Governmentwide Purchase Cards

Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchases Gao ID: GAO-08-333 March 14, 2008

Over the past several years, GAO has issued numerous reports and testimonies on internal control breakdowns in certain individual agencies' purchase card programs. In light of these findings, GAO was asked to analyze purchase card transactions governmentwide to (1) determine whether internal control weaknesses existed in the government purchase card program and (2) if so, identify examples of fraudulent, improper, and abusive activity. GAO used statistical sampling to systematically test internal controls and data mining procedures to identify fraudulent, improper, and abusive activity. GAO's work was not designed to determine the overall extent of fraudulent, improper, or abusive transactions.

Internal control weaknesses in agency purchase card programs exposed the federal government to fraud, waste, abuse, and loss of assets. When testing internal controls, GAO asked agencies to provide documentation on selected transactions to prove that the purchase of goods or services had been properly authorized and that when the good or service was delivered, an individual other than the cardholder received and signed for it. Using a statistical sample of purchase card transactions from July 1, 2005, through June 30, 2006, GAO estimated that nearly 41 percent of the transactions failed to meet either of these basic internal control standards. Using a second sample of transactions over $2,500, GAO found a similar failure rate--agencies could not demonstrate that 48 percent of these large purchases met the standard of proper authorization, independent receipt and acceptance, or both. Breakdowns in internal controls, including authorization and independent receipt and acceptance, resulted in numerous examples of fraudulent, improper, and abusive purchase card use. These examples included instances where cardholders used purchase cards to subscribe to Internet dating services, buy video iPods for personal use, and pay for lavish dinners that included top-shelf liquor. GAO identified some of the case studies, including one case where a cardholder used the purchase card program to embezzle over $642,000 over a period of 6 years from the Department of Agriculture's Forest Service firefighting fund. This cardholder was sentenced to 21 months in prison and ordered to pay full restitution. In addition, agencies were unable to locate 458 items of 1,058 total accountable and pilferable items totaling over $2.7 million that GAO selected for testing. These missing items, which GAO considered to be lost or stolen, totaled over $1.8 million and included computer servers, laptop computers, iPods, and digital cameras. For example, the Department of the Army could not adequately account for 256 items making up 16 server configurations, each of which cost nearly $100,000.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:

GAO-08-333, Governmentwide Purchase Cards: Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchases This is the accessible text file for GAO report number GAO-08-333 entitled 'Governmentwide Purchase Cards: Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchases' which was released on April 9, 2008. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to the Permanent Subcommittee on Investigations, Committee on Homeland Security and Governmental Affairs, U.S. Senate: United States Government Accountability Office: GAO: March 2008: Governmentwide Purchase Cards: Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchases: Governmentwide Purchase Cards: GAO-08-333: GAO Highlights: Highlights of GAO-08-333, a report to the Permanent Subcommittee on Investigations, Committee on Homeland Security and Governmental Affairs, U.S. Senate. Why GAO Did This Study: Over the past several years, GAO has issued numerous reports and testimonies on internal control breakdowns in certain individual agencies‘ purchase card programs. In light of these findings, GAO was asked to analyze purchase card transactions governmentwide to (1) determine whether internal control weaknesses existed in the government purchase card program and (2) if so, identify examples of fraudulent, improper, and abusive activity. GAO used statistical sampling to systematically test internal controls and data mining procedures to identify fraudulent, improper, and abusive activity. GAO‘s work was not designed to determine the overall extent of fraudulent, improper, or abusive transactions. What GAO Found: Internal control weaknesses in agency purchase card programs exposed the federal government to fraud, waste, abuse, and loss of assets. When testing internal controls, GAO asked agencies to provide documentation on selected transactions to prove that the purchase of goods or services had been properly authorized and that when the good or service was delivered, an individual other than the cardholder received and signed for it. Using a statistical sample of purchase card transactions from July 1, 2005, through June 30, 2006, GAO estimated that nearly 41 percent of the transactions failed to meet either of these basic internal control standards. Using a second sample of transactions over $2,500, GAO found a similar failure rate”agencies could not demonstrate that 48 percent of these large purchases met the standard of proper authorization, independent receipt and acceptance, or both. Breakdowns in internal controls, including authorization and independent receipt and acceptance, resulted in numerous examples of fraudulent, improper, and abusive purchase card use. These examples included instances where cardholders used purchase cards to subscribe to Internet dating services, buy video iPods for personal use, and pay for lavish dinners that included top-shelf liquor. The table below shows some of the case studies GAO identified, including one case where a cardholder used the purchase card program to embezzle over $642,000 over a period of 6 years from the Department of Agriculture‘s Forest Service firefighting fund. This cardholder was sentenced to 21 months in prison and ordered to pay full restitution. Table: Fraudulent, Improper, and Abusive3 Purchases by Cardholders: Type of Purchase: Fraudulent; Agency: Department of Agriculture; Amount: $642,000; Activity: Cardholder used convenience checks to embezzle public funds for over 6 years. The $642,000 was used for personal expenditures, such as gambling, car and mortgage payments, and other retail purchases. Type of Purchase: Improper; Agency: Department of Energy; Amount: $112,300; Activity: Cardholder improperly used convenience checks”and consequently had to pay thousands in fees”for relocation services. Agency policy generally prohibits convenience checks above $3,000. Type of Purchase: Abusive; Agency: Department of Defense; Amount: $77,700; Activity: Four cardholders purchased expensive suits and accessories from Brooks Brothers and other high-end clothing stores to outfit several servicemembers. Source: GAO analysis of bank data and supporting documentation. [End of table] In addition, agencies were unable to locate 458 items of 1,058 total accountable and pilferable items totaling over $2.7 million that GAO selected for testing. These missing items, which GAO considered to be lost or stolen, totaled over $1.8 million and included computer servers, laptop computers, iPods, and digital cameras. For example, the Department of the Army could not adequately account for 256 items making up 16 server configurations, each of which cost nearly $100,000. What GAO Recommends: To reduce fraud, waste, and abuse governmentwide, GAO made 13 recommendations to the Office of Management and Budget (OMB) and the General Services Administration (GSA) to instruct agencies to strengthen purchase card controls in the areas of convenience checks and property, and impose financial liability for unauthorized purchases, among other things. OMB agreed and GSA partially agreed. Although it manages the purchase card program, GSA did not agree that it had the authority to help agencies improve controls over independent receipt and acceptance or asset accountability”two areas where the use of purchase cards poses unique internal control challenges. To view the full product, including the scope and methodology, click on [hyperlink,http://www.gao.gov/cgi-bin/getrpt?GAO-08-333]. For more information, contact Gregory Kutz at (202) 512-6722 or kutzg@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: Key Internal Controls Were Ineffective: Fraudulent and Potentially Fraudulent, Improper, and Abusive Transactions: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Prior GAO Purchase Card Audits: Appendix II: Objectives, Scope, and Methodology: Appendix III: Comments from the Office of Management and Budget: Appendix IV: Comments from the General Services Administration: Appendix IV: GAO Contact and Staff Acknowledgments: Tables: Table 1: Statistical Testing Results--All Purchase Card Activity over $50: Table 2: Comparison of Governmentwide Sampling Results to Previous Rates at Certain Individual Agencies and Locations: Table 3: Statistical Testing Results--Purchase Transactions over $2,500: Table 4: Fraudulent and Potentially Fraudulent Activity: Table 5: Examples of Improper and Abusive Purchases: Figures: Figure 1: Purchase Card Expenditures, Fiscal Years 1989 through 2006: Figure 2 Purchase Card Accounts, Fiscal Years 1989 through 2006: United States Government Accountability Office: Washington, DC 20548: March 14, 2008: The Honorable Carl Levin: Chairman: The Honorable Norm Coleman: Ranking Member: Permanent Subcommittee on Investigations: Committee on Homeland Security and Governmental Affairs: United States Senate: The serious fiscal challenges facing the federal government demand that agencies do everything they can to operate as efficiently as possible. The federal government spends billions annually through its purchase card programs, using purchase cards and convenience checks[Footnote 1] to acquire millions of items--everything from paper and pencils to computers--and to make payments on government contracts for a variety of goods and services, such as vehicles and relocation services. The primary responsibility for purchasing these items rests with cardholders and the officials who approve their purchases. Because of the position of public trust held by federal employees, Congress and the American people expect cardholders and approving officials to maintain stewardship over the federal funds at their disposal. Specifically, purchase cardholders and approving officials are expected to follow published acquisition requirements and exercise a standard of care in acquiring goods and services that is necessary and reasonable (i.e., not extravagant or excessive) for the proper operation of an agency. Because every federal dollar that is spent on fraudulent, improper, and abusive purchases is a dollar that cannot be used for necessary government goods and services, ensuring that purchase cards are used responsibly is of particular concern at a time when the United States is experiencing substantial fiscal challenges. Our previous work has shown that using the purchase card for small purchases has reduced administrative costs and increased the flexibility to meet a variety of government needs. If properly used, purchase cards can also help to fulfill other objectives, such as providing opportunities for small, disadvantaged businesses.[Footnote 2] The Federal Acquisition Regulation (FAR) designates the purchase card as the preferred method for making micropurchases.[Footnote 3] At the time of our audit, a micropurchase was defined as any purchase under $2,500.[Footnote 4] In addition to making micropurchases, government purchase cards may also be used to make payments under established contracts. According to the General Services Administration (GSA), the purchase card program had substantially improved procurement efficiencies, which resulted in about $1.8 billion in annual savings, as compared to prior paper-based procurement processes. GSA also asserted that in fiscal year 2007, the five credit card banks provided government agencies with refunds exceeding $170 million[Footnote 5] from card activity. The purchase card program had brought substantial cost reduction to the federal procurement process. However, since calendar year 2001, we have testified and reported on the purchase card programs at a number of agencies, which demonstrated that if not properly managed and controlled, use of the purchase card results in fraud, waste, and abuse (see app. I for previous GAO reports). For example, in September 2006, we reported that weaknesses in the Department of Homeland Security's (DHS) purchase card program resulted in over 100 lost (and presumed stolen) laptop computers; unauthorized acquisition and excessive cost related to the purchase of 20 flat-bottom boats, 12 of which were missing; and thousands of meals ready-to-eat stored in a warehouse in El Paso, Texas, more than 7 months after they were purchased for DHS employees assisting with the response to hurricanes Katrina and Rita.[Footnote 6] In response to our findings of fraud, waste, and abuse at the Department of Defense (DOD), Congress enacted legislation specifically directed at improving the management of DOD's purchase card program.[Footnote 7] However, concerns remain over whether purchase card usage continues to expose the federal government to increased risk of fraud, waste, and abuse. Therefore, you asked us to (1) determine whether internal control weaknesses in the purchase card program existed governmentwide and (2) if so, identify specific examples of fraudulent, improper, and abusive activity.[Footnote 8] To identify control weaknesses and specific examples of fraudulent, improper, and abusive activity, we reviewed applicable federal laws and regulations related to the FAR and purchase card uses. We also identified and applied the internal control principles contained in Standards for Internal Control in the Federal Government,[Footnote 9] Audit Guide: Auditing and Investigating the Internal Control of Government Purchase Card Programs,[Footnote 10] and selected agencies' purchase card policies and procedures.[Footnote 11] We then obtained purchase card transaction data from the five banks that supplied purchase cards governmentwide. Using these data, we selected two probability (statistical) samples[Footnote 12] of purchase card activities--one covering the population of purchase card activity over $50 from July 1, 2005, through June 30, 2006, totaling almost $14 billion, and a second sample covering acquisitions over the micropurchase threshold during the same time period. In our statistical samples, we included purchase card transactions from federal agencies that are required to follow the FAR, including executive departments, independent establishments, and wholly owned federal government corporations as defined by the United States Code.[Footnote 13] We refer to these entities as executive agencies. We excluded transactions from the legislative and judicial branches, entities under treaty with the United States, and federal agencies with specific authority over their own purchase card programs.[Footnote 14] We tested these samples for proper authorization and independent receipt and acceptance. Where the purchase involved the acquisition of accountable or highly pilferable items that can easily be converted to personal use, such as cameras, laptops, cell phones, and iPods, we performed work to verify that the government could account for or had possession of these items.[Footnote 15] To identify additional examples of fraudulent, improper, and abusive purchase card activity, we data mined purchase card transactions from July 1, 2005, through September 30, 2006. This period included an additional 3 months of data subsequent to the period included in our statistical samples. We data mined using a number of criteria, including identifying vendors of goods or services prohibited by the agency or likely to be for personal use, split purchases, year-end purchases, and pilferable and accountable property purchases, among others. We also data mined transactions from federal agencies that had been granted specific authority over their own purchase card programs, such as the U.S. Postal Service (USPS).