the approving official.
While the program coordinator position is a specifically designated
responsibility, we found that the coordinator has very limited
assistance in administering, managing, and overseeing the program. At
the five installations that we audited, the assistance available to the
program coordinator ranged from no staff at two locations to one full-
time assistant at two locations. Considering that the coordinators are
responsible for procurement programs involving thousands of
transactions and millions of dollars, as shown in table 1, the
inadequacy of human capital resources is apparent.
Table 1: Program Coordinators‘ Span of Control:
Installation: Eisenhower Army Medical Center[A]; People in program
coordinator office: 1.5; Number of approving officials: 162; Number of
cardholder: 540; Number of fiscal year 2001 transactions: 68,805; Value
of fiscal year 2001 transactions: $30.
Installation: Fort Benning; People in program coordinator office: 2;
Number of approving officials: 162; Number of cardholder: 450; Number
of fiscal year 2001 transactions: 44,421; Value of fiscal year 2001
transactions: 19.
Installation: Fort Hood; People in program coordinator office: 2;
Number of approving officials: 321; Number of cardholder: 1,242; Number
of fiscal year 2001 transactions: 110,822; Value of fiscal year 2001
transactions: 58.
Installation: Soldier, Biological and Chemical Command - Natick; People
in program coordinator office: 1; Number of approving officials: 87;
Number of cardholder: 208; Number of fiscal year 2001 transactions:
16,480; Value of fiscal year 2001 transactions: 96.
Installation: Texas Army National Guard; People in program coordinator
office: 1; Number of approving officials: 26; Number of cardholder:
437; Number of fiscal year 2001 transactions: 20,306; Value of fiscal
year 2001 transactions: 7.
[A] This program coordinator has responsibility for all nine Army
medical centers in the Southeast. :
Source: GAO analysis of Army purchase card program data as of September
30, 2001.
[End of table]
The Army does not have guidance on the appropriate human capital
resources for the program coordinator‘s office. However, the program
coordinators told us, and our observations confirmed, that with current
resources, time was not available to conduct systematic reviews of
approving officials‘ activities, much less undertake other management
analyses and oversight activities. They each said that their time was
generally consumed with administrative duties such as training new
cardholders, issuing appointment letters, setting up accounts for new
cardholders, monitoring delinquencies, interacting with the bank to
resolve problems, and interacting with cardholders to answer questions
about the purchase card program. These administrative activities are
necessary to operate the purchase card program, but do not achieve
routine oversight of activities.
As previously discussed, the Director, Purchase Card Joint Program
Management Office, recognized in his July 5, 2001, memorandum, the need
to assess the adequacy of resources and asked that the services conduct
an assessment of the policies and guidelines that are in effect to
assist commanders and directors in the proper allocation of resources
to the purchase card program. He asked that the assessment be conducted
in the coming weeks (emphasis added). However, the Army program office
could not identify any such assessments. By the end of our fieldwork,
the five installations and five major commands included in our work had
not conducted any studies or assessments to address the question of
appropriate resources.
As opposed to the specifically designated role of the program
coordinator, approving official responsibilities generally fall into
the category of ’other duties as assigned,“ without any specific time
allocated for their performance. We found that approving officials
generally had many other duties of a higher priority than monitoring
purchases and reviewing their cardholders‘ purchase card statements.
Also, many approving officials are responsible for a large number of
cardholders. A large workload, especially one in an ’other duties as
assigned“ category can inevitably lead to less attention than expected
or desired. We found that a number of approving officials at the
installations we visited had numerous cardholders reporting to them.
For example, at Fort Hood, 29 billing officials had 10 or more
cardholders. Two of the 29 had over 20 cardholders. At Eisenhower Army
Medical Center, one approving official had 18 cardholders, one of whom
was spending about $100,000 per month for surgical supplies and
equipment. The approving official said he simply did not have time to
review each cardholder‘s monthly bills and transactions each month. At
the Texas Army National Guard, 16 of the 26 approving officials had 10
or more cardholders, and 8 of them had 25 or more. The number of
cardholders that these approving officials were responsible for far
exceeded the Army‘s suggested maximum of 7 cardholders per approving
official,[Footnote 12] as discussed earlier.
The DOD Inspector General also reported a problem with approving
officials having too many cardholders. In a March 2002 report on the
purchase card program,[Footnote 13] the Inspector General reported that
1,816 approving officials, or 8.8 percent off the Army‘s 20,709
officials, were assigned more than 7 cardholders and that 21 of them
were assigned more than 100 cardholders.
A large span of control for approving officials is not conducive to
thorough review of each cardholder‘s monthly statement. The August 3,
2001, memorandum[Footnote 14] from the Acting Deputy Assistant
Secretary of the Army (Procurement) to the contracting community cited
earlier stated that ’[approving] officials are the first line of
defense against fraud, waste, and abuse, as they are required to review
each of their cardholder statements. If they have too many cardholders
under their purview there is no way these officials can perform the
required reviews and attendant certifications of cardholder purchases.“
In the February 1, 2002, memorandum[Footnote 15] cited earlier from the
Director of the Purchase Card Joint Program Management Office to agency
program coordinators, the director requested program coordinators‘ help
in ensuring that approving officials‘ span of control is commensurate
with their ability to adequately perform their responsibilities. The
memorandum said that approving officials should have a reasonable span
of control over the cardholders they supervise and approving officials
must be given adequate time for a complete monthly review to determine
that each charge is legal and proper. Following completion of our
fieldwork, the installations we audited reported that they had begun to
bring their approving officials‘ span of control into line with the
criteria.
Insufficient authority to encourage compliance. The program
coordinators at the five installations we audited generally did not
have the grade level or organizational authority--“clout“--to enforce
compliance with purchase card procedures. At the five installations we
audited, the program coordinators were part of the installation‘s
contracting operation and reported to the director of contracting, from
whom they derived their authority. However, we believe that the program
coordinators‘ grade levels were not commensurate with their
responsibilities or sufficient to provide the authority needed to
enforce purchase card program rules. Only one of the five was a GS-12,
two were GS-9s, and two were GS-7s. Program coordinators have the
primary responsibility for purchase card program management and
significant control over procurement activities carried out by a large
number of individuals. For example, table 1 shows that the Fort Hood
program coordinator has responsibility for overseeing a program of over
110,000 purchase card transactions totaling about
$58 million and carried out by 321 approving officials and 1,242
cardholders.
In addition to the relatively low grades, the Army has not made the
program coordinator position career enhancing by making it part of a
contracting career path. At three of the five installations, program
coordinator position descriptions were for traditional contracting
positions, although their coordinator duties are unique. Two
coordinators had locally developed position descriptions that included
their coordinator responsibilities, but these descriptions still
carried traditional contracting titles. At the Soldier, Biological and
Chemical Command - Natick, the program coordinator‘s position
description, which was written to justify a GS-12 grade, was for a
procurement analyst and specifically included program coordinator
duties. However, the director of contracting said that obtaining
approval for the position took much discussion and persuasion because
of its uniqueness. At Fort Benning, the program coordinator‘s position
description was developed specifically for the local position.
Critical Internal Control Activities and Techniques Not Effectively
Implemented:
[See PDF for image]
[End of figure]
Our work shows that critical internal control activities and techniques
over the purchase card program were ineffective at the five
installations we audited. Based on our tests of statistical samples of
transactions, we determined that the transaction-level control
activities and techniques we tested were not effective, rendering
purchase card transactions at the five installations vulnerable to
potentially fraudulent and abusive purchases and theft and misuse of
government property.
Control activities occur at all levels and functions of an agency. They
include a wide range of diverse activities such as approvals,
authorizations, verifications, reconciliations, performance reviews,
and the production of records and documentation. For the Army purchase
card program, we opted to test those control activities that we
considered to be key in creating a system to provide reasonable
assurance that transactions are correct and proper throughout the
procurement process. The key control activities and techniques we
tested include:
* advance approval of purchases,
* independent receiving--receiving and acceptance of goods and services
by someone other than the cardholder,
* independent review by an approving official of the cardholder‘s
monthly statements and supporting documentation, and:
* cardholders obtaining and providing invoices that support their
purchases and provide the basis for reconciling cardholder statements.
Table 2 summarizes the results of our statistical testing. Our work
showed internal control activity failures in both purchase and payment
cards, although the percent of failure--the failure rate--was generally
higher for purchase card transactions.
Table 2: Internal Control Activity Statistical Testing Failure Rates:
Installation: Eisenhower Army Medical Center; Estimated percent of
transactions without documentation of: Advance approval: 60; Estimated
percent of transactions without documentation of: Independent
receiving: 71; Estimated percent of transactions without documentation
of: Approving official review: 86; Estimated percent of transactions
without documentation of: Supporting invoice: 26.
Installation: Fort Benning; Estimated percent of transactions without
documentation of: Advance approval: 46; Estimated percent of
transactions without documentation of: Independent receiving: 75;
Estimated percent of transactions without documentation of: Approving
official review: 73; Estimated percent of transactions without
documentation of: Supporting invoice: 16.
Installation: Fort Hood; Estimated percent of transactions without
documentation of: Advance approval: 36; Estimated percent of
transactions without documentation of: Independent receiving: 65;
Estimated percent of transactions without documentation of: Approving
official review: 66; Estimated percent of transactions without
documentation of: Supporting invoice: 7.
Installation: Soldier, Biological and Chemical Command - Natick;
Estimated percent of transactions without documentation of: Advance
approval: 25; Estimated percent of transactions without documentation
of: Independent receiving: 55; Estimated percent of transactions
without documentation of: Approving official review: 40; Estimated
percent of transactions without documentation of: Supporting invoice:
14.
Installation: Texas Army National Guard; Estimated percent of
transactions without documentation of: Advance approval: 69; Estimated
percent of transactions without documentation of: Independent
receiving: 87; Estimated percent of transactions without documentation
of: Approving official review: 41; Estimated percent of transactions
without documentation of: Supporting invoice: 14.
Source: GAO testing and statistical analysis of Army purchase card
transaction files.
[End of table]
In addition to the internal control activities we tested statistically,
we noted two other internal control-related problems during our work.
First, the purchase card exacerbates the long-standing difficulties of
maintaining property records over accountable property. Second,
cardholders did not always maintain purchase card transaction records
as required by regulations.
Advance Approval of Purchases:
[See PDF for image]
[End of figure]
Without Army-wide operating procedures, requirements for advance
approval are not consistent but do exist, to some extent, at each of
the five audited installations. Two major commands and three
installations specifically require advance approval. Others required
written descriptions of purchases and appropriate coordination and
review prior to the purchases. Advance approval requirements also
varied within individual units at the installations and by individual
approving officials. The requirements were generally for informal
approval directed toward ensuring budget and funds control as well as
establishing a valid need for a purchase so that cardholders are not
acting totally independently.
The approvals that we saw included e-mails from a cardholder‘s
supervisor as well as a request for a purchase initiated by someone
other than the cardholder. For example, the Soldier, Biological and
Chemical Command - Natick used an electronic system to manage its
purchase card activity, making it easy for Natick employees to request
a cardholder to make a purchase and for supervisors, unit heads,
resource managers, and logistics personnel to have knowledge of and
approve the request with a few computer keystrokes. Approval of a
purchase can range from a blanket approval for routine small dollar
purchases of items such as office supplies to a one-time written
approval for specific large dollar items. For example, at Fort Hood,
some units have a blanket approval for routine, small dollar purchases,
such as office supplies under $300.
For our testing of advance approval, we accepted reasonable documented
evidence that a cardholder‘s supervisor or other responsible person had
requested and/or approved the purchase. This included a request for
purchase from a responsible official, and it also included specific
blanket approval for routine purchases within set dollar limits. As
table 3 shows, we estimated that the failure rate at the five
installations ranged from 25 percent at Soldier, Biological Chemical
Command - Natick to 69 percent at the Texas Army National Guard.
Table 3: Advance Approval Failure Rates:
Installation: Eisenhower Army Medical Center; Estimated percent of
transactions without advance approval: 60; 95 percent confidence
interval: 48 to 71.
Installation: Fort Benning; Estimated percent of transactions without
advance approval: 46; 95 percent confidence interval: 34 to 58.
Installation: Fort Hood; Estimated percent of transactions without
advance approval: 36; 95 percent confidence interval: 23 to 51.
Installation: Soldier, Biological and Chemical Command - Natick;
Estimated percent of transactions without advance approval: 25; 95
percent confidence interval: 14 to 38.
Installation: Texas Army National Guard; Estimated percent of
transactions without advance approval: 69; 95 percent confidence
interval: 59 to 79.
Source: GAO testing and statistical analysis of Army purchase card
transaction files.
[End of table]
Although the failure rate was unacceptably high overall, the failure
rate was particularly high for micropurchases, even though some of
those purchases were for computers, electronic devices, and other items
for which advance approval would appear warranted because the
procurement was not routine.
We believe that leaving cardholders solely responsible for a
procurement without some type of documented approval puts the
cardholders at risk and makes the government inappropriately
vulnerable. A segregation of duties so that someone other than the
cardholder is involved in the purchase improves the likelihood that
both the cardholders and the government are protected from fraud,
waste, and abuse. We believe that advance approval is an appropriate
internal control activity, especially considering that many cardholders
in our audit were administrative personnel and not supervisors or
managers.
Our testing of advance approval as a control activity is not advocating
a return to the formal advance approval that DOD has de-emphasized in
the purchase card program. A February 1997 study of the purchase card
program identified DOD‘s requirement for formal prepurchase approval
documentation through the administrative chain of command for each
purchase card transaction as an impediment to expanded use of the
purchase card.[Footnote 16] The formal prepurchase documentation that
previously existed could impede purchases and increase costs. The more
informal practices that exist at the installations we audited eliminate
much of the previous formal documentation, but still can serve to
protect the cardholders and the government. For example, blanket
approval for routine purchases within set dollar limits involves
minimal cost, but reasonable control. For nonroutine purchases
involving significant expenditures, advance approval, even through
informal processes, appears to be an important control activity.
Documentation of Independent Receiving by Other Than Cardholder:
[See PDF for image]
[End of figure]
Independent receiving--receiving of goods and services by someone other
than the cardholder--provides additional assurance that purchased items
are not acquired for personal use and that the purchased items come
into the possession of the government. The requirement for
documentation of independent receiving by someone other than the
cardholder was not generally addressed in the procedures of the
commands and installations we audited. However, installations and units
within the installations often required some documentation of
independent receiving of at least some portion of their purchases. At
Fort Benning, instructions in various units required documentation of
independent receiving. At Fort Hood, the Department of Public Works had
established the same type of requirement. The Fort Hood official in the
department told us he established the requirement for independent
receipt because, while in a prior job at another installation, he had
observed potentially fraudulent purchases that would have been
prevented if the independent receipt requirement had existed.
Because Army guidance does not address the issue of evidence of
independent receiving, and the requirements varied at the five
installations, we accepted as evidence of independent receiving for
this test, any signature or initials of someone other than the
cardholder on the sales invoice, packing slip, bill of lading, or other
shipping or receiving document. Table 4 shows the results of our
testing.
Table 4: Independent Receiving Failure Rates:
Installation: Eisenhower Army Medical Center; Estimated percent of
transactions without independent receiving: 71; 95 percent confidence
interval: 60 to 81.
Installation: Fort Benning; Estimated percent of transactions without
independent receiving: 75; 95 percent confidence interval: 62 to 84.
Installation: Fort Hood; Estimated percent of transactions without
independent receiving: 65; 95 percent confidence interval: 51 to 77.
Installation: Soldier, Biological and Chemical Command - Natick;
Estimated percent of transactions without independent receiving: 55; 95
percent confidence interval: 44 to 67.
Installation: Texas Army National Guard; Estimated percent of
transactions without independent receiving: 87; 95 percent confidence
interval: 78 to 94.
Source: GAO testing and statistical analysis of Army purchase card
transaction files.
[End of table]
As shown above, the five installations we audited generally did not
have independent, documented evidence that the items ordered and paid
for with the purchase card had been received. This lack of documented,
independent receiving extended to all types of purchases, including
computers and other expensive or highly pilferable items. We believe
that documented independent receiving is a basic internal control
activity that provides additional assurance to the government that
purchased items come into the possession of the government.
Approving Official Review:
[See PDF for image]
[End of figure]
Approving official review is a recognized control activity at all
levels of the purchase card program. DOD‘s purchase card joint program
office, major command procedures, and the installations‘ operating
procedures recognize that the approving official review is central to
ensuring that purchase card transactions are appropriate. Army guidance
requires approving officials to review and certify each cardholder‘s
monthly transactions. The August 3, 2001, memorandum discussed
earlier[Footnote 17] described the approving official review process as
the ’first line of defense“ against misuse of the card.
The responsibilities of the approving official involve two overlapping
functions:
* reviewing the cardholder‘s transactions to provide reasonable
assurance that, among other things, (1) the transactions are legal,
proper, and correct in that appropriate procurement procedures were
followed and (2) supporting documentation and records, including
supporting invoices, are adequate and:
* certifying the cardholder‘s transactions for payment.
An appropriate approving official review, at a minimum, would
facilitate certification; however, certification by itself does not
ensure that the desired review occurred. Certification is likely to
occur even if the required reviews are not made because certification
is necessary for payment.
Section 2784 of title 10, United States Code, requires the Secretary of
Defense to issue regulations controlling the use of government credit
cards within the department. The statute requires that these
regulations be consistent with ’regulations that apply government-wide
regarding use of credit cards by government personnel for official
purposes.“:
The regulations that apply governmentwide are in the Treasury Financial
Manual. Section 4535 of Volume I of the manual provides that the
cardholder and approving official[Footnote 18] will review the
cardholder statement of account received at the end of each monthly
billing cycle. The cardholder statement must be submitted to the
billing office early enough to permit the billing office to process and
pay the consolidated monthly invoice within the Prompt Payment Act
deadline. The provision directs the billing office to pay the
consolidated invoice on time, ’even if all cardholder statements are
not received—.“:
As part of our work, we asked the DOD Under Secretary of Defense
(Comptroller) for his views on DOD‘s compliance with these statutory
requirements. In a letter dated April 30, 2002, the Principal Deputy
and Deputy Under Secretary of Defense for Management Reform stated that
DOD‘s Financial Management Regulation, various purchase card
reengineering memorandums, and other pronouncements together complied
with section 2784.
DOD‘s regulations are consistent with the governmentwide regulations
regarding the responsibilities of cardholders and approving
officials.[Footnote 19] Therefore, if cardholders and approving
officials are not reviewing and reconciling their statements of account
in time for disbursing offices to process payments on time, they are
not complying with Treasury and DOD requirements.
We noted numerous cases during our audit where the approving official
certified the billing statement for payment but had not examined the
transactions or the documentation supporting them to determine whether
the transactions were correct and for a valid government purpose. In
one case, a note on one approving official‘s certified billing
statement said that the approving official had not reviewed the
transactions. Accordingly, certification for payment is made without
the required reconciliation. In that instance, certification was
clearly nothing more than a ’rubber stamp.“:
Consequently, we tested for other evidence that the billing official
had reviewed the cardholders‘ transactions. Without such evidence,
neither we, nor internal auditors, nor program coordinators who are
required to annually review approving official‘s records, can determine
whether approving officials are complying with review requirements or
simply certifying the statement without the required review. For this
test, we accepted virtually any markings, notes, or dates, other than
the certification signature, on the transactions listed on the
cardholder‘s or approving official‘s bill as documentation that a
review had occurred. In instances of appropriately documented reviews,
we found evidence of the approving official checking off on each
transaction in the cardholder‘s statement and the supporting
documentation for each, and signing the cardholder‘s statement as
having reviewed it. Instances in which the documentation was not
available included missing statements, missing invoices, and statements
without any marks by either the cardholder or the approving official to
indicate that a reconciled statement had been prepared or submitted to
the approving official.
Our testing revealed that documented evidence of approving officials‘
review of cardholders‘ transactions and their reconciled statements did
not exist for most of our sample transactions. The failure rate at each
of the five installations we audited was high, as table 5 shows. The
high failure rate is of particular concern for this control activity
because it is perhaps the most important to providing reasonable
assurance that purchases are appropriate and for a legitimate
government need.
Table 5: Approving Official Review Failure Rates:
Installation: Eisenhower Army Medical Center; Estimated percent of
transactions without approving official review: 86; 95 percent
confidence interval: 75 to 94.
Installation: Fort Benning; Estimated percent of transactions without
approving official review: 73; 95 percent confidence interval: 61 to
83.
Installation: Fort Hood; Estimated percent of transactions without
approving official review: 66; 95 percent confidence interval: 52 to
79.
Installation: Soldier, Biological and Chemical Command - Natick;
Estimated percent of transactions without approving official review:
40; 95 percent confidence interval: 28 to 52.
Installation: Texas Army National Guard; Estimated percent of
transactions without approving official review: 41; 95 percent
confidence interval: 30 to 52.
Source: GAO testing and statistical analysis of Army purchase card
transaction files.
[End of table]
Although of concern, the high failure rates are not unexpected because
major command and local standard operating procedures, while
recognizing the importance of approving official review, do not specify
the required extent, content, or documentation of approving officials‘
reviews. In addition, the high failure rate may be attributable to
approving official responsibilities falling into the category of ’other
duties as assigned“ and to approving officials being responsible for a
large number of cardholders, as previously discussed. A large workload,
especially one in an ’other duties as assigned“ category, can
inevitably lead to less attention than expected or desired.
For example, the previously mentioned cardholder at Eisenhower Medical
Center, who was the approving official for 18 cardholders, one of whom
spends about $100,000 monthly for surgical supplies and medical
equipment, told us that he had not reviewed the cardholders‘ records
because he did not have time. We examined that cardholder‘s records as
part of our control activity testing and found that the records were in
disarray. Numerous transactions did not have invoices. Other
transactions had invoices with prices that differed from the
cardholder‘s log but were not reconciled. Subsequent to our audit, the
program coordinator worked with the approving official‘s manager to
reduce the workload by appointing additional approving officials.
Our discussions with approving officials indicated that some reviews
had been made, but we could not determine the frequency or extent of
the reviews because they were not documented. Without documentation,
the lack of a review can go unnoticed. For example, at the Texas Army
National Guard, approving officials‘ subordinates frequently performed
cardholder statement reviews because of the large number of cardholders
for whom each approving official was responsible. When one of these
subordinates was absent due to an extended illness, no one performed
reviews of the transactions, but the approving official did not notice
because reviewers were not required to document their work. According
to guard officials, this problem was addressed after our inquiries by
appointing more approving officials and directing approving officials
to personally review their cardholder transactions.
We identified numerous instances of purchases that clearly had not been
adequately reviewed and reconciled to the statement, but the statements
were, nonetheless, certified for payment. Such activities allow
potentially fraudulent, improper, abusive, and questionable purchases,
which are discussed in more detail in the following section of this
report, to go undetected. The following are two example of such
unauthorized charges that we identified.
* A Fort Hood cardholder purchased 15 wire storage containers in April
2001. The vendor incorrectly included $808 of shipping and handling
charges in the $2,748 bill. The approving official certified the
statement for payment including the erroneous shipping and handling
charges. Apparently, neither the cardholder nor the approving official
reviewed the transaction in sufficient detail. After we detected the
erroneous charges in November 2001, about 7 months after the original
charge, a refund was obtained.
* Another approving official at Fort Hood certified for payment a $539
charge on a May 2001 statement for a purchase from a catering company.
After our inquiry about an invoice for the purchase, the approving
official determined that the charge was inappropriate and a refund was
made. Approving official review of a reconciled statement should have
detected this inappropriate charge.
We believe that the approving official‘s review of the cardholders‘
purchases is a vital internal control activity. Without documentation
of such review, neither we, internal auditors, nor program coordinators
can determine the extent that the approving official is carrying out
review responsibilities.
Obtaining and Retaining Invoices:
[See PDF for image]
[End of figure]
Essentially, the Army requires that an invoice support purchase card
transactions. Thus, the invoice is a key document in purchase card
internal control activities. Throughout the major commands‘ and
installations‘ procedures, the need for obtaining and retaining an
invoice is recognized. Without an invoice, independent evidence of the
description and quantity of what was purchased and the price paid is
not available. In addition, the invoice is the basic document that is
required to be attached to the cardholder‘s monthly statement during a
cardholder‘s reconciliation and prior to approving official review.
In testing for evidence of an invoice, we accepted either the original
or a copy of the invoice, sales slip, or other store receipt. Table 6
shows the results of our testing.
Table 6: Existence of Invoice Failure Rates:
Installation: Eisenhower Army Medical Center; Estimated percent of
transactions without an invoice: 26; 95 percent confidence interval: 17
to 38.
Installation: Fort Benning; Estimated percent of transactions without
an invoice: 16; 95 percent confidence interval: 8 to 28.
Installation: Fort Hood; Estimated percent of transactions without an
invoice: 7; 95 percent confidence interval: 2 to 19.
Installation: Soldier, Biological and Chemical Command - Natick;
Estimated percent of transactions without an invoice: 14; 95 percent
confidence interval: 6 to 25.
Installation: Texas Army National Guard; Estimated percent of
transactions without an invoice: 14; 95 percent confidence interval: 7
to 23.
Source: GAO testing and statistical analysis of Army purchase card
transaction files.
[End of table]
The following missing invoice example illustrates the questions that
can arise when an invoice is not available. As part of our Army-wide
data mining, we identified several types of vendors that cardholders
are generally prohibited from using. We identified four transactions
for which the monthly billing indicated that purchases were made at a
jewelry store--one category of prohibited vendors--in Kuwait for three
purchases totaling $4,365 and a credit for returned merchandise of
$1,353. Upon inquiry into this transaction, Army officials said that
the purchase was for mattresses for a vessel prepositioned in the area.
However, they also said that the transaction file did not contain a
detailed invoice to allow us--or the approving official who was located
in the United States--to confirm that mattresses were, indeed, the
merchandise purchased, and if so, how many and at what unit price.
Without such an invoice, a thorough investigation is needed to
determine whether this transaction was proper, potentially fraudulent,
improper, or abusive.
The failure rates for evidence of invoice were lower than those for the
other internal control activities we tested. However, we believe that
even these failure rates are unacceptable for such a key document. A
valid invoice to show what was purchased and the price paid is a basic
document for the transactions and a missing invoice is an indicator of
potential fraud. Without an invoice, two key control activities--
independent receiving and approving official review--become
ineffective. Independent receiving cannot confirm that the purchased
items were received and the approving official cannot review a
cardholder statement reconciled with the supporting invoice. A near
zero failure rate is a reasonable goal considering that invoices are
easily obtained or replaced when inadvertently lost.
Purchase Cards Complicate Property Book Management:
[See PDF for image]
[End of figure]
Consistent with GAO‘s internal control standards, DOD‘s Property, Plant
and Equipment Accountability Directive and Manual, which was issued in
draft for implementation on January 19, 2000, requires accountable
property to be recorded in property records as it is acquired. In
addition to high-cost property items, accountable property also
includes easily pilferable or sensitive items, such as computers and
related equipment, cameras, cell phones, and power tools. Recording
these items in the property records is an important step to ensure
accountability and financial control over these assets and, along with
periodic inventory, to prevent theft or improper use of government
property.
At each of the five installations we visited, we found that accountable
items acquired by purchase cards were not recorded in property records.
In addition, officials at four of the five installations could not
readily locate property items. While some of the items were located
after considerable searching, others such as computers and printers
were not. Some or all of the items might, in fact, be at the
installation; however, without positive assurance, there is substantial
risk that items were converted to personal use or sold. Property items
not recorded in the property books and not found demonstrate a weak
control environment and problems with the property management system.
Table 7 shows the results of our work.
Table 7: Property Items Not Recorded in Property Books:
Installation: Eisenhower Army Medical Center; Transactions with
property items: 28; Transactions with items not on property books: 8;
Transactions with items that command could not show were in
government‘s possession: 2.
Installation: Fort Benning; Transactions with property items: 27;
Transactions with items not on property books: 8; Transactions with
items that command could not show were in government‘s possession: 6.
Installation: Fort Hood; Transactions with property items: 40;
Transactions with items not on property books: 11; Transactions with
items that command could not show were in government‘s possession: 2.
Installation: Soldier, Biological and Chemical Command - Natick;
Transactions with property items: 43; Transactions with items not on
property books: 4; Transactions with items that command could not show
were in government‘s possession: 0.
Installation: Texas Army National Guard; Transactions with property
items: 25; Transactions with items not on property books: 17;
Transactions with items that command could not show were in
government‘s possession: 1.
Source: GAO nonrepresentative selection of Army purchase card
transactions.
[End of table]
Effectively managing accountable property has long been a problem area
and the use of the purchase card has added further difficulties. With
over 100,000 army cardholders, the number of people buying accountable
property has greatly expanded. Cardholders are responsible for
reporting on the accountable property they buy so that it is recorded
in the installation‘s accountable property, but they often do not. For
example, property book officers at Fort Hood and the Texas Army
National Guard told us that a major problem with property bought in a
purchase card transaction is that cardholders do not properly notify
property book officers and/or provide documentation supporting the
purchases. At Fort Hood, cardholders are required by the installation‘s
purchase card procedures to obtain transaction document numbers for
purchases of equipment items prior to making the purchases, but the
requirement is frequently ignored. Further, we noted that the
installations we audited generally did not record items such as
memorabilia like pictures of famous people and framed jerseys of sports
stars. Some of these items cost hundreds of dollars and are pilferable
and desirable items.
Because of its long-standing problems, property management has been the
subject of internal audits at the installations we audited. At the
Soldier, Biological and Chemical Command - Natick, as a result of an
internal audit of property accountability, the logistics office had
worked for over a year to improve its management of accountable
property. We believe that the attention focused on accountable property
management was the reason that the installation had the best result in
our audit.
Others had not done so well in correcting their problems. A Fort
Benning internal audit completed in April 2001 found that 84 percent of
the accountable items purchased with a purchase card had not been
recorded on the property book. An ongoing internal audit by the Texas
Army National Guard was finding similar property accountability
problems. At Eisenhower Army Medical Center, an evaluation of the
center‘s logistics operations estimated that $2 million to $5 million
of accountable property acquired with the purchase card was not on the
center‘s property books.
Cardholders have little incentive to undertake the required
coordination and reporting on property items because of the additional
work involved. Our work showed that items received centrally by
logistics officials are more likely to be recorded on the property
books. Thus, central receiving appears to help mitigate against
cardholders not assuring accountable property is recorded and may be
worth pursuing across the board or for certain asset types. In
addition, we believe that robust monitoring and oversight activities of
the purchase card program that include examining how well cardholders
are fulfilling their property management responsibilities could help
improve property management related to the purchase card program.
Retaining Purchase Card Records:
[See PDF for image]
[End of figure]
During our work we noted several instances in which cardholders and
approving officials had not maintained purchase card transaction files
for 3 years as required by the Federal Acquisition Regulation, Part 4,
Section 4.805. In our testing, the records most often missing were the
ones for cardholders who had left the installation. Either the
cardholders destroyed the records prior to leaving or the replacement
cardholder destroyed them because they were not the new cardholder‘s
records. At Eisenhower Army Medical Center, a replacement cardholder
destroyed the departed cardholder‘s files because the office had little
room to store old files and the new cardholders did not see the need to
store someone else‘s files. In some cases, we were told that the
departed cardholders took the records with them to their new
installations. In other cases, the records were lost when units were
deployed. Regardless of the causes, the records were not available for
our inspection and records retention requirements were not complied
with. In those instances, we could not document that internal control
activities had been carried out.
Although we found no concrete indications of fraud in these situations,
the lack of records raises concerns about whether the files were
destroyed so that potentially fraudulent, improper, or abusive
transactions were not documented. For example, in one case in which the
cardholder had left the Army, we found charges during the last month of
the cardholder‘s military service from the installation‘s liquor store
and vendors such as Wal-Mart stores that sell a multitude of
potentially personal items. The replacement cardholder told us that the
purchases were probably for a unit party, but the timing of the
purchases along with missing documentation does not allow ruling out
the possibility that items may have been bought for personal use.
However, the unit‘s purchase card records for this period were in
disarray and invoices and other documentation that could verify items
purchased or aid further assessments of the propriety of the purchases
were not available.
Potentially Fraudulent, Improper, and Abusive or Questionable
Transactions:
Buying items with purchase cards without the requisite control
environment creates unnecessary risk of excess outlays, which can range
from outright fraudulent purchases to ones that were of questionable
need for the unit‘s mission or were unnecessarily expensive. We
identified purchases at the installations we audited that were
potentially fraudulent, improper, and abusive or questionable, which
can result from a weak control environment and weak internal control
activities. As discussed in appendix I, our work was not designed to
identify, and we cannot determine, the extent of potentially
fraudulent, improper, and abusive or otherwise questionable
transactions. However, considering the control weaknesses identified at
each installation, such transactions are likely occurring and have not
been detected. In addition to the purchases identified at the audited
installations, our Army-wide data mining of selected transactions
identified additional cases of potentially fraudulent, improper, and
abusive or questionable transactions.
Potentially Fraudulent Purchases:
The Army has no information as to the extent of potentially fraudulent
purchases that have been identified or are being investigated within
the purchase card program. We identified instances of potentially
fraudulent transactions at three of the five installations we audited
and in our Army-wide data mining, as table 8 shows. Some of the
potentially fraudulent transactions were identified in response to our
inquiries. Others were identified or being investigated independent of
our audit.
Table 8: Examples of Potentially Fraudulent Army Purchase Card
Transactions:
Type of items purchased: Various items for personal use, such as
computer game station, computer, digital camera, and surround sound
system; Where or how identified: Eisenhower Army Medical Center; Total
amount: $100,000; (estimated); [Empty]; Individuals involved:
Cardholder,; approving official, and others.
Type of items purchased: Computer, rings, purses, and clothing from
such vendors as Victoria‘s Secret, Calvin Klein, and others; Where or
how identified: Eisenhower Army Medical Center; Total amount: 30,000;
(estimated); [Empty]; Individuals involved: Cardholder.
Type of items purchased: Various items for personal use and cash
advances; Where or how identified: Fort Benning; Total amount: 30,000;
[Empty]; Individuals involved: Cardholder.
Type of items purchased: Rental cars, cruises, cell phones, hotels,
Payless Car Rental, Extended Stay America, and other vendors; Where or
how identified: Fort Benning; Total amount: 20,751; [Empty];
Individuals involved: User of alleged stolen card.
Type of items purchased: Car repairs, groceries, clothing, and other
personal items; Where or how identified: Eisenhower Army Medical
Center; Total amount: 12,832; [Empty]; Individuals involved: Cardholder
and vendor.
Type of items purchased: Personal clothing, trip to Las Vegas, payments
of personal bills; Where or how identified: Fort Benning; Total amount:
10,748; [Empty]; Individuals involved: Cardholder.
Type of items purchased: Sunglasses and other items for personal use
from Sunglass Hut, Discovery Channel store, and others; Where or how
identified: Fort Hood; Total amount: 1,452; [Empty]; Individuals
involved: Separated cardholder, user of alleged compromised account.
Type of items purchased: Various personal use items such as food and
gas for personal vehicles at Shell and other vendors; Where or how
identified: Fort Benning; Total amount: 1,170; [Empty]; Individuals
involved: User of alleged stolen card.
Type of items purchased: Digital camera from Office Max and other
personal items from Circuit City and various other vendors; Where or
how identified: Fort Hood; Total amount: 786; [Empty]; Individuals
involved: Unknown.
Type of items purchased: Escort services; Where or how identified:
Army-wide data mining; Total amount: 630; [Empty]; Individuals
involved: Cardholder.
Type of items purchased: Prepaid phone cards from MCI, Sprint, and
Ameritech, and pizza from Larry‘s Pizza and Po Boys; Where or how
identified: Fort Hood; Total amount: 524; [Empty]; Individuals
involved: Under investigation.
Type of items purchased: Athletic shoes; Where or how identified: Army-
wide data mining; Total amount: 458; [Empty]; Individuals involved:
User of alleged compromised account.
Type of items purchased: Internet site subscriptions; Where or how
identified: Fort Hood; Total amount: 210; [Empty]; Individuals
involved: Under investigation.
Source: GAO analysis of Army purchase card transactions and related
documentation.
[End of table]
We considered potentially fraudulent purchases to include those made by
cardholders that were unauthorized and intended for personal use.
Potentially fraudulent purchases can also result from compromised
accounts in which a purchase card or account number is stolen and used
by someone other than the cardholder to make a potentially fraudulent
purchase. Potentially fraudulent transactions can also involve vendors
charging purchase cards for items that cardholders did not buy. The
installations we audited had policies and procedures that were designed
to prevent and/or detect potentially fraudulent purchases, such as the
requirement that approving officials review the supporting
documentation for each transaction for legality and proper government
use of funds. However, as discussed earlier, our testing showed that
these control activities had not been implemented as intended.
Although collusion can circumvent what otherwise might be effective
internal control activities, a robust system of guidance, internal
control activities, and oversight can create a control environment that
provides reasonable assurance of preventing or quickly detecting fraud,
including collusion. However, in auditing the Army‘s internal control
at five installations during fiscal year 2001, we did not find the
processes and activities that provide such assurance.
The following examples of fraud illustrate the cases in table 8.
* At Eisenhower Army Medical Center, an Army investigation initiated
near the end of our work has revealed an estimated $100,000 of
potentially fraudulent purchases. The investigation began when an
alternate cardholder received an electronic game station that had been
ordered by another cardholder who was away on temporary duty. The
alternate cardholder, noting that the purchase did not appear to be for
government use, notified the program coordinator who notified the local
Army criminal investigations division. The ensuing investigation
revealed that the military cardholder, approving official, and several
other soldiers and civilians colluded to purchase numerous items
including computers, digital cameras, an audio surround system, a 32-
inch television, a stereo system, and other items for personal use.
* A Fort Benning military cardholder charged $30,000 for personal goods
and cash advances before and after retirement. Because these 178
transactions went undetected, it appears that the approving official‘s
certification was only a ’rubber stamp“ and was not based on a review
of the cardholder‘s bill, reconciliations, and supporting
documentation. The approving official not only failed to detect these
potentially fraudulent transactions while the cardholder was on active
military duty, but also failed to notice that charges were continuing
to be made after the cardholder retired.
* At Eisenhower Army Medical Center, a military cardholder defrauded
the government of $30,000 from April 25 to June 20, 2001. The
cardholder took advantage of a situation when the cardholder‘s
approving official was on temporary duty for several months. The
cardholder believed that the alternate approving official would certify
the statement for payment without reviewing the transactions or their
documentation. With this belief, the cardholder purchased a computer,
purses, rings, and clothing. These fraudulent transactions were not
discovered until the resource manager who monitored the unit‘s budget
noticed a large increase in spending by the cardholder. The cardholder
had destroyed all documentation for the 3-month period during which
these transactions took place. However, investigators found merchandise
and invoices that showed the cardholder had used the government credit
card. The cardholder was court-marshaled in April 2002 and sentenced to
18 months incarceration. These fraudulent transactions might not have
occurred if the cardholder had known that the approving official would
review the transactions. At a minimum, prompt approving official review
would have detected the fraudulent transactions.
* Over a 6-month period in 2001, a civilian cardholder made 62
unauthorized transactions totaling $12,832 to pay for repairs to a car
and buy groceries, clothing, and various other items for personal use.
We were told that the cardholder colluded with the gas station vendor
who inflated the prices paid for items and received a kickback. The
approving official identified this case by reviewing the cardholder‘s
August 2001 transactions. The fraud went undetected for several months
because the approving official had not reviewed the cardholder‘s bills
and supporting documentation for over 5 months. The approving official
has been relieved of approving official duties and reprimanded. The
investigation into the fraud was ongoing at the end of our fieldwork.
* In our Army-wide data mining, we identified a cardholder transaction
for $630 on June 15, 2001, that was coded as being an escort service.
In response to our inquiry on this transaction, we were informed that
no authorization existed for the transaction and that it was with an
escort service in New Jersey. In discussions with provost marshal
officials, we were informed that the cardholder had been investigated
in February 2002 because of money missing from chapel funds. The
provost marshal‘s office, after our March 2002 inquiry about the $630
transaction, investigated it and other suspicious charges by the
cardholder. The investigators could not get an invoice from the vendor.
Their investigations revealed no other fraudulent, improper, or abusive
and questionable transactions. They determined that for a short period,
the cardholder was also serving as the billing official and that it was
during this period that the fraudulent transaction with the escort
service occurred. Disciplinary actions included removing the soldier
from cardholder duties, reducing his rank, taking one-half month‘s pay
for 2 months, requiring 45 days extra duty, and ordering repayment of
the funds.
* During June 2001 at Fort Hood, several purchases of prepaid telephone
cards and pizza totaling $524 were made and certified for payment by a
new approving official who did not realize that the cardholder had
separated from the Army in early 2001. In attempting to respond to our
request for supporting information for one of the transactions, the
approving official recognized that the charges were potentially
fraudulent. In the subsequent investigation, an investigator found that
the purchase card account was still active in December 2001. This case
remained under investigation as of January 2002.
In addition to the potentially fraudulent cases identified by our work,
we attempted to obtain other examples of potentially fraudulent
activity in the Army purchase card program from the Army‘ Criminal
Investigation Command in Washington, D.C. However, data on the
command‘s investigations were not available. Further, while Army
investigators acknowledge that they have investigated a number of fraud
cases, their database on investigations does not allow retrieval of
data on investigations involving potentially fraudulent use of purchase
cards. Purchase card program officials and Army investigation command
officials said that they had no information on the total number of
fraud investigation cases throughout the Army that had been completed
or were ongoing. Based on our identification of a number of potentially
fraudulent cases at the installations that we audited, we believe that
the number of cases involving potentially fraudulent transactions could
be significant. Without such data, the Army does not know the
significance of fraud cases that have been or are being investigated
and cannot take corrective actions, to the extent possible, to prevent
similar potentially fraudulent cases in the future.
Improper Purchases and Transactions:
Our work identified transactions that were improper, including split
purchases and purchases from nonmandatory sources. Improper
transactions are those purchases that, although approved by Army
personnel and intended for government use, are not permitted by law,
regulation, or DOD policy. We identified three types of improper
purchases. One type was purchases that did not serve a legitimate
government purpose. Another type was split purchases in which the
cardholder circumvents cardholder single purchase limits. The Federal
Acquisition Regulation guidelines prohibit splitting purchase
requirements into more than one transaction to avoid the need to obtain
competitive bids on purchases over the $2,500 micropurchase threshold
or to circumvent higher single transaction limits for payments on
deliverables under requirements contracts. The third type was purchases
from an improper source. Various federal laws and regulations require
procurement officials to acquire certain products from designated
sources such as the Javits-Wagner-O‘Day Act (JWOD) vendors. The program
created by this act is a mandatory source of supply for all federal
entities. It generates jobs and training for Americans who are blind or
have other severe disabilities by requiring federal agencies to
purchase supplies and services from nonprofit agencies, such as the
National Industries for the Blind and the National Institute for the
Severely Handicapped.
Personal Use:
We found several instances of purchases, such as clothing, in which
cardholders purchased goods that were not authorized by law or
regulations. The Federal Acquisition Regulation provides that the
governmentwide commercial purchase card may be used only for purchases
that are otherwise authorized by law or regulations. Therefore, a
procurement using the purchase card is lawful only if it would be
lawful using conventional procurement methods. Under 31 U.S.C. 1301(a),
’[a]ppropriations shall only be applied to the objects for which the
appropriations were made—.“ In the absence of specific statutory
authority, appropriated funds may only be used to purchase items for
official purposes, and may not be used to acquire items for the
personal benefit. The improper transactions, as shown in table 9, were
identified as part of our review of fiscal year 2001 transactions and
related activity. We identified most of them as part of our Army-wide
data mining of transactions with questionable vendors although several
were identified as part of our work at the five audited installations.
Table 9: Examples of Purchases Intended for Personal Use:
Items: Clothing; Gore-Tex parkas; Rain coats; Civilian clothes for
military staff; Clothing and meeting facilities after golf; tournament;
Bomber jackets; Vendor: ; L.L. Bean; Cabellas; Macy‘s and Hecht‘s;
Heraldic United Waddinxveen and; Heidelberg Golf Course; SkyMall.
Items: Meals/food; Elegant fruit baskets; Teacher appreciation dinners;
Meals for training event; Meals for firemen; Personal meals; Vendor: ;
Resort; Catering services; Catering services; Catering services; Local
restaurants.
Items: Other; Cell phone time charges; Sales taxes; Radio for personal
use; Personal luggage; Portable office carriers; Hotel facilities and
services; Vendor: ; AT&T Wireless; Various; Bose; Luggage On-Line;
International Luggage Center; Opryland Hotel.
Source: GAO analysis of Army purchase card transactions and related
documentation.
[End of table]
The following examples of the improper transactions illustrate of the
type of cases included in table 9.
* We identified purchases of clothing by Soldier, Biological and
Chemical Command - Natick that should not have been purchased with
appropriated funds. According to 5 U.S.C. 7903, agencies are authorized
to purchase protective clothing for employee use if the agency can show
that (1) the item is special and not part of the ordinary furnishings
that an employee is expected to supply, (2) the item is essential for
the safe and successful accomplishment of the agency‘s mission, not
solely for the employee‘s protection, and (3) the employee is engaged
in hazardous duty. Further, according to a Comptroller General decision
dated March 6, 1984,[Footnote 20] clothing purchased pursuant to this
statute is property of the U.S. government and may only be used for
official government business. Thus, clothing purchases, except for rare
circumstances in which the purchase meets stringent requirements, is
usually considered a personal item for which appropriated funds should
not be used. In one transaction, a cardholder had purchased 10 L.L.
Bean Gore-Tex parkas at a total cost of about $2,400 for employees who
worked outside in cold weather. These parkas were not specialty items,
and they were not used solely for official use. The employees were
allowed to take the parkas home and wear them in off-duty hours.
* In another example of clothing for personal use from our Army-wide
data mining, several charges for amounts from $330 to $770 were
identified at Macy‘s and Hecht‘s. We were informed that these were for
purchases of civilian clothes for enlisted personnel who are serving as
assistants to general officers. We were informed by the Director,
Purchase Card Unit, Defense Contracting Command Washington, that this
appears to be a fairly widespread practice and that the practice is
clearly improper and is believed to violate fiscal law.
* As part of our data mining of Army-wide purchase card transactions,
we identified a questionable transaction, which a subsequent
investigation determined that a cardholder purchased a Bose radio for
$523 to use in his office. The radio was clearly for his personal use
in his office; therefore, it should not have been purchased with the
Army purchase card. The employee was required to reimburse the U.S.
Treasury for the cost of the radio. A broader review of the purchases
made by this cardholder‘s unit revealed other problems similar to those
we identified in our work such as property accountability, not
purchasing from mandatory sources, purchases at excessive costs, and
missing records. As with our other work, these problems indicate that
approving officials were not adequately reviewing cardholder
transactions.
* In our Army-wide data mining we identified charges by two cardholders
under one approving official of about $7,600 at the Opryland Hotel in
Nashville, Tennessee, in November 2000. In response to our inquiry, we
were told that these charges were unexpected and resulted from the
Chief Information Officer‘s Management Conference at the hotel in
August 2000. The charges were unexpected because registration fees were
to cover all charges. After a large bill of over $20,000 was eventually
reduced to about $7,600, the supervisor instructed the cardholders to
pay the additional charges with their purchase cards. However, to pay
the $7,600 in charges of less than $2,500 and avoid obvious split
purchases, the bill was split into segments and divided between two
cardholders. The amounts paid were $2,500 for long-distance phone
calls, $934 for phone line hookup, $2,500 for meeting room rental, and
$1,715 for audio visual services. However, because separate invoices
for the charges do not exist, the officials can neither support the
correct amount of any charges nor support that the charges are for
purposes permitted by law, regulation, or policy.
* Fort Hood paid improper and excessive cell phone charges because no
one was monitoring them. The information management division‘s
approving official certified the installation‘s consolidated monthly
charges for payment for over 1,100 cell phones and over $50,000 monthly
time charges without reviewing the usage. While local procedures
require the units using the cell phones to verify their own monthly
usage, the procedures do not address how and when this is to be done.
We found that some units had not routinely verified the charges.
Others, who said they usually did verify their charges, could not for
the period November 2001 through March 2002 because a change in the
phone company‘s billing processes did not allow the units to have
access to their monthly charges. Without reviewing the charges, the
Army has no assurance that charges are proper and not excessive. We
reviewed current usage and identified excessive monthly time charges
and charges for phones that had no monthly usage. For example, one cell
phone user, who had a $79.95 per month plan that allowed 650 minutes of
airtime, used 3,400, 2,696, and 1,915 minutes during a 3-month period
and incurred time charges of $1,040, $795, and $523. Fort Hood
officials told us that improper and excessive charges occur because
units do not have the appropriate monthly plan. In the above example,
the unit could have reduced its costs to $550, $374, and $200--a 52
percent savings--with an appropriate plan. Fort Hood officials also
told us that excessive costs occur because of personal use. They said
that when they identified charges for unauthorized personal use, they
require employees to reimburse the government for these improper
charges. However, without monitoring, use of uneconomical plans and
unauthorized personal use would not be identified.
Split Purchases:
Another category of improper transaction is a split purchase, which
occurs when a cardholder splits a transaction into more than one
segment to avoid the requirement to obtain competitive bids for
purchases over the $2,500 micropurchase threshold or to avoid other
established credit limits. The Federal Acquisition Regulation prohibits
splitting a purchase into more than one transaction to avoid the
requirement to obtain competitive bids for purchases over the $2,500
micropurchase threshold or to avoid other established credit limits.
Once items exceed the $2,500 threshold, they are to be purchased
through a contract in accordance with simplified acquisition
procedures, which are more stringent than those for micropurchases.
Our analysis of data on purchases at the five installations we audited
and our data mining efforts identified numerous occurrences of
potential split purchases. In addition, internal auditors at four of
the installations identified split purchases as a continuing problem.
In some of these instances, the cardholder‘s purchases exceeded the
$2,500 limit, and the cardholder ’split“ the purchase into two or more
transactions of $2,500 or less. For example, in our Army-wide data
mining, we identified a series of split purchases at Fort Stewart,
Georgia. An approving official had two cardholders spend $16,000 over a
series of days to buy numerous pieces of executive office furniture for
the official‘s office that was located on the mezzanine of a warehouse.
These purchases included elegant desks, chairs, and a conference table.
We also identified numerous cases where the Army is making repetitive
micropurchases to meet requirements that in total greatly exceed the
micropurchase limit. While some repetitive purchases might not clearly
be split purchases, the Army is not taking advantage of a mechanism
designed to foster lower prices for repetitive acquisitions of similar
items over an extended period. Section 13.303-1 of the Federal
Acquisition Regulation provides for blanket purchase agreements as a
’simplified method of filling anticipated repetitive needs for supplies
or services.“ Use of a blanket purchase agreement, rather than
repetitive, individual micropurchases, could lower per unit prices for
the goods or services acquired. Below we discuss four situations in
which blanket purchase orders should have been used.
* At the Soldier, Biological and Chemical Command - Natick, the public
works department routinely used the same vendors 35 times to provide
and install carpeting, 25 times to provide heating and air conditioning
services, and 39 times to provide graphic display services. Although
each of the transactions for these vendors was under the micropurchase
limit, the total purchases for fiscal year 2001 were about $38,000,
$44,000, $77,000, respectively. However, the installation did not have
a blanket purchase agreement with the vendors. In these instances the
public works department officials had not recognized they needed such a
contract, and they agreed to pursue one. We noted that the installation
had blanket purchase agreements for other similar circumstances that
the internal auditor identified.
* At the Texas Army National Guard, the Occupational Health Office used
purchase cards to pay for routine medical examinations and to buy
ergonomic chairs and safety glasses for employees. While the individual
cost for purchases were much less than the micropurchase limit, the
total annual cost significantly exceeds the limit. For instance, the
office paid over $80,000 for about 705 examinations at a dozen clinics
and hospitals throughout the state in the first 10 months of fiscal
year 2001. The guard also used purchase cards to pay for meals provided
troops while they attended mandatory weekend drills or training. While
the individual cost for any single guard unit‘s training meal would
rarely exceed the single-purchase $2,500 limit, the total recurring
cost of the meals is one of the guard‘s largest annual expenses--over
$500,000 in the first 10 months of fiscal year 2001.
* At Fort Benning, the Dismounted Battlespace Battle Lab, a combat
training unit, routinely purchased doors that were destroyed during
training exercises to instruct troops how to enter a building that may
contain an enemy. The battle lab spent $111,721 in 84 transactions with
one vendor to buy doors during a 10-month period in fiscal year 2001,
but the unit did not have a blanket purchase agreement. In this case,
battle lab officials had refused attempts by the Fort Benning
contracting division and purchase card program coordinator to execute
an agreement. We found that the battle lab also needed a contract for
the numerous computer modems it purchased. Further, in these purchases,
the battle lab cardholder‘s purchasing pattern was to split purchases
to avoid the micropurchase limit of $2,500. We saw numerous instances
in which the cardholder made more than one purchase near the limit for
the same item over a short period.
* In a data-mining example, the Army Personnel Command made repetitive
buys of interment flag cases from the same vendor. Data show that three
purchases, two for $2,250 and one for $1,800, were made on the same day
and that in total the command purchased 438 cases for $65,700 in
calendar year 2001. The command has agreed that purchases in the future
will be on a yearly basis in a competitive contract.
Improper Source:
Another type of improper purchase occurs when cardholders do not buy
from a mandatory procurement source. Various federal laws and
regulations require government cardholders to acquire certain products
from designated sources. For example, the program created by JWOD
generates jobs and training for Americans who are blind or have other
severe disabilities by requiring federal agencies to purchase supplies
and services furnished by nonprofit agencies, such as the National
Industries for the Blind and the National Institute for the Severely
Handicapped. Under the Federal Acquisition Regulation, Part 8.7, JWOD
is a mandatory source of supply for all entities of the government.
Unlike the ’Buy American“ Act and other rules that have been waived by
recent procurement reform measures, JWOD‘s mandatory status remains in
effect for all purchases, including those under the micropurchase
threshold. Most JWOD items are of small value such as office supplies,
cleaning products, or medical/surgical supplies that nearly always fall
into the micropurchase category.
While procurement source was not the primary focus of our work, we
noted that cardholders frequently did not purchase from required
sources when they should have. For example, we noted numerous purchases
of office supplies or other JWOD-supplied products from local vendors
when these or substantially similar products were available from the
General Services Administration or one of its contractors‘ catalogs or
Web sites. We also noted that some cardholders did not know their
responsibilities or the requirements, despite the fact that these
requirements are a primary emphasis during cardholder training
programs. For example, some said that they had not heard of JWOD or
either of the institutes that cardholders should use. As further
evidence of cardholders‘ noncompliance with this mandatory source
requirement, the Director of Sales for the National Industries for the
Blind told us about large decreases in sales of JWOD products at Fort
Hood and other Army installations over the past 2 years because
cardholders were purchasing from commercial firms rather than buying
the mandatory products.
The following two examples involving Franklin Covey illustrate the
situations we found.
* In our data mining work, we identified a cardholder at Tooele Army
Depot who made 10 purchases for a total of about $11,900 from Franklin
Covey, with most of the purchases in August 2001. These purchases were
primarily for inserts to day planners, an item that is available from
the JWOD catalog. In response to our questions as to why the mandatory
source was not used, we were advised that (1) in the past JWOD planners
were not used by the self-service store‘s customers because they did
not include pages with dates for each day and
(2) under an interpretation that is now recognized to be in error, the
purchases were made from another source under the premise that planners
from JWOD did not meet customer needs. We were informed that future
purchases of planners would be in one purchase through JWOD.
* In another case, a unit spent $3,100 over an 18-month period to
purchase day planners from Franklin Covey. One item cost $199 and
another $250. In contrast, cardholders can buy JWOD day planners for
about $40.
In fiscal year 2001, the Army made more than 4,700 purchases costing
about $792,000 dollars from Franklin Covey. A review of individual
purchases, which we did not make, would be required to determine which
purchases were for items that should have been from a mandatory source.
However, we believe it is likely that many of these purchases could
have been for JWOD products.
Abusive or Questionable Purchases:
We identified numerous examples of abusive or questionable transactions
at each of the five installations we audited. We defined abusive
transactions as those that were authorized, but the items purchased
were at an excessive cost (e.g., ’gold plated“) or for a questionable
government need, or both. When abuse occurs, no law or regulation is
violated. Rather, abuse occurs when the conduct of a government
organization, program, activity, or function falls short of societal
expectations of prudent behavior. Often, improper purchases such as
those discussed in the previous section are also abusive. Transactions
that are both improper and abusive were discussed previously. For
example, the executive furniture purchased at Fort Stewart discussed
earlier as improper split purchases were also abusive purchases. We
believe that this type furniture was not in keeping with the office
environment and not justified by the official‘s position or grade
level. Another example is the excessive cell phone charges at Fort
Hood.
Questionable transactions are those that appear to be improper or
abusive but for which there is insufficient documentation to conclude
either. For questionable items, we concluded that cardholders purchased
items for which there was not a reasonable and/or documented
justification.
Questionable purchases often do not easily fit within generic
governmentwide guidelines on purchases that are acceptable for the
purchase card program. They tend to raise questions about their
reasonableness. Many, such as gym quality exercise equipment, are
common Army--and DOD--purchases because the Army must provide more than
merely a work environment for its soldiers. However, others, like the
fine china purchased for the culinary arts team competition discussed
below, clearly raise questions about whether they are appropriate
purchases. Precisely because these types of purchases tend to raise
questions and subject the Army to criticism, they require a higher
level of prepurchase review and documentation than other purchases.
These types of purchases raise questions that go beyond the confines of
the purchase card program.
When we examined purchases that raised these types of questions, we
usually did not find evidence of prepurchase justification. In
attempting to justify whether purchases were acceptable, improper, or
abusive, program coordinators, approving officials, and cardholders
often provided an after-the-fact rationale for the purchases. We
believe that these types of questionable purchases require scrutiny
before the purchase, not after. Table 10 identifies examples of these
types of purchases.
Table 10: Examples of Abusive or Questionable Purchases:
Description of purchase: Palm Pilots for Pentagon officials; Where or
how identified: Army-wide data mining; Total amount: $30,000.
Description of purchase: Palm VI personal digital assistants; Where or
how identified: Texas Army National Guard; Total amount: 13,400.
Description of purchase: Crystal, china, and accessories for culinary
arts; Where or how identified: Fort Hood and Army-wide data mining;
Total amount: Over 3,800.
Description of purchase: Sunglasses for Golden Knights parachute team;
Where or how identified: Army-wide data mining; Total amount: 2,450.
Description of purchase: Tree for Earth Day; Where or how identified:
Soldier, Biological and Chemical Command - Natick; Total amount: 2,250.
Description of purchase: Meals for battle labs without sufficient
documentation to determine if improper; Where or how identified: Fort
Benning; Total amount: 1,700.
Description of purchase: Two unframed Elvis Presley pictures from
Graceland; Where or how identified: Fort Hood; Total amount: 550.
Description of purchase: John Elway jersey - framed; Where or how
identified: Soldier, Biological and Chemical Command - Natick; Total
amount: 450.
Description of purchase: Cigars; Where or how identified: Army-wide
data mining; Total amount: 300.
Description of purchase: Wine; Where or how identified: Army-wide data
mining; Total amount: 150.
Source: GAO analysis of Army purchase card transactions and related
documentation.
[End of table]
To understand more fully the nature of potentially questionable
purchases, we selected six of the examples above to explain in more
detail below.
* Palm Pilots for Pentagon officials. In February 2001, two purchases
for a total of 80 Palm Pilots at a total cost of $30,000 were made for
the Office of the Under Secretary of Defense for Acquisition,
Technology, and Logistics. Two questions about this purchase are
whether a valid need had been identified for the purchase and whether
the urgency of the purchase justified the purchase from a vendor that
could deliver immediately but was charging $1,540 more than the lowest
competitor. No documentation was available to show how the office had
determined that 80 Palm Pilots were a valid government requirement. An
e-mail related to the purchase suggested that there was a need ’to get
enough goodies for everyone.“ The documentation also suggested that the
items were being ordered for inventory and would be issued to personnel
when requested. This does not indicate a predetermined requirement and
does not appear to support that the requirement was urgent, as the
office determined. Based on the determination of urgency, the price
paid was $1,540 more than the lowest competitor‘s price so that
delivery could be immediate.
* Culinary arts. At Fort Hood and during our Army-wide data mining
effort, we noted several purchases for various culinary arts events.
Among the purchases were fine china and crystal from Royal Doulton and
Lenox. Other purchases were for accessories such as a rotating lighted
ice-carving pedestal. Although participation in culinary arts team
events is an approved Army activity, the transactions we examined and
inquired about did not have a documentation of the need for the
specific items purchased. Although the transactions we examined totaled
about $3,800, we believe that the total cost of such purchases Army-
wide is far more. We were told that purchases of culinary arts
accessories are common throughout the Army. One reason, we were told,
is because most installations have culinary arts teams that attend
competitions involving the use of expensive accessories and fine
crystal and china.
* Sunglasses for the Golden Nights parachute team. In February 2001, a
cardholder purchased 30 pair of sunglasses from Sunglass Hut at about
$100 each for a net cost of $2,450--some glasses were returned for
credit from a prior purchase--for the Golden Knights. In response to
our inquiry about this purchase, we were told that it was not
preapproved and that sunglasses were authorized in the common table of
allowances when they are needed for training. However, because goggles
are worn during parachute jumps, not sunglasses, we believe these
purchases were personal use items and thus of questionable government
need. The approving official for the transaction believed that the
purchase was appropriate. According to the official, the parachute team
has 85 members and the purchase was for new members.
* Tree for Earth Day. The Environmental, Safety and Health Office at
the Soldier, Biological and Chemical Command - Natick bought a $2,250
tree to plant in celebration of Earth Day. Although this transaction
did not have documented approval prior to purchase or a documented
justification for its need, we were told that the tree was purchased
for the commanding general to plant among a grove of other trees
between two installation buildings during an Earth Day celebration.
While planting a tree for Earth Day may be an acceptable expenditure of
government funds, we believe the expenditure of over $2,200 for a tree
is an excessive cost.
* Cigars. In April 2001 a cardholder at Schofield Barracks in Hawaii
purchased three boxes of Hula Girl Cigars for $300. According to
information provided in response to our inquiry about the purchase, the
cardholder bought the cigars for gifts to VIPs to be presented by the
Commanding General, 25th Infantry Division, Schofield Barracks, during
deployment on an exercise in Thailand. The purchaser was an acting
protocol officer during a changeover in officers and did not have an
approving official reviewing the purchases. No documentation was
available from the Army to demonstrate that this purchase was a valid
government need. The current Chief of Protocol said that no other
cigars had been purchased.
* Wine. A cardholder purchased two cases of wine on September 20, 2001,
from the Naked Mountain Vineyard. After we questioned this purchase,
the Army concluded that the cardholder had used the wrong card to
purchase the wine, but it had corrected the error to put the purchase
in the correct accounting classification. An Army official assured us
that the purchase was appropriately authorized by ’competent authority
in the course of execution of a highly classified, compartmented
program.“ We were provided no evidence that this purchase was a valid
government need.
Conclusions:
We support the use of a well-controlled purchase card program. It is a
valuable tool for streamlining the government‘s acquisition processes.
However, the Army program is not well controlled. The Army‘s weak
control environment was the root cause of the problems we saw with
purchase card transactions, including the potentially fraudulent,
improper, and abusive or questionable purchases. The Army has not
provided the aggressive leadership needed to build and maintain an
internal control infrastructure that encourages a strong control
environment that provides accountability. Such an environment is an
important counterbalance to the increased risk of potentially
fraudulent and wasteful spending that results from the rapidly
expanding use of the purchase card. The Army now spends billions of
dollars through a purchase card program for which internal control is
not adequate and for which appropriate management oversight does not
exist. The Army needs to ensure that installation-level program
coordinators, the primary program management officials, have the tools
to develop local control systems and oversight activities.
Strengthening the control environment will require a renewed focus on,
and commitment to, building a robust purchase card infrastructure. The
installations and major commands we audited have been responsive to our
findings, and they have begun to make changes at their levels. However,
the major changes to the Army purchase card program infrastructure that
are essential to encouraging and enabling improvements in the overall
control environment await action at the Army and DOD management levels.
Recommendations for Executive Action:
To strengthen the overall control environment and improve internal
control for the Army‘s purchase card program, we recommend that the
Secretary of the Army direct the Deputy Assistant Secretary of the Army
(Procurement) and other Army officials as appropriate to improve the
overall Army purchase card infrastructure by taking the following
actions.
Overall Program Management and Environment:
* Address key control environment issues in Army-wide standard
operating procedures. At a minimum, the following key issues should be
included in the procedure:
* controls over the issuance and assessment of ongoing need for cards;
* cancellation of cards when a cardholder leaves the Army, is
reassigned, or no longer has a valid need for the card;
* span of control of the approving official; and:
* appropriate cardholder spending limits.
* Help ensure that program coordinators and approving officials have
the needed authority, including grade level, to serve as the first line
of defense against purchase card fraud, waste, and abuse by issuing a
policy directive that specifically addresses their positions, roles,
and job descriptions. Policies should also be established that hold
these officials accountable for their purchase card program duties
through performance expectations and evaluations.
* Assess the adequacy of human capital resources devoted to the
purchase card program, especially for oversight activities, at each
management level, and provide needed resources.
* Develop and implement a program oversight system for program
coordinators that includes standard activities and analytical tools to
be used in evaluating program results.
* Develop performance measures and goals to assess the adequacy of
internal control activities and the oversight program.
* Require reviews of existing cardholders and their monthly spending
limits to help ensure that only those individuals with valid continuing
purchasing requirements possess cards and that the monthly spending
limits are appropriate for the expected purchasing activity. These
reviews should result in canceling unneeded cards Army-wide and
especially at Fort Hood where we found a significant problem.
Specific Internal Control Activities:
* Direct the implementation of specific internal control activities for
the purchase card program in an Army-wide standard operating procedure.
While a wide range of diverse activities can contribute to a system
that provides reasonable assurances that purchases are correct and
proper, at a minimum, the following activities should be included in
the promulgated procedure:
* advance approval of purchases, including blanket approval for
routine, low dollar purchases;
* independent receiving and acceptance of goods and services;
* independent review by an approving official of the cardholder‘s
monthly statements and supporting documentation;
* approving official reconciling the charges on the monthly statement
with invoices and other supporting documentation and forwarding the
reconciled statement to the designated disbursing office for payment as
required by governmentwide and DOD regulations; and:
* cardholders obtaining and retaining invoices that support their
purchases and provide the basis for reconciling cardholder statements.
* Develop and implement procedures and checklists for approving
officials to use in the monthly review of cardholders‘ transactions.
These procedures and checklists should specify the type and extent of
review that is expected and the required review documentation.
* Reiterate records retention policy for purchase card transaction
files and require that compliance with record retention policy be
assessed during the program coordinator‘s annual review of each
approving official.
* Require the development and implementation of coordination and
reporting procedures to help ensure that accountable property bought
with the purchase card is brought under appropriate control.
Potentially Fraudulent, Improper, and Abusive and Questionable
Purchases:
* Require additional prior documented justification and approval of
those planned purchases that are ’questionable“--that fall outside the
normal procurements of the cardholder in terms of either dollar amount
or type of purchase.
* Analyze the procurements of continuing requirements through
micropurchases and require the use of appropriate contracting processes
to help ensure that such purchases are acquired at best prices.
* Develop an Army-wide database on known fraud cases that can be used
to identify potential deficiencies in existing internal control and to
develop and implement additional control activities, if warranted or
justified.
* Develop and implement an Army-wide data mining, analysis, and
investigation function to supplement other oversight activities. This
function should include providing oversight results and alerts to major
command and installations when warranted.
We also recommend that the Under Secretary of Defense (Comptroller)
direct the Charge Card Task Force to assess the above recommendations,
and to the extent applicable, incorporate them into its recommendations
to improve purchase card policies and procedures throughout DOD.
Agency Comments and Our Evaluation:
In written comments on a draft of this report, which are reprinted in
appendix III, DOD concurred with our recommendations. Although
concurring with our recommendation for an Army-wide standard operating
procedure directing the implementation of specific internal control
activities, DOD took exception to broad application of advance approval
of purchases and independent receiving and acceptance of goods and
services in an Army-wide standard operating procedure. DOD said that
broad application of those activities would add costs to the process
without a comparable reduction in risk. However, DOD recognized the
applicability of these activities in some circumstances and commented
that the Army standard operating procedure will (1) include a list of
items requiring advance approval and (2) require advance approval for a
category of items that fall outside the ’common sense“ rule.
We continue to believe that both advance approval and independent
receiving are important internal control activities and have
applicability to the Army purchase card program, including many
micropurchases. We recognize that not all purchases require specific
advance approval and some small dollar and other purchases may not lend
themselves to documented independent receiving. Therefore, the Army-
wide standard operating procedure should (1) discuss the criteria for
determining when these control activities are applicable and (2)
articulate guidelines for implementing them.
As agreed with your offices, unless you announce its contents earlier,
we will not distribute this report until 30 days from its date. At that
time, we will send copies to interested congressional committees; the
Secretary of Defense; the Under Secretary of Defense for Acquisition,
Technology, and Logistics; the Under Secretary of Defense
(Comptroller); the Secretary of the Army; the Assistant Secretary of
the Army for Acquisition Logistics and Technology; the Deputy Assistant
Secretary of the Army (Policy and Procurement); the Director of the
Army Contracting Agency; the Director of the Defense Finance and
Accounting Service; and the Director of the Office of Management and
Budget. We will make copies available to others upon request.
Please contact Gregory D. Kutz at (202) 512-9505 or kutzg@gao.gov,
Ronald D. Malfi at (202) 512-7420 or malfir@gao.gov, or David Childress
at childressj@gao.gov if you or your staffs have any questions
concerning this report. Major contributors to this report are
acknowledged in appendix IV.
Gregory D. Kutz
Director
Financial Management and Assurance:
Signed by Gregory D. Kutz:
Ronald D. Malfi
Acting Managing Director
Office of Special Investigations:
Signed by Ronald D. Malfi:
[End of section]
Appendix I: Scope and Methodology:
We audited the adequacy of the Army‘s internal control over
authorization, purchasing, and payment of fiscal year 2001 purchase
card transactions. The Army‘s purchase card program is the largest of
the services, with the most cardholders, transactions, and dollars
spent. We are also performing audits of the other services and will
report the results of those audits separately. For the Army, we
performed work in the major commands that have the largest purchase
card programs, accounting in fiscal year 2001 for about 66 percent of
total Army purchases and about 62 percent of total Army transactions.
We conducted detailed work at the following major commands and
installations.
Table 11: Major Commands and Installations Audited:
Major command: Forces Command; Installation and location: Fort Hood;
Killeen, Texas.
Major command: Material Command; Installation and location: Soldier,
Biological Chemical Command - Natick; Natick, Massachusetts.
Major command: Training and Doctrine Command; Installation and
location: Fort Benning; Columbus, Georgia.
Major command: Army National Guard; Installation and location: Texas
Army National Guard; Austin, Texas.
Major command: Medical Command; Installation and location: Eisenhower
Army Medical Center; Ft. Gordon, Augusta, Georgia.
Source: U.S. Army organizational tables. :
[End of table]
At the Army and major command levels we evaluated the policies and
procedures used to guide the purchase card program, and we evaluated
the activities they engage in to oversee the program. At the
installation level, we used a case study approach to evaluate the local
purchase card program, and our work there consisted of three major
segments. We evaluated the overall control environment, including the
adequacy of the Army‘s policies and procedures. We evaluated the
implementation of key internal control activities at the installations.
Finally, we identified evidence of potentially fraudulent, improper, or
abusive or questionable transactions at each audited installation and
conducted limited follow-up.
To assess the control environment, we examined the installations‘
policies and procedures and oversight activities. To assess their
adequacy, we used as our primary criteria applicable laws and
regulations; our Standards for Internal Control in the Federal
Government (GAO/AIMD-00-21.3.1, November 1999); and our Internal
Control Standards: Internal Control Management and Evaluation Tool
(GAO-01-1008G, August 2001). To assess the management control
environment, we applied the fundamental concepts and standards in our
internal control standards to the practices followed by management.
To test the implementation of specific control activities at the five
installations we audited, we selected a stratified random sample
probability of 150 purchase card transactions from the population of
transactions paid from October 1, 2000, through July 31, 2001, for each
of the installations. With these statistically valid probability
samples, each transaction in the five installations‘ populations had a
nonzero probability of being included, and that probability could be
computed for any transaction. Within each installation we stratified
the population of transactions by the dollar value of the transaction
and by whether the transaction was likely to be for a purchase of
computer-related equipment. Each sample transaction in an installation
was subsequently weighted in the analysis to account statistically for
all the transactions in the population of that installation, including
those that were not selected.
For each transaction sampled, we tested whether key internal control
activities had been performed. For each control activity tested, we
projected an estimate of the percent of transactions for which the
control activity was not performed, for each installation. Because we
followed a probability procedure based on random selections of
transactions, our sample for each installation is only one of a large
number of samples that we might have drawn. Since each sample could
have produced different estimates, we express our confidence in the
precision of our particular samples‘ results (that is, the sampling
error) as 95 percent confidence intervals. These are intervals that
would contain the actual population value for 95 percent of the samples
we could have drawn. As a result, we are 95 percent confident that each
of the confidence intervals in this report will include the true
(unknown) values in the study populations.
Although we projected the results of our samples to the populations of
transactions at the respective installations, the results cannot be
projected to the population of Army transactions or installations.
For the sampled transactions that were for accountable items, we tested
whether they had been recorded in the installation‘s property book
records and whether the installation could demonstrate the item‘s
existence. We did not project the results of this test because some
transactions contained so many accountable items--as many as 500--that
we elected to perform a nonstatistical analysis of the degree to which
these items were recorded in property books.
In addition to our review of a statistical sample of transactions at
the five audited installations, we also identified other selected
transactions at the five locations and throughout the Army‘s fiscal
year 2001 purchase card transactions to determine if indications exist
of potentially fraudulent, improper, and abusive or questionable
transactions. Our data mining included identifying transactions with
certain vendors that had a more likely chance of selling items that
would be unauthorized or that would be personal items. For a small
number of these transactions at each of the five installations and from
the Army-wide database, we requested limited documentation, usually the
supporting invoice, that could provide additional indications as to
whether the transactions were potentially fraudulent, improper, and
abusive or questionable. If the additional documentation indicated that
the transactions were proper and valid, we did not further pursue
documentation on those transactions. If the additional documentation
was not provided or if it indicated further issues related to the
transactions, we obtained and reviewed additional documentation or
information about these transactions. While we identified some
potentially fraudulent, improper, and abusive or questionable
transactions, our work was not designed to identify, and we cannot
determine, the extent of potentially fraudulent, improper, or abusive
transactions. Because of the large number of transactions that met
these criteria, we did not look at all potential abuses of the purchase
card.
For those potentially fraudulent transactions that had been or were
being investigated at the five audited installations, we discussed the
cases with the investigators and/or obtained records and reports on the
investigations. We also interviewed purchase card officials and Army
criminal investigators to identify other Army purchase card fraud cases
that had been or were being investigated.
We did not audit the Defense Finance and Accounting Service‘s purchase
card payment process. We also did not audit electronic data processing
controls used in processing purchase card transactions. The
installations received paper monthly bills containing the charges for
their purchases and used manual processes for much of the period we
audited, which reduced the importance of electronic data processing
controls.
We briefed DOD managers, including officials in DOD‘s Purchase Card
Joint Program Management Office, major command purchase card program
coordinators, and purchase card program officials at the installations
we audited on the details of our review, including our objectives,
scope, and methodology and our findings. Written comments on a draft of
this report were received from the Acting Director of the Army
Contracting Agency and have been reprinted in appendix III. We
conducted our audit work from June 2001 through April 2002 in
accordance with generally accepted government auditing standards, and
we performed our investigative work in accordance with standards
prescribed by the President‘s Council on Integrity and Efficiency, as
adapted for GAO‘s work.
[End of section]
Appendix II: Overview of Army Purchase Card Program:
The Army‘s purchase card program is part of the Governmentwide
Commercial Purchase Card Program, which was established to streamline
federal agency acquisition processes by providing a low-cost, efficient
vehicle for obtaining goods and services directly from vendors. It was
intended to shorten the time between need and acquisition while
providing management with monthly reports and a thorough audit trail of
all purchases. Under a General Services Administration blanket
contract, the Army has contracted with U.S. Bank for its purchase card
services. DOD reported that it used purchase cards for about 10.7
million transactions, at a cost of over $6.1 billion, during fiscal
year 2001. The Army‘s reported purchase card activity totaled about 4.4
million transactions, valued at
$2.4 billion, during fiscal year 2001. This represented about 40
percent of DOD‘s activity for fiscal year 2001. The Army‘s purchase
card transactions were made with Visa cards issued to over 109,000
civilian and military personnel.
Table 12: Number and Value of Army Transactions in Fiscal Year 2001:
Major command and location: Forces Command; Number of transactions:
852,863; Cost of transactions: $438; Percent of total Army cost: 18.
Major command and location: Fort Hood; Number of transactions: 110,822;
Cost of transactions: 58; Percent of total Army cost: [Empty].
Major command and location: Training and Doctrine Command; Number of
transactions: 537,718; Cost of transactions: 267; Percent of total Army
cost: 11.
Major command and location: Fort Benning; Number of transactions:
44,421; Cost of transactions: 19; Percent of total Army cost: [Empty].
Major command and location: National Guard Bureau-Army; Number of
transactions: 498,924; Cost of transactions: 180; Percent of total Army
cost: 8.
Major command and location: Texas Army National Guard; Number of
transactions: 20,306; Cost of transactions: 7; Percent of total Army
cost: [Empty].
Major command and location: Medical Command; Number of transactions:
443,134; Cost of transactions: 233; Percent of total Army cost: 10.
Major command and location: Eisenhower Medical Center, Fort Gordon;
Number of transactions: 19,258; Cost of transactions: 9; Percent of
total Army cost: [Empty].
Major command and location: Materiel Command; Number of transactions:
408,217; Cost of transactions: 460; Percent of total Army cost: 19.
Major command and location: Soldier, Biological and Chemical Command; -
Natick; Number of transactions: 16,480; Cost of transactions: 96;
Percent of total Army cost: [Empty].
Major command and location: Other major commands; Number of
transactions: 1,650,000; Cost of transactions: 822; Percent of total
Army cost: 34.
Source: GAO analysis of Army purchase card program data.
[End of table]
DOD has mandated the use of the purchase card for all purchases at or
below $2,500, and it has authorized the use of the card to pay for
larger purchases. DOD has experienced significant growth in the program
since its inception and now estimates that approximately 95 percent of
its micropurchase transactions in fiscal year 2001 were made by
purchase card.
Governmentwide Purchase Card Program Guidelines:
The purchase card can be used for both micropurchases and payment of
other purchases. Although most cardholders have limits of $2,500, some
have limits of $25,000 or higher. The Federal Acquisition Regulation,
Part 13, ’Simplified Acquisition Procedures,“ establishes criteria for
using purchase cards to place orders and make payments. DOD and the
Army have supplements to this regulation that contain sections on
simplified acquisition procedures. U.S. Treasury regulations govern
purchase card payment certification, processing, and disbursement.
DOD‘s Purchase Card Joint Program Management Office, which is in the
Office of the Assistant Secretary of the Army for Acquisition Logistics
and Technology, has issued departmentwide guidance related to the use
of purchase cards. However, each service has its own policies and
procedures governing the purchase card program.
Army Purchase Card Acquisition and Payment Processes:
Within the Army, the overall management responsibility for the purchase
card program is under the cognizance of the agency program coordinator
within the Purchase Card Joint Program Management Office. However, the
function of this agency program coordinator and the office is limited
and most of the major management responsibility lies with the
contracting offices in the major commands and contracting offices at
the installations. At the installation, the program coordinator is
responsible for administering and overseeing the purchase card program
within his or her designated span of control and serving as the
communication link between the Army unit and the purchase card-issuing
bank. The other key personnel in the purchase card program are the
approving officials and the cardholders. They are responsible for
implementing internal controls to ensure that transactions are
appropriate.
Purchase Card Process:
Figure 2 illustrates the general design of the purchase card processes
for the Army. The overall process begins with the cardholder ordering
or purchasing a good or service. It ends with payment of the bill by
the Defense Finance and Accounting System.
Figure 2: Army Purchase Card Processes:
[See PDF for image]
Source: GAO analysis of Army purchase card program data.
[End of figure]
A purchase cardholder is the Army military service member or civilian
employee who has been issued a purchase card that bears the
cardholder‘s name and the assigned account number. Before the card is
issued, the cardholder is to receive training on purchase card policies
and activities. Each cardholder has an established daily and monthly
credit limit and is designated to make purchases at selected types of
vendors. The cardholder is expected to safeguard the purchase card as
if it were cash.
Purchase cardholders are delegated limited contracting officer-
ordering responsibilities, but they do not negotiate or manage
contracts. Cardholders use purchase cards to order goods and services
for their units as well as their customers. Cardholders may pick up
items ordered directly from the vendor or request that items be shipped
directly to receiving locations or end users.
The approving official is responsible for providing reasonable
assurance that all purchases made by the cardholders within his or her
cognizance were appropriate and that the charges are accurate. The
approving official is supposed to resolve all questionable purchases
with the cardholder before certifying the bill for payment. In the
event an unauthorized purchase is detected, the approving official is
supposed to notify the program coordinator and other appropriate
personnel within the command in accordance with the command procedures.
After reviewing the monthly statement, the approving official is to
certify the monthly invoice and send it to the Defense Finance and
Accounting Service for payment.
The purchase card payment process begins with receipt of the monthly
purchase card billing statements from the bank. Section 933 of the
National Defense Authorization Act for Fiscal Year 2000, Public Law
106-65, requires DOD to issue regulations that ensure that purchase
cardholders and each official with authority to authorize expenditures
charged to the purchase card reconcile charges with receipts and other
supporting documentation. Army memos and regulations provide that upon
receipt of the individual cardholder statement, the cardholder is to
reconcile the transactions appearing on the statement by verifying
their accuracy to the transactions appearing on the statement and
notify the approving official in writing of any discrepancies in the
statement.
Before the credit card bill is paid the approving official is
responsible for (1) providing reasonable assurance that all purchases
made by the cardholders within his or her cognizance are appropriate
and that the charges are accurate and (2) the timely certification of
the monthly billing statement for payment by the Defense Finance and
Accounting Service. The approving official must review and certify for
payment the monthly billing statement, which is a summary invoice of
all transactions of the cardholders under the approving official‘s
purview.
Upon receipt of the certified monthly purchase card summary statement,
a Defense Finance and Accounting Service vendor payment clerk is to
(1) review the statement and supporting documents to confirm that the
prompt-payment certification form has been properly completed and
(2) subject it to automated and manual validations. The Defense Finance
and Accounting Service effectively serves as a payment processing
service and relies on the approving official certification of the
monthly payment as support to make the payment. The Defense Finance and
Accounting Service vendor payment system then batches all of the
certified purchase card payments for that day and generates a tape for
a single payment to U.S. Bank by electronic funds transfer.
[End of section]
Appendix III: Comments from the Department of Defense:
REPLY TO ATTENTION OF:
DEPARTMENT OF THE ARMY:
OFFICE OF THE ASSISTANT SECRETARY OF THE ARMY ACQUISITION LOGISTICS AND
TECHNOLOGY 103 ARMY PENTAGON WASHINGTON DC 20310-0103:
17 JUN 2002:
Mr. Gregory D. Kutz Director:
Financial Management and Assurance United States General Accounting
Office Washington, D.C. 20548:
Dear Mr. Kutz:
As the Executive Agent for the Department of Defense Purchase Card
Program, this is the Department‘s response to the General Accounting
Office (GAO) draft report ’Purchase Cards Controls Weaknesses Leave
Army Vulnerable to Fraud, Waste and Abuse“ dated June 3, 2002 (GAO Code
192024).
The Army concurs in each of the recommendations cited in the draft
report with the exception of the recommendation that calls for the
inclusion of pre-purchase approvals and independent receiving and
acceptance of goods and services in an Army-wide purchase card standard
operating procedure. Broad application of advance approval of micro
purchases and independent receiving and acceptance will add costs to
the process without a comparable reduction in risk.
The point of contact for this is Mr. Bruce E. Sullivan, Director,
Purchase Card Joint Program Management Office, 703-681-7564, DSN 761-
681-7564, or e-mail:
Bruce. SuIlivan@saalt.army.mil.
Enclosed is a listing of your recommendations and the Army response.
Sincerely,
Mark J. Lumer:
Acting Director of the Army Contracting Agency:
Signed by Mark J. Lumer:
Enclosure:
GAO CODE 192024/ DRAFT GAO-02-732 PURCHASE CARDS CONTROLS WEAKNESSES
LEAVE ARMY VULNERABLE FOR FRAUD, WASTE, AND ABUSE:
DEPARTMENT OF THE ARMY COMMENTS TO THE RECOMMENDATIONS:
Overall Program Management and Environment:
RECOMMENDATION: Address key control environment issues in Army-wide
standard operating procedures. At a minimum, the following key issues
should be included in the procedure:
-Controls over the issuance and assessment of ongoing need for cards,
-Cancellation of cards when a cardholder leaves the Army, is
reassigned, or no longer has a valid need for the card,
-Span of control of the approving official, and - Appropriate
cardholder spending limits.
ARMY Response: Concur; the Army‘s Standard Operating Procedure is
almost complete. The procedures include policy coverage on the above
four issues. The Standard Operating Procedures will be published no
later than 30 June 2002.
RECOMMENDATION: Help ensure that program coordinators and approving
officials have the needed authority, including grade level, to serve as
the first line of defense against purchase card fraud, waste, and abuse
by issuing a policy directive that specifically addresses their
positions, roles, and job descriptions. Policies should also be
established that hold these officials accountable for their purchase
card program duties through performance expectations and evaluations.
ARMY Response: Concur; the Army will issue policy directing Army
Activities to ensure adequate resources (numbers and grade) are
committed to the program, positions are adequately described, and that
program official performance evaluations accurately portray adherence
to program requirements. Guidance will be transmitted no later than 30
June 2002.
RECOMMENDATION: Assess the adequacy of human capital resources devoted
to the purchase card program, especially for oversight activities, at
each management level, and provide needed resources.
ARMY Response: Concur; the Army will issue policy directing Army
Activities to ensure adequate resources (numbers and grade) are
committed to the program, positions are adequately described, and that
program official performance evaluations accurately portray adherence
to program requirements. Guidance will be transmitted no later than 30
June 2002.
RECOMMENDATION: Develop and implement a program oversight system for
program coordinators that includes standard activities and analytical
tools to be used in evaluating program results.
ARMY Response: Concur; The Army‘s Standard Operating Procedure will
include checklists for program coordinators to use in performance of
program reviews. In addition, the bank will be requested to develop
C.A.R.E. queries that the program coordinators can use in evaluating
program performance.
RECOMMENDATION: Develop performance measures and goals to assess the
adequacy of internal control activities and the oversight program.
ARMY Response: Concur; In addition to performing quarterly span of
control reviews and purges of inactive cards, the Army will analyze
Army results of the DOD Data Mining effort to measure ’health“ of the
program and to identify trends.
RECOMMENDATION: Require reviews of existing cardholders and their
monthly spending limits to help ensure that only those individuals with
valid continuing purchasing requirements possess cards and that the
monthly spending limits are appropriate for the expected purchasing
activity. These reviews should result in canceling unneeded cards Army-
wide and especially at Fort Hood where we found a significant problem.
ARMY Response: Concur; The Army issued a memorandum on May 22, 2002,
which requested Heads of Contracting Activities to ensure cards are
issued only to individuals with bonafide needs and that limits
(cardholder or approving official) reflect actual needs and available
funding. The Army will request the Army Audit Agency to verify that
these actions have been accomplished.
Specific Internal Control Activities:
RECOMMENDATION: Direct the implementation of specific internal control
activities for the purchase card program in an Army-wide standard
operating procedure. While a wide range of diverse activities can
contribute to a system that provides reasonable assurances that
purchases are correct and proper, at a minimum the following activities
should be included in the promulgated procedure:
-Advance approval of purchases, including blanket approval for routine,
low dollar purchases,
-Independent receiving and acceptance of goods and services,
-Independent review by an approving official of the cardholder‘s
monthly statements and supporting documentation,
-Approving official reconciling the charges on the monthly statement
with invoices and other supporting documentation and forwarding the
reconciled statement to the designated disbursing office for payment as
required by government-wide and DOD regulations, and:
-Cardholders obtain and retain invoices that support their purchases
and provide the basis for reconciling cardholder statements.
ARMY Response: Concur; the development of the Army Standard Operating
Procedure is almost complete. The procedures include policy coverage on
the above five issues with the exception of independent receipt and
acceptance. Broad application of advance approval of micro purchases
and independent receiving and acceptance will add costs to the process
without a comparable reduction in risk. The standard operating
procedures will include the listing of prohibitive and advance approval
items developed by the DOD Task Force Concept of Operations Subgroup.
RECOMMENDATION: Develop and implement procedures and checklists for
approving officials to use in the monthly review of cardholders‘
transactions. These procedures and checklists should specify the type
and extent of review that is expected and the required review
documentation.
ARMY Response: Concur; the Standard Operating Procedure will include
procedures and checklists for approving officials to use in the monthly
review of cardholders‘ transactions.
RECOMMENDATION: Reiterate records retention policy for purchase card
transaction files and require that compliance with record retention
policy be assessed during the program coordinator‘s annual review of
each approving official.
ARMY Response: Concur; the Standard Operating Procedure will identify
the retention policy and will also the include procedures and
checklists for program coordinator‘s annual review of each approving
official.
RECOMMENDATION: Require the development and implementation of
coordination and reporting procedures to help ensure that accountable
property bought with the purchase card is brought under appropriate
control.
ARMY Response: Concur; the checklists developed for approving official
review of cardholders will include proper reporting of accountable
property. Cardholders will be required to present hand receipts for
items selected by the approving official for review that fall within
the Department of the Army and Local Command accountable property
definition.
Potentially Fraudulent. Improper. and Abusive and Questionable
Purchases:
RECOMMENDATION: Require additional prior documented justification and
approval of those planned purchases that are ’questionable“-that fall
outside the normal procurements of the cardholder in term of either
dollar amount or type of purchase.
ARMY Response: Concur; The Army‘s standard operating procedure will
include the listing of advance approval items developed by the DOD Task
Force Concept of Operations Subgroup. Additionally, a category of items
falling outside the ’common sense“ rule will be developed which will
require advance approval. The purchase of any item that would cause one
to question the appropriate expenditure of taxpayers‘ money will
require advance approval.
RECOMMENDATION: Analyze the procurements of continuing requirements
through micro purchases and require the use of appropriate contracting
processes to help ensure that such purchases are acquired at best
prices.
ARMY Response: Concur; The Army has historically stressed the
importance of cardholders buying items that offer the best value and to
take advantage of existing contract pricing such as offered in GSA
Advantage! Contracting offices will be required to review installation
purchases to determine if opportunities exist to establish
requirements-type contracts.
RECOMMENDATION: Develop an Army-wide database on known fraud cases that
can be used to identify potential deficiencies in existing internal
control and to develop and implement additional control activities, if
warranted or justified.
ARMY Response: Concur, in part; The DODIG has been directed to develop
a centralized purchase card database on known fraud cases and audit
results that can be used to identify potential deficiencies in existing
internal controls. The Army will evaluate the Army cases and audits to
determine the effectiveness of existing controls and make changes if
additional internal controls are warranted.
RECOMMENDATION: Develop and implement an Army-wide data mining,
analysis, and investigation function to supplement other oversight
activities. This function should include providing oversight results
and alerts to major command and installations when warranted.
ARMY Response: Concur, in part; The DOD has initiated a DOD data-mining
program that will evaluate Army and other defense component card
transactions. Development of an Army database will only duplicate those
efforts. The Army will work closely with the DOD Data mining group to
ensure Army activities are quickly alerted to identify transactions and
effective actions are taken.
RECOMMENDATION: We also recommend that the Under Secretary of Defense
(Comptroller) direct the Charge Card Task Force to assess the above
recommendations, and to the extent applicable, incorporate them into
its recommendations to improve purchase card policies and procedures
throughout DOD.
ARMY Response: The DOD Task Force has assessed the Army GAO findings to
ensure the weaknesses uncovered were addressed in their evaluation and
recommendations. Several of the Task Force recommendations were
generated from information provided by the GAO during their audit of
the Army‘s program.
[End of section]
Appendix IV: GAO Contacts and Staff Acknowledgments:
GAO Contacts:
David Childress, (202) 512-4639
Ray B. Bush, (404) 679-1915
David Shoemaker, (404) 679-1867:
Acknowledgments:
Staff making key contributions to this report were Wendy Ahmed,
William B. Bates, Bertram J. Berlin, James D. Berry, Jr., Johnny R.
Bowen, Francine M. DelVecchio, Ronald M. Haun, James P. Haynes,
Kenneth M. Hill, Fred Jimenez, Mitchell B. Karpman, Richard A. Larsen,
Christie M. Mackie, Judy K. Pagano, John J. Ryan, and Sidney H.
Schwartz.
FOOTNOTES:
[1] U.S. General Accounting Office, Purchase Cards: Control Weaknesses
Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-01-995T
(Washington, D.C.: July 30, 2001) and Purchase Cards: Continued Control
Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-02-
506T (Washington, D.C.: Mar. 13, 2002).
[2] For this report, we limit the use of the term ’fraudulent“ to
describe those instances in which someone has been convicted, or
punished under the Uniform Code of Military Justice, of fraudulent
activity. In all other circumstances we use the phrase ’potentially
fraudulent.“
[3] In our work, data mining involved the manual or electronic sorting
of purchase card data to identify and select for further follow-up and
analysis transactions with unusual or questionable characteristics.
[4] Approving officials are also referred to as either billing
officials or certifying officials. These three terms are often used
interchangeably.
[5] Memorandum from Director, Purchase Card Joint Program Management
Office, to assistant secretaries of defense agencies. Subject: Internal
and Management Controls - DOD Purchase Card Program (July 5, 2001).
[6] GAO-01-995T.
[7] GAO-01-995T.
[8] Memorandum from Director, Defense Procurement, Office of the Under
Secretary of Defense, to directors of defense agencies. Subject:
Government Purchase Card - Internal Controls (Aug. 13, 2001).
[9] Memorandum from Director, Purchase Card Joint Program Management
Office, to agency program coordinators. Subject: Internal Controls
(Feb. 1, 2002).
[10] Memorandum from Acting Deputy Assistant Secretary of the Army
(Procurement), Office of the Assistant Secretary of the Army for
Acquisition, Logistics and Technology, to the heads of defense
contracting agencies. Subject: Management Controls - Army Purchase Card
Program (Aug. 3, 2001).
[11] GAO-01-995T; U.S. General Accounting Office, Purchase Cards:
Control Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse,
GAO-02-32 (Washington, D.C.:
Nov. 30, 2001); and GAO-02-506T.
[12] Memorandum from the Department of the Army, Office of the
Assistant Secretary of the Army, Acquisition Logistics and Technology,
Director, Purchase Card Joint Program Management Office. Subject:
Internal and Management Controls - DOD Purchase Card Program (July. 5,
2001).
[13] Department of Defense, Office of the Inspector General, Controls
Over the DOD Purchase Card Program, D-2002-075 (Washington, D.C.: Mar.
29, 2002).
[14] Memorandum from Acting Deputy Assistant Secretary of the Army
(Procurement), Office of the Assistant Secretary of the Army for
Acquisition, Logistics and Technology, to the heads of defense
contracting agencies. Subject: Management Controls - Army Purchase Card
Program (Aug. 3, 2001).
[15] Memorandum from Director, Purchase Card Joint Program Management
Office, to agency program coordinators. Subject: Internal Controls
(Feb. 1, 2001).
[16] Joint Report of the Purchase Card Financial Management Team and
the Purchase Card Integrated Product Team to the Under Secretary of
Defense (Acquisition and Technology) and the Under Secretary of Defense
(Comptroller) (Washington, D.C.: Feb. 26, 1997).
[17] Memorandum from the Acting Deputy Assistant Secretary of the Army
(Procurement), Office of the Assistant Secretary of the Army,
Acquisition Logistics and Technology, to the heads of Army contracting
offices. Subject: Management Controls - Army Purchase Card Program
(Aug. 3, 2001).
[18] Section 4520 defines the approving official as an individual who
(1) reviews cardholder statement(s), (2) is responsible for authorizing
cardholder purchases, and (3) ensures that the statement is reconciled
and submitted to the designated billing office on time.
[19] For example, the April 30 letter cites the Financial Management
Regulation, volume 10, chapter 10, section 1203, which says that (1)
cardholders are to reconcile each statement against supporting
documentation and sign the statement and (2) approving officials are to
reconcile the cardholders‘ statement and sign the consolidated monthly
bill.
[20] 63 Comptroller General Decisions 245, 247 (1984). In requesting
the Comptroller General‘s approval of the purchases, the agency
represented that ’the parkas would be labeled as [agency] property,
centrally controlled, and issued and reissued to employees only for job
requirements.“
GAO‘s Mission:
The General Accounting Office, the investigative arm of Congress,
exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO‘s commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO‘s Web site (www.gao.gov) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as ’Today‘s Reports,“ on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select ’Subscribe to daily E-mail alert for newly
released products“ under the GAO Reports heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. General Accounting Office
441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone: Voice: (202) 512-6000
TDD: (202) 512-2537
Fax: (202) 512-6061
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470
Public Affairs:
Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800
U.S. General Accounting Office, 441 G Street NW, Room 7149
Washington, D.C. 20548:
