Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable to
Fraudulent, Improper, and Abusive Activity (28-SEP-06,		 
GAO-06-1117).							 
                                                                 
In the wake of the 2005 hurricanes in the Gulf Region, GAO and	 
the Department of Homeland Security Office of Inspector General  
(DHS OIG) initiated a number of audits and investigations	 
addressing the federal government's response to those events. On 
July 19, 2006, GAO testified on the results of its purchase card 
work. This report summarizes the testimony and provides 	 
recommendations. Department of Homeland Security (DHS)		 
cardholders made thousands of transactions related to hurricane  
relief operations. GAO analyzed transactions between June and	 
November of 2005 to determine if (1) DHS's control environment	 
and management of purchase card usage were effective; (2) DHS's  
key internal control activities operated effectively and provided
reasonable assurance that purchase cards were used appropriately;
and (3) potentially fraudulent, improper, and abusive purchase	 
card activity existed at DHS.					 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-06-1117					        
    ACCNO:   A61565						        
  TITLE:     Purchase Cards: Control Weaknesses Leave DHS Highly      
Vulnerable to Fraudulent, Improper, and Abusive Activity	 
     DATE:   09/28/2006 
  SUBJECT:   Accountability					 
	     Disaster relief aid				 
	     Federal procurement				 
	     Federal procurement policy 			 
	     Financial management				 
	     Fraud						 
	     Internal controls					 
	     Policy evaluation					 
	     Program abuses					 
	     Questionable procurement charges			 
	     Policies and procedures				 
	     Government Purchase Card Program			 
	     GSA SmartPay Program				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-06-1117

     

     * Joint Report by the United States Government Accountability Office and
       the Office of the Inspector General-Department of Homeland Security to
       Congressional Committees
          * September 2006
     * PURCHASE CARDS
          * Control Weaknesses Leave DHS Highly Vulnerable to Fraudulent,
            Improper, and Abusive Activity
     * Contents
          * Overview of Testimony
          * Conclusions
          * Recommendations for Executive Action
          * Agency Comments
     * Testimony GAO-06-957T
     * Comments from the Department of Homeland Security

Joint Report by the United States Government Accountability Office and the
Office of the Inspector General-Department of Homeland Security to
Congressional Committees

September 2006

PURCHASE CARDS

Control Weaknesses Leave DHS Highly Vulnerable to Fraudulent, Improper,
and Abusive Activity

Contents

September 28, 2006Letter

Congressional Committees

On July 19, 2006, GAO testified before the Committee on Homeland Security
and Governmental Affairs on the results of our audit and investigation of
purchase card transactions at the Department of Homeland Security (DHS)
for the 5-month period beginning in June 2005.1 The General Service
Administration's SmartPay(R) purchase card program has proven to be a
valuable tool for the government by providing federal agencies and their
employees a more flexible and efficient way to purchase commercial goods
and services. However, to ensure the most effective use of the purchase
card, federal agencies must foster a strong control environment and
establish sound internal controls related to the use of the card. To this
end, agencies must establish policies and procedures that ensure
appropriate oversight of their purchase card programs. Our work focused on
determining whether (1) DHS's control environment and management of
purchase card usage were effective; (2) DHS's key internal control
activities operated effectively and provided reasonable assurance that
purchase cards were used appropriately; and (3) potentially fraudulent,
improper, and abusive or questionable purchase card activity existed at
DHS.

This report summarizes the GAO testimony, which is reprinted in appendix
I, and makes specific recommendations for corrective actions. We hope that
these recommendations; the criminal referrals we provided to the Katrina
Fraud Task Force, the Coast Guard Investigative Service, and the Federal
Bureau of Investigation; as well as the administrative referrals we
provided to DHS serve to assist DHS in its ongoing effort to improve the
purchase card program. We conducted our audit work from November 2005
through June 2006 in accordance with U.S. generally accepted government
auditing standards. We performed our investigative work in accordance with
standards prescribed by the President's Council on Integrity and
Efficiency.

Overview of Testimony

In our testimony, we stated that a weak control environment and breakdowns
in key controls exposed DHS to fraud, waste, and abuse in its purchase
card program. While DHS's draft Purchase Card Manual generally
incorporated adequately designed controls, disagreements among DHS
organizational elements concerning the implementation of the manual
prevented a final copy from being issued. As a result of DHS not
finalizing the Purchase Card Manual and not making it applicable to all
organizational elements within DHS, a weak control environment resulted
where cardholders adopted inconsistent and inadequate purchase card
practices. For example, some cardholders at the U.S. Coast Guard believed
that obtaining written authorization prior to purchase was required while
others did not.

The testimony described how inadequate staffing and ineffective monitoring
contributed to a weak control environment, which, in addition to the
prevalence of thousands of unused purchase cards, left DHS vulnerable to
fraud, waste, and abuse. DHS had roughly 13,900 purchase cards but failed
to assign sufficient resources to manage its purchase card program as
evidenced by the fact that we found numerous instances where approving
officials assumed oversight responsibilities for an excessive number of
cardholders. We found, for example, three approving officials who were
responsible for more than 30 cardholders each. In contrast, GAO has issued
an audit guide2 prescribing that the ratio of cardholders to approving
officials should not exceed seven to one. As an example of ineffective
monitoring, we found that the U.S. Coast Guard has only one individual
responsible for administering and overseeing its purchase card activity,
which totaled over $227 million in goods and services with their purchase
cards in fiscal year 2005.

Further, our testimony showed that we were unable to obtain evidence to
confirm that DHS is providing appropriate training to enable cardholders
to be aware of and follow internal controls related to use of the purchase
card. We found that for 60 of the 96 transactions in our statistical
sample, the cardholder lacked documentation showing that they received
either the required initial training or the refresher training. Without
adequate training, DHS can not expect cardholders and approving officials
to understand and comply with purchase card policies, thus elevating the
risk associated with card usage.

Our testimony also described DHS's failure to conduct timely and effective
postpayment audits. The postpayment audit is conducted by DHS after
cardholders have made purchases and requires that cardholders submit
purchase-related documentation for transactions selected for audit. We
also found that DHS failed to suspend cards and discipline cardholders who
did not provide the required supporting documentation for audit. Without a
strong postpayment audit process, DHS is not able to obtain reasonable
assurance that purchases are valid and appropriate, which needlessly
exposes DHS to additional risk of fraud, waste, and abuse.

GAO and DHS's Office of Inspector General (DHS OIG) performed statistical
testing on purchase card transactions and identified weak implementation
of several key internal controls. On the basis of a statistical sample of
DHS's purchase card transactions for a 5-month period beginning in June
2005, we estimated that 45 percent lacked prior written authorization, 8
percent failed to provide required sales documentation, 63 percent lacked
documentation evidencing proper receipt and acceptance, and 53 percent did
not give priority to designated sources.

Our work also identified specific incidents of (1) potentially fraudulent,
(2) improper, and (3) abusive or questionable purchases made by DHS
cardholders. A U.S. Coast Guard employee potentially committed fraud by
misappropriating laptops and then falsifying records to hide the fraud. As
an example of an improper purchase, we identified an instance where a DHS
cardholder failed to dispute an improper transaction in a timely manner,
resulting in losses to the federal government of $153,000. Also, a U.S.
Coast Guard cardholder used his purchase card to acquire a beer brewing
kit-a questionable use of taxpayer money.

Further, we found purchases where DHS cardholders failed to adopt prudent
pricing practices, resulting in waste of government funds. Although DHS
had the authority to make noncompetitive purchases in response to the
hurricanes in the Gulf Region, GAO identified instances where DHS
cardholders could have saved the government money by purchasing items from
GSA vendors, or by using the government's substantial purchasing power to
negotiate better pricing and or delivery terms. In one case, a Federal
Emergency Management Agency (FEMA) cardholder used his purchase card to
acquire flat-bottom boats at double the retail price. We also found
unnecessary purchases due to procurement problems. For example, a FEMA
cardholder unnecessarily purchased items totaling $68,000 that was
inadvertently included on a provision list. Although these procurement
problems are not isolated to purchase card acquisitions, they do represent
examples in which DHS cardholders used the government purchase card and
wasted tax dollars.

Finally, our testing found many instances where assets acquired using the
purchase card were not promptly or accurately entered into a property
tracking system. The way DHS used purchase cards to acquire accountable
property allowed for such assets to be susceptible to the risk of not
being properly tracked in the property system. As a result, we found a
significant number of assets that DHS could not locate. By not following
procedures to appropriately track assets in a property system, DHS is
subject to greater risk of misappropriation of its assets. Of the 433
assets we attempted to locate and which were obtained with DHS purchase
cards, 154 could not be located by GAO or DHS (e.g., boats, laptops, and
printers).

Conclusions

The purchase card has proven to be a valuable tool for the government to
purchase commercial goods and services. However, empowering approximately
14,000 DHS cardholders with purchasing authority, while not implementing
effective controls and performing adequate management oversight, allowed
potentially fraudulent, improper, and abusive or questionable usage of
purchase cards to go undetected. Many of the transactions we highlighted
as examples of misuse of the purchase card in our testimony were related
to hurricane response efforts in the Gulf Region, demonstrating that the
government is particularly vulnerable when purchase cards are used during
times of disaster and even more so if an effective internal control
structure is not in place and faithfully implemented. Taking immediate
actions to improve its purchase card program will help DHS maximize the
value and benefit of the purchase card program and provide reasonable
assurance that fraud, waste, and abuse are minimized.

Recommendations for Executive Action

To provide reasonable assurance that fraud, waste, and abuse related to
DHS's purchase card program are minimized and that government assets
acquired with purchase cards are controlled, we are making six
recommendations. Specifically, we recommend that the Secretary of DHS take
the following actions:

o Implement changes to DHS's draft Purchase Card Manual to include
policies and procedures addressing the four areas detailed below. After
implementing the changes, the Purchase Card Manual should be finalized
agencywide.

o Training: Establish policies and procedures that document that all
cardholders have completed the appropriate training. The documentation
should include the date of the training, a description of the training,
and the name of the recipient of the training.

o Independent Receipt and Acceptance: Develop policies and procedures for
the performance and documentation  of independent receipt and acceptance
attesting to the receipt of goods or the complete rendering of services.
This documentation would be maintained along with other required
documentation supporting each transaction.

o Accountable Property: Develop policies and procedures to provide
reasonable assurance that highly pilferable assets such as laptop
computers,  cell phones, personal digital assistants, memory storage
devices, and other pilferable property acquired with a purchase card are
entered into an accountable property system immediately after being
received. Cardholders should be required to contact accountable property
officers (or others acting in a similar capacity) before acquiring
accountable property, or within a reasonable time thereafter, so that the
property is properly bar coded and  tracked in the property system. This
should be completed prior to placement of the asset in service. The
property system should include accurate information on the location of the
asset, the individual responsible for the asset, the manufacturer's serial
number, as well as the agency's unique identification code for the asset
(e.g., a bar code).

o Disciplinary or Administrative Actions: The agency should develop a
range of potential disciplinary and administrative actions that may occur
as a result of a cardholder or others failing to comply with the policies
and procedures in the Purchase Card Manual.

o Improve the existing electronic systems to allow those with oversight
responsibilities the ability to determine if cardholders and approving
officials performed their reconciliation and certifying duties in a
meaningful way.

o Conduct a review to determine if adequate resources are devoted to
administering, maintaining, and enforcing the purchase card program at
both the agency level and the organizational element level. DHS should
further develop specific oversight responsibilities that need to be
carried out at both the agency level and at the organizational element
level.

o Adopt prudent purchasing practices by entering into arrangements with
dependable sources in the government or vendors who can provide reasonable
pricing for specific goods and services with a foreseeable demand in the
event of an emergency. In anticipation of future emergencies, DHS should
take the following actions:

o Identify specific sources in the federal government or vendors in the
private sector that can reliably supply the necessary goods and services
for DHS to accomplish its mission in emergency situations.

o In the case of vendors in the private sector, negotiate pricing and
delivery terms with these sources using the federal government's
substantial purchasing power so that in a time of crisis DHS will be able
to efficiently obtain the necessary goods and services.

o Develop policies and procedures to limit approving officials' span of
control. The number of cardholders and card accounts that any one
approving official is responsible for should be reasonable and should be
established in consideration of the approving official's other
responsibilities. In addition, approving officials should have an
appropriate number of transactions so that they may conduct a thorough and
proper review of supporting documentation for each transaction.

o Continuously monitor and review open accounts to provide reasonable
assurance that only cardholders who have a documented need to acquire
items for the government are issued a purchase card. Instances where cards
have not been used for over a year should be analyzed to determine if a
valid need for the card exists. If a valid need can not be established,
the purchase card should be suspended or the account closed.

Agency Comments

In written comments dated September 15, 2006, on a draft of this report,
DHS concurred with all of our recommendations. In the comments, which are
reprinted in appendix II, DHS stated that it has incorporated the relevant
changes into its Purchase Card Manual and offered additional details on
the actions it has taken or which it plans to take in the near future.

Specifically, DHS offered the language it had added to the draft Purchase
Card Manual relating to: training; independent receipt and acceptance;
tracking of accountable property; disciplinary and administrative actions;
and approving official span-of-control. Furthermore, and importantly, DHS
issued the finalized DHS Purchase Card Manual on September 15, 2006, after
incorporating the recommended changes. For other recommendations, DHS
stated that it is working to develop policies and procedures to enhance
its purchase card control environment. For example, DHS said it is working
with its purchase card vendor to incorporate specific control activities
into the automated system which will address the validity of cardholder
reconciliations and approving official certifications.

As agreed with your offices, we will send copies to interested
congressional committees and the Office of the Chief Financial Officer at
DHS. We will make copies available to others upon request. In addition,
the report will be available at no charge on the GAO Web site at
http://www.gao.gov . Please contact Gregory Kutz at (202) 512-7455 or
[email protected] , or Matt Jadacki at (202) 254-4100 or matt. [email protected]
if you or your staffs have any questions concerning this report. Contact

points for our Offices of Congressional Relations and Public Affairs may
be found on the last page of this report.

Gregory D. Kutz Managing Director Forensic Audits and Special
Investigations

Matthew Jadacki Special Inspector General Department of Homeland Security

List of Committees

The Honorable Susan M. Collins Chairman The Honorable Joseph I. Lieberman
Ranking Minority Member Committee on Homeland Security and Governmental
Affairs United States Senate

The Honorable Charles E. Grassley Chairman The Honorable Max Baucus
Ranking Minority Member Committee on Finance United States Senate

The Honorable Tom Davis Chairman The Honorable Henry A. Waxman Ranking
Minority Member Committee on Government Reform House of Representatives

The Honorable Harold Rogers Chairman The Honorable Martin Olav Sabo
Ranking Minority Member Subcommittee on Homeland Security Committee on
Appropriations House of Representatives

The Honorable Michael McCaul Chairman The Honorable Bob Etheridge Ranking
Minority Member Subcommittee on Investigations Committee on Homeland
Security House of Representatives

The Honorable Anthony Weiner House of Representatives

Appendix I

Testimony GAO-06-957T

Appendix II

Comments from the Department of Homeland Security

(192192)

www.gao.gov/cgi-bin/getrpt? GAO-06-1117 .

To view the full product, including the scope 
and methodology, click on the link above.

For more information, contact Greg Kutz at (202) 512-7455 or [email protected]
or Matthew Jadacki at (202) 254-4100 or [email protected].

Highlights of GAO-06-1117 , a report to congressional committees

September 2006

PURCHASE CARDS

Control Weaknesses Leave DHS Highly Vulnerable to Fraudulent, Improper,
and Abusive Activity

In the wake of the 2005 hurricanes in the Gulf Region, GAO and the
Department of Homeland Security Office of Inspector General (DHS OIG)
initiated a number of audits and investigations addressing the federal
government's response to those events. On July 19, 2006, GAO testified on
the results of its purchase card work. This report summarizes the
testimony and provides recommendations.

Department of Homeland Security (DHS) cardholders made thousands of
transactions related to hurricane relief operations. GAO analyzed
transactions between June and November of 2005 to determine if (1) DHS's
control environment and management of purchase card usage were effective;
(2) DHS's key internal control activities operated effectively and
provided reasonable assurance that purchase cards were used appropriately;
and (3) potentially fraudulent, improper, and abusive purchase card
activity existed at DHS.

What GAO Recommends

To provide reasonable assurance that fraud, waste, and abuse related to
the use of purchase cards is minimized, GAO recommends that DHS (1) make
changes to the draft purchase card manual and issue a final, agencywide
version (2) establish policies and procedures to ensure more effective
oversight and enforcement of the purchase card program. DHS concurred with
all of our recommendations.

A weak control environment and breakdowns in key controls exposed DHS to
fraud and abuse in its use of the purchase card. While DHS's draft
Purchase Card Manual generally contained effective control procedures, it
was not finalized due to a lack of leadership by the Chief Financial
Officer in resolving disagreements over its implementation. This led to
DHS cardholders following different procedures. Inadequate staffing,
insufficient training, and ineffective monitoring, along with inconsistent
purchase card policies contributed to a weak control environment and
breakdowns in specific key controls. GAO and DHS OIG found a lack of
documentation that key purchase card internal controls were performed.
Based on a statistical sample, GAO and DHS OIG estimated that 45 percent
of DHS's purchase card transactions were not properly authorized, 63
percent did not have evidence that the goods or services were received,
and 53 percent did not give priority to designated procurement sources.
GAO and DHS OIG also found cardholders who failed to dispute improper
charges, which resulted in losses to the federal government. Because of
the urgent needs caused by the hurricanes, DHS made a number of
noncompetitive purchase card acquisitions. GAO recognizes that DHS had the
authority to make noncompetitive purchases; however, GAO found
transactions where DHS cardholders could have exercised greater prudence
without jeopardizing relief efforts.

The weak control environment and ineffective internal control activities
allowed potentially fraudulent, improper, and abusive or questionable
transactions to occur. Although this work was not designed to identify,
and we cannot determine the full extent of fraud, waste, and abuse, GAO
and the DHS OIG identified numerous examples of potentially fraudulent,
improper, and abusive or questionable transactions. The table below lists
examples of potentially fraudulent activity related to items acquired with
DHS purchase cards. In addition, poor control over accountable property
acquired with purchase cards may have resulted in lost or misappropriated
assets.

Examples of Potential Fraud

Source: GAO and DHS OIG.

GAO and DHS OIG also found examples of improper use of the purchase card
such as the use of convenience checks to pay $460,000 for pre-packaged
meals. Other instances of abusive or questionable transactions included
the purchase of a beer brewing kit, a 63-inch plasma television costing
$8,000 which was found unused in its original box 6 months after being
purchased, and tens of thousands of dollars for training at golf and
tennis resorts. GAO referred cardholders responsible for many of these and
other purchases to DHS management for administrative action.
*** End of document. ***