[Footnote 16] For these transactions, we requested and reviewed supporting documentation provided by the agency and conducted investigative work. Where a data- mining transaction was related to the acquisition of accountable and pilferable property, we also performed work to verify that the government had possession of the purchased items. While we identified fraudulent, improper, and abusive transactions, our work was not designed to identify, and we cannot determine, the extent of fraud, waste, and abuse occurring in the population of governmentwide purchase card transactions. We conducted this performance audit from September 2006 through February 2008 in accordance with U.S. generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. We performed our investigative work in accordance with standards prescribed by the President's Council on Integrity and Efficiency. Appendix II provides further detail on our scope and methodology. Results in Brief: Internal control weaknesses in agency purchase card programs exposed the federal government to fraudulent, improper, and abusive purchases and loss of assets. Based on our statistical testing of all purchase card transactions, we estimated that 41 percent of the transactions were not properly authorized, or there was no evidence that the goods and services were received by an independent party (independent receipt and acceptance). For purchases exceeding the micropurchase threshold of $2,500, we estimated that 48 percent did not have proper authorization or independent receipt and acceptance. With respect to purchases over the micropurchase threshold, we also tested whether agency officials obtained the requisite number of bids or quotes prior to purchase, or showed evidence that competition was not required, as part of our test for proper authorization. Additionally, our inventory work on a nonrepresentative selection of assets found that control weaknesses over accountable property procured with the purchase card resulted in missing or stolen assets; some of these assets appeared to have been acquired for personal use. We also found that agencies could not provide evidence showing that they had possession of, or could otherwise account for, 458 of 1,058 accountable and pilferable items. The missing items were valued at over $1.8 million, out of over $2.7 million tested. Overall, the results of this audit show that the governmentwide failure rate is unacceptably high. However, it is lower than the failure rates we have previously reported at certain individual agencies. For example, in 2002, we reported that the estimated failure rate for independent receipt and acceptance was 87 percent at one Department of the Army (Army) location,[Footnote 17] and in 2006, we estimated that 63 percent of DHS purchase card transactions failed the same control test.[Footnote 18] In comparison, for this audit, we estimate that 34 percent of governmentwide transactions did not have receipt and acceptance. Because prior audits had been restricted to individual agencies, we cannot state conclusively that the lower failure rate is attributable to improvements in internal controls governmentwide. However, some agencies with large purchase card activities, such as DOD, have implemented improved internal controls in response to our previous recommendations. The Office of Management and Budget (OMB) also increased scrutiny over the program, as evidenced by the issuance in 2005 of Appendix B of OMB Circular No. A-123, Improving the Management of the Government Charge Card Program, prescribing purchase card program guidance and requirements. Weak internal controls over proper authorization and independent receipt of purchase card acquisitions expose the government to fraudulent, improper, and abusive purchase card activity and loss of assets. Examples of fraudulent, improper, and abusive activity we identified through statistical sampling and data mining of purchase card transactions governmentwide[Footnote 19] included the following: * A postmaster at USPS used his government purchase card to fraudulently subscribe to two Internet dating services over 15 consecutive months (April 2004 through October 2006). The monthly charges for these dating services were the only charges that appeared on the cardholder's monthly statements during this period; yet each of these charges was authorized and paid for by USPS. The cardholder paid restitution of over $1,100 but faced no disciplinary action for this fraud. * From October 2000 through September 2006, a cardholder at the Department of Agriculture (USDA) fraudulently paid over $642,000 to a live-in boyfriend who shared the same bank account as the cardholder. The $642,000 was used for personal expenditures, such as gambling, car loan and mortgage payments, and other retail purchases. The activities took place over a 6-year period, but were not detected by the agency until a whistleblower reported the cardholder to the agency's Office of Inspector General in 2006. The cardholder was sentenced to 21 months in prison and ordered to pay restitution of over $642,000. * One USDA cardholder used year-end funds to acquire a Toyota Sienna and a Toyota Land Cruiser totaling nearly $80,000. Although the purchases were made at the request of two Foreign Agricultural Service offices, the cardholder violated agency policy by failing to acquire a GSA waiver.[Footnote 20] The cardholder also used four convenience checks, purchasing the Toyota Sienna with one check and splitting the payment for the Land Cruiser into three separate checks because its purchase price exceeded the convenience checks' maximum purchase limit. Although documentation from USDA showed that the vehicles were shipped overseas to the units that requested them, we did not perform additional work to determine whether these vehicles represented a valid government need. * One cardholder at DHS improperly bypassed competitive requirements of the FAR to purchase three personal computers totaling over $8,000. In this instance, the person who requested the computers provided the purchase cardholder with the specifications and a request that the items be purchased from the requesting individual's preferred vendor. The cardholder did not apply due diligence by obtaining competitive quotes from additional vendors. Instead, the cardholder asked the requesting official to provide two "higher priced" quotes from additional vendors. In doing so, the cardholder circumvented the rules and obtained the items without competitive sourcing as required by the FAR. * USPS paid over $13,000 for 81[Footnote 21] conference attendees to dine at an upscale steak restaurant in Orlando, Florida, in 2006. The dinner, which cost over $160 per person, included steaks, crab, appetizers, and over $3,000 in alcoholic beverages purchased over a 5- hour period. We define this transaction as abusive. * At the National Aeronautics and Space Administration (NASA), a cardholder used the government purchase card to acquire two 60GB iPods. Although NASA officials maintained that the iPods were essential for official data storage, we found that the cardholder personalized the iPods with the requester's and agency's names and used the iPods to store songs and music videos. Although the iPods had some business files on them, we concluded that the purchase was abusive because other data storage devices without video and audio capabilities were available at lower costs. This report contains recommendations to OMB and GSA aimed at minimizing improper and abusive purchase card activities. Our recommendations address the need for OMB and GSA to provide guidance and instructions directing agencies to strengthen internal controls over the purchase card programs, including controls over convenience checks and accountable property acquired with the purchase card, and to impose liability for unauthorized purchases. Further, we discussed cases of potential fraud, waste, and abuse we identified in this report with respective agency management or inspector general offices for further actions, including, if warranted, repayment of the cost of improper purchase card use and disciplinary actions against those who have abused their purchase cards. In written comments on a draft of this report, OMB agreed and GSA partially agreed with our recommendations. GSA wholly or partially concurred with 4 recommendations, but disagreed with the majority of our recommendations. GSA stated that it was not within the scope of its authority to issue guidance and reminders encouraging agencies to document independent receipt and acceptance of items purchased with a government purchase card, and improving accountability over accountable and pilferable items purchased with government purchase cards, including sensitive and pilferable property. GSA stated that receipt and acceptance and property accountability are the responsibilities of the agencies, and that our recommendations should be modified to reflect this. GSA partially concurred with our recommendation that travelers be reminded to reduce per diem if a traveler is provided with government meals, stating that it would issue guidance in this matter, but arguing that the per diem issue was not specific to purchase cards. We disagree with GSA's assessments of its authority and reiterate support for our recommendations. We agree with GSA that the problems we identified with property accountability and receipt and acceptance go beyond the bounds of strictly purchase card issues. However, our work over the last several years has also identified substantial problems with property accountability and independent receipt and acceptance of goods and services bought with purchase cards; these problems are inherent to the flexibility provided by the purchase card program. The fact that governmentwide policies in these areas do not currently exist demonstrates that GSA needs to formulate guidance that is consistent and available to every agency. We believe that these recommendations are consistent with GSA's mandate as the overall manager for the purchase card program. As an agency with overall responsibility for the purchase card program, GSA should assume a proactive approach in identifying--and helping agencies address--challenges to agencies' internal control systems that have arisen partly as a result of purchase card use. As its response indicates, OMB is taking a proactive approach to purchase card management, and may be in a position to help GSA overcome the perceived lack of authority. See the Agency Comments and Our Evaluation section of this report for a more detailed discussion of the agency comments. We have reprinted the OMB and GSA written comments in appendixes III and IV, respectively. Background: GSA administers the federal government's SmartPay� purchase card program, which has been in existence since the late 1980s. The purchase card program was created as a way for agencies to streamline federal acquisition processes by providing a low-cost, efficient vehicle for obtaining goods and services directly from vendors. The purchase card can be used for simplified acquisitions, including micropurchases, as well as to place orders and make payments on contract activities. The FAR designated the purchase card as the preferred method of making micropurchases. In addition, part 13 of the FAR, "Simplified Acquisition Procedures," establishes criteria for using purchase cards to place orders and make payments. Figure 1 shows the dramatic increase in purchase card use since the inception of the SmartPay� program. Figure 1: Purchase Card Expenditures, Fiscal Years 1989 through 2006: This figure is a line graph showing purchase card expenditures, fiscal years 1989 through 2006. The X axis is the fiscal year, and the Y axis will be the dollars spent (in billions). Fiscal year: "1989"; Dollars spent: 0.009. Fiscal year: "1990"; Dollars spent: 0.068. Fiscal year: "1991"; Dollars spent: 0.168. Fiscal year: "1992"; Dollars spent: 0.307. Fiscal year: "1993"; Dollars spent: 0.538. Fiscal year: "1994"; Dollars spent: 0.922. Fiscal year: "1995"; Dollars spent: 1.59. Fiscal year: "1996"; Dollars spent: 2.97. Fiscal year: "1997"; Dollars spent: 4.95. Fiscal year: "1998"; Dollars spent: 7.95. Fiscal year: "1999"; Dollars spent: 10.2. Fiscal year: "2000"; Dollars spent: 12.3. Fiscal year: "2001"; Dollars spent: 13.8. Fiscal year: "2002"; Dollars spent: 15.2. Fiscal year: "2003"; Dollars spent: 16.2. Fiscal year: "2004"; Dollars spent: 17.08. Fiscal year: "2005"; Dollars spent: 17.43. Fiscal year: "2006"; Dollars spent: 17.76. [See PDF for image] Source: GSA. [End of figure] As shown in figure 1, during the 10-year period from fiscal year 1996 through 2006, acquisitions made using purchase cards increased almost fivefold--from $3 billion in fiscal year 1996 to $17.7 billion in fiscal year 2006. Figure 2 provides further information on the number of purchase cardholder accounts. As shown, the number of purchase cardholder accounts peaked in 2000 at more than 670,000, but since then the number of purchase cardholder accounts has steadily decreased to around 300,000. Figure 2: Purchase Card Accounts, Fiscal Years 1989 through 2006: This figure is a line graph showing purchase card accounts, fiscal years 1989 through 2006. The X axis is the fiscal year, and the Y axis is the number of cardholders (in thousands). Fiscal year: "1989"; Number of cardholders: 10. Fiscal year: "1990"; Number of cardholders: 18. Fiscal year: "1991"; Number of cardholders: 30. Fiscal year: "1992"; Number of cardholders: 45. Fiscal year: "1993"; Number of cardholders: 75. Fiscal year: "1994"; Number of cardholders: 83. Fiscal year: "1995"; Number of cardholders: 130. Fiscal year: "1996"; Number of cardholders: 209. Fiscal year: "1997"; Number of cardholders: 265. Fiscal year: "1998"; Number of cardholders: 340. Fiscal year: "1999"; Number of cardholders: 517. Fiscal year: "2000"; Number of cardholders: 670. Fiscal year: "2001"; Number of cardholders: 406. Fiscal year: "2002"; Number of cardholders: 393. Fiscal year: "2003"; Number of cardholders: 327. Fiscal year: "2004"; Number of cardholders: 311. Fiscal year: "2005"; Number of cardholders: 301. Fiscal year: "2006"; Number of cardholders: 300. [See PDF for image] Source: GSA. [End of figure] As the contract administrator of the program, GSA contracts with five different commercial banks in order to provide purchase cards to federal employees. The five banks with purchase card contracts are (1) Bank of America, (2) Citibank, (3) Mellon Bank, (4) JPMorgan Chase, and (5) U.S. Bank.[Footnote 22] GSA also has created several tools, such as the Schedules Program, so that cardholders can take advantage of favorable pricing for goods and services. Oversight of the purchase card program is also the responsibility of OMB. OMB provides overall direction for governmentwide procurement policies, regulations, and procedures to promote economy, efficiency, and effectiveness in the acquisition processes. Specifically, in August 2005, OMB issued Appendix B to Circular No. A-123, Improving the Management of Government Charge Card Programs, that established minimum requirements and suggested best practices for government charge card programs. From July 1, 2005, through June 30, 2006, GSA reported that federal agencies purchased over $17 billion of goods and services using government purchase cards.[Footnote 23] Our analysis of transaction data provided by the five banks found that micropurchases represented 97 percent of purchase card transactions and accounted for almost 57 percent of the dollars expended. Using purchase cards for acquisitions and payments over the micropurchase limit of $2,500 represented about 3 percent of purchase transactions and accounted for more than 44 percent of the dollars spent from July 1, 2005, through June 30, 2006. Key Internal Controls Were Ineffective: Internal control weaknesses in agency purchase card programs exposed the federal government to fraudulent, improper, and abusive purchases and loss of assets. Our statistical testing of two key transaction- level controls over purchase card transactions over $50 from July 1, 2005, through June 30, 2006, found that both controls were ineffective. In aggregate, we estimated that 41 percent of purchase card transactions were not properly authorized or purchased goods or services were not properly received by an independent party (independent receipt and acceptance). We also estimated that 48 percent of purchases over the micropurchase threshold were either not properly authorized or independently received. Further, we found that agencies could not provide evidence that they had possession of, or could otherwise account for, 458 of 1,058 accountable and pilferable items. Overall Results of Transaction-Based Internal Control Testing: According to Standards for Internal Control in the Federal Government, internal control activities help ensure that management's directives are carried out. The control activities should be effective and efficient in accomplishing the agency's control objectives and should occur at all levels and functions of an agency. The controls include a wide range of activities, such as approvals, authorizations, verifications, reconciliations, performance reviews, and the production of records and documentation. For this audit, we tested those control activities that we considered to be key in creating a system that prevents and detects fraudulent, improper, and abusive purchase card activity. To this end, we tested whether (1) cardholders were properly authorized to make their purchases and (2) goods and services were independently received and accepted. As shown in table 1, we estimated that the overall failure rate for the attributes we tested was 41 percent, with failure rates of 15 percent for authorization and 34 percent for receipt and acceptance. Table 1: Statistical Testing Results--All Purchase Card Activity over $50: Control activities: Appropriate authorization; Estimated percentage failure rate in key controls: 15; Ninety-five percent confidence interval: 8-23. Control activities: Independent receipt and acceptance; Estimated percentage failure rate in key controls: 34; Ninety-five percent confidence interval: 25-44. Control activities: Overall failure rate; Estimated percentage failure rate in key controls: 41; Ninety-five percent confidence interval: 31- 51. Source: GAO testing and statistical analysis of executive agencies' purchase card transactions and convenience checks provided by Bank of America, Citibank, JPMorgan Chase, Mellon Bank, and U.S. Bank. [End of table] Lack of proper authorization. As shown in table 1, 15 percent of all transactions failed proper authorization. According to Standards for Internal Control in the Federal Government, transactions and other significant events should be authorized and executed only by persons acting within the scope of their authority, as this is the principal means of assuring that only valid transactions to exchange, transfer, use, or commit resources and other events are initiated or entered into. To test authorization, we accepted as reasonable evidence various types of documentation,[Footnote 24] such as purchase requests or requisitions from a responsible official, e-mails, and other documents that identify an official government need, including blanket authorizations for routine purchases with subsequent review by an approving official. The lack of proper authorization occurred because (1) the cardholder failed to maintain sufficient documentation, (2) the agency's policy did not require authorization, or (3) the agency lacked the internal controls and management oversight to identify purchases that were not authorized--increasing the risk that agency cardholders will misuse the purchase card. Failure to require cardholders to obtain appropriate authorization and lack of management oversight increase the risk that fraudulent, improper, and other abusive activity will occur without detection. Lack of independent receipt and acceptance. As depicted in table 1, our statistical sampling of executive agency purchase card transactions also found that 34 percent of transactions failed independent receipt and acceptance, that is, goods or services ordered and charged to a government purchase card account were not received by someone other than the cardholder. According to Standards for Internal Control in the Federal Government, the key duties and responsibilities need to be divided or segregated among different people to reduce the risk of error or fraud. Segregating duties entails separating the responsibilities for authorizing transactions, processing and recording them, reviewing the transactions, and handling related assets. The standards further state that no one individual should control all key aspects of a transaction or event. As evidence of independent receipt and acceptance, we accepted any signature or initials of someone other than the cardholder on the sales invoice, packing slip, bill of lading, or any other shipping or receiving document. We found that lack of documented, independent receipt extended to all types of purchases, including pilferable items such as laptop computers. Independent receipt and acceptance helps provide assurance that purchased items are only acquired for legitimate government need and not for personal use. Historical Results of Transaction-Based Internal Control Testing: Although we did not test the same number of attributes as in previous audits of specific agencies' purchase card programs, for those attributes we tested, the estimated governmentwide failure rates shown in this report are lower than the failure rates we have previously reported for certain individual agencies. Table 2 provides failure rates from our prior work related to proper approval and independent receipt and acceptance for certain individual agencies. Table 2: Comparison of Governmentwide Sampling Results to Previous Rates at Certain Individual Agencies and Locations: Current report: Governmentwide; Report year: 2008; Estimated percentage failure rate in key control activities (point estimate[A]): Appropriate authorization: 15; Estimated percentage failure rate in key control activities (point estimate[A]): Independent receipt: 34. Prior reports: Department of Homeland Security; Report year: 2006; Estimated percentage failure rate in key control activities (point estimate[A]): Appropriate authorization: 45; Estimated percentage failure rate in key control activities (point estimate[A]): Independent receipt: 63. Prior reports: Department of the Air Force[B]; Report year: 2002; Estimated percentage failure rate in key control activities (point estimate[A]): Appropriate authorization: 69-87; Estimated percentage failure rate in key control activities (point estimate[A]): Independent receipt: 53- 68. Prior reports: Department of the Navy[C]; Report year: 2002; Estimated percentage failure rate in key control activities (point estimate[A]): Appropriate authorization: 80-98; Estimated percentage failure rate in key control activities (point estimate[A]): Independent receipt: 58- 67. Prior reports: Department of the Army[D]; Report year: 2002; Estimated percentage failure rate in key control activities (point estimate[A]): Appropriate authorization: 25-69; Estimated percentage failure rate in key control activities (point estimate[A]): Independent receipt: 55- 87. Source: GAO. [A] The numbers represent the point estimates based on statistical sample testing. All percentage estimates have margins of plus or minus 14 percentage points or less. [B] The numbers represent the range from the highest to lowest point estimates at four Air Force locations. [C] The numbers represent the range from the highest to lowest point estimates at four Navy locations. [D] The numbers represent the range from the highest to lowest point estimates at five Army locations. [End of table] As shown, estimated failure rates for independent receipt and acceptance from previous audits were as high as 87 percent for one Army location (as reported in 2002) [Footnote 25] and, most recently, 63 percent for DHS (as reported in 2006). In contrast, we are estimating a 34 percent failure rate for this audit. Because prior audits have been restricted to individual agencies, we cannot state conclusively that the lower failure rate is attributable to improvements in internal controls governmentwide. However, some agencies with large purchase card programs, such as DOD, have implemented improved internal controls in response to our previous recommendations. Further, in 2005, OMB also issued Appendix B to Circular No. A-123[Footnote 26] prescribing purchase card program guidance and requirements. These changes are positive steps in improving internal controls over the purchase card program. Results of Transaction-Based Internal Control Testing Exceeding Micropurchase Limit: While only 3 percent of governmentwide purchase card transactions from July 1, 2005, through June 30, 2006, were purchases above the micropurchase threshold of $2,500, these transactions accounted for 44 percent of the dollars spent during that period. Because of the large dollar amount associated with these transactions, and additional requirements related to authorization[Footnote 27] than are required for micropurchases, we drew a separate statistical sample to test controls over these larger purchases. Specifically, we tested (1) proper purchase authorization and (2) independent receipt and acceptance. As part of our test of proper purchase authorization, we looked for evidence that adequate competition was obtained. If competition was not obtained, we asked for supporting documentation showing that competition was not required, for example, that the purchase was acquired from sole-source vendors. We estimated that 48 percent of the purchase card transactions over the micropurchase threshold failed our attribute tests. As shown in table 3, for 35 percent of purchases over the micropurchase threshold, cardholders failed to obtain proper authorization. Additionally, in 30 percent of the transactions, cardholders failed to provide sufficient evidence of independent receipt of the goods or services. Table 3: Statistical Testing Results--Purchase Transactions over $2,500: Control activities: Appropriate authorization; Estimated percentage failure rate in key controls: 35; Ninety-five percent confidence interval: 26-45. Control activities: Independent receipt and acceptance; Estimated percentage failure rate in key controls: 30; Ninety-five percent confidence interval: 21-39. Control activities: Overall failure rate; Estimated percentage failure rate in key controls: 48; Ninety-five percent confidence interval: 38- 58. Source: GAO testing and statistical analysis of executive agency purchase card transactions and convenience checks provided by Bank of America, Citibank, JPMorgan Chase, Mellon Bank, and U.S. Bank. [End of table] Lack of proper authorization for purchases over the micropurchase limit. As table 3 indicates, 35 percent of purchases over the micropurchase limit were not properly authorized. To test for proper authorization, we looked for evidence of prior approval, such as a contract or other requisition document. For purchases above the micropurchase threshold, we also required evidence that the cardholder either solicited competition or provided reasonable evidence for deviation from this requirement, such as sole source justification. Of the 34 transactions that failed proper authorization, 10 transactions lacked evidence of competition. For example, one Army cardholder purchased computer equipment totaling over $12,000 without obtaining and documenting price quotes from three vendors as required by the FAR. The purchase included computers costing over $4,000 each, expensive cameras that cost $1,000 each, and software and other accessories--items that are supplied by a large number of vendors. In another example of failed competition, one cardholder at DHS purchased three personal computers totaling over $8,000. The requesting official provided the purchase cardholder with the computers' specifications and a request that the item be purchased from the requesting official's preferred vendor. We found that the cardholder did not apply due diligence by obtaining competitive quotes from additional vendors. Instead, the cardholder asked the requesting official to provide two "higher priced" quotes from additional vendors in order to justify obtaining the computers from the requesting official's preferred source. In doing so, the cardholder circumvented the rules and obtained the items without competitive sourcing as required by the FAR. Lack of independent receipt and acceptance. As shown in table 3, we projected that 30 percent of the purchases above the micropurchase threshold did not have documented evidence that goods or services ordered and charged to a government purchase card account were received by someone other than the cardholder. Failure to Maintain Accountability over Physical Assets: Our testing[Footnote 28] of a nonrepresentative selection of accountable and pilferable property acquired with government purchase cards found that agencies failed to account for 458 of the 1,058 accountable and pilferable property items we tested. The total value of the items was over $2.7 million, and the purchase amount of the missing items was over $1.8 million. We used a nonrepresentative selection methodology for testing accountable property because purchase card data did not always contain adequate detail to enable us to isolate property transactions for statistical testing. Because we were not able to take a statistical sample of these transactions, we were not able to project inventory failure rates for accountable and pilferable property. Similarly, because the scope of our work was restricted to purchase card acquisitions, we did not audit agencies' controls over accountable property acquired using other procurement methods. However, the extent of the missing property we are reporting on may not be restricted to items acquired with the government purchase cards, but may reflect control weaknesses in agencies' management of accountable property governmentwide. The lost or stolen items included computer servers, laptop computers, iPods, and digital cameras. Our prior reports have shown that weak controls over accountable property purchased with government purchase cards increases the risk that items will not be reported and accounted for in property management systems. We acknowledge agency officials' position that the purchase card program was designed to facilitate acquisition of goods and services, including property, and not specifically to maintain accountability over property. However, the sheer number of accountable property purchases made "over the counter" or directly from a vendor increases the risk that the accountable or pilferable property would not be reported to property managers for inclusion in the property tracking system. Unrecorded assets decrease the likelihood of detecting lost or stolen government property. In addition, if these items were used to store sensitive data, this information could be lost, stolen, or both without the knowledge of the government. Failure to properly account for pilferable and accountable property also increases the risk that agencies will purchase property they already own but cannot locate--further wasting tax dollars. Although each agency establishes its own threshold for recording and tracking accountable property, additional scrutiny is necessary for sensitive items (such as computers and related equipment) and items that are easily pilfered (such as cameras, iPods, and personal digital assistants (PDA)). Consequently, for this audit, we selected $350 as the threshold for our accountable property test. Standards for Internal Control in the Federal Government provides that an agency must establish physical control to secure and safeguard vulnerable assets. Examples include security for, and limited access to, assets such as cash, securities, inventories, and equipment, which might be vulnerable to risk of loss or unauthorized use. Failure to maintain accountability over property, including highly pilferable items, increases the risk of unauthorized use and lost and stolen property. Our accountable asset work consisted of identifying accountable and pilferable properties associated with transactions from both the statistical sample and data-mining transactions, requesting serial numbers from the agency and vendors, and obtaining evidence--such as a photograph provided by the agency--that the property was recorded, could be located, or both. In some instances, we obtained the photographs ourselves. We then evaluated each photograph to determine whether the photograph represented the accountable or pilferable item we selected for testing. Property items failed our physical property inventory tests for various reasons, including the following: * the agency could not locate the item upon request and reported the item as missing, * the agency failed to provide photographs, or: * the agency provided photographs of items where the serial numbers did not match the items purchased. In many instances, we found that agencies failed to provide evidence that the property was independently received or entered into the agency property book. Weak controls over accountable and pilferable property increase the risk that property will be lost or stolen and also increase the chance that the agency will purchase more of the same item because it is not aware that the item has already been purchased. The following descriptions further illustrate transactions that failed our property tests: * The Army could not properly account for 16 server configurations containing 256 items that it purchased for over $1.5 million dollars. Despite multiple inquiries, the Army provided photographs of only 1 configuration out of 16, but did not provide serial numbers for that configuration to show that the photograph represented the items acquired as part of the transaction we selected for testing. Further, when we asked for inventory records as an acceptable alternative, the Army could not provide us evidence showing that it had possession of the 16 server configurations. * A Navy cardholder purchased general office supplies totaling over $900. As part of this purchase, the cardholder bought a Sony digital camera costing $400 and an iPod for $200. In supporting documentation provided, the Navy stated that the cardholder, approving official, and requester had no recollection of requesting or receiving the iPods. To find out whether these pilferable items could have been converted for personal use and effectively stolen, we asked the Navy to provide a photograph of the camera and iPod, including the serial number. However, the Navy informed us that the items were not reported on a property tracking system and therefore could not be located. Fraudulent and Potentially Fraudulent, Improper, and Abusive Transactions: We found numerous instances of fraud, waste, and abuse related to the purchase card program at dozens of agencies across the government. Internal control weaknesses in agency purchase card programs directly increase the risk of fraudulent, improper, and abusive transactions. For instance, the lack of controls over proper authorization increases an agency's risk that cardholders will improperly use the purchase card. As discussed in appendix II, our work was not designed to identify all instances of fraudulent, improper, and abusive government purchase card activity or estimate their full extent. Therefore, we did not determine and make no representations regarding the overall extent of fraudulent, improper, and abusive transactions governmentwide. The case studies identified in the tables that follow represent some of the examples that we found during our audit and investigation of the governmentwide purchase card program. Fraudulent and Potentially Fraudulent Activities: We found numerous examples of fraudulent and potentially fraudulent purchase card activities. For the purpose of this report, we define fraudulent transactions as those where a fraud case had been adjudicated or was undisputed or a purchase card account had been compromised. Potentially fraudulent transactions are those transactions where there is a high probability of fraud, but where sufficient evidence did not exist for us to determine that fraud had indeed occurred. As shown in table 4, these transactions included (1) acquisitions by cardholders that were unauthorized and intended for personal use and (2) purchases appropriately charged to the purchase card but involving potentially fraudulent activity that went undetected because of the lack of integration among the processes related to the purchase, such as travel claims or missing property. In a few instances, agencies have taken actions on the fraudulent and potentially fraudulent transactions we identified. For example, some agency officials properly followed policies and procedures and filed disputes with the bank against fraudulent purchases that appeared on the card, and subsequently obtained refunds. However, in the most egregious circumstances, such as repeated fraudulent activities by the cardholders, sometimes over several years, the agencies did not take actions until months after the fraudulent activity occurred, or after we selected the transactions and requested documentation from the agencies for the suspicious transactions. Table 4 illustrates instances where we found fraud, or indications of fraud, from our data mining and investigative work. Table 4: Fraudulent and Potentially Fraudulent Activity: Case: 1; Description of activity: Convenience checks; Fraudulent use; Vendor: None; Agency: Forest Service, USDA; Amount: $642,000; Additional facts: * During a 6-year period, the cardholder fraudulently wrote approximately 180 checks to an individual with whom the cardholder lived and shared a bank account. All transactions were undetected by the agency; * USDA's Office of Inspector General received a tip from a whistleblower that started the investigation leading to the cardholder's indictment in November 2006; * In June 2007, the cardholder pled guilty to embezzlement and tax fraud charges; * The cardholder was sentenced in November 2007 to 21 months imprisonment followed by 36 months of supervised release and was required to pay over $642,000 in restitution. Case: 2; Description of activity: Lost computer equipment; Potentially fraudulent transaction; Vendor: CompUSA; Agency: Navy; Amount: 2,200; Additional facts: * Cardholder purchased 19 pilferable items, including 2 LCD monitors, 5 iPods, a laser jet printer, a PDA, and other computer accessories, 18 of which are now lost and presumed stolen; * The cardholder is no longer with the Navy command; * The Navy could not provide documentation showing that the purchase was properly approved, that the requester received the items, or that the Navy had possession of 18 of the 19 items. Case: 3; Description of activity: Cosmetics; Compromised account; Vendor: Tina Nails, MAC; Agency: National Science Foundation; Amount: 1,800; Additional facts: * The government purchase card was used to transact over $1,800 in fraudulent purchases at a nail salon and women's accessory and specialty store; * After discovering the fraudulent charges, the cardholder properly disputed the charges and obtained a credit for the purchases; * The account was closed subsequent to the fraudulent activity. Case: 4; Description of activity: Internet dating services; Fraudulent card use; Vendor: Various online dating services and pornographic sites; Agency: USPS; Amount: 1,100; Additional facts: * Over a 15-month period, a postmaster used the government purchase card to subscribe to two Internet dating services; * The cardholder also used a government computer to access pornographic sites; * The dating service charges were the only charges on this card during our audit period, yet the activity went unnoticed by the agency for over 1 year; * The USPS Office of Inspector General conducted an investigation and issued a demand letter, and the cardholder paid restitution in full. Case: 5; Description of activity: Airline ticket; Fraudulent charge; Vendor: Malev Hungarian Airlines; Agency: Department of State; Amount: 890; Additional facts: * In supporting documentation provided to GAO, embassy officials stated that the airfare was fraudulently charged to the cardholder's account; * However, embassy officials could not provide evidence that the cardholder disputed the charge and that a credit was received; * An embassy official also stated that purchase reviews and approvals were not performed on a consistent basis during the time of the charge; * During the same period, the cardholder disputed and obtained credits for over $9,000 in other fraudulent charges; * The cardholder did not close the account until August 2006, when a second string of fraud occurred on this account. Case: 6; Description of activity: Multiple goods and services; Fraudulent charges; Vendor: Various vendors; Agency: Department of State; Amount: 735; Additional facts: * Fraudulent charges appeared on the account, including for vendors such as Match.com, Old Navy-online, and AIPTEK (a camera and other electronic equipment manufacturer); * Upon discovery of the fraudulent charges, the cardholder appropriately followed agency procedures and contacted the purchase card bank, which closed the account. Case: 7; Description of activity: Per diem; Potentially fraudulent claim; Vendor: Ritz Carlton Hotel; Agency: GSA; Amount: 380; Additional facts: * GSA purchased continental breakfasts for 18 conference attendees for 3 days; * Sixteen of the 18 conference attendees claimed reimbursement for the breakfasts, which were provided by the government. Effectively, GSA paid for these meals twice; * Although the cardholder was authorized to purchase conference meals with the purchase card, the travelers submitted potentially fraudulent claim of $380--the amount that should have been deducted from the travelers' per diem; * In agency comments, GSA disagreed that continental breakfasts constituted full breakfasts, even when it paid $23 per person per day for this meal. Consequently, GSA plans to consult with other members of the travel community to decide on the treatment of continental breakfasts. Case: 8; Description of activity: Meals; Potentially fraudulent charges; Vendor: Grape and Wine Conference; Agency: Alcohol and Tobacco Tax and Trade Bureau, Department of the Treasury; Amount: 280; Additional facts: * In 2004 and again in 2006, the cardholder used the government card to purchase meals at two different conferences; * Although the cardholder did not claim reimbursement for the meals, the amounts he inappropriately charged to his purchase card well exceeded authorized meals and incidental expense amounts; * The agency did not discover these unauthorized purchases until a fiscal year 2006 audit review; * The cardholder repaid the agency in February 2007, over 2 years after the first unauthorized--and potentially fraudulent-- purchase; * The cardholder received a written counseling letter and voluntarily turned in his purchase card, and the account was closed. Case: 9; Description of activity: Per diem; Potentially fraudulent claim; Vendor: Radisson Hotel; Agency: GSA; Amount: 150; Additional facts: * Five conference participants claimed reimbursement for meals that were provided by the government; * The cardholder was authorized to purchase conference meals with the purchase card; however, the traveler claimed full per diem for a dinner meal that had already been paid for with the purchase card. Case: 10; Description of activity: Internet dating; Compromised accounts; Vendor: Match.com; Agency: Army; Amount: 83; Additional facts: * Fraudulent charges appeared on the account in August 2005 for an Internet dating Web service; * The cardholder properly disputed the charge and obtained a credit in September 2005; * However, the account was still open as of September 2006, even though the standard practice in a case of fraudulent use of a card would be to close the account; the cardholder was still using the account a year later. Source: GAO analysis, investigation, and review of purchase card data and supporting documentation. [End of table] The following text further describes three of the fraudulent cases from table 4: * Case 1 involves a cardholder who embezzled over $642,000 from the Forest Service's national fire suppression budget from October 10, 2000, through September 28, 2006. This cardholder, a purchasing agent and agency purchase card program coordinator, wrote approximately 180 checks to a live-in boyfriend with whom the cardholder shared a bank account. Proceeds from the checks were used for personal expenditures, such as gambling, car and mortgage payments, dinners, and retail purchases. Although the activities occurred repeatedly over a 6-year period, the embezzled funds were undetected by the agency until USDA's Office of Inspector General received a tip from a whistleblower in 2006. In June 2007, the cardholder pled guilty to one count of embezzlement and one count of tax fraud. As part of the plea agreement, the cardholder agreed to pay restitution of $642,000. Further, in November 2007, the cardholder was sentenced to 21 months imprisonment followed by 36 months supervised release. * Case 2 involves a potential theft of government property. A Navy cardholder purchased 19 pilferable items totaling $2,200 from CompUSA without proper authorization or subsequent review of the purchase transaction. After extensive searches, the Navy provided evidence that only 1 of the 19 items listed on the invoice--an HP LaserJet printer purchased for $150--was found. Other items that were lost or stolen included five iPods; a PDA; iPod travel chargers, adapters, flash drives, leather accessories, and two 17-inch LCD monitors--all highly pilferable property that can be easily diverted for personal use. According to officials from the Navy, at the time of the purchase, the command did not have a requirement for tracking highly pilferable items. Additionally, all members involved in the transaction had since transferred and the agency did not have the capability to track where the items might have gone. Navy officials also informed us that the command issued a new policy requiring that pilferable items be tracked. * Case 4 involves a USPS postmaster who fraudulently used the government purchase card for personal gain. Specifically, from April 2004, through October 2006, the cardholder made more than 15 unauthorized charges from various online dating services totaling more than $1,100. These were the only purchases made by this cardholder during our audit period, yet the cardholder's approving official did not detect any of the fraudulent credit card activity. According to USPS officials, this person was also under an internal administrative investigation for viewing pornography on a government computer. Based on the administrative review, the cardholder was removed from his position in November 2006 after working out an agreement with USPS in which he was authorized to remain on sick leave until his retirement date in May 2007. In April the USPS Office of Inspector General issued a demand letter and recovered the fraudulent Internet dating service charges. Improper and Abusive Purchases: Our data mining identified numerous examples of improper and abusive transactions. Improper transactions are those purchases that although intended for government use, are not permitted by law, regulation, or government/agency policy. Examples we found included (1) purchases that were prohibited or otherwise not authorized by federal law, regulation, or government/agency policy[Footnote 29] and (2) split purchases made to circumvent the cardholder single-purchase limit or to avoid the need to obtain competition on purchases over the $2,500 micropurchase threshold.[Footnote 30] Abusive purchases are those where the conduct of a government organization, program, activity, or function fell short of societal expectations of prudent behavior. We found examples of abusive purchases where the cardholder (1) purchased goods or services at an excessive cost (e.g., gold plated) or (2) purchased an item for which government need was questionable. Table 5 identifies examples of improper and abusive purchases. Table 5: Examples of Improper and Abusive Purchases: Case: 1; Description of activity: Tire store; Multiple improper charges for unnecessary services; Agency: Forest Service, USDA; Total amount: $115,000; Additional facts: * From July 2005 to March 2006, the subcontractor Superior 24 Hour charged a USDA purchase card account 91 times for work performed to install new tires on USDA vehicles; * Our review of supporting documentation provided by the agency showed that the charges in 2006 were not authorized. Further, USDA could not validate whether the transactions in 2005 were authorized; * Neither the cardholder nor the approving official discovered the improper charges until March 2006, 9 months after the subcontractor first charged the account; * Because bank policy requires that unauthorized charges be disputed within 60 days of their occurrence, the cardholder could only recover $39,000 of the unauthorized charges through the dispute process. Case: 2; Description of activity: Toyota dealer; Violation of policy; Improper use of convenience checks; Split purchase; Excessive; Agency: Foreign Agricultural Service (FAS), USDA; Total amount: 80,000; Additional facts: * At the request of two FAS offices, the cardholder purchased a Land Cruiser and a Toyota Sienna at the end of the fiscal year directly from a Toyota dealer, without obtaining the required waiver from GSA; * The cardholder circumvented agency policy, split the purchase of the Land Cruiser by writing three convenience checks, and used year-end funds; * As a result of the use of convenience checks, USDA had to pay convenience check fees of over $1,000. Case: 3; Description of activity: Various clothing and sporting goods stores; Improper use of credit card; Agency: DOD; Total amount: 77,700; Additional facts: * During fiscal year 2006, four cardholders purchased clothing and accessories for servicemembers, including expensive clothing totaling over $45,000 from high-end vendors, for example, Brooks Brothers, Talbot's, and Johnston Murphy; * The cost of suits and accessories at Brooks Brothers totaled $2,300 per individual; * The four cardholders also purchased over $32,000 at other clothing and "outfitting" establishments. Case: 4; Description of activity: Relocation services; Violation of agency policy; Agency: Department of Energy (DOE); Total amount: 60,000; 52,000; Additional facts: * One cardholder paid relocation services for two employees totaling over $110,000 with convenience checks, thus violating agency policy; * DOE purchase card policy limits convenience checks to amounts no greater than $3,000, except in emergency situations when the purchase card program coordinator may approve a check up to $10,000; * According to DOE officials, the agency no longer uses convenience checks to pay for relocation services. Case: 5; Description of activity: Automatic teller machines; Improper cash advances; Agency: Department of the Interior (DOI); Total amount: 24,300; Additional facts: * From July 2005 through September 2006, the cardholder obtained over $24,000 for personal gain by taking over 100 cash advances.[A]; * The cardholder resigned rather than face disciplinary action, and the vendor bank is holding the cardholder liable for repaying the improper advances. Case: 6; Description of activity: Multiple merchants; Web-based awards system inconsistent with published agency policy[B]; Agency: USPS; Total amount: 15,700; Additional facts: * USPS purchased noncash award items--some costing over $600--including briefcases, music systems, 30 GB iPods, and iPod docking stations; * The USPS Employment and Labor Relations Manual (ELM) 18, subchapter 470, specifies that noncash awards should not exceed $50; * USPS officials maintain that their internal Web-based awards system allows for noncash awards up to $3,000, which is inconsistent with the published ELM policy; * According to USPS officials, a January 2006 memo overrode the ELM and allowed for noncash awards over $50; * We found that although the internally issued memo addressed income tax consequence of awards, the memo did not specifically state that it was meant to supersede the ELM, address the inconsistency in policy, or establish a noncash awards threshold; * USPS officials informed us that a correction of its award policy is currently under way to address the inconsistencies described above. Case: 7; Description of activity: Ruth's Chris Steakhouse; Excessive cost; Agency: USPS; Total amount: 13,500; Additional facts: * The cardholders charged dinner for 81 individuals at more than $160 per person; * Dinner included steaks, crab, and alcohol charged over a 5- hour period. Case: 8; Description of activity: Ritz Carlton; Excessive cost; Agency: Federal Bureau of Investigation, Department of Justice; Total amount: 11,000; Additional facts: * A cardholder charged coffee and "light" refreshments for 50 to 70 conference attendees for 4 days averaging about $50 per day per person; * The total bill was just over $15,000; * Seventy percent of the total conference billing was for food and beverages, while audio visual and other support service requirements for this event totaled only about $4,000, or the other 30 percent of the charges. Case: 9; Description of activity: Apple Computer; Questionable government need; Agency: NASA; Total amount: 800; Additional facts: * NASA cardholder purchased two 60GB iPods at the request of his supervisor; * Although NASA officials told us that the iPods were purchased to store official information, our investigation found that the supervisor also stored personal photos, songs, and videos on the iPods; * Both iPods were also engraved with the supervisor's name and NASA center. Case: 10; Description of activity: Seduccion Boutique; Questionable government need; Agency: Department of State; Total amount: 360; Additional facts: * Cardholder purchased women's underwear/lingerie for use during jungle training by trainees of a drug enforcement program in Ecuador; * A Department of State official agreed that the charge was questionable and stated that he would not have approved this purchase; * This official did not have jurisdiction over this purchase card account, yet is a program coordinator for a similar account at the same post. Source: GAO analysis and review of governmentwide purchase card transactions and supporting documentation. [A] DOI uses an integrated card, which is a combination purchase, travel, and fleet card. [B] USPS does not consider these inconsistencies a violation of its policy, [End of table] The following text further describes four of the cases in table 5: * Case 2 relates to a cardholder who is a 20-year veteran at FAS, a unit within USDA. At the end of fiscal year 2006, the cardholder purchased two vehicles--a Toyota Land Cruiser and Toyota Sienna--on two separate days for two separate USDA offices overseas. Although the vehicles appeared to have been shipped overseas for a legitimate government need, our investigative work found that these purchases were made in violation of USDA purchase card policies and with the implicit agreement by FAS policyholders as follows: - According to written communications at FAS, the requester for one of the cars had a "large chunk of money that needed to be used before the end of the fiscal year (2006)." The requester requested that the vehicle be purchased in the United States, and then shipped overseas because it was not possible to finalize the purchase during fiscal year 2006 if the agency was to purchase the vehicle in the country where the office was located. - The cardholder stated that he wrote three checks (two at $25,000 each and a third at $7,811) to purchase the Land Cruiser because the checks have a $25,000 limit printed on them. The convenience check fee on the three checks was over $1,000. - Pursuant to our investigation, the cardholder informed his supervisor that he intentionally violated agency policy, which requires that vehicles be acquired through the GSA unless a waiver is obtained. The cardholder stated that he disagreed with USDA policy requiring GSA involvement in car acquisition because it was too cumbersome and that USDA needed to issue new policies. - We reviewed supporting documentation showing that the vehicles were shipped overseas to the units that purchased them, but we did not perform work to determine whether the year-end purchase was necessary. - Agency management did not take action when they were made aware of the cardholder's significant violation of agency policy. * In case 3, four DOD cardholders purchased over $77,000 in clothing and accessories at high-end clothing and other sporting goods stores, including over $45,000 at high-end retailers such as Brooks Brothers. The Brooks Brothers invoices showed that the cardholders paid about $2,300 per person for a number of servicemembers for tailor-made suits and accessories--$7,000 of which were purchased a week before Christmas. According to the purchase card holder, DOD purchased these items to provide servicemembers working at American embassies with civilian attire. While the Department of Defense Financial Management Regulation authorizes a "civilian clothing allowance" when servicemembers are directed to dress in civilian clothing when performing official duty, the purchase card transactions made by these individuals are far greater than the maximum allowable initial civilian clothing allowance of $860 per person. * Case 7 relates to the $13,500 that USPS spent on food at the National Postal Forum in Orlando, Florida, in 2006. For this occasion, USPS paid for 81 dinners averaging over $160 per person[Footnote 31] for customers of the Postal Customer Council[Footnote 32] at an upscale steak restaurant. Further, USPS paid for over 200 appetizers and over $3,000 of alcohol, including more than 40 bottles of wine costing more than $50 each and brand-name liquor such as Courvoisier, Belvedere, and Johnny Walker Gold. * In case 9, a NASA cardholder purchased two 60GB iPods for official data storage. During the course of our audit, we found that the iPods were used for personal use, such as to store personal photos, songs, and video clips. Further, we question the federal government's need to purchase iPods for data storage when other data storage devices without audio and video capabilities were available at lower cost. Conclusions: The purchase card continues to be an effective tool that helps agencies reduce transaction costs for small purchases and provides flexibility in making acquisitions. While the overall failure rates associated with governmentwide purchase card transactions have improved in comparison to previous failure rates at specific agencies, breakdowns in internal controls over the use of purchase cards leave the government highly vulnerable to fraud, waste, and abuse. Problems continue to exist in the area of authorization of transactions, receipt and acceptance, and accountability of property bought with purchase cards. This audit demonstrates that continued vigilance over purchase card use is necessary if agencies are to realize the full potential of the benefits provided by purchase cards. Recommendations for Executive Action: We are making the following 13 recommendations to improve internal control over the government purchase card program and to strengthen monitoring and oversight of purchase cards as part of an overall effort to reduce instances of fraudulent, improper, and abusive purchase card activity. We recommend that the Director of OMB: * Issue a memorandum reminding agencies that internal controls over purchase card activities, as detailed in Appendix B of OMB Circular No. A-123, extend to the use of convenience checks. * Issue a memorandum to agency heads requesting the following: - Cardholders, approving officials, or both reimburse the government for any unauthorized or erroneous purchase card transactions that were not disputed. - When an official directs a cardholder to purchase a personal item for that official, and management later determines that the purchase was improper, the official who requested the item should reimburse the government for the cost of the improper item. Consistent with the goals of the purchase card program, to streamline the acquisition process, we recommend that the Administrator of GSA, in consultation with the Department of the Treasury's Financial Management Service:[Footnote 33] * Provide agencies guidance on how cardholders can document independent receipt and acceptance of items obtained with a purchase card. The guidelines should encourage agencies to: - identify a de minimis amount, types of purchases that do not require documenting independent receipt and acceptance, or both and: - indicate that the approving official or supervisor took the necessary steps to ensure that items purchased were actually received. * Provide agencies guidance regarding what should be considered sensitive and pilferable property. Because purchase cards are frequently used to obtain sensitive and pilferable property, remind agencies that computers, palm pilots, digital cameras, fax machines, printers and copiers, iPods, and so forth are sensitive and pilferable property that can easily be converted to personal use. * Instruct agencies to remind government travelers that when they receive government-paid-for meals at conferences or other events, they must reduce the per diem claimed on their travel vouchers by the specified amount that GSA allocates for the provided meal. * Provide written guidance or reminders to agencies: - That cardholders need to obtain prior approval or subsequent review of purchase activity for purchase transactions that are under the micropurchase threshold. - That property accountability controls need to be maintained for pilferable property, including those items obtained with a purchase card. - That cardholders need to timely notify the property accountability officer of pilferable property obtained with the purchase card. - That property accountability officers need to promptly record, in agency property systems, sensitive and pilferable property that is obtained with a purchase card. - That, consistent with the guidance on third-party drafts in the Department of the Treasury's Treasury Financial Manual, volume 5, chapter 4-3000, convenience checks issued on the purchase card accounts should be minimized, and that convenience checks are only to be used when (1) a vendor does not accept the purchase cards, (2) no other vendor that can provide the goods or services can reasonably be located, and (3) it is not practical to pay for the item using the traditional procurement method. - That convenience check privileges of cardholders who improperly use convenience checks be canceled. Agency Comments and Our Evaluation: We received written comments on a draft of this report from the Acting Controller of OMB (see app. III) and the Administrator of GSA (see app. IV). Response from OMB and Our Evaluation: In response to a draft of our report, OMB agreed with all three recommendations. OMB agreed that the efficiencies of the purchase card program are not fully realized unless federal agencies implement strong and effective controls to prevent purchase card waste, fraud, and abuse. To that end, OMB noted that it had proactively designated government charge card management as a major focus area under Appendix B of Circular No. A-123, Improving the Management of Government Charge Card Programs. With respect to the recommendations contained in this report, OMB is proposing to issue further guidance reminding agencies that Appendix B extends to convenience checks as well as government charge cards, and that agency personnel have financial responsibility with regard to unauthorized and erroneous purchase card transactions. Response from GSA and Our Evaluation: While GSA wholly or partially concurred with four recommendations, GSA generally disagreed with the majority of our recommendations. Specifically, GSA stated that it was not within the scope of its authority to issue guidance to agencies with respect to asset accountability and receipt and acceptance of items purchased with government purchase cards, as these are not strictly purchase card issues. Further, GSA stated that there are more effective ways to deal with purchase card misuse or abuse than issuing "redundant" policy reminders or guidance. It also took exception to our testing methodology. We agree with GSA that the problems we identified with property accountability and receipt and acceptance go beyond the bounds of strictly purchase card issues. However, our work over the last several years has consistently shown substantial problems with property accountability and independent receipt and acceptance of goods and services, problems that arose because of the flexibility provided by the purchase card program.[Footnote 34] We do not believe that our recommendations related to policy guidance and reminders to strengthen internal controls are redundant--our previous recommendations in this area had been targeted at specific agencies we audited. With respect to governmentwide purchase card issues, GSA's role as the purchase card program manager puts it in a unique position to identify challenges to agency internal control systems and assist agencies with improving their internal controls governmentwide. We are encouraged by OMB's support for aggressive and effective controls over purchase cards, and believe that GSA can seek OMB support to overcome the perceived lack of authority. We believe that GSA has a number of tools already at its disposal, such as online training and annual conferences, where GSA could easily remind cardholders and approving officials to pay particular attention to governmentwide issues, including asset accountability and independent receipt and acceptance of goods and services identified in this report. We also reiterate support for our testing methodology, which included systematic testing of key internal controls through statistical sampling. The following contains more detailed information on GSA's comments, along with our response. GSA concurred with 3 of 10 recommendations. Specifically, GSA concurred with 2 recommendations to improve controls over convenience checks and 1 recommendation related to approval of purchases below the micropurchase threshold. Specifically, GSA agreed to provide written guidance to agencies that convenience check use should be minimized, and that improper use of convenience checks would result in cancellation of convenience check privileges. As part of its concurrence, GSA provided that it is not practical to strictly prohibit the use of convenience checks given the unique nature of some suppliers or services acquired by agencies and vendor refusal to accept purchase cards. It was not our intent to completely eliminate the use of convenience checks. As such, we clarified our recommendation to require only that the cardholder make a "reasonable"--not absolute--effort to locate other vendors that can provide the same goods and services and that accept the purchase card prior to using convenience check. The requested revision is consistent with our intent and therefore we have made the necessary change to our recommendations. With respect to the third recommendation related to approval of micropurchases, GSA agreed that cardholders need to obtain prior approval or subsequent review of purchase card activity for purchase transactions that are under the micropurchase threshold. However, GSA believed that OMB needed to take the lead and incorporate this change in its Circular No. A-123. GSA offered to help OMB revise Circular No. A-123 in this regard. GSA stated that it partially concurred with our recommendation to remind travelers to reduce the per diem claims on their travel vouchers when meals are provided by the government. However, based on its response, it appears that GSA substantially agrees with our recommendation, and that the GSA Office of Governmentwide Policy will issue this guidance. In actuality, GSA concurred with our recommendation but disagreed that this was a purchase card issue. Further, GSA took exception as to whether the requirement to deduct per diem applies to continental breakfasts, stating that continental breakfasts did not constitute "full breakfasts." Thus, GSA stated that it needs to convene stakeholders in the GSA travel policy community to consider whether the requirement for deducting per diem should be applied to continental breakfasts. We disagree with this assessment. If the costs of the continental breakfasts were in fact not significant, we would not have reported on this finding; however, the basis of our recommendation rests primarily on the fact that GSA itself paid for continental breakfasts costing $23 per person, which was greater than the portion of government per diem established by GSA for breakfast in any city in the United States. GSA then proceeded to reimburse the same employees the breakfast portion of per diem--in effect paying twice for breakfasts. We disagree with GSA that this is an appropriate treatment of continental breakfast, as it implies that it is appropriate for taxpayers to pay twice for a government traveler's meal. Consequently, we reiterate the need for GSA to promote prudent management of taxpayer's money, and our support for requiring travelers to reduce their per diem if they took advantage of the continental breakfasts provided. GSA disagreed with all of our recommendations related to receipt and acceptance and controls over accountable and pilferable property. GSA stated that these issues were not within the purview of the GSA SmartPay� program or the scope of GSA SmartPay� contracts. Further, GSA stated that other approaches would be more effective at addressing purchase card abuse and misuse than issuing "redundant" policy guidance and reminders. With respect to receipt and acceptance, GSA stated that it did not have the authority to encourage agencies to identify a de minimis amount, types of items that do not require receipt and acceptance, or both, or to determine how approving officials should document receipt and acceptance. With respect to accountable property, GSA did not believe that it should provide reminders to agencies that computers and similar items are sensitive and pilferable property that can easily be converted to personal use. GSA argued that what constitutes sensitive and pilferable property is defined by agencies and is not within its purview. GSA also believes that it does not have authority to remind cardholders to maintain accountability of, and notify property managers when, pilferable property is acquired with purchase cards. Finally, GSA does not believe that it can issue reminders to property managers to record, in a timely manner, pilferable property acquired with purchase cards in their property management systems. GSA suggested we modify these recommendations accordingly. With respect to receipt and acceptance, we agree that GSA alone should not issue guidance concerning agencies' internal controls over purchase cards and related payment process. We reiterate that we did not ask GSA to take actions in isolation--instead, we recommended that GSA work with the Department of the Treasury's Financial Management Service to provide guidance on improving internal controls while at the same time streamlining the acquisition process. After all, streamlining the acquisition process is a key objective of the purchase card program. We believe this could be achieved, in part, by requiring independent receipt and acceptance only for items above a de minimis amount. Further, governmentwide guidance in this area would not be redundant-- the fact that no current guidance exists demonstrates the need for consistent policy governmentwide that all agencies can follow. Consistent guidance is crucial to engendering taxpayers' confidence in the purchase card program--as we stated above, our previous audits and our current work showed that ineffective receipt and acceptance of goods and services acquired with the purchase card is a widespread, governmentwide problem. Furthermore, OMB indicated that it was extremely concerned about purchase card abuse and supported our recommendations designed to improve internal controls over the program. We believe that GSA can adopt a proactive approach and coordinate with OMB to obtain its support to overcome the perceived obstacles. In our opinion, the purchase card program will continue to expose the federal government--and the taxpayers--to fraud, waste, and abuse, unless GSA helps facilitate a governmentwide solution. Similarly, GSA argued that it did not have the authority to take the recommended actions with respect to property accountability. As with independent receipt and acceptance, our work continues to demonstrate that accountability for property acquired with purchase cards is ineffective across many agencies. For example, the purchase card program provides cardholders the ability to acquire sensitive and pilferable items directly from vendors. This process results in cardholders bypassing the normal property receipt and acceptance procedures, which increases the risk that the item will not be recorded in an agency's list of accountable property. GSA needs to recognize this risk (and other inherent risks) created by purchase card use and proactively work with agencies to improve the accountability of property acquired with government purchase cards. We also believe that our recommendations fully take into account the extent of GSA's authority--to that end, our recommendation called for GSA to provide agencies guidance and reminders to improve internal controls over asset accountability. Even though GSA already issued guidance related to the proper use of the purchase card program through online training, refresher courses, and annual conferences, GSA should go a step further and address control weaknesses related to property accountability and receipt and acceptance. GSA's position contrasted sharply with OMB, which, in its comments on our report, expressed support for aggressive and effective controls over purchase cards. We believe that GSA can take advantage of the diverse tools already at its disposal, such as online training and annual conferences, with which GSA could easily remind cardholders and approving officials to pay particular attention to governmentwide issues, including asset accountability and independent receipt and acceptance of goods and services identified in this report. Overall, our recommendations are focused on GSA taking a proactive approach to improve the success of the purchase card program. Last year, the federal government spent nearly $18 billion using purchase cards. While the purchase card program has achieved significant savings, a program of this magnitude needs to focus on both preventive and detective controls to prevent fraud, waste, and abuse. In its response, GSA also pointed out that the new SmartPay� 2 contract should provide better management tools to agencies. However, the changes GSA identified in SmartPay� 2 were mostly related to data mining for fraud, waste, and abuse after a potentially fraudulent or improper transaction had taken place, but did not address the issues we raised in this report. As our previous work indicated, while detection can help reduce fraud, waste, and abuse, preventive controls are a more effective and less costly means to minimize fraud, waste, and abuse. The recommendations we made, to which GSA took exception, were meant to improve these up-front controls. GSA also took exception to our methodology, arguing that we improperly failed items as part of our control testing. GSA argued that some unauthorized purchases were still appropriate purchases. We believe that this argument is flawed. Standards for Internal Control in the Federal Government states that transactions should be authorized and executed only by persons acting within the scope of their authority. In other words, authorization is the principal means of assuring that only valid transactions are initiated or entered into and, consequently, without authorization, adequate assurance does not exist that the items purchased were for authorized purposes only. Our statistical sampling was designed to test authorization control, and the results we reported reflected items that did not pass this attribute. Such attribute testing is a widely accepted and statistically valid methodology for internal control evaluations. GSA also stated that our report did not adequately address the areas of personal responsibility and managerial oversight. We disagree. We recommended that OMB require agencies to hold cardholders financially responsible for improper and wasteful purchases, and OMB agreed to implement our recommendations; we believe that this would contribute to holding cardholders accountable to management for their actions. Further, our past reports on purchase card management have always focused on managerial oversight. However, it is not feasible within the scope of a governmentwide audit to test managerial oversight at every government agency. Consequently, we focused on providing GSA, the manager of the governmentwide purchase card program, with recommendations that could contribute to improving management oversight at the agencies. Finally, GSA disagreed with our characterization that travelers who did not reduce the per diem claimed on their travel voucher when dinners were provided may be engaging in potentially fraudulent activities. Because we are unable to establish that these travelers acted with the requisite knowledge and willfulness necessary to establish either a false statement under 18 U.S.C. �1001 or a false claim, we have characterized such activities as potentially fraudulent. GSA's and OMB's comments are reprinted in appendixes III and IV. As agreed with your offices, unless you announce the contents of this report earlier, we will not distribute it until 30 days from its date. At that time, we will send copies of this report to the Director of OMB and the Administrator of GSA. We will make copies available to others upon request. In addition, this report will be available at no charge on GAO's Web site at [hyperlink, http://www.gao.gov]. If you or your staff have any questions concerning this report, please contact me at (202) 512-6722 or kutzg@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in appendix V. Signed by: Gregory D. Kutz: Managing Director: Forensic Audits and Special Investigations: [End of section] Appendix I: Prior GAO Purchase Card Audits: Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable to Fraudulent, Improper, and Abusive Activity. GAO-06-1117. Washington, D.C.: September 28, 2006. Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable to Fraudulent, Improper, and Abusive Activity. GAO-06-957T. Washington, D.C.: July 19, 2006. Lawrence Berkeley National Laboratory: Further Improvements Needed to Strengthen Controls Over the Purchase Card Program. GAO-04- 987R. Washington, D.C.: August 6, 2004. Lawrence Livermore National Laboratory: Further Improvements Needed to Strengthen Controls Over the Purchase Card Program. GAO-04-986R. Washington, D.C.: August 6, 2004. Pacific Northwest National Laboratory: Enhancements Needed to Strengthen Controls Over the Purchase Card Program. GAO-04- 988R. Washington, D.C.: August 6, 2004. Sandia National Laboratories: Further Improvements Needed to Strengthen Controls Over the Purchase Card Program. GAO-04-989R. Washington, D.C.: August 6, 2004. VHA Purchase Cards: Internal Controls Over the Purchase Card Program Need Improvement. GAO-04-737. Washington, D.C.: June 7, 2004. Purchase Cards: Increased Management Oversight and Control Could Save Hundreds of Millions of Dollars. GAO-04-717T. Washington, D.C.: April 28, 2004. Purchase Cards: Steps Taken to Improve DOD Program Management, but Actions Needed to Address Misuse. GAO-04-156. Washington, D.C.: December 2, 2003. Forest Service Purchase Cards: Internal Control Weaknesses Resulted in Instances of Improper, Wasteful, and Questionable Purchases. GAO-03- 786. Washington, D.C.: August 11, 2003. HUD Purchase Cards: Poor Internal Controls Resulted in Improper and Questionable Purchases. GAO-03-489. Washington, D.C.: April 11, 2003. FAA Purchase Cards: Weak Controls Resulted in Instances of Improper and Wasteful Purchases and Missing Assets. GAO-03-405. Washington, D.C.: March 21, 2003. Purchase Cards: Control Weaknesses Leave the Air Force Vulnerable to Fraud, Waste, and Abuse. GAO-03-292. Washington, D.C.: December 20, 2002. Purchase Cards: Navy is Vulnerable to Fraud and Abuse but Is Taking Action to Resolve Control Weaknesses. GAO-02-1041. Washington, D.C.: September 27, 2002. Purchase Cards: Control Weaknesses Leave Army Vulnerable to Fraud, Waste, and Abuse. GAO-02-732. Washington, D.C.: June 27, 2002. Government Purchase Cards: Control Weaknesses Expose Agencies to Fraud and Abuse. GAO-02-676T. Washington, D.C.: May 1, 2002. Purchase Cards: Control Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse. GAO-02-32. Washington, D.C.: November 30, 2001. [End of section] Appendix II: Objectives, Scope, and Methodology: We performed a forensic audit of executive agencies' purchase card activity for the 15 months ending September 30, 2006. Specifically, we (1) determined the effectiveness of internal controls intended to minimize fraudulent, improper, and abusive transactions by testing two internal control attributes related to transactions taken from two statistical samples and (2) identified specific examples of potentially fraudulent, improper, and abusive transactions through data mining and investigations. Statistical Sample of Internal Control Procedures: We obtained the databases containing agency purchase and other government charge card transactions for the 12-month period ending June 30, 2006, from Bank of America, Citibank, JP Morgan Chase, Mellon Bank, and U.S. Bank. The databases contained purchase, travel, and fleet card transactions. Using information provided by the banks, we queried the databases to identify transactions specifically related to purchase cards. We performed other procedures--including reconciliation to purchase card data that the General Services Administration (GSA) published--to confirm that the data were sufficiently reliable for the purposes of our report. Our statistical sampling work covered purchase card activity at executive agencies. We define executive agencies as federal agencies that are required to follow the Federal Acquisition Regulation (FAR), including executive departments, independent establishments, and wholly owned federal government corporations as defined by the United States Code.[Footnote 35] We excluded transactions from the legislative and judicial branches, entities under treaty with the United States, and federal agencies with specific authority over their own purchase card programs.[Footnote 36] To assess compliance with key internal controls, we extracted and tested two statistical (probability) samples of 96 transactions each. The first sample consisted of transactions exceeding $50 taken from a population of over 16 million purchase card transactions totaling almost $14 billion. We also selected a second sample from the population of over 600,000 transactions totaling nearly $6 billion that exceeded the $2,500[Footnote 37] micropurchase threshold. We selected this second sample because of additional acquisition requirements associated with purchases over the micropurchase threshold, and the high dollar amount associated with these transactions. Specifically, while only 3 percent of governmentwide purchase card transactions from July 1, 2005, through June 30, 2006, were over the micropurchase threshold, they accounted for 44 percent of the total dollars spent during that period. With our probability sample, each transaction in the population had a nonzero probability of being included, and that probability could be computed for any transaction. Each sample element was subsequently weighted in the analysis to account statistically for all the transactions in the population, including those that were not selected. Because we followed a probability procedure based on random selection, our sample is only one of a large number of samples that we might have drawn. Since each sample could have provided different estimates, we express our confidence in the precision of our particular sample's results as a 95 percent interval (e.g., plus or minus 10 percentage points). This is the interval that would contain the actual population value for 95 percent of the samples we could have drawn. As a result, we are 95 percent confident that each of the confidence intervals in this report will include the true values in the study population. All percentage estimates from the samples of executive agency purchase card activity have sampling errors (confidence interval widths) of plus or minus 10 percentage points or less. Internal Control Testing: Our audit of key internal controls focused on whether agencies provided adequate documentation to substantiate that (1) purchase card transactions were properly authorized and (2) goods and services acquired with purchase cards were independently received and accepted. As part of our tests of internal controls, we reviewed applicable federal laws and regulations related to the FAR and purchase card uses. We also identified and applied the internal control principles contained in Standards for Internal Control in the Federal Government,[Footnote 38] Audit Guide: Auditing and Investigating the Internal Control of Government Purchase Card Programs,[Footnote 39] and agencies' purchase card policies and procedures. Furthermore, for purchases exceeding the micropurchase threshold of $2,500, we tested FAR requirements that the cardholder use required vendors and promote competition by soliciting bids--or justify the departure from this requirement in writing.[Footnote 40] Proper Authorization: To determine whether a transaction was properly authorized, we reviewed documentation to ascertain if an individual other than the cardholder was involved in the approval of the purchase. To determine that proper authorization existed, we used reasonable evidence for authorization of micropurchases from $50 to $2,500, such as purchase requests from responsible officials, requisitions, e-mails, and other documents that identify an official government need, including blanket authorizations for routine purchases with subsequent approval. For purchase card transactions exceeding the micropurchase threshold of $2,500, we required prior purchase authorization, such as a contract, a requisition, or other approval document. Additionally, we looked for evidence that the cardholder used required vendors (as required by the Javits-Wagner-O'Day Act (JWOD))[Footnote 41] and solicited quotes to promote competition (or provided evidence justifying departure from this requirement, such as an annotation justifying the use of a sole source). Receipt and Acceptance: To determine whether goods or services were independently received and accepted, we reviewed supporting documentation provided by the agency. For each transaction, we compared the quantity, price, and item descriptions on the vendor invoice and shipping receipt to the purchase requisition to verify that the items received and paid for were actually the items ordered. We also determined whether evidence existed that a person other than the cardholder was involved in the receipt of the goods or services purchased. We concluded that independent receipt and acceptance existed if the vendor invoice, shipping documents, and receipt materially matched the transaction data, and if the signature or initial of someone other than the cardholder was on the sales invoice, packing slip, bill of lading, or any other shipping or receiving document indicating receipt. Accountable Property: For statistical sample and data-mining transactions containing accountable or highly pilferable property, we performed an inventory to determine whether executive agencies maintained accountability over the physical property items obtained with government purchase cards. Because each agency had its own threshold for accountable property, we were not able to test accountable property against each agency's threshold for this governmentwide audit. Consequently, we defined accountable property as any property item exceeding a $350 threshold and containing a serial number. We defined highly pilferable items as items that can be easily converted to personal use, such as cameras, laptops, cell phones, and iPods. We selected highly pilferable property at any price if it was easily converted to personal use. The purchase card data provided by the banks did not always contain adequate details to enable us to isolate property transactions for statistical testing. Because we were not able to take a statistical sample of these transactions, we were not able to project failure rates for accountable and pilferable property. Consequently, our tests of property accountability were performed on a nonrepresentative selection of property that we identified when a transaction selected for statistical sampling or data mining contained accountable and pilferable property. For these property items, we identified serial numbers from supporting documentation provided by the agency and, in some cases, by contacting the vendors themselves. To minimize travel costs associated with conducting a physical inventory governmentwide, we requested that each agency provide photographs of the property items, which we compared against the serial numbers originally provided. When we were unable to obtain serial numbers from supporting documentation or from the vendors, we gave the agency the benefit of the doubt and accepted the serial numbers shown in agency-provided photographs as long as the product(s) and quantity matched. In some isolated instances, we performed the physical inventory ourselves. Data Mining: To identify examples of fraudulent, improper, and abusive purchase card activity, we data mined purchase card transactions from July 1, 2005, through September 30, 2006. This period contained an additional 3 months of data subsequent to the period included in our statistical samples. For data-mining purposes, we also included transactions from federal agencies that had been granted specific authority over their own purchase card programs, such as the U.S. Postal Service.[Footnote 42] In general, we analyzed purchase card data for merchant category codes and vendor names that were more likely to offer goods, services, or both that are on executive agencies' restricted/prohibited lists, personal in nature, or of questionable government need. We identified split purchases by extracting multiple purchase transactions made by the same cardholder at the same vendor on the same day. For year-end purchases, we identified transactions from purchase card accounts where year-end activity is high compared to the rest of the year. With respect to convenience checks, we used various criteria, including identifying instances where convenience checks were written to cash or payees not normally associated with procurement needs and where a large number of convenience checks were written to a single payee, among others. We analyzed the banks' databases for detailed transaction data, whenever available, for accountable property and highly pilferable items. We then requested and reviewed supporting documentation for over 550 transactions among the thousands we identified. We conducted investigative work, which included additional inquiries and data analysis, when applicable. While we identified fraudulent, improper, and abusive transactions, our work was not designed to identify and we cannot determine the extent of fraudulent, improper, or abusive transactions occurring in the population of governmentwide purchase card transactions. Data Reliability: We assessed the reliability of the data provided by (1) performing various testing of required data elements, (2) reviewing financial statements of the five banks for information about the data and systems that produced them, and (3) interviewing bank officials knowledgeable about the data. In addition, we verified that totals from the databases agreed with the total purchase card activity provided by GSA and published on its Web site, in totality and for selected agencies. We determined that the data were sufficiently reliable for the purposes of our report. We conducted this performance audit from September 2006 through February 2008, in accordance with U.S. generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. We performed our investigative work in accordance with standards prescribed by the President's Council on Integrity and Efficiency. [End of section] Appendix III: Comments from the Office of Management and Budget: Executive Office of the President: Office of Management and Budget: Washington, D.C. 205403: February 11, 2008: Mr. Gregory Kutz: Managing Director, Forensic Audits: U.S. Government Accountability Office: 440 G. Street NW: Washington, DC 20548: Dear Mr. Kutz: Thank you for the opportunity to provide comments on the Government Accountability Office's (GAO's) draft report entitled "Government Purchase Cards are Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper and Abusive Purchases." GAO-08-333. The Federal government's purchase card program provides an automated approach to acquisition that has led to $2 billion in annual savings when compared when compared to the paper-based process that proceeded it. However, these efficiencies are not fully realized unless Federal agencies implement strong and effective controls to prevent purchase card waste, fraud, and abuse. The Office of Management and Budget (OMB) is extremely concerned with the incidents of purchase card abuse highlighted in GAO's report and agrees with the recommended actions that OMB should take for improving government performance in this area. In fiscal year 0007, Federal agencies made more than 27 million purchase card transactions valued at nearly $20 billion. The inappropriate use of government purchase cards can result in significant dollar loss to the taxpayer, and in any event such activity can significantly impact and compromise the citizens' trust in government. For these reasons, OMB has designated government charge card management as a major focus area under Circular A-123, Management's Responsibility for Internal Controls. Specifically, Appendix B of Circular A-123, Improving the Management of Government Charge Card Programs, requires agencies to implement policies and procedures (e.g., planning, training, risk management, performance metrics, disciplinary action) that prevent, identify, and remediate inappropriate purchase card transactions. GAO's report recommends that OMB take the following two actions to facilitate agency compliance with Appendix B: (1): inform agencies that Appendix B extends to both convenience checks and government charge cards; and (2) remind agency personnel of their financial responsibility for unauthorized or erroneous purchase card transactions. As noted above, OMB concurs with these recommendations and will issue guidance reminding agency personnel of their responsibilities in this area in the near future. We appreciate the opportunity to comment on the draft report and look forward to our continuing collaboration to ensure better transparency and accountability across the Federal Government. If you have any questions please feel free to contact Sally Beecroft at 202.395.1040. Sincerely, Signed by: Danny Werfel: Acting Controller: [End of section] Appendix IV: Comments from the General Services Administration: GSA Administrator: U.S. General Services Administration: 1800 F Street, NW: Washington, DC 20405-0002: Telephone: (202) 501-0800: Fax: (202) 219-1243 [hyperlink: http://www.gsa.gov]: February 11, 2008: The Honorable David M. Walker: Comptroller General of the United States: Government Accountability Office: Washington, DC 20548: Dear Mr. Walker: The General Services Administration (GSA) appreciates the opportunity to comment on the draft report, "Governmentwide Purchase Cards: Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchases" (GAO-08-333), The Government Accountability Office's (GAO's) draft report includes 13 recommendations between GSA and the Office of Management and Budget to improve internal controls over the Government purchase card program and to strengthen monitoring and oversight of purchase cards as part of an overall effort to reduce instances of fraudulent, improper, and abusive purchase card activity. In general, GSA does not dispute the issues GAO found in their review, but disagrees that the property accountability and travel voucher issues described in the report constitute purchase card problems. Technical comments that update and clarify statements in the draft report are enclosed and incorporated herein by reference. if you have any questions, please contact me. Staff inquiries may be directed to Mr. Kevin Messner, Associate Administrator, Office of Congressional and Intergovernmental Affairs, at (202) 501-0563. Cordially, Signed by: Lurita Doan: Administrator: Enclosure: cc: John Kelly, Assistant Director, Forensic Audits and Special Investigations: Corrections/Updates to the Government Accountability Office (GAO) Draft Report, "Govemmentwide Purchase Cards: Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchases" (GAO-08-333) – Dated January 16, 2008 General Services Administration: The General Services Administration (GSA) has concerns regarding GAO's "failure rate" approach in the report, believing it can easily be misunderstood. Specifically, we do not agree that all purchases should be subject to prior approval and independent receipt/acceptance processes. Clearly, these processes need to be thoughtfully applied in a manner consistent with the value of the item, risk of loss/abuse/misuse, and cost to manage. But to state that all items failed a test that may not be reasonably applicable to them in the first place, or to include items as failed regardless of whether or not they were appropriate purchases, provides what we consider to be an excessively negative view of purchase card transaction activity. We point out that, Office of Management and Budget (OMB) Circular A-123, Appendix B, entitled "Improving the Management of Government Charge Card Programs," already requires agencies to address charge card authorization controls in their charge card management plans. The report recommends that GSA issue guidance regarding matters that are not within the scope of its authority and that fail within the purview of the agencies themselves, which have typically already issued such guidance. While we strongly agree that any purchase card misuse and abuse needs to be dealt with aggressively, we believe there are more effective ways of dealing with these important issues than issuing redundant policy reminders or guidance as the report recommends. Examples of other approaches include enhancements GSA and its customer agencies are already in the process of implementing through the new GSA SmartPay@ 2 contract to help further improve purchase card management across the Government. For example, the GSA SmartPay� 2 contract provides for an automated e-mail message to be sent to a cardholder's supervisor whenever that card is used. For agencies with a high number of purchases, such information can also be provided to the supervisor in a summary report. In instances where new or additional Govemmentwide policy is truly needed, we believe it would be best addressed through either appropriate updates to the Federal Travel Regulation (in regard to travel voucher issues) or the Office of Management and Budget's (OMB) Circular A-123, Appendix B, which establishes charge card management policy, as appropriate. We further believe the report should more strongly address the areas of personal responsibility and effective managerial oversight. We agree that no level of abuse or misuse is acceptable. Cardholders need to be held accountable by management for their actions. They need to treat card use as the serious responsibility it is, make wise use of taxpayer funds, maintain proper records of purchases, and be vigilant against fraud, waste and abuse. This concept of personal accountability coupled with enlightened management oversight is central to the charge card program's continued success. The vast majority of purchase cardholders use their purchase cards properly. Last fiscal year alone, these cardholders made more than 27 million purchase card transactions (fiscal year 2007 total), The report, which indicated that it sampled data from "almost $14 billion" worth of transactions, appears to support this contention, although it does not focus on it. Concerning additional tools to support agencies in dealing with cardholders who do not use their purchase cards properly, GSA has supported proposed legislation to permit employee salaries to be offset to reimburse the Government for purchase card transactions that prove to be improper. The GAO report does not, in our view, adequately acknowledge the great strides agencies have made in overseeing purchase card transactions over the past 8 years, nor does it set these findings within the context of the overall purchase card program. GSA and its customer agencies continue to work together toward the objective of eliminating improper transactions altogether. More agencies are using data mining and other automated tools to detect questionable transactions. The industry itself is now making new software tools available, such as MasterCard's Expert Monitoring System (EMS) and Visa's Intelinet systems which allow agencies to enter their business rules and more easily identify questionable transactions. These tools are available to all GSA customer agencies under the new GSA SmartPay@ 2 contracts. We believe approaches such as these are more effective and will yield better results than providing guidance yet again on the same issues agencies are already addressing. The report also does not make mention of the fact that due to GSA's efforts, agencies enjoy the use of the streamlined charge card business process with no card fees, and that many agencies receive refunds based upon their payment performance. In fiscal year 2007 alone, agencies received $174 million in refunds, mainly stemming from purchase card transactions. Additionally, the streamlined purchase business processes the purchase cards employ are estimated to help agencies avoid $1.8 billion in administrative processing costs each year as compared to prior, paper-intensive processes. While GSA and its customer agencies recognize the need for and are continuously pursuing program improvement, the purchase card program continues to offer tremendous value. We therefore believe mentioning these statistics in the report will present a more balanced view of the program. We also point out that prior to the existence of the purchase card program, much of the transaction data GAO used to conduct its review was at best difficult to obtain or at worst simply did not exist. This is yet another benefit of the purchase card program ” access to a large amount of information to help all of us better understand and improve the program. Our comments regarding the 10 GSA-specific recommendations appear below. Recommendations 1-2: Provide agencies guidance on how cardholders can document independent receipt and acceptance of items obtained with a purchase card. These guidelines should encourage agencies to: * Identify a de minimis amount and/or types of purchases that do not require documenting independent receipt and acceptance, and: * Indicate that the approving official or supervisor took the necessary steps to assure that items purchased were actually received. GSA Response: GSA does not concur with the recommendations as written. We disagree with GAO's characterization of this finding as a purchase card issue, Agency receiving and acceptance policies and procedures are not within the purview of the GSA SmartPay@ Governmentwide purchase card program, nor is the issue within the scope of the GSA SmartPay� contracts. GSA does not set agency receipt and acceptance policy. These agency policies generally address property regardless of the method of acquisition and are therefore not purchase card specific. We therefore suggest GAO modify this recommendation accordingly. We also point out that, particularly in field locations, the approving official may not be collocated with the cardholder, making the recommendation challenging to implement unless some other third party can be used to independently confirm receipt, where appropriate. Recommendation 3: Provide agencies guidance regarding what should be considered sensitive and pilferable property. Because purchase cards are frequently used to obtain sensitive and pilferable property, remind agencies that computers, palm pilots, digital cameras, fax machines, printers and copiers, iPods, etc. are sensitive and pilferable property that can easily be converted to personal use. GSA Response: GSA does not concur with the recommendation as written. We disagree with GAO's characterization of this finding as a purchase card issue. The definition of sensitive and pilferable policy is not within the purview of the GSA SmartPay� Govemmentwide purchase card program, nor is the issue within the scope of the GSA SmartPay� contracts. What constitutes sensitive property is defined by the agencies as part of their property management policies, procedures and systems. These agency policies generally address property regardless of the method of acquisition and are therefore not purchase card specific. Given the wide variety of items acquired, it is appropriate that agencies identify items to be considered sensitive and the processes to account for them. We therefore recommend GAO modify this recommendation accordingly. Recommendation 4: Instruct agencies to remind Government travelers that when they receive a Government-paid for meal at a conference or other event, the traveler must reduce the per diem claimed on their travel voucher by the specified amount that GSA allocates for the provided meal. GSA response: GSA partially concurs with this recommendation. We disagree with GAO's characterization of this finding as a purchase card issue. Agency travel vouchering policies and procedures are not within the purview of the GSA SmartPay� Governmentwide purchase card program, nor is the issue within the scope of the GSA SmartPay� contracts. However, the GSA Office of Governmentwide Policy (OGP) does manage travel policy. We do agree that when a meal is provided to an employee in travel status at Government expense, that employee is required, consistent with existing policy, to deduct the appropriate amount for that meal from the amount claimed for Meals and Incidental Expenses (M&IE). But the GAO review raises a new issue regarding continental breakfasts, which typically does not constitute a full breakfast. We do not believe employees who neglected to deduct a continental breakfast from the daily M&IE acted with the requisite knowledge and willfulness necessary to establish either a false criminal statement under Title 18, Section 1001, of the United States Code or a false claim. We will discuss the continental breakfast issue with stakeholders in the travel policy community and act on their recommendations in a timely manner. In regard to the GSA specific issues mentioned in the report, GSA has identified the Government travelers who claimed meals that were paid for by the Government at the respective conferences. GSA is currently seeking reimbursement from these travelers for the specified amount that GSA paid for the provided conference meals totaling $587.00. GSA has standing procedures in place that instruct Government travelers employed by GSA that receive a Government furnished meal at a conference or other event to reduce the per diem claimed on their travel voucher by the specified amount that GSA allocates for the provided meal. In the final conference instructions to participants, conference coordinators remind participants to reduce the per diem claimed on their travel voucher by the specified amount of conference meals. We will continue to enforce these procedures within GSA and with other Federal agencies. GSA again points out that insufficient evidence exists in the record to establish with any certainty that the employees who submitted reimbursement claims for full per diem acted with the requisite knowledge and willfulness necessary to establish either a criminal false statement under Title 18 Section 1001 of the United States Code or a false claim. Accordingly, GSA recommends that the first additional fact contained in case 9 of the chart be revised to state that the five conference participants erroneously claimed reimbursement for meals that were provided by the Government. In addition, it is not GSA's policy to allow employees to claim full per diem for meals that are otherwise provided by the Government; therefore, GSA recommends that GAO revise its statements in case numbers 7 and 9 as noted below: Table 4, Case Number 7: GAO should state... "however, travelers claimed full per diem even though meals were provided" in lieu of... "however, the agency allowed travelers full per diem even though meals were provided" Table 4, Case Number 9: GAO should state "however, attendees claimed full per diem for a dinner meal that had already been paid for with the purchase card" in lieu of... "however, the agency allowed the attendees to claim full per diem for a dinner meal that had already been paid for with the purchase card." We also point out that the proper purchase of the food using a purchase card has no bearing on the subsequent travel voucher errors. These errors could have occurred regardless of the acquisition method used to acquire the food. Recommendations 5-10: Provide written guidance or reminders to agencies: * That cardholders need to obtain prior approval or subsequent review of purchase activity for purchase transactions that are under the micro- purchase threshold. * That property accountability controls need to be maintained for pilferable property, including those items obtained with a purchase card. * That cardholders need to timely notify the property accountability officer of pilferable property obtained with a purchase card. * That property accountability officers need to promptly record, in agency property systems, sensitive and pilferable property that is obtained with a purchase card. * That, consistent with the guidance on third-party drafts in the Department of Treasury's Treasury Financial Manual, Volume 5, Chapter 4- 3000, convenience checks issued on purchase card accounts should be minimized, and that convenience checks are only to be used when (1) a vendor does not accept the purchase cards, and (2) no other vendor can provide the goods or services, and (3) that it is not practical to pay for the item using the traditional procurement method. * That convenience check privileges of cardholders who improperly use convenience checks be canceled. GSA Response: GSA partially agrees with these recommendations. We are concerned that the recommendation to issue "reminders" regarding existing policies does little to move the issues toward resolution. GSA agrees that guidance on prior approval or subsequent review of purchase card transactions could be clarified. As a result, should OMB deem additional coverage in OMB Circular A-123, Appendix B is appropriate, GSA will assist, as needed, in developing the additional guidance in conformance with OMB's schedule for accomplishing any such revisions. In regard to the portions of this recommendation dealing with property accountability matters, GSA does not agree with GAO's characterization of them as purchase card issues. GSA does not set agency property management policies nor are such issues within the scope of the GSA SmartPay� program or its contracts. Agencies generally issue their own policies regarding these matters. As a result, GSA recommends that GAO modify this recommendation accordingly. GSA does agree with all of GAO's convenience check recommendations, with one exception, the prohibition "no other vendor can provide the goods or services." Although GSA would like to eliminate the use of convenience checks altogether, it is not practical to do so given the unique nature of some suppliers and/or services acquired by agencies and the associated vendor's refusal to accept purchase cards. In some of these cases, while other similar vendors that accept charge cards may exist, their use is not practical due to geographic considerations or other limiting factors. Blacksmithing services for horses and honoraria payments to expert speakers with unique expertise are but two examples. Due to these "niche" needs, our agency customers continue to tell us that they need the capability convenience checks offer. Note that in order to improve convenience check internal controls, the new GSA SmartPay� contracts require contractor banks to provide images of cleared checks to agencies. We are also offering a new product, stored value cards, under the GSA SmartPay� 2 contract, which may provide a viable alternative in many situations to continued convenience check use. [End of section] Appendix V: GAO Contact and Staff Acknowledgments: GAO Contact: Gregory D. Kutz, (202) 512-6722 or kutzg@gao.gov. Acknowledgements: In addition to the contact above, Tuyet-Quan Thai, Assistant Director; James Ashley; Beverly Burke; Bruce Causseaux; Sunny Chang; Dennis Fauber; Danielle Free; Jessica Gray; Ryan Guthrie; Ken Hill; Ryan Holden; Aaron Holling; John Kelly; Delores Lee; Barbara Lewis; Andrew McIntosh; Richard McLean; Aaron Piazza; John Ryan; Barry Shillito; Chevalier Strong; Scott Wrightson; Tina Wu; and Michael Zola made key contributions to this report. [End of section] Footnotes: [1] Convenience checks are part of the purchase card program and are issued to authorized cardholders. Agency management determines to whom checks are issued. The checks are similar in appearance to personal checks and are written against the cardholder's purchase card account. The total amount that may be written cannot exceed the cardholder's single-transaction limit. Convenience checks are designed to be used in instances where a merchant does not accept purchase cards. [2] Other objectives of the simplified acquisition procedures include promoting efficiency and economy and avoiding unnecessary burden. [3] See 48 C.F.R. � 13.201. [4] Micropurchase means an acquisition of supplies or services using simplified acquisition procedures, the aggregate amount of which does not exceed the micropurchase threshold except for construction or in other specific instances. The threshold subsequently was increased on September 28, 2006, to $3,000. [5] The total amount of refunds obtained from the five credit card banks was not audited. [6] GAO and Department of Homeland Security, Office of the Inspector General, Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable to Fraudulent, Improper, and Abusive Activity, GAO-06-1117 (Washington, D.C.: Sept. 28, 2006). [7] The Bob Stump National Defense Authorization Act for Fiscal Year 2003, Pub. L. No. 107-314, � 1007; Department of Defense Appropriations Act, 2003, Pub. L. No. 107-248, � 8149 as amended by Department of Defense Appropriations Act, 2004, Pub. L. No. 108.87, � 8144. [8] For this report, we define fraudulent purchases to include those made by cardholders that were unauthorized and intended for personal use, purchases made using purchase cards or account numbers that had been stolen or compromised, and purchases appropriately charged to the purchase card but that involve potentially fraudulent activity that went undetected because of the lack of integration among processes related to the purchase, such as travel claims or missing property. Improper transactions are those purchases that although intended for government use, are not permitted by law, regulation, or government/ agency policy. Abusive purchase card transactions involve transactions that are deficient and improper when compared with behavior that a prudent person would consider reasonable and necessary, for example, purchases that were made at excessive cost (wasteful) or were not needed by the government, or both. [9] GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999). [10] GAO-04-87G (Washington, D.C.: November 2003). [11] Whenever they were provided, we reviewed purchase card policies and procedures of purchase card programs at major departments, such as the Departments of Agriculture, Defense, Energy, and the Interior, to name a few. We also reviewed policies and procedures at a number of other agencies and independent establishments, such as the National Aeronautics and Space Administration and the U.S. Postal Service. [12] In a probability sample (sometimes referred to as a statistical or random sample), each item in the population has a known, non-zero probability of being selected. The results of a probability sample can be generalized to the population from which the sample was taken. [13] 5 U.S.C. �� 101 and 104 and 31 U.S.C. � 9101 identify agencies required to follow the FAR. [14] Because of limitations in the data, we were unable to remove all transactions related to entities outside the scope of our audit from the sample populations. If any transactions that should have been excluded were selected as part of either sample, we replaced them. See app. II for further details of our scope and methodology. [15] Purchase card data provided by the banks did not always contain detailed information to allow for the complete identification of accountable and pilferable property. Thus, we were unable to statistically test property accountability. Consequently, our tests of property accountability were performed on a nonrepresentative selection of property that we identified when a transaction selected for statistical sampling or data mining contained accountable or pilferable property. [16] All USPS purchase acquisitions are excluded from adherence to FAR regulations. Handbook AS-709, Credit Card Policies and Procedures for Local Buying, explains the policies and procedures of the USPS purchase card program. [17] GAO, Purchase Cards: Control Weaknesses Leave Army Vulnerable to Fraud, Waste, and Abuse, GAO-02-732 (Washington, D.C.: June 27, 2002). [18] GAO-06-1117. [19] As stated previously, we statistically tested executive agency purchase card transactions from July 1, 2005, through June 30, 2006. With respect to data mining, we included transactions from July 1, 2005, through September 30, 2006, and transactions from agencies that were exempt from the FAR. [20] 48 C.F.R. � 13.104. [21] According to USPS, 108 individuals were invited to the dinner and 95 attended. While USPS provided us a list of the 108 invitees, it was not able to identify the 95 invitees whom it claimed actually attended. Further, independent, third-party evidence we obtained from Ruth's Chris Steakhouse showed that 81 individuals attended the dinner. Our review of the independent documentation also showed that 81 entrees, 81 salads, and numerous other appetizers and side dishes were provided. [22] In June 2007, GSA awarded a new SmartPay�2 charge card service contract to four banks: Citibank; GE Capital Financial, Inc; JPMorgan Chase; and U.S. Bank. [23] The $17 billion in GSA purchase card data also includes purchases by federal agencies outside the scope of our audit and purchase transactions less than $50. [24] The General Records Schedule 3 states that contract records, including correspondence and related papers pertaining to award, administration, receipt, inspection, and payment for transactions that exceed the simplified acquisition threshold may be destroyed 6 years and 3 months after final payment; whereas, similar records for transactions at or below the simplified acquisition threshold may be destroyed 3 years after final payment. [25] In one instance, the rate of failure from previous reports was within range of the governmentwide results. We tested five Army installations and found that at the Soldier Biological and Chemical Command, the failure rate for proper authorization was 25 percent. However, our prior audits have also found that the failure rates for authorization and independent receipt and acceptance were generally higher than the governmentwide results for this audit. [26] Issued in August 2005, Appendix B requires agencies to maintain internal controls that reduce the risk of fraud, waste, and error in government charge card programs. [27] With certain exceptions, the FAR requires that cardholders obtain competition from separate sources prior to making purchases over the micropurchase threshold. [28] We performed work to determine whether accountable property totaling $350 or more and pilferable items that could be easily converted to personal use were accounted for and could be located. For details on our methodology, refer to app. II. [29] 48 C.F.R. � 13.301 provides that governmentwide commercial purchase cards may be used only for purchases that are otherwise authorized by law or regulations. Therefore, a procurement using a purchase card is lawful only if it would be lawful using conventional procurement methods. Under 31 U.S.C. 1301(a), "[a]ppropriations shall be applied only to the objects for which the appropriations were made." [30] We defined split purchases as multiple purchase transactions made by the same cardholder at the same vendor on the same day. From July 1, 2005, through June 30, 2006, purchases that met this definition, and which appeared to have been transacted to circumvent the micropurchase threshold, totaled over $600 million. [31] According to USPS, 108 individuals were invited to the dinner, and 95 attended. While USPS was able to provide documentation of the 108 invitees, it was not able to identify the 95 who attended. Further, independent, third-party evidence we obtained from Ruth's Chris Steakhouse showed that 81 individuals attended the dinner. Our review of the independent documentation also showed that 81 entrees and 81 salads were provided. Therefore, we used the information provided on the merchant receipt to calculate the per-person cost. [32] Postal Customer Councils are formed to establish dialogue and improve communications between USPS and its customers--including commercial mailers, organizations, service bureaus, and individuals who use services provided by USPS. [33] Treasury Financial Manual, issued by the Department of Treasury's Financial Management Service, policies, procedures, and instructions for Federal departments and agencies, Federal Reserve Banks (FRBs), and other concerned parties to follow in carrying out their fiscal responsibilities. [34] We believe that GSA possesses the authority to issue such guidance under its general authorities to prescribe property management policies under 40 U.S.C. ��121(c) and 501(b)(2). [35] 5 U.S.C. �� 101, 104 and 31 U.S.C � 9101 identify agencies required to follow the FAR. [36] Because of limitations in the data, we were unable to remove all transactions related to entities outside the scope of our audit from the sample populations. If any transaction that should have been excluded were selected as part of either sample, we replaced them. [37] We used the micropurchase threshold of $2,500 existing at the time of the audit. This threshold was increased on September 28, 2006, to $3,000. [38] GAO/AIMD-00-21.3.1. [39] GAO-04-87G. [40] 48 C.F.R. �� 13.003h(1), 13.104b, 13.501, and 13.102. [41] JWOD established the Committee for Purchase from People Who Are Blind or Severely Disabled and charters the committee to develop a procurement list of commodities produced and services provided by nonprofit agencies (41 U.S.C �� 46 and 47). The act also directs agencies to buy items or services on the procurement list from nonprofit agencies for the blind or severely handicapped if the items are available within the period required by the government (41 U.S.C. � 48). [42] All U.S. Postal Service purchase acquisitions are excluded from adherence to FAR regulations. Handbook AS-709, Credit Card Policies and Procedures for Local Buying, explains the policies and procedures of the U.S. Postal Service purchase card program. GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: