For other versions of this document, see http://wikileaks.org/wiki/CRS-RL34602 ------------------------------------------------------------------------------ Order Code RL34602 Misuse of Government Purchase Cards July 30, 2008 Garrett L. Hatch Analyst in American National Government Government and Finance Division Misuse of Government Purchase Cards Summary Since the mid-1990s, the use of government purchase cards has expanded at a rapid rate. Spurred by legislative and regulatory reforms designed to increase the use of purchase cards for small acquisitions, the dollar volume of government purchase card transactions grew from $527 million in FY1993, to $18.7 billion in FY2007. While the use of purchase cards has been credited with reducing administrative costs, audits of agency purchase card programs have found varying degrees of waste, fraud, and abuse. One of the most common risk factors cited by auditors is a weak internal control environment: many agencies have failed to implement adequate safeguards against card misuse, even as their purchase card programs grew. In response to these findings, Congress has held hearings and legislation has been introduced that would enhance the management and oversight of agency purchase card programs. One of the most comprehensive proposals before the 110th Congress is the Government Credit Card Abuse Prevention Act, which was introduced on March 7, 2007, in both the Senate (S. 789) and the House (H.R. 1395). Drawing on GAO recommendations, the bill would require agencies, other than the Department of Defense (DOD), to implement a specific set of internal controls, establish penalties for employees who misuse agency purchase cards, and conduct periodic risk assessments and audits of agency purchase card programs. DOD would be required to expand its use of technology to prevent and identify fraudulent purchases, conduct periodic risk assessments and audits, and develop more specific rules regarding card deactivation of former DOD employees. This report begins by providing background on agency purchase card programs. It then discusses identified weaknesses in agency purchase card controls that have contributed to card misuse, and examines legislation introduced in the 110th Congress that would address these weaknesses. The report will be updated as events warrant. Contents Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Agencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 GSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 OMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Purchase Card Program Weaknesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Ineffective Transaction Review and Approval Processes . . . . . . . . . . . 7 Inconsistent Program Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Lack of Separation of Duties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Inadequate Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Excessive Number of Cards Issued and High Credit Limits . . . . . . . . 11 Policy Proposals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 OMB Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Pending Legislation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Other Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Staffing Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Misuse of Government Purchase Cards The General Services Administration (GSA) manages the federal government's charge card program, known as SmartPay. Through SmartPay, agencies are able to select charge card products and services from contracts that GSA has negotiated with major banks. The contracts allow agencies to select different types of charge cards, depending on their needs. SmartPay charge card options include purchase cards (for supplies and services), travel cards (for airline, hotel, and related expenses), and fleet cards (for fuel and supplies of government vehicles.) This report focuses on purchase cards. The use of purchase cards has expanded at a rapid rate since the mid-1990s. Spurred by legislative and regulatory reforms designed to increase purchase card use for small acquisitions, the dollar volume of federal government purchase card transactions grew from $527 million in FY1993, to $18.7 billion in FY2007.1 While the use of purchase cards has been credited with reducing administrative costs, audits of agency purchase card programs have found varying degrees of waste, fraud, and abuse. One of the most common risk factors cited by auditors is a weak internal control environment: many agencies have failed to implement adequate safeguards against card misuse, even as their purchase card programs grew. In response to these findings, Congress has held hearings and legislation has been introduced that would enhance the management and oversight of agency purchase card programs. In addition, the Office of Management and Budget (OMB) has issued guidance that requires agencies to implement internal controls that are designed to minimize the risk of purchase card abuse. This report begins by providing background on agency purchase card programs. It then discusses identified weaknesses in agency purchase card controls that have contributed to card misuse, and examines legislation introduced in the 110th Congress that would address these weaknesses. Background The government's purchase card program has its origins in Executive Order 12352, issued by President Reagan in 1982.2 E.O. 12352 directed agencies to develop programs that simplified procedures and reduced the administrative costs of 1 U.S. General Services Administration, Fiscal Year 2007 Card Sales Transactions and Cardholder Data, Jan. 10, 2008, at [http://www.gsa.gov/gsa/cm_attachments/ GSA_DOCUMENT/GSA_SmartPay_Program_Statistics_March_2008_R2-u-f6_ 0Z5RDZ-i34K-pR.xls#'Total Program History RPT'!A1]. 2 Executive Order 12352, Federal Procurement Reforms, 47 Federal Register 12125, Mar. 22, 1982. CRS-2 procurement, particularly with regard to "small" purchases ($25,000 or less). Several agencies subsequently participated in a pilot program that evaluated the use of a commercial credit card, called a purchase card, as an acquisition tool.3 At the time, even a routine order for widely available items, such as office supplies, typically required agency program staff to submit a written procurement request to a contracting officer, who reviewed it, obtained the necessary authorizing signatures, made the actual purchase, and processed the associated paperwork. To critics, this process was inefficient, especially for small purchases. Not only was it time- consuming for both program and procurement personnel, but it also prevented program offices from quickly filling immediate needs. Under the pilot program, non- procurement staff used purchase cards to conduct small-dollar transactions directly with local suppliers, thus bypassing procurement officers entirely. A report on the pilot program concluded that purchase cards could reduce administrative costs and improve delivery time, and in 1989 the Office of Management and Budget (OMB) tasked GSA with making purchase cards available government-wide.4 Participation in GSA's purchase card program was not mandatory, and card use did not initially grow as rapidly as some had expected.5 In 1993, however, a report issued by the National Performance Review (NPR) sparked a number of legislative and regulatory reforms intended to increase purchase card use. The NPR was a Clinton Administration initiative, headed by Vice President Al Gore, that sought to "reinvent" the federal government by making government operations both less expensive and more effective.6 One of the NPR's objectives was to identify opportunities to streamline a number of government-wide processes, including procurement. Drawing on input from experts in the public and private sectors, the initial report of the NPR recommended expanding the use of purchase cards across the government, a step it said would "lower costs and reduce bureaucracy in small purchases."7 In a separate report that focused solely on procurement, the NPR estimated that if half of all small acquisitions were made using purchase cards, the government would realize $180 million in savings annually.8 The report further recommended amending the Federal Acquisition Regulation (FAR) -- the 3 U.S. Government Accountability Office, Acquisition Reform: Purchase Card Use Cuts Procurement Costs, Improves Efficiency, GAO/NSIAD-96-138, Aug. 1996, p. 2, at [http://www.gao.gov/archive/1996/ns96138.pdf]. 4 Ibid., pp. 2-3. 5 Association of Government Accountants, The Federal Purchase Card: Use, Policy and Best Practice, Apr. 2006, p. 5, at [http://www.agacgfm.org/research/downloads/ VISA0406.pdf]. 6 U.S. Office of the Vice President, From Red Tape to Results: Creating a Government That Works Better & Costs Less, Report of the National Performance Review (Washington, D.C.: Office of the Vice President, 1993). 7 Ibid., p. 164. 8 U.S. Office of the Vice President, Reinventing Federal Procurement (Washington, D.C.: Office of the Vice President, 1993). CRS-3 government's primary source of procurement guidance -- to promote the use of purchase cards for small purchases.9 Building on the NPR's recommendations, Congress passed the Federal Acquisition Streamlining Act (FASA; P.L. 103-355) in 1994.10 FASA introduced several reforms that increased the use of purchase cards.11 Among these, Title IV of FASA established a simplified acquisition threshold of $100,000. Purchases at or below the threshold were exempted from the provisions of a number of procurement laws. This reform significantly reduced the administrative burden and procurement expertise needed to make small purchases.12 To further streamline procedures for the smallest acquisitions, Title IV also established a "micro-purchase" threshold of $2,500 (which was increased to $3,000 in 2006).13 FASA further exempted micro- purchases from sections of the Buy American Act and the Small Business Act, and they could be made without obtaining a competitive bid, if the cost was deemed reasonable by the cardholder. At the same time, the Clinton Administration took steps to increase the use of purchase cards. Citing the need to make agency procurement procedures "more consistent with recommendations of the National Performance Review," President Clinton issued Executive Order 12931 on October 13, 1994.14 E.O. 12931 directed agency heads to (1) expand purchase card use; and (2) delegate the micro-purchasing authority provided in FASA to program offices, which would enable them to make such purchases directly. E.O. 12931 also directed agency heads to streamline procurement policies and practices that were not mandated by statute, and to ensure that their agencies were maximizing their use of the new simplified acquisition procedures. In addition, the FAR was amended in 1994 to designate the purchase card as the "preferred method" for making micro-purchases, and to encourage agencies to use the card for purchases of greater dollar amounts.15 Card use increased sharply as agencies implemented these reforms. The dollar value of goods and services acquired with purchase cards increased from $527 9 Ibid., p. 36. The FAR is codified in Title 48 of the Code of Federal Regulations (CFR). 10 108 Stat. 3243. 11 Association of Government Accountants, The Federal Purchase Card: Use, Policy and Best Practice, Apr. 2006, p. 5. 12 U.S. Office of the Vice President, Reinventing Federal Procurement, Sept. 14, 1993, p. 17. 13 Section 807 of P.L. 108-375 (118 Stat. 2010) requires that the micro-purchase threshold be adjusted for inflation every five years. Pursuant to that provision, Section 2.101 of the Federal Acquisition Regulation (FAR) was amended (71 Federal Register 57366, Sept. 28, 2006) raising the micro-purchase threshold to $3,000. 14 Executive Order 12931, Federal Procurement Reform, 59 Federal Register 52387, Oct. 17, 1994. 15 Federal Acquisition Regulation 13.201(b) and13.301(b). CRS-4 million in FY1993 to $18.7 billion in FY2007.16 During that same time span, the number of cardholders tripled to nearly 300,000, and the number of purchase card transactions increased from 1.5 million to just under 24.7 million in FY2007.17 The flexibility of the purchase card may have also contributed to its growth: it could be used for in-store purchases, which allowed the cardholder to take immediate possession of needed goods, or it could be used to place orders by phone or over the internet and have goods delivered. According to GSA, the use of purchase cards now saves the government $1.3 billion a year in administrative costs.18 Structure The federal purchase card program is implemented by individual agencies, with the involvement of GSA and OMB. In broad terms, agencies establish and maintain their own programs, but they select purchase card services from contracts that GSA negotiates with selected banks, and their programs must conform to the government- wide guidance issued by OMB. Agencies. Each agency is responsible for establishing its own purchase card program. The agency, within the framework of OMB guidance, establishes internal rules and regulations for purchase card use and management, decides which of its employees are to receive purchase cards, and handles billing and payment issues for agency purchase card accounts. Two levels of supervision generally exist within an agency's purchase card program. Individual cardholders are assigned to an Approving Official (AO). The AO is considered the "first line of defense" against card misuse, and agency policies often require the AO to ensure that all purchases comply with statutes, regulations, and agency policies. To that end, the AO may be responsible for authorizing cardholder purchases, either by approving purchases before they are made or by verifying their legitimacy through reviews of cardholder statements and supporting documentation, such as receipts. The AO may also be required to ensure that statements are reconciled and submitted to the billing office in a timely manner. Each agency also appoints an Agency Program Coordinator (APC) to serve as the agency's liaison to the bank and to GSA. At some agencies, each major component has an APC, one of whom is chosen to serve as the agency's liaison. The APCs are also usually responsible for agency-wide activities, such as developing internal program guidelines and procedures, sampling cardholder transactions to 16 U.S. Government Accountability Office, Small Business: Trends in Procurement in the 1990s, GAO-01-119, Jan. 2001, p. 22, at [http://www.gao.gov/new.items/d01119.pdf]; General Services Administration (GSA), Charge Card Program Statistics Executive Summary, May 2007. 17 Association of Government Accountants, The Federal Purchase Card: Use, Policy and Best Practice, Apr. 2006, p. 6; GSA, Charge Card Program Statistics Executive Summary, May 2007. 18 U.S. General Services Administration, Government Charge Cards, at [http://www.gsa.gov/Portal/gsa/ep/contentView.do?faq=yes&pageTypeId=8199& contentId=10141&contentType=GSA_OVERVIEW#5]. CRS-5 identify fraudulent or abusive purchases, setting up and deactivating accounts, and ensuring that officials and cardholders receive proper training. GSA. GSA's primary responsibility is to negotiate and administer contracts with card vendors on behalf of the government. Since 1998, agency purchase card programs have been operating under GSA's SmartPay initiative. SmartPay permits agencies to select a range of credit card products from five banks with which GSA has negotiated contracts.19 The SmartPay contracts, which are in effect until November 2008, establish prices, terms, and conditions for credit card products and services from five banks. Purchase cards are established as centrally billed accounts under the contracts, which means that agencies, and not individual cardholders, are billed for purchases. The contracts require agencies to make payment in full at the end of each billing cycle. New purchase card contracts -- known collectively as SmartPay2 -- were negotiated between GSA and four banks in June 2007.20 Agencies must phase out their existing purchase card programs, select new products under the terms of the SmartPay2 contracts, and have them operational before the current master contract expires. OMB. OMB issues charge card management guidance that all agencies must follow. This guidance, located in Appendix B of OMB Circular A-123, establishes agencies' responsibilities for implementing their purchase, travel, and fleet card programs.21 Chapter 4 of Appendix B identifies the responsibilities of charge card managers in developing and implementing risk management controls, policies, and practices (often referred to collectively as "internal controls") that mitigate the potential for charge card misuse.22 Agency charge card managers must ensure that ! cardholder statements, supporting documentation, and other data are reviewed to monitor delinquency and misuse; ! key duties are separated, such as making purchases, authorizing purchases, and reviewing and auditing purchase documentation; ! records are maintained for training, appointment of cardholders and authorizing officials, cardholder purchase limits, and related information; ! disciplinary actions are initiated when cardholders or other program participants misuse their cards; ! appropriate training is provided for cardholders, approving officials, and other relevant staff; 19 GSA contracted with five national banks for the original SmartPay program: Bank of America, Citibank, JPMorgan Chase, Mellon Bank, and U.S. Bank. U.S. General Services Administration, Charge Card Program Statistics Executive Summary, May 2007. 20 The SmartPay2 bank contracts are with Citibank, GE Capital Financial, JPMorgan Chase, and U.S. Bancorp. 21 Office of Management and Budget, Management's Responsibility for Internal Control, Circular No. A-123, at [http://www.whitehouse.gov/omb/circulars/a123/ a123_appendix_b.pdf]. 22 Risk management generally refers to efforts to reduce or eliminate payment delinquencies, charge card misuse, fraud, and other forms of waste and abuse. CRS-6 ! employees are asked about questionable or suspicious transactions; and ! charge card statement reconciliation occurs in a timely manner. Chapter 4 also identifies administrative and disciplinary actions that may be imposed for charge card misuse, such as deactivation of employee accounts, and it requires managers to refer suspected cases of fraud to the agency's Office of Inspector General or the Department of Justice. Circular A-123 provides OMB with oversight tools by requiring agencies to submit each year a charge card management plan that details their efforts to implement and maintain effective internal controls and minimize the risk of card misuse and payment delinquency. It also requires agencies to report the number of AOs it has appointed, the average number of monthly purchase card transactions each AO reviews, the number of reported cases of misuse, and the number of disciplinary actions taken in response to misuse. Purchase Card Program Weaknesses Audits of agency purchase card programs conducted by the Government Accountability Office (GAO) and agency inspectors general (IGs) have attracted congressional attention with their revelations of abusive purchases made by government employees. Among the many cases of abuse cited by auditors are a Department of Agriculture employee who, over a period of six years, used her purchase card to funnel $642,000 to her boyfriend; a Forest Service employee who charged $31,342 to his purchase card for personal items, including Sony Playstations, cameras, and jewelry; and a Coast Guard cardholder who used his purchase card to buy a beer brewing kit -- and then brewed alcohol while on duty.23 Congress has held several hearings to address purchase card misuse and the underlying internal control weaknesses that auditors say allowed it to occur.24 The following paragraphs 23 U.S. Government Accountability Office, Governmentwide Purchase Cards: Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchases, GAO-08-333, Mar. 2008, p. 7, at [http://www.gao.gov/new.items/d08333.pdf]. FAA Purchase Cards: Weak Controls Resulted in Instances of Improper and Wasteful Purchases, GAO-03-405, Mar. 2003, p. 36. Testimony of Gregory D. Kutz, U.S. Government Accountability Office Managing Director of Forensic Audits and Special Investigations, Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable to Fraudulent, Improper, and Abusive Activity, U.S. Congress, Senate Committee on Homeland Security and Governmental Affairs, 109th Congress, 2nd sess., July 19, 2006, GAO-06-957T, p. 29, at [http://www.gao.gov/new.items/d06957t.pdf]. 24 Most recently, on June 5, 2008, the House Committee on Oversight and Government Reform, Subcommittee on Government Management, Organization, and Procurement, held hearings titled "Oversight of Federal Financial Management," which included testimony on purchase card misuse, available at [http://governmentmanagement.oversight.house.gov/ story.asp?ID=1982]. CRS-7 discuss these weaknesses identified in audit reports published between 2002 and 2008.25 Ineffective Transaction Review and Approval Processes. One of the primary safeguards against improper use of government purchase cards is the review and approval of cardholder transactions by someone other than the cardholder. As noted, purchase card AOs are usually responsible for reviewing the cardholder's monthly statement. Given that the AO is often the only person other than the cardholder to assess the validity of a purchase before payment is made to the purchase card vendor, the review and approval process is considered one of the most critical components of an agency's purchase card control environment. Steven Kutz, GAO's Managing Director of Forensic Audits and Special Investigations, stated in testimony before the Senate, Basic fraud prevention concepts and our previous audits of purchase card programs have shown that opportunities for fraud and abuse arise if cardholders know that their purchases are not being properly reviewed.26 Despite the importance of the AO's role in preventing and detecting improper purchases, some agencies have failed to ensure that cardholder statements were carefully reviewed prior to their approval. At the Department of Education, auditors estimated that 37% of monthly cardholder statements they reviewed had not been approved by the AO.27 Most recently, GAO reported that nearly one of every six purchase card transactions government-wide had not been properly authorized.28 Even when AOs did conduct reviews, they often failed to meet government standards. Agencies are required by OMB to ensure that cardholder statements are compared with supporting documentation, such as invoices and receipts, as part of the review process.29 This is necessary because purchase card statements are rarely itemized; they usually provide only the store or contractor name and the amount charged. For AOs, receipts and invoices are the principal means of verifying what items were purchased and determining whether those items were for legitimate program purposes. Many agencies have not ensured that supporting documentation is available and examined as part of the review and approval process, according to 25 Because some audit findings are several years old, the agencies cited may have taken steps to address them. The most recent audit reports, from 2007 and 2008, however, continue to identify these types of internal control weaknesses in agency purchase card programs. 26 Testimony of Gregory D. Kutz, U.S. Government Accountability Office Managing Director of Forensic Audits and Special Investigations, Senate Committee on Homeland Security and Governmental Affairs, July 19, 2006, GAO-06-957T, p. 7. 27 U.S. Government Accountability Office, Financial Management: Strategies to Address Improper Payments at HUD, Education, and other Federal Agencies, GAO-03-167T, Oct. 2002, p. 5, at [http://www.gao.gov/new.items/d03167t.pdf]. 28 U.S. Government Accountability Office, Governmentwide Purchase Cards: Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchases, GAO-08-333, Mar. 2008, p. 13. 29 Office of Management and Budget Circular A-123, Appendix B, Improving the Management of Government Charge Card Programs, revised Feb. 2006, p. 7. CRS-8 GAO. An audit of HUD's purchase card program found that the agency did not have adequate documentation for 47% of transactions auditors deemed questionable -- purchases from merchants that are not normally expected to do business with HUD -- which meant auditors "were unable to determine what was purchased, for whom, and why."30 Similarly, a 2004 audit of the Veterans Health Administration's (VHA's) purchase card program estimated that $313 million of its transactions lacked key supporting documentation.31 One consequence of these weaknesses is that fraudulent and abusive transactions may slip through the review process unnoticed. For instance, GAO found that AOs at agencies across the government have approved cardholder statements that included transactions that should have been questioned, such as purchases of jewelry, home furnishings, cruise tickets, electronics, and other consumer goods. At the Forest Service, one employee used her purchase card over a period of years to accumulate more than $31,000 in jewelry and electronics.32 Similarly, HUD cardholders spent $27,000 at department stores like Macy's and JCPenney in a single year.33 In one egregious case, an FAA employee had his statement approved even though it showed he violated agency policy by charging cash advances to his purchase card -- while at a casino.34 The want of adequate oversight is also evident where AOs have approved duplicate transactions -- vendors charging the government twice for the same goods or services -- and purchases made by someone other than the cardholder. One audit identified an estimated $177,187 in duplicate charges at one agency.35 An audit at the Federal Aviation Administration (FAA) discovered that a cardholder had allowed unauthorized individuals to charge over $160,000 to her purchase card account.36 When unauthorized and duplicate transactions are identified by the AO, they should be disputed under the process described in the SmartPay master contract. When AOs fail to identify and dispute fraudulent charges, the government often pays them in full or fails to obtain a refund from the purchase card vendor. 30 U.S. Government Accountability Office, HUD Purchase Cards: Poor Internal Controls Resulted in Improper and Questionable Purchases, GAO-03-489, Apr. 2003, p. 7, at [http://www.gao.gov/new.items/d03489.pdf]. 31 U.S. Government Accountability Office, VHA Purchase Cards: Internal Controls Over the Purchase Card Program Need Improvement, GAO-04-737, June 2004, p. 16, at [http://www.gao.gov/new.items/d04737.pdf]. 32 U.S. Government Accountability Office, Forest Service Purchase Cards: Internal Control Weaknesses Resulted in Instances of Improper, Wasteful, and Questionable Purchases, GAO-03-786, Aug. 2003, p. 36, at [http://www.gao.gov/new.items/d03786.pdf]. 33 U.S. Government Accountability Office, HUD Purchase Cards: Poor Internal Controls Resulted in Improper and Questionable Purchases, GAO-03-489, Apr. 2003, p. 10. 34 U.S. Government Accountability Office, FAA Purchase Cards: Weak Controls Resulted in Instances of Improper and Wasteful Purchases, GAO-03-405, Mar. 2003, p. 16. 35 U.S. Government Accountability Office, Forest Service Purchase Cards: Internal Control Weaknesses Resulted in Instances of Improper, Wasteful, and Questionable Purchases, GAO-03-786, Aug. 2003, p. 26. 36 Ibid., p. 31. CRS-9 Inconsistent Program Monitoring. GAO further found that many agencies fail to monitor and evaluate the effectiveness of their purchase card controls, a responsibility that is often assigned to the APC. Monitoring and evaluation may include sampling purchase card transactions for potentially improper purchases, ensuring purchase card policies are being properly implemented across the agency or component, and assessing program results. These duties are often unfulfilled. At FAA, for example, an audit found that APCs "generally were not" utilizing available reports to detect misuse and fraud, nor was the headquarters APC taking steps to assess the overall program.37 Similarly, an audit of the Forest Service purchase card program found that the agency's APCs failed to review sampled transactions for erroneous or abusive purchases, as required by U.S. Department of Agriculture regulations.38 Lack of Separation of Duties. Agencies are required to ensure that key procurement functions are handled by different individuals. When having goods shipped, for example, the same person should not both approve and place the order, or both place the order and receive the goods. At many agencies, however, the cardholder may perform two functions that should be separated, which increases the possibility that items may be purchased for personal use, lost, or stolen. In March 2008, GAO estimated that agencies were unable to document separation of duties for one of every three purchase card transactions.39 Three Navy cardholders ordered and received $500,000 of goods for themselves with their purchase cards before getting caught.40 In this way, inadequate separation of duties may contribute to millions of dollars of items that agencies have purchased which cannot be located. Items that are easily converted to personal use -- commonly referred to as "pilferable property" -- are particularly vulnerable to loss and theft. The Department of Education, for example, could not account for 241 personal computers bought with purchase cards at a cost of $261,500.41 An audit of FEMA's spending on items related to hurricane recovery found that $170,000 worth of electronics equipment acquired with purchase cards had not been recorded in FEMA's property records and could not be found.42 37 U.S. Government Accountability Office, FAA Purchase Cards: Weak Controls Resulted in Instances of Improper and Wasteful Purchases, GAO-03-405, Mar. 2003, pp. 21-23. 38 U.S. Government Accountability Office, Forest Service Purchase Cards: Internal Control Weaknesses Resulted in Instances of Improper, Wasteful, and Questionable Purchases, GAO-03-786, Aug. 2003, p. 16. 39 U.S. Government Accountability Office, Governmentwide Purchase Cards: Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchases, GAO-08-333, Mar. 2008. 40 U.S. Government Accountability Office, Purchase Cards: Increased Management and Oversight Could Save Hundreds of Millions of Dollars, GO-04-717T, Apr. 2004, p. 10, at [http://www.gao.gov/new.items/d04717t.pdf]. 41 Ibid., p. 11. 42 U.S. Government Accountability Office, Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable to Fraudulent, Improper, and Abusive Activity, GAO-06-957T, July 2006, p. 19. CRS-10 Inadequate Training. Given the complexities of federal procurement policies and procedures, training on the proper use and management of purchase cards is considered an important component of an agency's internal control environment. It is through this training that cardholders, approving officials, and program managers learn their roles in ensuring compliance with applicable regulations and statutes, and in reducing the risk of improper card use. To that end, OMB requires all agencies to train everyone who participates in a purchase card program.43 Cardholders are to be trained on federal procurement laws and regulations, agency policies, and proper card use. Approving officials are required to receive the same training as cardholders, in addition to training in their duties as AOs. Program managers are required to be trained in cardholder and AO responsibilities, as well as management, control, and oversight tools and techniques. In addition, all purchase card program participants are supposed to take their initial training prior to appointment (e.g., becoming a cardholder, or being designated as an AO or program manager) and receive refresher training at least every three years. A number of agencies have not fully implemented OMB's training requirements. A report by the inspector general at the Department of the Interior, for example, noted that the Department of the Interior had not provided any training to its AOs, and concluded that many of those officials were not performing adequate reviews.44 The AOs themselves reportedly said that they did not know how to conduct a proper review of purchase card transactions, or how and why to review supporting documentation -- both subjects that are normally included in AO training. Similarly, an audit at FAA concluded that the agency's failure to provide refresher training for cardholders and AOs may have contributed to violations of statutory sourcing requirements.45 The failure to comply with sourcing statutes, which require agencies to purchase certain goods and services from specified vendor categories, may undermine congressional procurement objectives. The Javits- Wagner-O'Day Act (JWOD), for example, requires the government to buy office supplies and services from non-profits that employ blind and disabled Americans. Cardholder failure to comply with the provisions of JWOD and other sourcing statutes is widespread enough that GAO has estimated that tens of millions of dollars of purchase card transactions may have been conducted with vendors other than the ones Congress intended.46 43 Office of Management and Budget Circular A-123, Appendix B, Improving the Management of Government Charge Card Programs, revised Feb. 2006, p. 7. 44 U.S. Department of the Interior, Office of Inspector General, Department of the Interior: Integrated Charge Card Program, 2002-I-0011 (Washington: GPO, Dec. 2001), pp.7-8. 45 U.S. Government Accountability Office, FAA Purchase Cards: Weak Controls Resulted in Instances of Improper and Wasteful Purchases, GAO-03-405, Mar. 2003, p. 19. 46 U.S. Government Accountability Office, Purchase Cards: Increased Management and Oversight Could Save Hundreds of Millions of Dollars, GO-04-717T, Apr. 2004, p. 10. CRS-11 Excessive Number of Cards Issued and High Credit Limits. The number of cardholders grew from under 100,000 in FY1993 to 680,000 in FY2000.47 After auditors expressed concerns that the government had issued too many credit cards and provided excessive credit limits -- factors that raised the risk of card misuse -- OMB issued a memorandum in April 2002, that required agencies to examine the number of purchase cards they issued and to consider deactivating all cards that were not a "demonstrated necessity."48 That same year, provisions in the Bob Stump National Defense Authorization Act for FY2003 (P.L.107-314) required the Department of Defense (DOD) to establish policies limiting both the number of purchase cards it issued and the credit available to cardholders.49 These reforms contributed to a net decrease of 380,000 government purchase cards between FY2000 and FY2006. Despite this decrease in the total number of purchase card users, audits indicate that a number of agencies, including some with relatively large purchase card programs, have yet to establish appropriate controls over card issuance and credit limits. A 2006 GAO report on purchase cards at the Department of Homeland Security (DHS), for example, identified 2,468 cardholders -- about 20% of all DHS cardholders -- who had not made any purchases in over a year.50 Similarly, a congressionally directed audit of the Veterans Health Administration's (VHA's) $1.4 billion purchase card program found that VHA had issued cards with credit limits up to 11 times greater than the cardholders' historical spending levels, thereby exposing its program to unnecessary risk.51 It is not known how many other agencies have not developed and implemented appropriate internal controls over card issuance and credit limits, so the extent of the government's financial exposure is also unknown. Policy Proposals OMB Guidance. OMB Director Jim Nussle, in response to a March 2008 audit report that detailed incidences of purchase card abuse at several agencies, issued a memorandum on April 15, 2008, outlining steps agencies must take to strengthen their internal controls.52 The new requirements include developing more specific guidelines for (1) documenting independent receipt of items obtained with 47 General Services Administration, Charge Card Program Statistics Executive Summary, May 2007. 48 Office of Management and Budget, Use of Government Purchase and Travel Cards, M- 02-05, Apr. 18, 2002, at [http://www.whitehouse.gov/omb/memoranda/m02-05.html]. 49 116 Stat. 2633. 50 U.S. Government Accountability Office, Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable to Fraudulent, Improper, and Abusive Activity, GAO-06-1117, Sept. 2006, pp. 19-20. 51 U.S. Government Accountability Office, VHA Purchase Cards: Internal Controls Over the Purchase Card Program Need Improvement, GAO-04-737, June 2004, pp. 23-25. 52 Office of Management and Budget, "Preventing Waste, Fraud, and Abuse in Use of Government Charge Cards," Memorandum for the Heads of Departments and Agencies from Jim Nussle, Apr. 15, 2008, M-08-18, at [http://www.whitehouse.gov/omb/memoranda/ fy2008/m08-18.pdf]. CRS-12 purchase cards, (2) inventorying items bought with purchase cards that are easily stolen, and (3) imposing disciplinary actions for purchase card misuse. Agencies must also develop policies that require cardholders to obtain approval or subsequent review of purchase card activity below the micro-purchase threshold. The memorandum also stated that OMB is in the process of revising its charge card guidance in Appendix B of Circular A-123. Pending Legislation. Several bills have been introduced in the 110th Congress that address purchase card misuse. The most comprehensive of these bills, the Government Credit Card Abuse Prevention Act of 2007, was introduced in both the Senate (S. 789) and the House (H.R. 1395) on March 7, 2007. The bill was drafted to implement the recommendations of GAO regarding internal control weaknesses in both purchase and travel card programs.53 The bill would require all federal agencies, except the Department of Defense, to implement more than a dozen internal controls over their purchase card programs.54 Specifically, the bill would require agencies to ensure that ! adequate records of cardholder credit limits and purchase activity are maintained; ! cardholder statements and supporting documentation are regularly reviewed and reconciled; ! cardholders and officials are provided with proper training; ! agencies use available technology to monitor activity and identify fraud; ! the number of cards issued and their credit limits are appropriate; and ! payment, dispute, and cost recovery procedures are effective. The bill would also mandate that non-DOD agencies develop penalties for card misuse, and require IGs to conduct periodic risk assessments and audits of agency purchase card programs to identify waste, fraud, and abuse. Provisions specific to DOD would require increased use of technology to prevent and identify fraudulent purchases, expand risk assessment and audit practices, and develop more specific rules regarding card deactivation of former DOD employees. Other purchase card legislation introduced in the 110th Congress includes two bills that focus on micropurchases: S. 2300, the Small Business Contracting Revitalization Act of 2007, which seeks to measure and promote the participation of small businesses in micropurchases made with purchase cards; and S. 680, the Accountability in Government Contracting Act of 2007, which would require the Director of OMB and the GSA Administrator to work with vendors and program 53 Congressional Record, vol. 153, Mar. 7, 2007, p. S2798. 54 H.R. 1395 has not yet been acted on by the House Subcommittee on Government Management, Organization, and Procurement, to which it was referred on March 27, 2007. S. 789 was favorably reported by the Senate Committee on Homeland Security and Governmental Affairs on April 10, 2008. CRS-13 agencies to achieve savings when using purchase cards for making micropurchases.55 In addition, Section 1005 of H.R. 5658, the Duncan Hunter National Defense Authorization Act for Fiscal Year 2009, would require the Secretary of Defense to implement policies that ensure inventory and property systems are updated "promptly" after pilferable property is bought with a purchase card.56 Other Considerations Staffing Levels. Few agencies are able to dedicate employees to work full- time as AOs; rather, AO duties, which include time-intensive activities such as reviewing cardholder statements, often fall to staff who already have full workloads. Not surprisingly, some AOs have said it is difficult to find the time to carefully review purchase card statements because of the demands of their other responsibilities.57 This problem may be compounded if the number of cardholders assigned to an AO -- referred to as the span of control -- increases. There is no government-wide span of control policy, but GAO has recommended that agencies assign no more than seven cardholders to each AO; beyond that 7:1 ratio, the ability of the AO to conduct effective oversight may be diminished, particularly when the AO has other, significant duties.58 Although data are limited, audits have found that, at some agencies, the span of control exceeds GAO's recommendation. In 2006, according to GAO, 2,150 purchase card holders at the Department of Homeland Security -- nearly 20% of DHS's total number of cardholders -- were managed by AOs with a span of control in excess of 7:1.59 Additional research might be useful for determining whether AOs are hindered in their ability to provide effective oversight due to either the number of accounts they are expected to monitor, or to the demands of their other duties, or both. 55 S. 2300 was ordered to be reported favorably, with an amendment in the nature of a substitute by the Senate Committee on Small Business and Entrepreneurship on November 7, 2007. S. 680 passed the Senate on November 7, 2007. 56 H.R. 5658 passed the House on May 22, 2008. 57 U.S. Government Accountability Office, Government Purchase Cards: Control Weaknesses Expose Agencies to Fraud and Abuse, GAO-02-676, May 2002, at [http://www.gao.gov/new.items/d02676t.pdf]. 58 U.S. Government Accountability Office, Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable to Fraudulent, Improper, and Abusive Activity, GAO-06-957T, July 2006, p. 8. 59 Ibid. ------------------------------------------------------------------------------ For other versions of this document, see http://wikileaks.org/wiki/CRS-RL34602