This is the accessible text file for GAO report number GAO-02-732 entitled 'Purchase Cards: Control Weaknesses Leave Army Vulnerable to Fraud, Waste, and Abuse' which was released on July 17, 2002. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products’ accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. Report to Congressional Requesters: June 2002: Purchase Cards: Control Weaknesses Leave Army Vulnerable to Fraud, Waste, and Abuse: GAO-02-732: Contents: Letter: Results in Brief: Background: Weaknesses in Overall Control Environment for Army Purchase Card Program: Critical Internal Control Activities and Techniques Not Effectively Implemented: Potentially Fraudulent, Improper, and Abusive or Questionable Transactions: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendixes: Appendix I: Scope and Methodology: Appendix II: Overview of Army Purchase Card Program: Appendix III: Comments from the Department of Defense: Appendix IV: GAO Contacts and Staff Acknowledgements: Tables: Table 1: Program Coordinators’ Span of Control: Table 2: Internal Control Activity Statistical Testing Failure Rates: Table 3: Advance Approval Failure Rates: Table 4: Independent Receiving Failure Rates: Table 5: Approving Official Review Failure Rates: Table 6: Existence of Invoice Failure Rates: Table 7: Property Items Not Recorded in Property Books: Table 8: Examples of Potentially Fraudulent Army Purchase Card Transactions: Table 9: Examples of Purchases Intended for Personal Use: Table 10: Examples of Abusive or Questionable Purchases: Table 11: Major Commands and Installations Audited: Table 12: Number and Value of Army Transactions in Fiscal Year 2001: Figures: Figure 1: Army Purchase Card Program Management Structure: Figure 2: Army Purchase Card Processes: Abbreviations: DOD: Department of Defense: JWOD: Javits-Wagner-O’Day Act: Letter: June 27, 2002: The Honorable Charles E. Grassley Ranking Minority Member Committee on Finance United States Senate: The Honorable Stephen Horn Chairman The Honorable Janice D. Schakowsky Ranking Minority Member Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations Committee on Government Reform House of Representatives: The Department of Defense (DOD) is promoting departmentwide use of purchase cards for obtaining goods and services. It reported that for the year ended September 30, 2001, about 230,000 cardholders used purchase cards to make about 10.7 million transactions at a cost of over $6.1 billion. Purchase cards are to be used exclusively for government-related purchases. Purchase card transactions include acquisitions at or below the $2,500 micropurchase threshold, commercial training requests valued at or below $25,000, and payments on contracts. The use of purchase cards has dramatically increased in past years as agencies have sought to eliminate the lengthy process and paperwork long associated with making small purchases. The benefits of using purchase cards versus traditional contracting and payment processes are lower transaction processing costs and less “red tape” for both the government and the vendor community. We support the use of a well-controlled purchase card program to streamline the government’s acquisition processes. However, it is important that agencies have adequate internal control in place to protect the government from fraud, waste, and abuse. In July 2001 and March 2002, we testified on significant breakdowns in internal control over purchase card transactions at two Navy sites in San Diego, California.[Footnote 1] This work identified a weak internal control environment; ineffective internal control; and potentially fraudulent,[Footnote 2] improper, and abusive purchases. As a result of our work at the two Navy sites and continuing concern about fraud, waste, and abuse in DOD’s purchase card program, you requested that we expand our audits of purchase card controls. As the initial part of this requested work, this report focuses on the Army, which has the largest purchase card program in DOD. In fiscal year 2001, the Army had about 109,000 cardholders, 4.4 million transactions, and $2.4 billion in purchases. We plan to report to you separately on the results of our audits of the Navy and Air Force purchase card programs. The objective of our audit of the Army’s purchase card program was to assess the adequacy of internal control over the authorization, purchase, and payment of purchase card transactions during fiscal year 2001. Specifically, we addressed whether (1) the Army’s overall control environment and management of the purchase card program were effective, (2) the Army’s key internal control activities operated effectively and provide reasonable assurance that purchase cards were used appropriately, and (3) indications existed of potentially fraudulent, improper, and abusive and questionable transactions. We audited the Army’s internal control policies, procedures, and activities at five major commands that account for about 66 percent of total purchases and 62 percent of total transactions. At one installation in each of the commands, we tested a statistical sample of purchase card transactions and conducted other audit work to evaluate the design and implementation of key internal control procedures and activities. The results of our review of the transactions comprising the statistical samples can only be projected to the individual installation at which we performed the testing and cannot be used to project to the command level or to the Army as a whole. The cumulative results of all our work offer significant perspective on the adequacy of the design and implementation of purchase card program internal control within the Army. We also looked for indications of potentially fraudulent, improper, and abusive or questionable purchases as part of our statistical sampling and through nonrepresentative selections of transactions using data mining of fiscal year 2001 transactions. Our data mining included identifying transactions with certain vendors that had a more likely chance of selling items that would be unauthorized or that would be personal items. Because of the large number of transactions that met these criteria, we did not look at all potential abuses of the purchase card. While we identified some potentially fraudulent, improper, and abusive or questionable purchases, our work was not designed to identify, and we cannot determine, the extent of potentially fraudulent, improper, and abusive or questionable purchases. See appendix I for further details on our scope and methodology. We requested comments from the Secretary of Defense or his designee on a draft of this report. We received comments from the Acting Director of the Army Contracting Agency dated June 17, 2002, and have reprinted those comments in this report. We conducted our audit work from June 2001 through April 2002 in accordance with generally accepted government auditing standards, and we performed our investigative work in accordance with standards prescribed by the President’s Council on Integrity and Efficiency, as adapted for GAO’s work. Results in Brief: The purchase card program offers significant benefits; however, a weak overall control environment and breakdowns in key internal control activities leave the Army vulnerable to potentially fraudulent, improper, and abusive purchases. Our work at five Army major commands and one installation in each of the commands showed that the Army has not established an effective internal control environment. As the use of purchase cards has greatly expanded, Army management has not emphasized internal control activities that can provide reasonable assurance that the individual transactions are for authorized purposes or that they adhere to legal and regulatory requirements. At the individual transaction level, we identified a substantial number of purchases for which cardholders and approving officials had not adhered to important internal control activities and that were not in accordance with valid requirements, policies, and procedures. A major contributor to the weak overall control environment and weak program management is informal and incomplete operating procedures. While existing governmentwide, DOD-wide, and Army-wide procurement regulations are the foundation for the Army purchase card program, the Army has not issued servicewide regulations or operating procedures, but relies on ad hoc memorandums and other informal guidance. This informal guidance does not provide the purchase card program with consistent, comprehensive policies and procedures to guide those implementing the program. For example, the scope of responsibilities and specific duties of installation-level program coordinators, the primary focal points for managing the purchase card program, are not addressed in Army guidance. The major commands and installations we audited had established policies and procedures; however, these policies and procedures were inconsistent between commands and did not provide adequate guidance on key control environment issues. Another major contributor to the weak overall control environment is ineffective oversight of the purchase card program. The Army purchase card program did not have the infrastructure--guidance and human capital--needed to implement the oversight activities that are essential for effective internal control. Army and major command management levels did not conduct meaningful oversight activities of their own and did not provide direction to installation-level program coordinators on needed oversight activities. At the local installation level, the sporadic oversight activities performed did not provide reasonable assurance that internal control procedures and activities were followed. For example, program coordinators did not routinely perform annual reviews of approving officials’ activities as required, and the reviews that were made were seldom documented. Program coordinators told us that they did not have sufficient human capital to conduct required annual reviews or to define and conduct other needed oversight activities. In addition, approving officials’ activities usually were considered “other duties as assigned” and were not the primary duties on which the officials were evaluated and rewarded. They generally said that many other duties were of a higher priority than monitoring purchases and reviewing monthly cardholder statements. We identified a significant breakdown in key internal control activities. Control activities tested were (1) advance approval of purchases, (2) receiving of goods and services by someone other than cardholders, (3) approving officials reviewing cardholders’ monthly reconciled bills and supporting documentation, and (4) whether transaction files contained invoices that supported the transactions. Our statistical sample results at the five installations showed significant failure rates for all four tested control activities. The high failure rate--40 to 86 percent--for approving official review is of particular concern because it is perhaps the most important control activity. The weaknesses we identified in the control environment and the breakdown in specific internal control activities had specific consequences--potentially fraudulent, improper, and abusive and questionable transactions were not being prevented or identified promptly. Potentially fraudulent transactions are (1) cardholder purchases that are intended for personal benefit, (2) unauthorized transactions by vendors, or (3) other purchases using compromised accounts. At three of the five installations, we found that potentially fraudulent transactions went undetected because of breakdowns in internal control. For example, Eisenhower Army Medical Center, at Fort Gordon, Augusta, Georgia, had two fraud cases that were not identified by appropriate approving official review. Each case involved tens of thousands of dollars, with cardholders purchasing jewelry, clothing, and other items for their personal use. Another fraud case under investigation at the end of our fieldwork involved purchases of over $100,000 of electronic equipment, computers, and other items. The actions of the cardholder, approving official, and other service members were being investigated. In our Army-wide data mining,[Footnote 3] potentially fraudulent transactions include the purchase of escort services and the use of a compromised account to purchase athletic shoes. We also identified a number of improper transactions--meaning those in which the purchase was intended for government use but was not permitted by law, regulation, or DOD policy--involving clothing, food, or other items. For example, at the Soldier, Biological and Chemical Command - Natick, in Natick, Massachusetts, the purchase of L.L. Bean Gore-Tex parkas for 10 civilian employees at a cost of $2,400 was not an appropriate use of federal funds because the parkas were not treated solely as government property available only for official use. Other improper purchases included meals, fruit baskets, luggage, and services. We also identified as improper numerous purchases in which cardholders made a substantial number of purchases of similar items (split purchases) to circumvent the legislatively mandated micropurchase limit of $2,500 for a single purchase. Using contracts for such purchases would comply with procurement requirements and could result in lower prices for the purchased items. We identified abusive and questionable transactions at each of the five installations we audited as well as in our Army-wide data mining. Abusive transactions are those that were authorized, but the items purchased were at an excessive cost or for a questionable government need, or both. Questionable transactions were those that cardholders purchased items for which there was not a reasonable and/or documented justification. Examples of abusive and/or questionable purchases included sunglasses, fine china, cigars, wine, and a $2,250 tree. The purchase card transaction files we examined generally did not include explanations or advance approvals that would justify these types of purchases and permit a determination that the purchases were not improper or abusive. Explanations and advance approvals for purchases of potentially questionable items could increase visibility and oversight of such purchases and reduce the potential for abusive and wasteful spending. During our audit, the commands we audited began to address many of the deficiencies we identified and implement many of the recommendations applicable at their levels. In addition, DOD established a task force to develop recommendations to improve procedures. This report contains recommendations to the Army to improve the overall control environment for the Army’s purchase card program; to strengthen key internal control activities; and to increase attention to preventing potentially fraudulent, improper, and abusive and questionable transactions. We also recommend that the task force assess the DOD-wide applicability of the recommendations addressed to the Army. In written comments on a draft of this report, DOD concurred with our recommendations and described actions completed, under way, or planned to implement them. Although it concurred with our recommendation for an Army-wide standard operating procedure directing the implementation of specific internal control activities, DOD took exception to broad application of two of the five recommended activities--advance approval and independent receiving. We agree that not all purchases require advance approval and independent receiving. However, we continue to believe these are important control activities and that the Army-wide standard operating procedure should (1) discuss the criteria for determining when these activities are applicable and (2) articulate guidelines for implementing them. Background: The Army’s purchase card program is part of the governmentwide Commercial Purchase Card Program established to simplify federal agency acquisition processes by providing a low-cost, efficient vehicle for obtaining goods and services directly from vendors. DOD has mandated the use of the purchase card for all purchases at or below $2,500 and has authorized the use of the card to pay for specified larger purchases. DOD has had significant growth in the program since its inception and estimates that in fiscal year 2001 about 95 percent of its transactions of $2,500 or less were made by purchase card. The purpose of the program was to simplify the process of making small purchases. It accomplished this goal by allowing cardholders to make micropurchases of $2,500 or less--$25,000 or less for training--without having to execute contracts. The government purchase card can also be used for larger transactions, but they still require contracts. In these cases, the Army often refers to the card as a payment card because it pays for an acquisition made under a legally executed contract. The Army uses a combination of governmentwide, DOD, and Army guidance as the policy and procedural foundation for its purchase card program. The Army purchase card program operates under a governmentwide General Services Administration purchase card contract, as do the purchase card programs of all federal agencies. In addition, government acquisition laws and regulations, such as the Federal Acquisition Regulation, provide overall governmentwide guidance. DOD and the Army have promulgated supplements to these regulations. The Assistant Secretary of Defense for Acquisition, Technology, and Logistics, in cooperation with the Under Secretary of Defense (Comptroller), has overall responsibility for DOD’s purchase card program. The DOD Joint Purchase Card Program Management Office, in the office of the Assistant Secretary of the Army for Acquisition Logistics and Technology, is responsible for overseeing DOD’s program. The Army agency program coordinator, within the joint office, has oversight over the Army’s purchase card program. However, primary management responsibility for the purchase card program lies with the contracting offices in the major commands and local installations. Figure 1 depicts the Army purchase card program management hierarchy as it was during our audit work. For the major commands, the figure shows the number of installation program coordinators within the command. For the five installations we audited, the figure shows the number of approving officials and cardholders at each installation. On May 1, 2002, the Army created an Office of the Deputy Assistant Secretary of the Army (Procurement) and the U.S. Army Contracting Agency. The responsibility for the Army purchase card program and the DOD Purchase Card Joint Program Management Office will be moved to the newly created office. This new Deputy Assistant Secretary’s office will be in a “transitional” status until October 1, 2002. Figure 1: Army Purchase Card Program Management Structure: [See PDF for image] Source: GAO analysis of Army purchase card program organization. [End of figure] At the installation, personnel in three positions--program coordinator, cardholder, and approving official[Footnote 4]--are collectively responsible for providing reasonable assurance that purchase card transactions are appropriate and meet a valid government need. The installation program coordinator, typically a full-time position under the direction of the director of the contracting office, is responsible for the day-to-day management, administration, and oversight of the program. In our work, we noted that program coordinators develop local standard operating procedures, issue and cancel cards, train cardholders and approving officials, and coordinate with other Army units and the card-issuing bank. Cardholders--soldiers and civilian personnel--are to make purchases, maintain supporting documentation, and reconcile their monthly statements. Approving officials, who typically are responsible for more than one cardholder, are to review cardholders’ transactions and the cardholders’ reconciled statements and certify the official consolidated bill for payment. Approving officials receive an official bill that consolidates their cardholders’ purchases. Appendix II provides additional details on the Army purchase card program. Weaknesses in Overall Control Environment for Army Purchase Card Program: [See PDF for image] [End of figure] Weaknesses in the internal control environment for the Army purchase card program at the five major commands and five installations we audited contributed to internal control breakdowns and potentially fraudulent, improper, and abusive purchases. The importance of the role of management in establishing a positive internal control environment cannot be overstated. GAO’s Standards for Internal Control discusses management’s key role in demonstrating and maintaining an organization’s integrity and ethical values, especially in setting and maintaining the organization’s ethical tone, providing guidance for proper behavior, and removing temptations for unethical behavior. Army purchase card management has not encouraged a strong internal control environment. It has not focused on ensuring an adequate environment for a greatly expanding program. Instead, Army purchase card management focused significant attention on maximizing the use of the purchase card for small purchases and on paying bills quickly to reduce delinquent payments, and it developed performance measures and goals for them. However, purchase card management has not focused equal attention on internal control, and it has not developed performance measures to assess the adequacy of internal control activities or set goals for them. As a result, our audit identified a weak internal control environment characterized by a lack of (1) adequate operating procedures specifying needed program management, oversight, and internal control activities and (2) oversight by all management levels over the program’s implementation at the installation level. These weaknesses are symptomatic of a purchase card infrastructure that is insufficiently robust to build and sustain a strong internal control environment. As discussed in the next section, strong internal control activities are needed to effectively manage the Army’s purchase card program and provide reasonable assurance that the billions of dollars spent under the program adhere to legal and regulatory requirements. Developing performance measures and setting performance goals are fundamental to implementing and maintaining strong internal control activities. Inadequate Program Operating Procedures: [See PDF for image] [End of figure] The Army operates its purchase card program without a specific servicewide regulation or standard operating procedures to govern purchase card activities throughout the agency. Instead, the Army relies on memorandums issued by the DOD and Army purchase card program offices and procedures issued by major commands and installations. Our assessment of the existing Army guidance is that it does not adequately identify and direct the implementation of needed actions and control activities. The memorandums issued by the DOD and Army purchase card program offices do not provide the Army purchase card program with a comprehensive set of policies and operating procedures that identify the actions and control activities needed to manage the program. Instead, they address such topics as cash management of certified purchase card invoices or suggest best practices, including discussions of the importance of internal control activities. Also, the memorandums often only request that Army commanding officers implement a suggested action; they do not direct that specific actions be taken within specific time frames. Such requests might not achieve the desired results. For example, an August 3, 2001, Office of the Assistant Secretary of the Army for Acquisition Logistics and Technology memorandum requested Army units’ assistance and support in implementing the DOD program office’s earlier request to assess the adequacy of purchase card program human capital resources. Because they are only requests, they do not have to result in action. For example, in the example above, we found no evidence that the major commands or installations had made an assessment of their overall purchase card human capital resource needs. Without agencywide operating procedures, the Army has relied on its major command and local installation program coordinators to establish purchase card policies and procedures to guide approving officials, cardholders, and others involved in the purchase card program as they implement the program. The standard operating procedures for the major commands and installations we audited varied widely, and they were not adequate. For example, the Army Materiel Command does not have standard operating procedures, but uses a Web-based tutorial that is part of required training to guide cardholders and approving officials. A training tutorial does not carry the force of a regulation or a standard operating procedure. Consequently, installation program coordinators, such as at the Soldier, Biological and Chemical Command - Natick, developed standard operating procedures that set program implementation standards and requirements at the installation. At the installation level, the contrast between three installations illustrates the differences. As discussed above, the Soldier, Biological and Chemical Command - Natick had a detailed operating procedure that was revised during our work there to add further detailed instructions. Fort Benning, in Columbus, Georgia, did not have installation-level operating procedures. At Fort Hood, in Killeen, Texas, the installation-level procedures were supplemented with detailed procedures developed by the military units, for example, battalions and brigades, located there. Thus, the procedures at these three installations differed significantly and within Fort Hood procedures were different. Collectively, the Army policy memorandums and the major command and installation-level operating procedures do not adequately address key control environment issues. Among the more important issues not adequately addressed are: * responsibilities and duties of installation-level program coordinators, * controls over the issuance and assessment of ongoing need for cards, * appropriate span of control for approving officials, and: * appropriate cardholder spending limits. In addition to the above control environment issues, we identified weaknesses in the individual control activities we tested, which we discuss in the next section of this report. Responsibilities and Duties of Installation-Level Program Coordinators: Army guidance has not addressed the scope of responsibilities and specific duties of installation-level program coordinators, although they are the primary focal point for managing the purchase card program and generally spend all their time on the purchase card program. The importance of these program coordinators to the purchase card program cannot be overstated. During our work we noted that program coordinators develop and enforce operating procedures, establish and cancel cardholder and approving official accounts, train cardholders and approving officials, interact with the bank, and field myriad questions about the program from both cardholders and approving officials. Yet, the Army does not have guidance on how to do these activities, and it does not provide program coordinators with guidance or assistance in developing oversight activities to monitor how well their programs are functioning. Program coordinators told us that they did not get formal training in what their duties are and how they should be done. They said they had to do a lot of on-the-job learning and they called other program coordinators for advice. Controls over the Issuance and Assessment of Ongoing Need for Cards: Little guidance exists to assist program coordinators and unit managers in selecting who should be issued a purchase card. Carefully controlling the issuance of cards and continually reassessing the need and justification for outstanding cards are important issues in controlling the government’s risk in the purchase card program. At the installations we audited, the operating procedures usually specified that unit managers, after deciding who should be a cardholder and who should be an approving official, request the installation program coordinator to process the appointments. Yet, we found little guidance at any level that provided criteria to these officials for determining how many cards a unit should have or who should have them. The November 2001 operating procedure at the Soldier, Biological and Chemical Command - Natick requires unit directors to provide written justification for the selection of a cardholder or approving official. However, without guidance from the Army, the command did not establish criteria to guide the directors’ decisions. In no case did we identify guidance that required cardholders to have a continuing need to make procurements for an office or organization, and none of the guidance discussed the need to reassess the ongoing need for outstanding cards. Span of Control for Approving Officials: Standard operating procedures at the major commands and installations we audited do not adequately discuss the span of control that is appropriate for approving officials that could provide a reasonable assurance that they can effectively perform their responsibilities. The training program for Army Materiel Command and the standard procedures at the Soldier, Biological and Chemical Command - Natick discuss that an approving official should have only as many cardholders for whom he/ she can review all monthly transactions. Approving officials who have more cardholders than they can effectively supervise is symptomatic of a weak control environment. The Army did not provide criteria for approving officials’ span of control until July 2001,[Footnote 5] just prior to our testimony on the purchase card program at two Navy installations.[Footnote 6] The July guidance suggested a span of control of five to seven cardholders. However, this guidance had not been promulgated in major command or installation guidance as of the end of our fieldwork. Cardholder Spending Limits: Policies and procedures that addressed controlling cardholders’ spending limits were inadequate. Unit managers and approving officials coordinate with the program coordinator to set both transaction and monthly spending limits for cardholders. However, we found no policy guidance or procedures that provided criteria to guide them in making these decisions, except a recitation of the micropurchase spending limits, until an August 13, 2001, memorandum from the Director of Defense Procurement. This memorandum, which was in response to congressional hearings on our Navy testimony,[Footnote 7] noted that not every cardholder needs to have the maximum transaction or monthly limit and that reasonable limits based on what the person needs to buy should be set. We found that individual transaction limits were generally set at the micropurchase maximum of $2,500. Installations generally set monthly limits at a generic level, such as $10,000, $25,000, or $100,000, for most of their cardholders. We saw little evidence that limits were set based on an analysis of individual cardholders’ needs or past spending patterns. In some cases, we were told that the monthly limits were based on the anticipated peak spending to avoid possible limit changes. We also saw infrequently used cards that, nevertheless, had spending limits set at the maximum. Limits that are higher than justified by the cardholder’s authorized and expected usage unnecessarily increase the government’s exposure to potentially fraudulent, improper, and abusive purchases. Army Addressing Control Issues: As we were performing our review of the Army purchase card program and in response to our July testimony on Navy purchase card activities, DOD and Army officials have issued a number of memorandums that address some of the weaknesses that we have discussed. For example, a memorandum from the Director of Defense Procurement, issued in August 2001,[Footnote 8] said that only those personnel with a continuing need to purchase goods or services as part of their jobs should be cardholders. In another example, DOD’s Joint Program Office, after we requested data on inactive cards, sent a February 2002 memorandum[Footnote 9] to agency program coordinators asking that they consider canceling cards with little activity or imposing other controls, such as reducing the monthly limit to 1 dollar. However, at the locations we audited, the guidance in these and other memorandums had not been incorporated into operating procedures as of the end of our fieldwork. DOD and Army purchase card officials told us that they recognized the need for the Army to issue standard operating procedures for the purchase card program. They said that work had been ongoing on developing such procedures, which could be issued in this fiscal year. In addition, on March 19, 2002, the Secretary of Defense directed the Under Secretary of Defense (Comptroller) to establish a Charge Card Task Force to review the operations of both purchase and travel cards and to develop recommendations to improve procedures. Ineffective Program Monitoring and Oversight: [See PDF for image] [End of figure] Ineffective oversight of the purchase card program also contributes to weaknesses in the overall control environment. In general, effective oversight activities would include management reviews and evaluations of how well the purchase card program is operating, including the internal control activities. We identified little monitoring or oversight activity directed at assessing program results, evaluating internal control, or identifying the extent of potentially fraudulent, improper, and abusive or questionable purchases. At no management level, Army headquarters, major command, or local installation, is the infrastructure provided for such activities. At the installation level, where the most responsibility for oversight appears to reside, guidance or training on what oversight activities should be undertaken does not exist, and the needed human capital resources to perform those activities are not in place. Army-Wide and Major Command Oversight Limited: At the Army-wide level, the purchase card agency program coordinator-- the position involving direct oversight of the Army program--does not conduct internal control oversight activities. The agency program coordinator, who is in the DOD Joint Purchase Card Program Office, has no human capital resources to conduct oversight activities. The coordinator’s activities are mainly directed at answering program operation questions from and transmitting reports to major command and installation-level program coordinators. The major commands have direct authority over the installations that report to them and have responsibility for the purchase card programs of their installations. While the major commands that we audited had procedures to guide the installations’ activities, we found little evidence of oversight activities by the commands to monitor the installations’ implementation of the procedures. The major commands’ purchase card program office personnel do participate in contract management reviews conducted at their installations every 2 years. These reviews, which generally are completed in 1 week, are focused on the installation’s contracting operations and have a small purchase card component. The program coordinators at the major commands we audited confirmed that they conduct little oversight of internal control activities at the local installation programs. Installation-Level Oversight Activities Inadequate: The only significant oversight activities we identified were at the local installation level where the primary purchase card activities are taking place. However, none of the installations we audited had a comprehensive or effective program of oversight and monitoring. The oversight and monitoring activities consisted primarily of isolated inspections of approving official’s compliance with monthly statement certification requirements and monitoring resolution of disputed transactions. Audits and inspections of the purchase card program by internal auditors can provide additional oversight of the installation level purchase card program. For example, at the Soldier, Biological and Chemical Command - Natick, where the command has recognized that the program coordinator did not have the infrastructure to perform oversight reviews, the internal auditor provided assistance. According to the auditor, the audits are designed to ensure continued command attention and to assist the program coordinator with developing policies, procedures, and controls. However, at the installations we visited, audits and inspections were generally limited in both scope and number. For example, at Fort Hood, the internal auditors conducted occasional purchase card reviews as part of the command inspection program. Although these inspections occasionally surfaced control problems, the results were not communicated to the purchase card program coordinator so that systemic problems could be identified and addressed. The DOD Financial Management Regulation assigns installation program coordinators the responsibility for the implementation and execution of the purchase card program in accordance with established Office of the Secretary of Defense and applicable DOD component regulations, policies, and procedures. Thus, installation program coordinators, who act under the direction of the installation’s director of contracting, are the pivotal officials in managing and overseeing the purchase card program. A comprehensive and robust management and oversight program could include a number of activities. At the installations that we audited, the program coordinators were devoting significant time and attention to some basic activities such as establishing cardholders and approving officials and providing required training to these individuals. In most cases, cardholders and billing officials were being appropriately established and were receiving the required initial training. However, we found that refresher training, required by DOD guidance for cardholders and approving officials every 2 years, was seldom provided at the five installations we audited. Program coordinators at every location except the Texas Army National Guard in Austin, Texas, told us that this training seldom, if ever, occurred because of inadequate time and human capital resources. While devoting time and resources to establishing cardholders and approving officials, other important activities were not receiving attention. For example, the key oversight activity identified in Army regulations is an annual review of the records of approving officials. This key activity was not effectively carried out at any of the five installations. In addition, program coordinators were not monitoring potential abusive and questionable transactions, and taking prompt and appropriate action to cancel accounts for departed and unneeded cardholders. Inspecting approving official activities. Army guidance, reiterated in an August 2001 memorandum,[Footnote 10] provides for the installation’s program coordinator to annually inspect the records of approving officials. Our work showed that none of the program coordinators at the five installations had a comprehensive inspection program, although three program coordinators had conducted some inspections. Our work also showed that the few that had been conducted were focused on only a limited number of cardholders and did not include remediation plans. Without inspecting cardholders’ and approving officials’ activities and developing remediation plans, program coordinators had no structured way to determine either currently or over the long run how well their approving officials were functioning or to follow up their inspections and determine whether cardholders and approving officials had improved their performance. The following summarizes the ineffective and limited information on inspections of approving officials’ records at the audited installations. * At Eisenhower Army Medical Center, the program coordinator performed a few targeted inspections in fiscal year 2001, rather than undertake a comprehensive audit of approving officials’ activities. These inspections covered eight approving officials and 15 cardholders. * At Fort Benning, the program coordinator told us that records of a few approving officials are inspected each year but there is no specific timetable for the inspections and the results are not documented. An internal audit of the purchase card program at Fort Benning prepared for the commanding general in 2001 concluded that the program coordinator had not placed enough emphasis on oversight responsibilities. * At Fort Hood, the program coordinator conducted few inspections of approving officials’ activities due to a heavy workload in establishing cardholders and approving officials and limited human capital resources. * At the Soldier, Biological and Chemical Command - Natick, the program coordinator did not conduct inspections of approving officials’ activities. However, internal review performed audits focused on various purchase card areas to assist the program coordinator. * An April 2001 internal review audit report of the Texas Army National Guard program stated that there was no evidence reviews were conducted to test management controls over the purchase card program. Subsequent to the audit report, the program coordinator and the director of contracting said that they had begun to occasionally conduct a small number of reviews. Monitoring potentially abusive and questionable transactions. Program coordinators at the five installations have not routinely monitored potentially abusive transactions. Their activities in this area were generally confined to answering cardholder questions about potentially questionable aspects of proposed purchases and occasionally scanning bank data for questionable transactions. The program coordinators told us that the Army and major command purchase card offices do not require them to analyze purchase card transactions and have not provided guidance on data to be analyzed or on analysis techniques. Our own data mining efforts, including our analysis of Army-wide data, shows the usefulness of these techniques and their potential for identifying transactions that contain indicators of potentially fraudulent, improper, and abusive and questionable transactions, as we discuss in a later section of this report. While cardholders and approving officials are the first line of defense in preventing purchase card abuse, program coordinator activities become especially critical if the approving official is not carrying out required duties. For example, after noting that we were requesting additional details on purchases from some questionable vendors, the Fort Benning program coordinator noticed that a cardholder had purchases from such vendors. Subsequent investigation of the cardholder revealed potentially fraudulent purchases totaling $10,748. The cardholder’s potentially fraudulent activities were not detected promptly because the approving official had not been monitoring the cardholder’s purchases or reviewing the monthly statement. Program coordinators, in addition to analyzing questionable transactions, need to analyze other purchase card data, such as bank status reports on disputed transactions. The Fort Hood program coordinator, who was not effectively monitoring bank status reports on disputed transactions, did not identify that cardholder inaction beyond the expiration date for disputes had resulted in the loss of ability to recover funds on previously disputed charges. At our suggestion, the coordinator followed up on an unresolved expired dispute and obtained credit for over $1,000 in returned unordered merchandise. Such a recovery demonstrates that a data analysis program for installation program coordinators can produce savings for taxpayers. Canceling accounts for departed cardholders. None of the program coordinators at the five installations had focused effective attention on canceling accounts of departed and unneeded cardholders prior to the completion of our fieldwork. Program coordinators can reduce the government’s exposure to fraud, waste, and abuse by monitoring cardholder account activity and determining whether issued cards continue to be required. If cards are not active and unneeded because of change in duties or other reassignments, timely cancellations of cards is an important control. At all five installations, we identified weaknesses in their processes for canceling accounts for inactive or unneeded cardholders, and each location had significant numbers of cards that were inactive and should have been canceled. The most serious problem was when some accounts had not been canceled even though the cardholder was no longer at the installation or even with the Army. Each installation had a policy that the program coordinator be notified when an account should be canceled, but they were not effective. Even the existence of processes to identify when a cardholder’s account should be canceled were not always effective. For example, the Soldier, Biological and Chemical Command - Natick had developed a process to terminate the purchase card when the cardholder departed. The process involved a checkout procedure that required each departing cardholder to obtain a release from the program coordinator prior to being allowed to leave the installation. Yet, even with this process in place, the installation had 20 inactive cards that needed to be canceled. Although the checkout process had been developed, data had not been analyzed to evaluate if the process was effective. This problem of unneeded cards was especially serious at Fort Hood, which also had a checkout process that included the purchase card. Available data showed that 317--26 percent--of 1,242 current cardholders at Fort Hood were no longer assigned to the units that issued their cards. Therefore, the cards should have been terminated. Neither the installation nor purchase card program office had established processes to ensure that purchase cards of departing or reassigned personnel were canceled. As identified later in this report, failure to terminate cards of reassigned cardholders can result in potentially fraudulent transactions. The problem at Fort Hood was exacerbated by the high turnover of active duty military personnel rotating to and from the installation--Fort Hood military personnel statistics show that about 1,600 soldiers depart the installation monthly. The personnel office managing the transfers of military personnel had established checklist procedures to cancel government travel cards held by departing employees, but did not have similar procedures for canceling purchase cards. They said that the procedure was not established because the social security numbers of cardholders are not provided for computerized matching to the social security numbers of departing soldiers. Fort Hood’s purchase card program office agreed to review records and cancel cards for reassigned personnel and to identify workaround procedures to ensure that cards of departed personnel were terminated. Following the completion of our fieldwork, Fort Hood program officials notified us in mid-May that they had canceled 258 cardholder accounts and were continuing to identify other accounts for cancelation. The command said it was also attempting to improve its checkout procedures. The above conditions illustrate that the Army as a whole may also need to reduce its active cards. Since our testimonies and report on the purchase card programs at two Navy locations,[Footnote 11] there has been concern over whether DOD has too many purchase cards and cardholders. Since that time, the Navy reports that it has reduced its total active cards from about 58,000 to about 26,000. With the Army’s lack of guidance to installations on controlling the issuance of cards and on reassessing the need for outstanding cards, the Army should also have opportunities to reduce its reported 109,000 active cards. Army officials reported that as of April 30, 2002, they had reduced the number of active accounts to about 100,000 and would continue to assess the need for cards. Infrastructure Is Insufficient for Effective Monitoring and Oversight: DOD, Army, and the major commands we audited have not provided installation-level program coordinators the infrastructure needed for program monitoring and oversight. The coordinators do not have guidance or training on what they should be doing to monitor and oversee the implementation of internal control activities, and they have not been trained. They do not have the human capital resources to perform significant monitoring and oversight activities. And finally, they do not have grade-level positions that are commensurate with their responsibilities and that would provide some additional authority to achieve better purchase card internal control. No program guidance or training. Although installation-level program coordinators are tasked with major program management responsibilities, applicable DOD, Army, and major command guidance does not provide a statement of duties, position description, or other information on the scope, duties, or specific responsibilities for the position. The guidance also does not establish program coordinators’ oversight responsibilities. The Army and major command guidance to installation- level program coordinators is generally limited to a requirement that program coordinators review each approving officials’ records and activities annually. The Army and major commands also have not developed data analysis techniques and tools for installation-level program coordinators to use in analyzing bank electronic data as a part of their oversight activities. Also, the Army and major commands have not developed training courses for program coordinators. At the five audited installations, the coordinators told us they had not received any specific program coordinator training. They said the available training was limited to cardholders training sessions either on-line or conducted by other coordinators and the General Services Administration’s annual governmentwide purchase card program conference. Thus, program coordinators essentially have had to develop program management and oversight activities and to decide how to conduct them. Inadequate human capital resources. The Army has not provided sufficient human capital resources at the installation level to enable monitoring of purchases and develop a robust oversight program. The two key positions for monitoring purchases and overseeing the program are the program coordinator and the approving official. While the program coordinator position is a specifically designated responsibility, we found that the coordinator has very limited assistance in administering, managing, and overseeing the program. At the five installations that we audited, the assistance available to the program coordinator ranged from no staff at two locations to one full- time assistant at two locations. Considering that the coordinators are responsible for procurement programs involving thousands of transactions and millions of dollars, as shown in table 1, the inadequacy of human capital resources is apparent. Table 1: Program Coordinators’ Span of Control: Installation: Eisenhower Army Medical Center[A]; People in program coordinator office: 1.5; Number of approving officials: 162; Number of cardholder: 540; Number of fiscal year 2001 transactions: 68,805; Value of fiscal year 2001 transactions: $30. Installation: Fort Benning; People in program coordinator office: 2; Number of approving officials: 162; Number of cardholder: 450; Number of fiscal year 2001 transactions: 44,421; Value of fiscal year 2001 transactions: 19. Installation: Fort Hood; People in program coordinator office: 2; Number of approving officials: 321; Number of cardholder: 1,242; Number of fiscal year 2001 transactions: 110,822; Value of fiscal year 2001 transactions: 58. Installation: Soldier, Biological and Chemical Command - Natick; People in program coordinator office: 1; Number of approving officials: 87; Number of cardholder: 208; Number of fiscal year 2001 transactions: 16,480; Value of fiscal year 2001 transactions: 96. Installation: Texas Army National Guard; People in program coordinator office: 1; Number of approving officials: 26; Number of cardholder: 437; Number of fiscal year 2001 transactions: 20,306; Value of fiscal year 2001 transactions: 7. [A] This program coordinator has responsibility for all nine Army medical centers in the Southeast. : Source: GAO analysis of Army purchase card program data as of September 30, 2001. [End of table] The Army does not have guidance on the appropriate human capital resources for the program coordinator’s office. However, the program coordinators told us, and our observations confirmed, that with current resources, time was not available to conduct systematic reviews of approving officials’ activities, much less undertake other management analyses and oversight activities. They each said that their time was generally consumed with administrative duties such as training new cardholders, issuing appointment letters, setting up accounts for new cardholders, monitoring delinquencies, interacting with the bank to resolve problems, and interacting with cardholders to answer questions about the purchase card program. These administrative activities are necessary to operate the purchase card program, but do not achieve routine oversight of activities. As previously discussed, the Director, Purchase Card Joint Program Management Office, recognized in his July 5, 2001, memorandum, the need to assess the adequacy of resources and asked that the services conduct an assessment of the policies and guidelines that are in effect to assist commanders and directors in the proper allocation of resources to the purchase card program. He asked that the assessment be conducted in the coming weeks (emphasis added). However, the Army program office could not identify any such assessments. By the end of our fieldwork, the five installations and five major commands included in our work had not conducted any studies or assessments to address the question of appropriate resources. As opposed to the specifically designated role of the program coordinator, approving official responsibilities generally fall into the category of “other duties as assigned,” without any specific time allocated for their performance. We found that approving officials generally had many other duties of a higher priority than monitoring purchases and reviewing their cardholders’ purchase card statements. Also, many approving officials are responsible for a large number of cardholders. A large workload, especially one in an “other duties as assigned” category can inevitably lead to less attention than expected or desired. We found that a number of approving officials at the installations we visited had numerous cardholders reporting to them. For example, at Fort Hood, 29 billing officials had 10 or more cardholders. Two of the 29 had over 20 cardholders. At Eisenhower Army Medical Center, one approving official had 18 cardholders, one of whom was spending about $100,000 per month for surgical supplies and equipment. The approving official said he simply did not have time to review each cardholder’s monthly bills and transactions each month. At the Texas Army National Guard, 16 of the 26 approving officials had 10 or more cardholders, and 8 of them had 25 or more. The number of cardholders that these approving officials were responsible for far exceeded the Army’s suggested maximum of 7 cardholders per approving official,[Footnote 12] as discussed earlier. The DOD Inspector General also reported a problem with approving officials having too many cardholders. In a March 2002 report on the purchase card program,[Footnote 13] the Inspector General reported that 1,816 approving officials, or 8.8 percent off the Army’s 20,709 officials, were assigned more than 7 cardholders and that 21 of them were assigned more than 100 cardholders. A large span of control for approving officials is not conducive to thorough review of each cardholder’s monthly statement. The August 3, 2001, memorandum[Footnote 14] from the Acting Deputy Assistant Secretary of the Army (Procurement) to the contracting community cited earlier stated that “[approving] officials are the first line of defense against fraud, waste, and abuse, as they are required to review each of their cardholder statements. If they have too many cardholders under their purview there is no way these officials can perform the required reviews and attendant certifications of cardholder purchases.” In the February 1, 2002, memorandum[Footnote 15] cited earlier from the Director of the Purchase Card Joint Program Management Office to agency program coordinators, the director requested program coordinators’ help in ensuring that approving officials’ span of control is commensurate with their ability to adequately perform their responsibilities. The memorandum said that approving officials should have a reasonable span of control over the cardholders they supervise and approving officials must be given adequate time for a complete monthly review to determine that each charge is legal and proper. Following completion of our fieldwork, the installations we audited reported that they had begun to bring their approving officials’ span of control into line with the criteria. Insufficient authority to encourage compliance. The program coordinators at the five installations we audited generally did not have the grade level or organizational authority--”clout”--to enforce compliance with purchase card procedures. At the five installations we audited, the program coordinators were part of the installation’s contracting operation and reported to the director of contracting, from whom they derived their authority. However, we believe that the program coordinators’ grade levels were not commensurate with their responsibilities or sufficient to provide the authority needed to enforce purchase card program rules. Only one of the five was a GS-12, two were GS-9s, and two were GS-7s. Program coordinators have the primary responsibility for purchase card program management and significant control over procurement activities carried out by a large number of individuals. For example, table 1 shows that the Fort Hood program coordinator has responsibility for overseeing a program of over 110,000 purchase card transactions totaling about $58 million and carried out by 321 approving officials and 1,242 cardholders. In addition to the relatively low grades, the Army has not made the program coordinator position career enhancing by making it part of a contracting career path. At three of the five installations, program coordinator position descriptions were for traditional contracting positions, although their coordinator duties are unique. Two coordinators had locally developed position descriptions that included their coordinator responsibilities, but these descriptions still carried traditional contracting titles. At the Soldier, Biological and Chemical Command - Natick, the program coordinator’s position description, which was written to justify a GS-12 grade, was for a procurement analyst and specifically included program coordinator duties. However, the director of contracting said that obtaining approval for the position took much discussion and persuasion because of its uniqueness. At Fort Benning, the program coordinator’s position description was developed specifically for the local position. Critical Internal Control Activities and Techniques Not Effectively Implemented: [See PDF for image] [End of figure] Our work shows that critical internal control activities and techniques over the purchase card program were ineffective at the five installations we audited. Based on our tests of statistical samples of transactions, we determined that the transaction-level control activities and techniques we tested were not effective, rendering purchase card transactions at the five installations vulnerable to potentially fraudulent and abusive purchases and theft and misuse of government property. Control activities occur at all levels and functions of an agency. They include a wide range of diverse activities such as approvals, authorizations, verifications, reconciliations, performance reviews, and the production of records and documentation. For the Army purchase card program, we opted to test those control activities that we considered to be key in creating a system to provide reasonable assurance that transactions are correct and proper throughout the procurement process. The key control activities and techniques we tested include: * advance approval of purchases, * independent receiving--receiving and acceptance of goods and services by someone other than the cardholder, * independent review by an approving official of the cardholder’s monthly statements and supporting documentation, and: * cardholders obtaining and providing invoices that support their purchases and provide the basis for reconciling cardholder statements. Table 2 summarizes the results of our statistical testing. Our work showed internal control activity failures in both purchase and payment cards, although the percent of failure--the failure rate--was generally higher for purchase card transactions. Table 2: Internal Control Activity Statistical Testing Failure Rates: Installation: Eisenhower Army Medical Center; Estimated percent of transactions without documentation of: Advance approval: 60; Estimated percent of transactions without documentation of: Independent receiving: 71; Estimated percent of transactions without documentation of: Approving official review: 86; Estimated percent of transactions without documentation of: Supporting invoice: 26. Installation: Fort Benning; Estimated percent of transactions without documentation of: Advance approval: 46; Estimated percent of transactions without documentation of: Independent receiving: 75; Estimated percent of transactions without documentation of: Approving official review: 73; Estimated percent of transactions without documentation of: Supporting invoice: 16. Installation: Fort Hood; Estimated percent of transactions without documentation of: Advance approval: 36; Estimated percent of transactions without documentation of: Independent receiving: 65; Estimated percent of transactions without documentation of: Approving official review: 66; Estimated percent of transactions without documentation of: Supporting invoice: 7. Installation: Soldier, Biological and Chemical Command - Natick; Estimated percent of transactions without documentation of: Advance approval: 25; Estimated percent of transactions without documentation of: Independent receiving: 55; Estimated percent of transactions without documentation of: Approving official review: 40; Estimated percent of transactions without documentation of: Supporting invoice: 14. Installation: Texas Army National Guard; Estimated percent of transactions without documentation of: Advance approval: 69; Estimated percent of transactions without documentation of: Independent receiving: 87; Estimated percent of transactions without documentation of: Approving official review: 41; Estimated percent of transactions without documentation of: Supporting invoice: 14. Source: GAO testing and statistical analysis of Army purchase card transaction files. [End of table] In addition to the internal control activities we tested statistically, we noted two other internal control-related problems during our work. First, the purchase card exacerbates the long-standing difficulties of maintaining property records over accountable property. Second, cardholders did not always maintain purchase card transaction records as required by regulations. Advance Approval of Purchases: [See PDF for image] [End of figure] Without Army-wide operating procedures, requirements for advance approval are not consistent but do exist, to some extent, at each of the five audited installations. Two major commands and three installations specifically require advance approval. Others required written descriptions of purchases and appropriate coordination and review prior to the purchases. Advance approval requirements also varied within individual units at the installations and by individual approving officials. The requirements were generally for informal approval directed toward ensuring budget and funds control as well as establishing a valid need for a purchase so that cardholders are not acting totally independently. The approvals that we saw included e-mails from a cardholder’s supervisor as well as a request for a purchase initiated by someone other than the cardholder. For example, the Soldier, Biological and Chemical Command - Natick used an electronic system to manage its purchase card activity, making it easy for Natick employees to request a cardholder to make a purchase and for supervisors, unit heads, resource managers, and logistics personnel to have knowledge of and approve the request with a few computer keystrokes. Approval of a purchase can range from a blanket approval for routine small dollar purchases of items such as office supplies to a one-time written approval for specific large dollar items. For example, at Fort Hood, some units have a blanket approval for routine, small dollar purchases, such as office supplies under $300. For our testing of advance approval, we accepted reasonable documented evidence that a cardholder’s supervisor or other responsible person had requested and/or approved the purchase. This included a request for purchase from a responsible official, and it also included specific blanket approval for routine purchases within set dollar limits. As table 3 shows, we estimated that the failure rate at the five installations ranged from 25 percent at Soldier, Biological Chemical Command - Natick to 69 percent at the Texas Army National Guard. Table 3: Advance Approval Failure Rates: Installation: Eisenhower Army Medical Center; Estimated percent of transactions without advance approval: 60; 95 percent confidence interval: 48 to 71. Installation: Fort Benning; Estimated percent of transactions without advance approval: 46; 95 percent confidence interval: 34 to 58. Installation: Fort Hood; Estimated percent of transactions without advance approval: 36; 95 percent confidence interval: 23 to 51. Installation: Soldier, Biological and Chemical Command - Natick; Estimated percent of transactions without advance approval: 25; 95 percent confidence interval: 14 to 38. Installation: Texas Army National Guard; Estimated percent of transactions without advance approval: 69; 95 percent confidence interval: 59 to 79. Source: GAO testing and statistical analysis of Army purchase card transaction files. [End of table] Although the failure rate was unacceptably high overall, the failure rate was particularly high for micropurchases, even though some of those purchases were for computers, electronic devices, and other items for which advance approval would appear warranted because the procurement was not routine. We believe that leaving cardholders solely responsible for a procurement without some type of documented approval puts the cardholders at risk and makes the government inappropriately vulnerable. A segregation of duties so that someone other than the cardholder is involved in the purchase improves the likelihood that both the cardholders and the government are protected from fraud, waste, and abuse. We believe that advance approval is an appropriate internal control activity, especially considering that many cardholders in our audit were administrative personnel and not supervisors or managers. Our testing of advance approval as a control activity is not advocating a return to the formal advance approval that DOD has de-emphasized in the purchase card program. A February 1997 study of the purchase card program identified DOD’s requirement for formal prepurchase approval documentation through the administrative chain of command for each purchase card transaction as an impediment to expanded use of the purchase card.[Footnote 16] The formal prepurchase documentation that previously existed could impede purchases and increase costs. The more informal practices that exist at the installations we audited eliminate much of the previous formal documentation, but still can serve to protect the cardholders and the government. For example, blanket approval for routine purchases within set dollar limits involves minimal cost, but reasonable control. For nonroutine purchases involving significant expenditures, advance approval, even through informal processes, appears to be an important control activity. Documentation of Independent Receiving by Other Than Cardholder: [See PDF for image] [End of figure] Independent receiving--receiving of goods and services by someone other than the cardholder--provides additional assurance that purchased items are not acquired for personal use and that the purchased items come into the possession of the government. The requirement for documentation of independent receiving by someone other than the cardholder was not generally addressed in the procedures of the commands and installations we audited. However, installations and units within the installations often required some documentation of independent receiving of at least some portion of their purchases. At Fort Benning, instructions in various units required documentation of independent receiving. At Fort Hood, the Department of Public Works had established the same type of requirement. The Fort Hood official in the department told us he established the requirement for independent receipt because, while in a prior job at another installation, he had observed potentially fraudulent purchases that would have been prevented if the independent receipt requirement had existed. Because Army guidance does not address the issue of evidence of independent receiving, and the requirements varied at the five installations, we accepted as evidence of independent receiving for this test, any signature or initials of someone other than the cardholder on the sales invoice, packing slip, bill of lading, or other shipping or receiving document. Table 4 shows the results of our testing. Table 4: Independent Receiving Failure Rates: Installation: Eisenhower Army Medical Center; Estimated percent of transactions without independent receiving: 71; 95 percent confidence interval: 60 to 81. Installation: Fort Benning; Estimated percent of transactions without independent receiving: 75; 95 percent confidence interval: 62 to 84. Installation: Fort Hood; Estimated percent of transactions without independent receiving: 65; 95 percent confidence interval: 51 to 77. Installation: Soldier, Biological and Chemical Command - Natick; Estimated percent of transactions without independent receiving: 55; 95 percent confidence interval: 44 to 67. Installation: Texas Army National Guard; Estimated percent of transactions without independent receiving: 87; 95 percent confidence interval: 78 to 94. Source: GAO testing and statistical analysis of Army purchase card transaction files. [End of table] As shown above, the five installations we audited generally did not have independent, documented evidence that the items ordered and paid for with the purchase card had been received. This lack of documented, independent receiving extended to all types of purchases, including computers and other expensive or highly pilferable items. We believe that documented independent receiving is a basic internal control activity that provides additional assurance to the government that purchased items come into the possession of the government. Approving Official Review: [See PDF for image] [End of figure] Approving official review is a recognized control activity at all levels of the purchase card program. DOD’s purchase card joint program office, major command procedures, and the installations’ operating procedures recognize that the approving official review is central to ensuring that purchase card transactions are appropriate. Army guidance requires approving officials to review and certify each cardholder’s monthly transactions. The August 3, 2001, memorandum discussed earlier[Footnote 17] described the approving official review process as the “first line of defense” against misuse of the card. The responsibilities of the approving official involve two overlapping functions: * reviewing the cardholder’s transactions to provide reasonable assurance that, among other things, (1) the transactions are legal, proper, and correct in that appropriate procurement procedures were followed and (2) supporting documentation and records, including supporting invoices, are adequate and: * certifying the cardholder’s transactions for payment. An appropriate approving official review, at a minimum, would facilitate certification; however, certification by itself does not ensure that the desired review occurred. Certification is likely to occur even if the required reviews are not made because certification is necessary for payment. Section 2784 of title 10, United States Code, requires the Secretary of Defense to issue regulations controlling the use of government credit cards within the department. The statute requires that these regulations be consistent with “regulations that apply government-wide regarding use of credit cards by government personnel for official purposes.”: The regulations that apply governmentwide are in the Treasury Financial Manual. Section 4535 of Volume I of the manual provides that the cardholder and approving official[Footnote 18] will review the cardholder statement of account received at the end of each monthly billing cycle. The cardholder statement must be submitted to the billing office early enough to permit the billing office to process and pay the consolidated monthly invoice within the Prompt Payment Act deadline. The provision directs the billing office to pay the consolidated invoice on time, “even if all cardholder statements are not received….”: As part of our work, we asked the DOD Under Secretary of Defense (Comptroller) for his views on DOD’s compliance with these statutory requirements. In a letter dated April 30, 2002, the Principal Deputy and Deputy Under Secretary of Defense for Management Reform stated that DOD’s Financial Management Regulation, various purchase card reengineering memorandums, and other pronouncements together complied with section 2784. DOD’s regulations are consistent with the governmentwide regulations regarding the responsibilities of cardholders and approving officials.[Footnote 19] Therefore, if cardholders and approving officials are not reviewing and reconciling their statements of account in time for disbursing offices to process payments on time, they are not complying with Treasury and DOD requirements. We noted numerous cases during our audit where the approving official certified the billing statement for payment but had not examined the transactions or the documentation supporting them to determine whether the transactions were correct and for a valid government purpose. In one case, a note on one approving official’s certified billing statement said that the approving official had not reviewed the transactions. Accordingly, certification for payment is made without the required reconciliation. In that instance, certification was clearly nothing more than a “rubber stamp.”: Consequently, we tested for other evidence that the billing official had reviewed the cardholders’ transactions. Without such evidence, neither we, nor internal auditors, nor program coordinators who are required to annually review approving official’s records, can determine whether approving officials are complying with review requirements or simply certifying the statement without the required review. For this test, we accepted virtually any markings, notes, or dates, other than the certification signature, on the transactions listed on the cardholder’s or approving official’s bill as documentation that a review had occurred. In instances of appropriately documented reviews, we found evidence of the approving official checking off on each transaction in the cardholder’s statement and the supporting documentation for each, and signing the cardholder’s statement as having reviewed it. Instances in which the documentation was not available included missing statements, missing invoices, and statements without any marks by either the cardholder or the approving official to indicate that a reconciled statement had been prepared or submitted to the approving official. Our testing revealed that documented evidence of approving officials’ review of cardholders’ transactions and their reconciled statements did not exist for most of our sample transactions. The failure rate at each of the five installations we audited was high, as table 5 shows. The high failure rate is of particular concern for this control activity because it is perhaps the most important to providing reasonable assurance that purchases are appropriate and for a legitimate government need. Table 5: Approving Official Review Failure Rates: Installation: Eisenhower Army Medical Center; Estimated percent of transactions without approving official review: 86; 95 percent confidence interval: 75 to 94. Installation: Fort Benning; Estimated percent of transactions without approving official review: 73; 95 percent confidence interval: 61 to 83. Installation: Fort Hood; Estimated percent of transactions without approving official review: 66; 95 percent confidence interval: 52 to 79. Installation: Soldier, Biological and Chemical Command - Natick; Estimated percent of transactions without approving official review: 40; 95 percent confidence interval: 28 to 52. Installation: Texas Army National Guard; Estimated percent of transactions without approving official review: 41; 95 percent confidence interval: 30 to 52. Source: GAO testing and statistical analysis of Army purchase card transaction files. [End of table] Although of concern, the high failure rates are not unexpected because major command and local standard operating procedures, while recognizing the importance of approving official review, do not specify the required extent, content, or documentation of approving officials’ reviews. In addition, the high failure rate may be attributable to approving official responsibilities falling into the category of “other duties as assigned” and to approving officials being responsible for a large number of cardholders, as previously discussed. A large workload, especially one in an “other duties as assigned” category, can inevitably lead to less attention than expected or desired. For example, the previously mentioned cardholder at Eisenhower Medical Center, who was the approving official for 18 cardholders, one of whom spends about $100,000 monthly for surgical supplies and medical equipment, told us that he had not reviewed the cardholders’ records because he did not have time. We examined that cardholder’s records as part of our control activity testing and found that the records were in disarray. Numerous transactions did not have invoices. Other transactions had invoices with prices that differed from the cardholder’s log but were not reconciled. Subsequent to our audit, the program coordinator worked with the approving official’s manager to reduce the workload by appointing additional approving officials. Our discussions with approving officials indicated that some reviews had been made, but we could not determine the frequency or extent of the reviews because they were not documented. Without documentation, the lack of a review can go unnoticed. For example, at the Texas Army National Guard, approving officials’ subordinates frequently performed cardholder statement reviews because of the large number of cardholders for whom each approving official was responsible. When one of these subordinates was absent due to an extended illness, no one performed reviews of the transactions, but the approving official did not notice because reviewers were not required to document their work. According to guard officials, this problem was addressed after our inquiries by appointing more approving officials and directing approving officials to personally review their cardholder transactions. We identified numerous instances of purchases that clearly had not been adequately reviewed and reconciled to the statement, but the statements were, nonetheless, certified for payment. Such activities allow potentially fraudulent, improper, abusive, and questionable purchases, which are discussed in more detail in the following section of this report, to go undetected. The following are two example of such unauthorized charges that we identified. * A Fort Hood cardholder purchased 15 wire storage containers in April 2001. The vendor incorrectly included $808 of shipping and handling charges in the $2,748 bill. The approving official certified the statement for payment including the erroneous shipping and handling charges. Apparently, neither the cardholder nor the approving official reviewed the transaction in sufficient detail. After we detected the erroneous charges in November 2001, about 7 months after the original charge, a refund was obtained. * Another approving official at Fort Hood certified for payment a $539 charge on a May 2001 statement for a purchase from a catering company. After our inquiry about an invoice for the purchase, the approving official determined that the charge was inappropriate and a refund was made. Approving official review of a reconciled statement should have detected this inappropriate charge. We believe that the approving official’s review of the cardholders’ purchases is a vital internal control activity. Without documentation of such review, neither we, internal auditors, nor program coordinators can determine the extent that the approving official is carrying out review responsibilities. Obtaining and Retaining Invoices: [See PDF for image] [End of figure] Essentially, the Army requires that an invoice support purchase card transactions. Thus, the invoice is a key document in purchase card internal control activities. Throughout the major commands’ and installations’ procedures, the need for obtaining and retaining an invoice is recognized. Without an invoice, independent evidence of the description and quantity of what was purchased and the price paid is not available. In addition, the invoice is the basic document that is required to be attached to the cardholder’s monthly statement during a cardholder’s reconciliation and prior to approving official review. In testing for evidence of an invoice, we accepted either the original or a copy of the invoice, sales slip, or other store receipt. Table 6 shows the results of our testing. Table 6: Existence of Invoice Failure Rates: Installation: Eisenhower Army Medical Center; Estimated percent of transactions without an invoice: 26; 95 percent confidence interval: 17 to 38. Installation: Fort Benning; Estimated percent of transactions without an invoice: 16; 95 percent confidence interval: 8 to 28. Installation: Fort Hood; Estimated percent of transactions without an invoice: 7; 95 percent confidence interval: 2 to 19. Installation: Soldier, Biological and Chemical Command - Natick; Estimated percent of transactions without an invoice: 14; 95 percent confidence interval: 6 to 25. Installation: Texas Army National Guard; Estimated percent of transactions without an invoice: 14; 95 percent confidence interval: 7 to 23. Source: GAO testing and statistical analysis of Army purchase card transaction files. [End of table] The following missing invoice example illustrates the questions that can arise when an invoice is not available. As part of our Army-wide data mining, we identified several types of vendors that cardholders are generally prohibited from using. We identified four transactions for which the monthly billing indicated that purchases were made at a jewelry store--one category of prohibited vendors--in Kuwait for three purchases totaling $4,365 and a credit for returned merchandise of $1,353. Upon inquiry into this transaction, Army officials said that the purchase was for mattresses for a vessel prepositioned in the area. However, they also said that the transaction file did not contain a detailed invoice to allow us--or the approving official who was located in the United States--to confirm that mattresses were, indeed, the merchandise purchased, and if so, how many and at what unit price. Without such an invoice, a thorough investigation is needed to determine whether this transaction was proper, potentially fraudulent, improper, or abusive. The failure rates for evidence of invoice were lower than those for the other internal control activities we tested. However, we believe that even these failure rates are unacceptable for such a key document. A valid invoice to show what was purchased and the price paid is a basic document for the transactions and a missing invoice is an indicator of potential fraud. Without an invoice, two key control activities-- independent receiving and approving official review--become ineffective. Independent receiving cannot confirm that the purchased items were received and the approving official cannot review a cardholder statement reconciled with the supporting invoice. A near zero failure rate is a reasonable goal considering that invoices are easily obtained or replaced when inadvertently lost. Purchase Cards Complicate Property Book Management: [See PDF for image] [End of figure] Consistent with GAO’s internal control standards, DOD’s Property, Plant and Equipment Accountability Directive and Manual, which was issued in draft for implementation on January 19, 2000, requires accountable property to be recorded in property records as it is acquired. In addition to high-cost property items, accountable property also includes easily pilferable or sensitive items, such as computers and related equipment, cameras, cell phones, and power tools. Recording these items in the property records is an important step to ensure accountability and financial control over these assets and, along with periodic inventory, to prevent theft or improper use of government property. At each of the five installations we visited, we found that accountable items acquired by purchase cards were not recorded in property records. In addition, officials at four of the five installations could not readily locate property items. While some of the items were located after considerable searching, others such as computers and printers were not. Some or all of the items might, in fact, be at the installation; however, without positive assurance, there is substantial risk that items were converted to personal use or sold. Property items not recorded in the property books and not found demonstrate a weak control environment and problems with the property management system. Table 7 shows the results of our work. Table 7: Property Items Not Recorded in Property Books: Installation: Eisenhower Army Medical Center; Transactions with property items: 28; Transactions with items not on property books: 8; Transactions with items that command could not show were in government’s possession: 2. Installation: Fort Benning; Transactions with property items: 27; Transactions with items not on property books: 8; Transactions with items that command could not show were in government’s possession: 6. Installation: Fort Hood; Transactions with property items: 40; Transactions with items not on property books: 11; Transactions with items that command could not show were in government’s possession: 2. Installation: Soldier, Biological and Chemical Command - Natick; Transactions with property items: 43; Transactions with items not on property books: 4; Transactions with items that command could not show were in government’s possession: 0. Installation: Texas Army National Guard; Transactions with property items: 25; Transactions with items not on property books: 17; Transactions with items that command could not show were in government’s possession: 1. Source: GAO nonrepresentative selection of Army purchase card transactions. [End of table] Effectively managing accountable property has long been a problem area and the use of the purchase card has added further difficulties. With over 100,000 army cardholders, the number of people buying accountable property has greatly expanded. Cardholders are responsible for reporting on the accountable property they buy so that it is recorded in the installation’s accountable property, but they often do not. For example, property book officers at Fort Hood and the Texas Army National Guard told us that a major problem with property bought in a purchase card transaction is that cardholders do not properly notify property book officers and/or provide documentation supporting the purchases. At Fort Hood, cardholders are required by the installation’s purchase card procedures to obtain transaction document numbers for purchases of equipment items prior to making the purchases, but the requirement is frequently ignored. Further, we noted that the installations we audited generally did not record items such as memorabilia like pictures of famous people and framed jerseys of sports stars. Some of these items cost hundreds of dollars and are pilferable and desirable items. Because of its long-standing problems, property management has been the subject of internal audits at the installations we audited. At the Soldier, Biological and Chemical Command - Natick, as a result of an internal audit of property accountability, the logistics office had worked for over a year to improve its management of accountable property. We believe that the attention focused on accountable property management was the reason that the installation had the best result in our audit. Others had not done so well in correcting their problems. A Fort Benning internal audit completed in April 2001 found that 84 percent of the accountable items purchased with a purchase card had not been recorded on the property book. An ongoing internal audit by the Texas Army National Guard was finding similar property accountability problems. At Eisenhower Army Medical Center, an evaluation of the center’s logistics operations estimated that $2 million to $5 million of accountable property acquired with the purchase card was not on the center’s property books. Cardholders have little incentive to undertake the required coordination and reporting on property items because of the additional work involved. Our work showed that items received centrally by logistics officials are more likely to be recorded on the property books. Thus, central receiving appears to help mitigate against cardholders not assuring accountable property is recorded and may be worth pursuing across the board or for certain asset types. In addition, we believe that robust monitoring and oversight activities of the purchase card program that include examining how well cardholders are fulfilling their property management responsibilities could help improve property management related to the purchase card program. Retaining Purchase Card Records: [See PDF for image] [End of figure] During our work we noted several instances in which cardholders and approving officials had not maintained purchase card transaction files for 3 years as required by the Federal Acquisition Regulation, Part 4, Section 4.805. In our testing, the records most often missing were the ones for cardholders who had left the installation. Either the cardholders destroyed the records prior to leaving or the replacement cardholder destroyed them because they were not the new cardholder’s records. At Eisenhower Army Medical Center, a replacement cardholder destroyed the departed cardholder’s files because the office had little room to store old files and the new cardholders did not see the need to store someone else’s files. In some cases, we were told that the departed cardholders took the records with them to their new installations. In other cases, the records were lost when units were deployed. Regardless of the causes, the records were not available for our inspection and records retention requirements were not complied with. In those instances, we could not document that internal control activities had been carried out. Although we found no concrete indications of fraud in these situations, the lack of records raises concerns about whether the files were destroyed so that potentially fraudulent, improper, or abusive transactions were not documented. For example, in one case in which the cardholder had left the Army, we found charges during the last month of the cardholder’s military service from the installation’s liquor store and vendors such as Wal-Mart stores that sell a multitude of potentially personal items. The replacement cardholder told us that the purchases were probably for a unit party, but the timing of the purchases along with missing documentation does not allow ruling out the possibility that items may have been bought for personal use. However, the unit’s purchase card records for this period were in disarray and invoices and other documentation that could verify items purchased or aid further assessments of the propriety of the purchases were not available. Potentially Fraudulent, Improper, and Abusive or Questionable Transactions: Buying items with purchase cards without the requisite control environment creates unnecessary risk of excess outlays, which can range from outright fraudulent purchases to ones that were of questionable need for the unit’s mission or were unnecessarily expensive. We identified purchases at the installations we audited that were potentially fraudulent, improper, and abusive or questionable, which can result from a weak control environment and weak internal control activities. As discussed in appendix I, our work was not designed to identify, and we cannot determine, the extent of potentially fraudulent, improper, and abusive or otherwise questionable transactions. However, considering the control weaknesses identified at each installation, such transactions are likely occurring and have not been detected. In addition to the purchases identified at the audited installations, our Army-wide data mining of selected transactions identified additional cases of potentially fraudulent, improper, and abusive or questionable transactions. Potentially Fraudulent Purchases: The Army has no information as to the extent of potentially fraudulent purchases that have been identified or are being investigated within the purchase card program. We identified instances of potentially fraudulent transactions at three of the five installations we audited and in our Army-wide data mining, as table 8 shows. Some of the potentially fraudulent transactions were identified in response to our inquiries. Others were identified or being investigated independent of our audit. Table 8: Examples of Potentially Fraudulent Army Purchase Card Transactions: Type of items purchased: Various items for personal use, such as computer game station, computer, digital camera, and surround sound system; Where or how identified: Eisenhower Army Medical Center; Total amount: $100,000; (estimated); [Empty]; Individuals involved: Cardholder,; approving official, and others. Type of items purchased: Computer, rings, purses, and clothing from such vendors as Victoria’s Secret, Calvin Klein, and others; Where or how identified: Eisenhower Army Medical Center; Total amount: 30,000; (estimated); [Empty]; Individuals involved: Cardholder. Type of items purchased: Various items for personal use and cash advances; Where or how identified: Fort Benning; Total amount: 30,000; [Empty]; Individuals involved: Cardholder. Type of items purchased: Rental cars, cruises, cell phones, hotels, Payless Car Rental, Extended Stay America, and other vendors; Where or how identified: Fort Benning; Total amount: 20,751; [Empty]; Individuals involved: User of alleged stolen card. Type of items purchased: Car repairs, groceries, clothing, and other personal items; Where or how identified: Eisenhower Army Medical Center; Total amount: 12,832; [Empty]; Individuals involved: Cardholder and vendor. Type of items purchased: Personal clothing, trip to Las Vegas, payments of personal bills; Where or how identified: Fort Benning; Total amount: 10,748; [Empty]; Individuals involved: Cardholder. Type of items purchased: Sunglasses and other items for personal use from Sunglass Hut, Discovery Channel store, and others; Where or how identified: Fort Hood; Total amount: 1,452; [Empty]; Individuals involved: Separated cardholder, user of alleged compromised account. Type of items purchased: Various personal use items such as food and gas for personal vehicles at Shell and other vendors; Where or how identified: Fort Benning; Total amount: 1,170; [Empty]; Individuals involved: User of alleged stolen card. Type of items purchased: Digital camera from Office Max and other personal items from Circuit City and various other vendors; Where or how identified: Fort Hood; Total amount: 786; [Empty]; Individuals involved: Unknown. Type of items purchased: Escort services; Where or how identified: Army-wide data mining; Total amount: 630; [Empty]; Individuals involved: Cardholder. Type of items purchased: Prepaid phone cards from MCI, Sprint, and Ameritech, and pizza from Larry’s Pizza and Po Boys; Where or how identified: Fort Hood; Total amount: 524; [Empty]; Individuals involved: Under investigation. Type of items purchased: Athletic shoes; Where or how identified: Army- wide data mining; Total amount: 458; [Empty]; Individuals involved: User of alleged compromised account. Type of items purchased: Internet site subscriptions; Where or how identified: Fort Hood; Total amount: 210; [Empty]; Individuals involved: Under investigation. Source: GAO analysis of Army purchase card transactions and related documentation. [End of table] We considered potentially fraudulent purchases to include those made by cardholders that were unauthorized and intended for personal use. Potentially fraudulent purchases can also result from compromised accounts in which a purchase card or account number is stolen and used by someone other than the cardholder to make a potentially fraudulent purchase. Potentially fraudulent transactions can also involve vendors charging purchase cards for items that cardholders did not buy. The installations we audited had policies and procedures that were designed to prevent and/or detect potentially fraudulent purchases, such as the requirement that approving officials review the supporting documentation for each transaction for legality and proper government use of funds. However, as discussed earlier, our testing showed that these control activities had not been implemented as intended. Although collusion can circumvent what otherwise might be effective internal control activities, a robust system of guidance, internal control activities, and oversight can create a control environment that provides reasonable assurance of preventing or quickly detecting fraud, including collusion. However, in auditing the Army’s internal control at five installations during fiscal year 2001, we did not find the processes and activities that provide such assurance. The following examples of fraud illustrate the cases in table 8. * At Eisenhower Army Medical Center, an Army investigation initiated near the end of our work has revealed an estimated $100,000 of potentially fraudulent purchases. The investigation began when an alternate cardholder received an electronic game station that had been ordered by another cardholder who was away on temporary duty. The alternate cardholder, noting that the purchase did not appear to be for government use, notified the program coordinator who notified the local Army criminal investigations division. The ensuing investigation revealed that the military cardholder, approving official, and several other soldiers and civilians colluded to purchase numerous items including computers, digital cameras, an audio surround system, a 32- inch television, a stereo system, and other items for personal use. * A Fort Benning military cardholder charged $30,000 for personal goods and cash advances before and after retirement. Because these 178 transactions went undetected, it appears that the approving official’s certification was only a “rubber stamp” and was not based on a review of the cardholder’s bill, reconciliations, and supporting documentation. The approving official not only failed to detect these potentially fraudulent transactions while the cardholder was on active military duty, but also failed to notice that charges were continuing to be made after the cardholder retired. * At Eisenhower Army Medical Center, a military cardholder defrauded the government of $30,000 from April 25 to June 20, 2001. The cardholder took advantage of a situation when the cardholder’s approving official was on temporary duty for several months. The cardholder believed that the alternate approving official would certify the statement for payment without reviewing the transactions or their documentation. With this belief, the cardholder purchased a computer, purses, rings, and clothing. These fraudulent transactions were not discovered until the resource manager who monitored the unit’s budget noticed a large increase in spending by the cardholder. The cardholder had destroyed all documentation for the 3-month period during which these transactions took place. However, investigators found merchandise and invoices that showed the cardholder had used the government credit card. The cardholder was court-marshaled in April 2002 and sentenced to 18 months incarceration. These fraudulent transactions might not have occurred if the cardholder had known that the approving official would review the transactions. At a minimum, prompt approving official review would have detected the fraudulent transactions. * Over a 6-month period in 2001, a civilian cardholder made 62 unauthorized transactions totaling $12,832 to pay for repairs to a car and buy groceries, clothing, and various other items for personal use. We were told that the cardholder colluded with the gas station vendor who inflated the prices paid for items and received a kickback. The approving official identified this case by reviewing the cardholder’s August 2001 transactions. The fraud went undetected for several months because the approving official had not reviewed the cardholder’s bills and supporting documentation for over 5 months. The approving official has been relieved of approving official duties and reprimanded. The investigation into the fraud was ongoing at the end of our fieldwork. * In our Army-wide data mining, we identified a cardholder transaction for $630 on June 15, 2001, that was coded as being an escort service. In response to our inquiry on this transaction, we were informed that no authorization existed for the transaction and that it was with an escort service in New Jersey. In discussions with provost marshal officials, we were informed that the cardholder had been investigated in February 2002 because of money missing from chapel funds. The provost marshal’s office, after our March 2002 inquiry about the $630 transaction, investigated it and other suspicious charges by the cardholder. The investigators could not get an invoice from the vendor. Their investigations revealed no other fraudulent, improper, or abusive and questionable transactions. They determined that for a short period, the cardholder was also serving as the billing official and that it was during this period that the fraudulent transaction with the escort service occurred. Disciplinary actions included removing the soldier from cardholder duties, reducing his rank, taking one-half month’s pay for 2 months, requiring 45 days extra duty, and ordering repayment of the funds. * During June 2001 at Fort Hood, several purchases of prepaid telephone cards and pizza totaling $524 were made and certified for payment by a new approving official who did not realize that the cardholder had separated from the Army in early 2001. In attempting to respond to our request for supporting information for one of the transactions, the approving official recognized that the charges were potentially fraudulent. In the subsequent investigation, an investigator found that the purchase card account was still active in December 2001. This case remained under investigation as of January 2002. In addition to the potentially fraudulent cases identified by our work, we attempted to obtain other examples of potentially fraudulent activity in the Army purchase card program from the Army’ Criminal Investigation Command in Washington, D.C. However, data on the command’s investigations were not available. Further, while Army investigators acknowledge that they have investigated a number of fraud cases, their database on investigations does not allow retrieval of data on investigations involving potentially fraudulent use of purchase cards. Purchase card program officials and Army investigation command officials said that they had no information on the total number of fraud investigation cases throughout the Army that had been completed or were ongoing. Based on our identification of a number of potentially fraudulent cases at the installations that we audited, we believe that the number of cases involving potentially fraudulent transactions could be significant. Without such data, the Army does not know the significance of fraud cases that have been or are being investigated and cannot take corrective actions, to the extent possible, to prevent similar potentially fraudulent cases in the future. Improper Purchases and Transactions: Our work identified transactions that were improper, including split purchases and purchases from nonmandatory sources. Improper transactions are those purchases that, although approved by Army personnel and intended for government use, are not permitted by law, regulation, or DOD policy. We identified three types of improper purchases. One type was purchases that did not serve a legitimate government purpose. Another type was split purchases in which the cardholder circumvents cardholder single purchase limits. The Federal Acquisition Regulation guidelines prohibit splitting purchase requirements into more than one transaction to avoid the need to obtain competitive bids on purchases over the $2,500 micropurchase threshold or to circumvent higher single transaction limits for payments on deliverables under requirements contracts. The third type was purchases from an improper source. Various federal laws and regulations require procurement officials to acquire certain products from designated sources such as the Javits-Wagner-O’Day Act (JWOD) vendors. The program created by this act is a mandatory source of supply for all federal entities. It generates jobs and training for Americans who are blind or have other severe disabilities by requiring federal agencies to purchase supplies and services from nonprofit agencies, such as the National Industries for the Blind and the National Institute for the Severely Handicapped. Personal Use: We found several instances of purchases, such as clothing, in which cardholders purchased goods that were not authorized by law or regulations. The Federal Acquisition Regulation provides that the governmentwide commercial purchase card may be used only for purchases that are otherwise authorized by law or regulations. Therefore, a procurement using the purchase card is lawful only if it would be lawful using conventional procurement methods. Under 31 U.S.C. 1301(a), “[a]ppropriations shall only be applied to the objects for which the appropriations were made….” In the absence of specific statutory authority, appropriated funds may only be used to purchase items for official purposes, and may not be used to acquire items for the personal benefit. The improper transactions, as shown in table 9, were identified as part of our review of fiscal year 2001 transactions and related activity. We identified most of them as part of our Army-wide data mining of transactions with questionable vendors although several were identified as part of our work at the five audited installations. Table 9: Examples of Purchases Intended for Personal Use: Items: Clothing; Gore-Tex parkas; Rain coats; Civilian clothes for military staff; Clothing and meeting facilities after golf; tournament; Bomber jackets; Vendor: ; L.L. Bean; Cabellas; Macy’s and Hecht’s; Heraldic United Waddinxveen and; Heidelberg Golf Course; SkyMall. Items: Meals/food; Elegant fruit baskets; Teacher appreciation dinners; Meals for training event; Meals for firemen; Personal meals; Vendor: ; Resort; Catering services; Catering services; Catering services; Local restaurants. Items: Other; Cell phone time charges; Sales taxes; Radio for personal use; Personal luggage; Portable office carriers; Hotel facilities and services; Vendor: ; AT&T Wireless; Various; Bose; Luggage On-Line; International Luggage Center; Opryland Hotel. Source: GAO analysis of Army purchase card transactions and related documentation. [End of table] The following examples of the improper transactions illustrate of the type of cases included in table 9. * We identified purchases of clothing by Soldier, Biological and Chemical Command - Natick that should not have been purchased with appropriated funds. According to 5 U.S.C. 7903, agencies are authorized to purchase protective clothing for employee use if the agency can show that (1) the item is special and not part of the ordinary furnishings that an employee is expected to supply, (2) the item is essential for the safe and successful accomplishment of the agency’s mission, not solely for the employee’s protection, and (3) the employee is engaged in hazardous duty. Further, according to a Comptroller General decision dated March 6, 1984,[Footnote 20] clothing purchased pursuant to this statute is property of the U.S. government and may only be used for official government business. Thus, clothing purchases, except for rare circumstances in which the purchase meets stringent requirements, is usually considered a personal item for which appropriated funds should not be used. In one transaction, a cardholder had purchased 10 L.L. Bean Gore-Tex parkas at a total cost of about $2,400 for employees who worked outside in cold weather. These parkas were not specialty items, and they were not used solely for official use. The employees were allowed to take the parkas home and wear them in off-duty hours. * In another example of clothing for personal use from our Army-wide data mining, several charges for amounts from $330 to $770 were identified at Macy’s and Hecht’s. We were informed that these were for purchases of civilian clothes for enlisted personnel who are serving as assistants to general officers. We were informed by the Director, Purchase Card Unit, Defense Contracting Command Washington, that this appears to be a fairly widespread practice and that the practice is clearly improper and is believed to violate fiscal law. * As part of our data mining of Army-wide purchase card transactions, we identified a questionable transaction, which a subsequent investigation determined that a cardholder purchased a Bose radio for $523 to use in his office. The radio was clearly for his personal use in his office; therefore, it should not have been purchased with the Army purchase card. The employee was required to reimburse the U.S. Treasury for the cost of the radio. A broader review of the purchases made by this cardholder’s unit revealed other problems similar to those we identified in our work such as property accountability, not purchasing from mandatory sources, purchases at excessive costs, and missing records. As with our other work, these problems indicate that approving officials were not adequately reviewing cardholder transactions. * In our Army-wide data mining we identified charges by two cardholders under one approving official of about $7,600 at the Opryland Hotel in Nashville, Tennessee, in November 2000. In response to our inquiry, we were told that these charges were unexpected and resulted from the Chief Information Officer’s Management Conference at the hotel in August 2000. The charges were unexpected because registration fees were to cover all charges. After a large bill of over $20,000 was eventually reduced to about $7,600, the supervisor instructed the cardholders to pay the additional charges with their purchase cards. However, to pay the $7,600 in charges of less than $2,500 and avoid obvious split purchases, the bill was split into segments and divided between two cardholders. The amounts paid were $2,500 for long-distance phone calls, $934 for phone line hookup, $2,500 for meeting room rental, and $1,715 for audio visual services. However, because separate invoices for the charges do not exist, the officials can neither support the correct amount of any charges nor support that the charges are for purposes permitted by law, regulation, or policy. * Fort Hood paid improper and excessive cell phone charges because no one was monitoring them. The information management division’s approving official certified the installation’s consolidated monthly charges for payment for over 1,100 cell phones and over $50,000 monthly time charges without reviewing the usage. While local procedures require the units using the cell phones to verify their own monthly usage, the procedures do not address how and when this is to be done. We found that some units had not routinely verified the charges. Others, who said they usually did verify their charges, could not for the period November 2001 through March 2002 because a change in the phone company’s billing processes did not allow the units to have access to their monthly charges. Without reviewing the charges, the Army has no assurance that charges are proper and not excessive. We reviewed current usage and identified excessive monthly time charges and charges for phones that had no monthly usage. For example, one cell phone user, who had a $79.95 per month plan that allowed 650 minutes of airtime, used 3,400, 2,696, and 1,915 minutes during a 3-month period and incurred time charges of $1,040, $795, and $523. Fort Hood officials told us that improper and excessive charges occur because units do not have the appropriate monthly plan. In the above example, the unit could have reduced its costs to $550, $374, and $200--a 52 percent savings--with an appropriate plan. Fort Hood officials also told us that excessive costs occur because of personal use. They said that when they identified charges for unauthorized personal use, they require employees to reimburse the government for these improper charges. However, without monitoring, use of uneconomical plans and unauthorized personal use would not be identified. Split Purchases: Another category of improper transaction is a split purchase, which occurs when a cardholder splits a transaction into more than one segment to avoid the requirement to obtain competitive bids for purchases over the $2,500 micropurchase threshold or to avoid other established credit limits. The Federal Acquisition Regulation prohibits splitting a purchase into more than one transaction to avoid the requirement to obtain competitive bids for purchases over the $2,500 micropurchase threshold or to avoid other established credit limits. Once items exceed the $2,500 threshold, they are to be purchased through a contract in accordance with simplified acquisition procedures, which are more stringent than those for micropurchases. Our analysis of data on purchases at the five installations we audited and our data mining efforts identified numerous occurrences of potential split purchases. In addition, internal auditors at four of the installations identified split purchases as a continuing problem. In some of these instances, the cardholder’s purchases exceeded the $2,500 limit, and the cardholder “split” the purchase into two or more transactions of $2,500 or less. For example, in our Army-wide data mining, we identified a series of split purchases at Fort Stewart, Georgia. An approving official had two cardholders spend $16,000 over a series of days to buy numerous pieces of executive office furniture for the official’s office that was located on the mezzanine of a warehouse. These purchases included elegant desks, chairs, and a conference table. We also identified numerous cases where the Army is making repetitive micropurchases to meet requirements that in total greatly exceed the micropurchase limit. While some repetitive purchases might not clearly be split purchases, the Army is not taking advantage of a mechanism designed to foster lower prices for repetitive acquisitions of similar items over an extended period. Section 13.303-1 of the Federal Acquisition Regulation provides for blanket purchase agreements as a “simplified method of filling anticipated repetitive needs for supplies or services.” Use of a blanket purchase agreement, rather than repetitive, individual micropurchases, could lower per unit prices for the goods or services acquired. Below we discuss four situations in which blanket purchase orders should have been used. * At the Soldier, Biological and Chemical Command - Natick, the public works department routinely used the same vendors 35 times to provide and install carpeting, 25 times to provide heating and air conditioning services, and 39 times to provide graphic display services. Although each of the transactions for these vendors was under the micropurchase limit, the total purchases for fiscal year 2001 were about $38,000, $44,000, $77,000, respectively. However, the installation did not have a blanket purchase agreement with the vendors. In these instances the public works department officials had not recognized they needed such a contract, and they agreed to pursue one. We noted that the installation had blanket purchase agreements for other similar circumstances that the internal auditor identified. * At the Texas Army National Guard, the Occupational Health Office used purchase cards to pay for routine medical examinations and to buy ergonomic chairs and safety glasses for employees. While the individual cost for purchases were much less than the micropurchase limit, the total annual cost significantly exceeds the limit. For instance, the office paid over $80,000 for about 705 examinations at a dozen clinics and hospitals throughout the state in the first 10 months of fiscal year 2001. The guard also used purchase cards to pay for meals provided troops while they attended mandatory weekend drills or training. While the individual cost for any single guard unit’s training meal would rarely exceed the single-purchase $2,500 limit, the total recurring cost of the meals is one of the guard’s largest annual expenses--over $500,000 in the first 10 months of fiscal year 2001. * At Fort Benning, the Dismounted Battlespace Battle Lab, a combat training unit, routinely purchased doors that were destroyed during training exercises to instruct troops how to enter a building that may contain an enemy. The battle lab spent $111,721 in 84 transactions with one vendor to buy doors during a 10-month period in fiscal year 2001, but the unit did not have a blanket purchase agreement. In this case, battle lab officials had refused attempts by the Fort Benning contracting division and purchase card program coordinator to execute an agreement. We found that the battle lab also needed a contract for the numerous computer modems it purchased. Further, in these purchases, the battle lab cardholder’s purchasing pattern was to split purchases to avoid the micropurchase limit of $2,500. We saw numerous instances in which the cardholder made more than one purchase near the limit for the same item over a short period. * In a data-mining example, the Army Personnel Command made repetitive buys of interment flag cases from the same vendor. Data show that three purchases, two for $2,250 and one for $1,800, were made on the same day and that in total the command purchased 438 cases for $65,700 in calendar year 2001. The command has agreed that purchases in the future will be on a yearly basis in a competitive contract. Improper Source: Another type of improper purchase occurs when cardholders do not buy from a mandatory procurement source. Various federal laws and regulations require government cardholders to acquire certain products from designated sources. For example, the program created by JWOD generates jobs and training for Americans who are blind or have other severe disabilities by requiring federal agencies to purchase supplies and services furnished by nonprofit agencies, such as the National Industries for the Blind and the National Institute for the Severely Handicapped. Under the Federal Acquisition Regulation, Part 8.7, JWOD is a mandatory source of supply for all entities of the government. Unlike the “Buy American” Act and other rules that have been waived by recent procurement reform measures, JWOD’s mandatory status remains in effect for all purchases, including those under the micropurchase threshold. Most JWOD items are of small value such as office supplies, cleaning products, or medical/surgical supplies that nearly always fall into the micropurchase category. While procurement source was not the primary focus of our work, we noted that cardholders frequently did not purchase from required sources when they should have. For example, we noted numerous purchases of office supplies or other JWOD-supplied products from local vendors when these or substantially similar products were available from the General Services Administration or one of its contractors’ catalogs or Web sites. We also noted that some cardholders did not know their responsibilities or the requirements, despite the fact that these requirements are a primary emphasis during cardholder training programs. For example, some said that they had not heard of JWOD or either of the institutes that cardholders should use. As further evidence of cardholders’ noncompliance with this mandatory source requirement, the Director of Sales for the National Industries for the Blind told us about large decreases in sales of JWOD products at Fort Hood and other Army installations over the past 2 years because cardholders were purchasing from commercial firms rather than buying the mandatory products. The following two examples involving Franklin Covey illustrate the situations we found. * In our data mining work, we identified a cardholder at Tooele Army Depot who made 10 purchases for a total of about $11,900 from Franklin Covey, with most of the purchases in August 2001. These purchases were primarily for inserts to day planners, an item that is available from the JWOD catalog. In response to our questions as to why the mandatory source was not used, we were advised that (1) in the past JWOD planners were not used by the self-service store’s customers because they did not include pages with dates for each day and (2) under an interpretation that is now recognized to be in error, the purchases were made from another source under the premise that planners from JWOD did not meet customer needs. We were informed that future purchases of planners would be in one purchase through JWOD. * In another case, a unit spent $3,100 over an 18-month period to purchase day planners from Franklin Covey. One item cost $199 and another $250. In contrast, cardholders can buy JWOD day planners for about $40. In fiscal year 2001, the Army made more than 4,700 purchases costing about $792,000 dollars from Franklin Covey. A review of individual purchases, which we did not make, would be required to determine which purchases were for items that should have been from a mandatory source. However, we believe it is likely that many of these purchases could have been for JWOD products. Abusive or Questionable Purchases: We identified numerous examples of abusive or questionable transactions at each of the five installations we audited. We defined abusive transactions as those that were authorized, but the items purchased were at an excessive cost (e.g., “gold plated”) or for a questionable government need, or both. When abuse occurs, no law or regulation is violated. Rather, abuse occurs when the conduct of a government organization, program, activity, or function falls short of societal expectations of prudent behavior. Often, improper purchases such as those discussed in the previous section are also abusive. Transactions that are both improper and abusive were discussed previously. For example, the executive furniture purchased at Fort Stewart discussed earlier as improper split purchases were also abusive purchases. We believe that this type furniture was not in keeping with the office environment and not justified by the official’s position or grade level. Another example is the excessive cell phone charges at Fort Hood. Questionable transactions are those that appear to be improper or abusive but for which there is insufficient documentation to conclude either. For questionable items, we concluded that cardholders purchased items for which there was not a reasonable and/or documented justification. Questionable purchases often do not easily fit within generic governmentwide guidelines on purchases that are acceptable for the purchase card program. They tend to raise questions about their reasonableness. Many, such as gym quality exercise equipment, are common Army--and DOD--purchases because the Army must provide more than merely a work environment for its soldiers. However, others, like the fine china purchased for the culinary arts team competition discussed below, clearly raise questions about whether they are appropriate purchases. Precisely because these types of purchases tend to raise questions and subject the Army to criticism, they require a higher level of prepurchase review and documentation than other purchases. These types of purchases raise questions that go beyond the confines of the purchase card program. When we examined purchases that raised these types of questions, we usually did not find evidence of prepurchase justification. In attempting to justify whether purchases were acceptable, improper, or abusive, program coordinators, approving officials, and cardholders often provided an after-the-fact rationale for the purchases. We believe that these types of questionable purchases require scrutiny before the purchase, not after. Table 10 identifies examples of these types of purchases. Table 10: Examples of Abusive or Questionable Purchases: Description of purchase: Palm Pilots for Pentagon officials; Where or how identified: Army-wide data mining; Total amount: $30,000. Description of purchase: Palm VI personal digital assistants; Where or how identified: Texas Army National Guard; Total amount: 13,400. Description of purchase: Crystal, china, and accessories for culinary arts; Where or how identified: Fort Hood and Army-wide data mining; Total amount: Over 3,800. Description of purchase: Sunglasses for Golden Knights parachute team; Where or how identified: Army-wide data mining; Total amount: 2,450. Description of purchase: Tree for Earth Day; Where or how identified: Soldier, Biological and Chemical Command - Natick; Total amount: 2,250. Description of purchase: Meals for battle labs without sufficient documentation to determine if improper; Where or how identified: Fort Benning; Total amount: 1,700. Description of purchase: Two unframed Elvis Presley pictures from Graceland; Where or how identified: Fort Hood; Total amount: 550. Description of purchase: John Elway jersey - framed; Where or how identified: Soldier, Biological and Chemical Command - Natick; Total amount: 450. Description of purchase: Cigars; Where or how identified: Army-wide data mining; Total amount: 300. Description of purchase: Wine; Where or how identified: Army-wide data mining; Total amount: 150. Source: GAO analysis of Army purchase card transactions and related documentation. [End of table] To understand more fully the nature of potentially questionable purchases, we selected six of the examples above to explain in more detail below. * Palm Pilots for Pentagon officials. In February 2001, two purchases for a total of 80 Palm Pilots at a total cost of $30,000 were made for the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics. Two questions about this purchase are whether a valid need had been identified for the purchase and whether the urgency of the purchase justified the purchase from a vendor that could deliver immediately but was charging $1,540 more than the lowest competitor. No documentation was available to show how the office had determined that 80 Palm Pilots were a valid government requirement. An e-mail related to the purchase suggested that there was a need “to get enough goodies for everyone.” The documentation also suggested that the items were being ordered for inventory and would be issued to personnel when requested. This does not indicate a predetermined requirement and does not appear to support that the requirement was urgent, as the office determined. Based on the determination of urgency, the price paid was $1,540 more than the lowest competitor’s price so that delivery could be immediate. * Culinary arts. At Fort Hood and during our Army-wide data mining effort, we noted several purchases for various culinary arts events. Among the purchases were fine china and crystal from Royal Doulton and Lenox. Other purchases were for accessories such as a rotating lighted ice-carving pedestal. Although participation in culinary arts team events is an approved Army activity, the transactions we examined and inquired about did not have a documentation of the need for the specific items purchased. Although the transactions we examined totaled about $3,800, we believe that the total cost of such purchases Army- wide is far more. We were told that purchases of culinary arts accessories are common throughout the Army. One reason, we were told, is because most installations have culinary arts teams that attend competitions involving the use of expensive accessories and fine crystal and china. * Sunglasses for the Golden Nights parachute team. In February 2001, a cardholder purchased 30 pair of sunglasses from Sunglass Hut at about $100 each for a net cost of $2,450--some glasses were returned for credit from a prior purchase--for the Golden Knights. In response to our inquiry about this purchase, we were told that it was not preapproved and that sunglasses were authorized in the common table of allowances when they are needed for training. However, because goggles are worn during parachute jumps, not sunglasses, we believe these purchases were personal use items and thus of questionable government need. The approving official for the transaction believed that the purchase was appropriate. According to the official, the parachute team has 85 members and the purchase was for new members. * Tree for Earth Day. The Environmental, Safety and Health Office at the Soldier, Biological and Chemical Command - Natick bought a $2,250 tree to plant in celebration of Earth Day. Although this transaction did not have documented approval prior to purchase or a documented justification for its need, we were told that the tree was purchased for the commanding general to plant among a grove of other trees between two installation buildings during an Earth Day celebration. While planting a tree for Earth Day may be an acceptable expenditure of government funds, we believe the expenditure of over $2,200 for a tree is an excessive cost. * Cigars. In April 2001 a cardholder at Schofield Barracks in Hawaii purchased three boxes of Hula Girl Cigars for $300. According to information provided in response to our inquiry about the purchase, the cardholder bought the cigars for gifts to VIPs to be presented by the Commanding General, 25th Infantry Division, Schofield Barracks, during deployment on an exercise in Thailand. The purchaser was an acting protocol officer during a changeover in officers and did not have an approving official reviewing the purchases. No documentation was available from the Army to demonstrate that this purchase was a valid government need. The current Chief of Protocol said that no other cigars had been purchased. * Wine. A cardholder purchased two cases of wine on September 20, 2001, from the Naked Mountain Vineyard. After we questioned this purchase, the Army concluded that the cardholder had used the wrong card to purchase the wine, but it had corrected the error to put the purchase in the correct accounting classification. An Army official assured us that the purchase was appropriately authorized by “competent authority in the course of execution of a highly classified, compartmented program.” We were provided no evidence that this purchase was a valid government need. Conclusions: We support the use of a well-controlled purchase card program. It is a valuable tool for streamlining the government’s acquisition processes. However, the Army program is not well controlled. The Army’s weak control environment was the root cause of the problems we saw with purchase card transactions, including the potentially fraudulent, improper, and abusive or questionable purchases. The Army has not provided the aggressive leadership needed to build and maintain an internal control infrastructure that encourages a strong control environment that provides accountability. Such an environment is an important counterbalance to the increased risk of potentially fraudulent and wasteful spending that results from the rapidly expanding use of the purchase card. The Army now spends billions of dollars through a purchase card program for which internal control is not adequate and for which appropriate management oversight does not exist. The Army needs to ensure that installation-level program coordinators, the primary program management officials, have the tools to develop local control systems and oversight activities. Strengthening the control environment will require a renewed focus on, and commitment to, building a robust purchase card infrastructure. The installations and major commands we audited have been responsive to our findings, and they have begun to make changes at their levels. However, the major changes to the Army purchase card program infrastructure that are essential to encouraging and enabling improvements in the overall control environment await action at the Army and DOD management levels. Recommendations for Executive Action: To strengthen the overall control environment and improve internal control for the Army’s purchase card program, we recommend that the Secretary of the Army direct the Deputy Assistant Secretary of the Army (Procurement) and other Army officials as appropriate to improve the overall Army purchase card infrastructure by taking the following actions. Overall Program Management and Environment: * Address key control environment issues in Army-wide standard operating procedures. At a minimum, the following key issues should be included in the procedure: * controls over the issuance and assessment of ongoing need for cards; * cancellation of cards when a cardholder leaves the Army, is reassigned, or no longer has a valid need for the card; * span of control of the approving official; and: * appropriate cardholder spending limits. * Help ensure that program coordinators and approving officials have the needed authority, including grade level, to serve as the first line of defense against purchase card fraud, waste, and abuse by issuing a policy directive that specifically addresses their positions, roles, and job descriptions. Policies should also be established that hold these officials accountable for their purchase card program duties through performance expectations and evaluations. * Assess the adequacy of human capital resources devoted to the purchase card program, especially for oversight activities, at each management level, and provide needed resources. * Develop and implement a program oversight system for program coordinators that includes standard activities and analytical tools to be used in evaluating program results. * Develop performance measures and goals to assess the adequacy of internal control activities and the oversight program. * Require reviews of existing cardholders and their monthly spending limits to help ensure that only those individuals with valid continuing purchasing requirements possess cards and that the monthly spending limits are appropriate for the expected purchasing activity. These reviews should result in canceling unneeded cards Army-wide and especially at Fort Hood where we found a significant problem. Specific Internal Control Activities: * Direct the implementation of specific internal control activities for the purchase card program in an Army-wide standard operating procedure. While a wide range of diverse activities can contribute to a system that provides reasonable assurances that purchases are correct and proper, at a minimum, the following activities should be included in the promulgated procedure: * advance approval of purchases, including blanket approval for routine, low dollar purchases; * independent receiving and acceptance of goods and services; * independent review by an approving official of the cardholder’s monthly statements and supporting documentation; * approving official reconciling the charges on the monthly statement with invoices and other supporting documentation and forwarding the reconciled statement to the designated disbursing office for payment as required by governmentwide and DOD regulations; and: * cardholders obtaining and retaining invoices that support their purchases and provide the basis for reconciling cardholder statements. * Develop and implement procedures and checklists for approving officials to use in the monthly review of cardholders’ transactions. These procedures and checklists should specify the type and extent of review that is expected and the required review documentation. * Reiterate records retention policy for purchase card transaction files and require that compliance with record retention policy be assessed during the program coordinator’s annual review of each approving official. * Require the development and implementation of coordination and reporting procedures to help ensure that accountable property bought with the purchase card is brought under appropriate control. Potentially Fraudulent, Improper, and Abusive and Questionable Purchases: * Require additional prior documented justification and approval of those planned purchases that are “questionable”--that fall outside the normal procurements of the cardholder in terms of either dollar amount or type of purchase. * Analyze the procurements of continuing requirements through micropurchases and require the use of appropriate contracting processes to help ensure that such purchases are acquired at best prices. * Develop an Army-wide database on known fraud cases that can be used to identify potential deficiencies in existing internal control and to develop and implement additional control activities, if warranted or justified. * Develop and implement an Army-wide data mining, analysis, and investigation function to supplement other oversight activities. This function should include providing oversight results and alerts to major command and installations when warranted. We also recommend that the Under Secretary of Defense (Comptroller) direct the Charge Card Task Force to assess the above recommendations, and to the extent applicable, incorporate them into its recommendations to improve purchase card policies and procedures throughout DOD. Agency Comments and Our Evaluation: In written comments on a draft of this report, which are reprinted in appendix III, DOD concurred with our recommendations. Although concurring with our recommendation for an Army-wide standard operating procedure directing the implementation of specific internal control activities, DOD took exception to broad application of advance approval of purchases and independent receiving and acceptance of goods and services in an Army-wide standard operating procedure. DOD said that broad application of those activities would add costs to the process without a comparable reduction in risk. However, DOD recognized the applicability of these activities in some circumstances and commented that the Army standard operating procedure will (1) include a list of items requiring advance approval and (2) require advance approval for a category of items that fall outside the “common sense” rule. We continue to believe that both advance approval and independent receiving are important internal control activities and have applicability to the Army purchase card program, including many micropurchases. We recognize that not all purchases require specific advance approval and some small dollar and other purchases may not lend themselves to documented independent receiving. Therefore, the Army- wide standard operating procedure should (1) discuss the criteria for determining when these control activities are applicable and (2) articulate guidelines for implementing them. As agreed with your offices, unless you announce its contents earlier, we will not distribute this report until 30 days from its date. At that time, we will send copies to interested congressional committees; the Secretary of Defense; the Under Secretary of Defense for Acquisition, Technology, and Logistics; the Under Secretary of Defense (Comptroller); the Secretary of the Army; the Assistant Secretary of the Army for Acquisition Logistics and Technology; the Deputy Assistant Secretary of the Army (Policy and Procurement); the Director of the Army Contracting Agency; the Director of the Defense Finance and Accounting Service; and the Director of the Office of Management and Budget. We will make copies available to others upon request. Please contact Gregory D. Kutz at (202) 512-9505 or kutzg@gao.gov, Ronald D. Malfi at (202) 512-7420 or malfir@gao.gov, or David Childress at childressj@gao.gov if you or your staffs have any questions concerning this report. Major contributors to this report are acknowledged in appendix IV. Gregory D. Kutz Director Financial Management and Assurance: Signed by Gregory D. Kutz: Ronald D. Malfi Acting Managing Director Office of Special Investigations: Signed by Ronald D. Malfi: [End of section] Appendix I: Scope and Methodology: We audited the adequacy of the Army’s internal control over authorization, purchasing, and payment of fiscal year 2001 purchase card transactions. The Army’s purchase card program is the largest of the services, with the most cardholders, transactions, and dollars spent. We are also performing audits of the other services and will report the results of those audits separately. For the Army, we performed work in the major commands that have the largest purchase card programs, accounting in fiscal year 2001 for about 66 percent of total Army purchases and about 62 percent of total Army transactions. We conducted detailed work at the following major commands and installations. Table 11: Major Commands and Installations Audited: Major command: Forces Command; Installation and location: Fort Hood; Killeen, Texas. Major command: Material Command; Installation and location: Soldier, Biological Chemical Command - Natick; Natick, Massachusetts. Major command: Training and Doctrine Command; Installation and location: Fort Benning; Columbus, Georgia. Major command: Army National Guard; Installation and location: Texas Army National Guard; Austin, Texas. Major command: Medical Command; Installation and location: Eisenhower Army Medical Center; Ft. Gordon, Augusta, Georgia. Source: U.S. Army organizational tables. : [End of table] At the Army and major command levels we evaluated the policies and procedures used to guide the purchase card program, and we evaluated the activities they engage in to oversee the program. At the installation level, we used a case study approach to evaluate the local purchase card program, and our work there consisted of three major segments. We evaluated the overall control environment, including the adequacy of the Army’s policies and procedures. We evaluated the implementation of key internal control activities at the installations. Finally, we identified evidence of potentially fraudulent, improper, or abusive or questionable transactions at each audited installation and conducted limited follow-up. To assess the control environment, we examined the installations’ policies and procedures and oversight activities. To assess their adequacy, we used as our primary criteria applicable laws and regulations; our Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999); and our Internal Control Standards: Internal Control Management and Evaluation Tool (GAO-01-1008G, August 2001). To assess the management control environment, we applied the fundamental concepts and standards in our internal control standards to the practices followed by management. To test the implementation of specific control activities at the five installations we audited, we selected a stratified random sample probability of 150 purchase card transactions from the population of transactions paid from October 1, 2000, through July 31, 2001, for each of the installations. With these statistically valid probability samples, each transaction in the five installations’ populations had a nonzero probability of being included, and that probability could be computed for any transaction. Within each installation we stratified the population of transactions by the dollar value of the transaction and by whether the transaction was likely to be for a purchase of computer-related equipment. Each sample transaction in an installation was subsequently weighted in the analysis to account statistically for all the transactions in the population of that installation, including those that were not selected. For each transaction sampled, we tested whether key internal control activities had been performed. For each control activity tested, we projected an estimate of the percent of transactions for which the control activity was not performed, for each installation. Because we followed a probability procedure based on random selections of transactions, our sample for each installation is only one of a large number of samples that we might have drawn. Since each sample could have produced different estimates, we express our confidence in the precision of our particular samples’ results (that is, the sampling error) as 95 percent confidence intervals. These are intervals that would contain the actual population value for 95 percent of the samples we could have drawn. As a result, we are 95 percent confident that each of the confidence intervals in this report will include the true (unknown) values in the study populations. Although we projected the results of our samples to the populations of transactions at the respective installations, the results cannot be projected to the population of Army transactions or installations. For the sampled transactions that were for accountable items, we tested whether they had been recorded in the installation’s property book records and whether the installation could demonstrate the item’s existence. We did not project the results of this test because some transactions contained so many accountable items--as many as 500--that we elected to perform a nonstatistical analysis of the degree to which these items were recorded in property books. In addition to our review of a statistical sample of transactions at the five audited installations, we also identified other selected transactions at the five locations and throughout the Army’s fiscal year 2001 purchase card transactions to determine if indications exist of potentially fraudulent, improper, and abusive or questionable transactions. Our data mining included identifying transactions with certain vendors that had a more likely chance of selling items that would be unauthorized or that would be personal items. For a small number of these transactions at each of the five installations and from the Army-wide database, we requested limited documentation, usually the supporting invoice, that could provide additional indications as to whether the transactions were potentially fraudulent, improper, and abusive or questionable. If the additional documentation indicated that the transactions were proper and valid, we did not further pursue documentation on those transactions. If the additional documentation was not provided or if it indicated further issues related to the transactions, we obtained and reviewed additional documentation or information about these transactions. While we identified some potentially fraudulent, improper, and abusive or questionable transactions, our work was not designed to identify, and we cannot determine, the extent of potentially fraudulent, improper, or abusive transactions. Because of the large number of transactions that met these criteria, we did not look at all potential abuses of the purchase card. For those potentially fraudulent transactions that had been or were being investigated at the five audited installations, we discussed the cases with the investigators and/or obtained records and reports on the investigations. We also interviewed purchase card officials and Army criminal investigators to identify other Army purchase card fraud cases that had been or were being investigated. We did not audit the Defense Finance and Accounting Service’s purchase card payment process. We also did not audit electronic data processing controls used in processing purchase card transactions. The installations received paper monthly bills containing the charges for their purchases and used manual processes for much of the period we audited, which reduced the importance of electronic data processing controls. We briefed DOD managers, including officials in DOD’s Purchase Card Joint Program Management Office, major command purchase card program coordinators, and purchase card program officials at the installations we audited on the details of our review, including our objectives, scope, and methodology and our findings. Written comments on a draft of this report were received from the Acting Director of the Army Contracting Agency and have been reprinted in appendix III. We conducted our audit work from June 2001 through April 2002 in accordance with generally accepted government auditing standards, and we performed our investigative work in accordance with standards prescribed by the President’s Council on Integrity and Efficiency, as adapted for GAO’s work. [End of section] Appendix II: Overview of Army Purchase Card Program: The Army’s purchase card program is part of the Governmentwide Commercial Purchase Card Program, which was established to streamline federal agency acquisition processes by providing a low-cost, efficient vehicle for obtaining goods and services directly from vendors. It was intended to shorten the time between need and acquisition while providing management with monthly reports and a thorough audit trail of all purchases. Under a General Services Administration blanket contract, the Army has contracted with U.S. Bank for its purchase card services. DOD reported that it used purchase cards for about 10.7 million transactions, at a cost of over $6.1 billion, during fiscal year 2001. The Army’s reported purchase card activity totaled about 4.4 million transactions, valued at $2.4 billion, during fiscal year 2001. This represented about 40 percent of DOD’s activity for fiscal year 2001. The Army’s purchase card transactions were made with Visa cards issued to over 109,000 civilian and military personnel. Table 12: Number and Value of Army Transactions in Fiscal Year 2001: Major command and location: Forces Command; Number of transactions: 852,863; Cost of transactions: $438; Percent of total Army cost: 18. Major command and location: Fort Hood; Number of transactions: 110,822; Cost of transactions: 58; Percent of total Army cost: [Empty]. Major command and location: Training and Doctrine Command; Number of transactions: 537,718; Cost of transactions: 267; Percent of total Army cost: 11. Major command and location: Fort Benning; Number of transactions: 44,421; Cost of transactions: 19; Percent of total Army cost: [Empty]. Major command and location: National Guard Bureau-Army; Number of transactions: 498,924; Cost of transactions: 180; Percent of total Army cost: 8. Major command and location: Texas Army National Guard; Number of transactions: 20,306; Cost of transactions: 7; Percent of total Army cost: [Empty]. Major command and location: Medical Command; Number of transactions: 443,134; Cost of transactions: 233; Percent of total Army cost: 10. Major command and location: Eisenhower Medical Center, Fort Gordon; Number of transactions: 19,258; Cost of transactions: 9; Percent of total Army cost: [Empty]. Major command and location: Materiel Command; Number of transactions: 408,217; Cost of transactions: 460; Percent of total Army cost: 19. Major command and location: Soldier, Biological and Chemical Command; - Natick; Number of transactions: 16,480; Cost of transactions: 96; Percent of total Army cost: [Empty]. Major command and location: Other major commands; Number of transactions: 1,650,000; Cost of transactions: 822; Percent of total Army cost: 34. Source: GAO analysis of Army purchase card program data. [End of table] DOD has mandated the use of the purchase card for all purchases at or below $2,500, and it has authorized the use of the card to pay for larger purchases. DOD has experienced significant growth in the program since its inception and now estimates that approximately 95 percent of its micropurchase transactions in fiscal year 2001 were made by purchase card. Governmentwide Purchase Card Program Guidelines: The purchase card can be used for both micropurchases and payment of other purchases. Although most cardholders have limits of $2,500, some have limits of $25,000 or higher. The Federal Acquisition Regulation, Part 13, “Simplified Acquisition Procedures,” establishes criteria for using purchase cards to place orders and make payments. DOD and the Army have supplements to this regulation that contain sections on simplified acquisition procedures. U.S. Treasury regulations govern purchase card payment certification, processing, and disbursement. DOD’s Purchase Card Joint Program Management Office, which is in the Office of the Assistant Secretary of the Army for Acquisition Logistics and Technology, has issued departmentwide guidance related to the use of purchase cards. However, each service has its own policies and procedures governing the purchase card program. Army Purchase Card Acquisition and Payment Processes: Within the Army, the overall management responsibility for the purchase card program is under the cognizance of the agency program coordinator within the Purchase Card Joint Program Management Office. However, the function of this agency program coordinator and the office is limited and most of the major management responsibility lies with the contracting offices in the major commands and contracting offices at the installations. At the installation, the program coordinator is responsible for administering and overseeing the purchase card program within his or her designated span of control and serving as the communication link between the Army unit and the purchase card-issuing bank. The other key personnel in the purchase card program are the approving officials and the cardholders. They are responsible for implementing internal controls to ensure that transactions are appropriate. Purchase Card Process: Figure 2 illustrates the general design of the purchase card processes for the Army. The overall process begins with the cardholder ordering or purchasing a good or service. It ends with payment of the bill by the Defense Finance and Accounting System. Figure 2: Army Purchase Card Processes: [See PDF for image] Source: GAO analysis of Army purchase card program data. [End of figure] A purchase cardholder is the Army military service member or civilian employee who has been issued a purchase card that bears the cardholder’s name and the assigned account number. Before the card is issued, the cardholder is to receive training on purchase card policies and activities. Each cardholder has an established daily and monthly credit limit and is designated to make purchases at selected types of vendors. The cardholder is expected to safeguard the purchase card as if it were cash. Purchase cardholders are delegated limited contracting officer- ordering responsibilities, but they do not negotiate or manage contracts. Cardholders use purchase cards to order goods and services for their units as well as their customers. Cardholders may pick up items ordered directly from the vendor or request that items be shipped directly to receiving locations or end users. The approving official is responsible for providing reasonable assurance that all purchases made by the cardholders within his or her cognizance were appropriate and that the charges are accurate. The approving official is supposed to resolve all questionable purchases with the cardholder before certifying the bill for payment. In the event an unauthorized purchase is detected, the approving official is supposed to notify the program coordinator and other appropriate personnel within the command in accordance with the command procedures. After reviewing the monthly statement, the approving official is to certify the monthly invoice and send it to the Defense Finance and Accounting Service for payment. The purchase card payment process begins with receipt of the monthly purchase card billing statements from the bank. Section 933 of the National Defense Authorization Act for Fiscal Year 2000, Public Law 106-65, requires DOD to issue regulations that ensure that purchase cardholders and each official with authority to authorize expenditures charged to the purchase card reconcile charges with receipts and other supporting documentation. Army memos and regulations provide that upon receipt of the individual cardholder statement, the cardholder is to reconcile the transactions appearing on the statement by verifying their accuracy to the transactions appearing on the statement and notify the approving official in writing of any discrepancies in the statement. Before the credit card bill is paid the approving official is responsible for (1) providing reasonable assurance that all purchases made by the cardholders within his or her cognizance are appropriate and that the charges are accurate and (2) the timely certification of the monthly billing statement for payment by the Defense Finance and Accounting Service. The approving official must review and certify for payment the monthly billing statement, which is a summary invoice of all transactions of the cardholders under the approving official’s purview. Upon receipt of the certified monthly purchase card summary statement, a Defense Finance and Accounting Service vendor payment clerk is to (1) review the statement and supporting documents to confirm that the prompt-payment certification form has been properly completed and (2) subject it to automated and manual validations. The Defense Finance and Accounting Service effectively serves as a payment processing service and relies on the approving official certification of the monthly payment as support to make the payment. The Defense Finance and Accounting Service vendor payment system then batches all of the certified purchase card payments for that day and generates a tape for a single payment to U.S. Bank by electronic funds transfer. [End of section] Appendix III: Comments from the Department of Defense: REPLY TO ATTENTION OF: DEPARTMENT OF THE ARMY: OFFICE OF THE ASSISTANT SECRETARY OF THE ARMY ACQUISITION LOGISTICS AND TECHNOLOGY 103 ARMY PENTAGON WASHINGTON DC 20310-0103: 17 JUN 2002: Mr. Gregory D. Kutz Director: Financial Management and Assurance United States General Accounting Office Washington, D.C. 20548: Dear Mr. Kutz: As the Executive Agent for the Department of Defense Purchase Card Program, this is the Department’s response to the General Accounting Office (GAO) draft report “Purchase Cards Controls Weaknesses Leave Army Vulnerable to Fraud, Waste and Abuse” dated June 3, 2002 (GAO Code 192024). The Army concurs in each of the recommendations cited in the draft report with the exception of the recommendation that calls for the inclusion of pre-purchase approvals and independent receiving and acceptance of goods and services in an Army-wide purchase card standard operating procedure. Broad application of advance approval of micro purchases and independent receiving and acceptance will add costs to the process without a comparable reduction in risk. The point of contact for this is Mr. Bruce E. Sullivan, Director, Purchase Card Joint Program Management Office, 703-681-7564, DSN 761- 681-7564, or e-mail: Bruce. SuIlivan@saalt.army.mil. Enclosed is a listing of your recommendations and the Army response. Sincerely, Mark J. Lumer: Acting Director of the Army Contracting Agency: Signed by Mark J. Lumer: Enclosure: GAO CODE 192024/ DRAFT GAO-02-732 PURCHASE CARDS CONTROLS WEAKNESSES LEAVE ARMY VULNERABLE FOR FRAUD, WASTE, AND ABUSE: DEPARTMENT OF THE ARMY COMMENTS TO THE RECOMMENDATIONS: Overall Program Management and Environment: RECOMMENDATION: Address key control environment issues in Army-wide standard operating procedures. At a minimum, the following key issues should be included in the procedure: -Controls over the issuance and assessment of ongoing need for cards, -Cancellation of cards when a cardholder leaves the Army, is reassigned, or no longer has a valid need for the card, -Span of control of the approving official, and - Appropriate cardholder spending limits. ARMY Response: Concur; the Army’s Standard Operating Procedure is almost complete. The procedures include policy coverage on the above four issues. The Standard Operating Procedures will be published no later than 30 June 2002. RECOMMENDATION: Help ensure that program coordinators and approving officials have the needed authority, including grade level, to serve as the first line of defense against purchase card fraud, waste, and abuse by issuing a policy directive that specifically addresses their positions, roles, and job descriptions. Policies should also be established that hold these officials accountable for their purchase card program duties through performance expectations and evaluations. ARMY Response: Concur; the Army will issue policy directing Army Activities to ensure adequate resources (numbers and grade) are committed to the program, positions are adequately described, and that program official performance evaluations accurately portray adherence to program requirements. Guidance will be transmitted no later than 30 June 2002. RECOMMENDATION: Assess the adequacy of human capital resources devoted to the purchase card program, especially for oversight activities, at each management level, and provide needed resources. ARMY Response: Concur; the Army will issue policy directing Army Activities to ensure adequate resources (numbers and grade) are committed to the program, positions are adequately described, and that program official performance evaluations accurately portray adherence to program requirements. Guidance will be transmitted no later than 30 June 2002. RECOMMENDATION: Develop and implement a program oversight system for program coordinators that includes standard activities and analytical tools to be used in evaluating program results. ARMY Response: Concur; The Army’s Standard Operating Procedure will include checklists for program coordinators to use in performance of program reviews. In addition, the bank will be requested to develop C.A.R.E. queries that the program coordinators can use in evaluating program performance. RECOMMENDATION: Develop performance measures and goals to assess the adequacy of internal control activities and the oversight program. ARMY Response: Concur; In addition to performing quarterly span of control reviews and purges of inactive cards, the Army will analyze Army results of the DOD Data Mining effort to measure “health” of the program and to identify trends. RECOMMENDATION: Require reviews of existing cardholders and their monthly spending limits to help ensure that only those individuals with valid continuing purchasing requirements possess cards and that the monthly spending limits are appropriate for the expected purchasing activity. These reviews should result in canceling unneeded cards Army- wide and especially at Fort Hood where we found a significant problem. ARMY Response: Concur; The Army issued a memorandum on May 22, 2002, which requested Heads of Contracting Activities to ensure cards are issued only to individuals with bonafide needs and that limits (cardholder or approving official) reflect actual needs and available funding. The Army will request the Army Audit Agency to verify that these actions have been accomplished. Specific Internal Control Activities: RECOMMENDATION: Direct the implementation of specific internal control activities for the purchase card program in an Army-wide standard operating procedure. While a wide range of diverse activities can contribute to a system that provides reasonable assurances that purchases are correct and proper, at a minimum the following activities should be included in the promulgated procedure: -Advance approval of purchases, including blanket approval for routine, low dollar purchases, -Independent receiving and acceptance of goods and services, -Independent review by an approving official of the cardholder’s monthly statements and supporting documentation, -Approving official reconciling the charges on the monthly statement with invoices and other supporting documentation and forwarding the reconciled statement to the designated disbursing office for payment as required by government-wide and DOD regulations, and: -Cardholders obtain and retain invoices that support their purchases and provide the basis for reconciling cardholder statements. ARMY Response: Concur; the development of the Army Standard Operating Procedure is almost complete. The procedures include policy coverage on the above five issues with the exception of independent receipt and acceptance. Broad application of advance approval of micro purchases and independent receiving and acceptance will add costs to the process without a comparable reduction in risk. The standard operating procedures will include the listing of prohibitive and advance approval items developed by the DOD Task Force Concept of Operations Subgroup. RECOMMENDATION: Develop and implement procedures and checklists for approving officials to use in the monthly review of cardholders’ transactions. These procedures and checklists should specify the type and extent of review that is expected and the required review documentation. ARMY Response: Concur; the Standard Operating Procedure will include procedures and checklists for approving officials to use in the monthly review of cardholders’ transactions. RECOMMENDATION: Reiterate records retention policy for purchase card transaction files and require that compliance with record retention policy be assessed during the program coordinator’s annual review of each approving official. ARMY Response: Concur; the Standard Operating Procedure will identify the retention policy and will also the include procedures and checklists for program coordinator’s annual review of each approving official. RECOMMENDATION: Require the development and implementation of coordination and reporting procedures to help ensure that accountable property bought with the purchase card is brought under appropriate control. ARMY Response: Concur; the checklists developed for approving official review of cardholders will include proper reporting of accountable property. Cardholders will be required to present hand receipts for items selected by the approving official for review that fall within the Department of the Army and Local Command accountable property definition. Potentially Fraudulent. Improper. and Abusive and Questionable Purchases: RECOMMENDATION: Require additional prior documented justification and approval of those planned purchases that are “questionable”-that fall outside the normal procurements of the cardholder in term of either dollar amount or type of purchase. ARMY Response: Concur; The Army’s standard operating procedure will include the listing of advance approval items developed by the DOD Task Force Concept of Operations Subgroup. Additionally, a category of items falling outside the “common sense” rule will be developed which will require advance approval. The purchase of any item that would cause one to question the appropriate expenditure of taxpayers’ money will require advance approval. RECOMMENDATION: Analyze the procurements of continuing requirements through micro purchases and require the use of appropriate contracting processes to help ensure that such purchases are acquired at best prices. ARMY Response: Concur; The Army has historically stressed the importance of cardholders buying items that offer the best value and to take advantage of existing contract pricing such as offered in GSA Advantage! Contracting offices will be required to review installation purchases to determine if opportunities exist to establish requirements-type contracts. RECOMMENDATION: Develop an Army-wide database on known fraud cases that can be used to identify potential deficiencies in existing internal control and to develop and implement additional control activities, if warranted or justified. ARMY Response: Concur, in part; The DODIG has been directed to develop a centralized purchase card database on known fraud cases and audit results that can be used to identify potential deficiencies in existing internal controls. The Army will evaluate the Army cases and audits to determine the effectiveness of existing controls and make changes if additional internal controls are warranted. RECOMMENDATION: Develop and implement an Army-wide data mining, analysis, and investigation function to supplement other oversight activities. This function should include providing oversight results and alerts to major command and installations when warranted. ARMY Response: Concur, in part; The DOD has initiated a DOD data-mining program that will evaluate Army and other defense component card transactions. Development of an Army database will only duplicate those efforts. The Army will work closely with the DOD Data mining group to ensure Army activities are quickly alerted to identify transactions and effective actions are taken. RECOMMENDATION: We also recommend that the Under Secretary of Defense (Comptroller) direct the Charge Card Task Force to assess the above recommendations, and to the extent applicable, incorporate them into its recommendations to improve purchase card policies and procedures throughout DOD. ARMY Response: The DOD Task Force has assessed the Army GAO findings to ensure the weaknesses uncovered were addressed in their evaluation and recommendations. Several of the Task Force recommendations were generated from information provided by the GAO during their audit of the Army’s program. [End of section] Appendix IV: GAO Contacts and Staff Acknowledgments: GAO Contacts: David Childress, (202) 512-4639 Ray B. Bush, (404) 679-1915 David Shoemaker, (404) 679-1867: Acknowledgments: Staff making key contributions to this report were Wendy Ahmed, William B. Bates, Bertram J. Berlin, James D. Berry, Jr., Johnny R. Bowen, Francine M. DelVecchio, Ronald M. Haun, James P. Haynes, Kenneth M. Hill, Fred Jimenez, Mitchell B. Karpman, Richard A. Larsen, Christie M. Mackie, Judy K. Pagano, John J. Ryan, and Sidney H. Schwartz. FOOTNOTES: [1] U.S. General Accounting Office, Purchase Cards: Control Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-01-995T (Washington, D.C.: July 30, 2001) and Purchase Cards: Continued Control Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-02- 506T (Washington, D.C.: Mar. 13, 2002). [2] For this report, we limit the use of the term “fraudulent” to describe those instances in which someone has been convicted, or punished under the Uniform Code of Military Justice, of fraudulent activity. In all other circumstances we use the phrase “potentially fraudulent.” [3] In our work, data mining involved the manual or electronic sorting of purchase card data to identify and select for further follow-up and analysis transactions with unusual or questionable characteristics. [4] Approving officials are also referred to as either billing officials or certifying officials. These three terms are often used interchangeably. [5] Memorandum from Director, Purchase Card Joint Program Management Office, to assistant secretaries of defense agencies. Subject: Internal and Management Controls - DOD Purchase Card Program (July 5, 2001). [6] GAO-01-995T. [7] GAO-01-995T. [8] Memorandum from Director, Defense Procurement, Office of the Under Secretary of Defense, to directors of defense agencies. Subject: Government Purchase Card - Internal Controls (Aug. 13, 2001). [9] Memorandum from Director, Purchase Card Joint Program Management Office, to agency program coordinators. Subject: Internal Controls (Feb. 1, 2002). [10] Memorandum from Acting Deputy Assistant Secretary of the Army (Procurement), Office of the Assistant Secretary of the Army for Acquisition, Logistics and Technology, to the heads of defense contracting agencies. Subject: Management Controls - Army Purchase Card Program (Aug. 3, 2001). [11] GAO-01-995T; U.S. General Accounting Office, Purchase Cards: Control Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-02-32 (Washington, D.C.: Nov. 30, 2001); and GAO-02-506T. [12] Memorandum from the Department of the Army, Office of the Assistant Secretary of the Army, Acquisition Logistics and Technology, Director, Purchase Card Joint Program Management Office. Subject: Internal and Management Controls - DOD Purchase Card Program (July. 5, 2001). [13] Department of Defense, Office of the Inspector General, Controls Over the DOD Purchase Card Program, D-2002-075 (Washington, D.C.: Mar. 29, 2002). [14] Memorandum from Acting Deputy Assistant Secretary of the Army (Procurement), Office of the Assistant Secretary of the Army for Acquisition, Logistics and Technology, to the heads of defense contracting agencies. Subject: Management Controls - Army Purchase Card Program (Aug. 3, 2001). [15] Memorandum from Director, Purchase Card Joint Program Management Office, to agency program coordinators. Subject: Internal Controls (Feb. 1, 2001). [16] Joint Report of the Purchase Card Financial Management Team and the Purchase Card Integrated Product Team to the Under Secretary of Defense (Acquisition and Technology) and the Under Secretary of Defense (Comptroller) (Washington, D.C.: Feb. 26, 1997). [17] Memorandum from the Acting Deputy Assistant Secretary of the Army (Procurement), Office of the Assistant Secretary of the Army, Acquisition Logistics and Technology, to the heads of Army contracting offices. Subject: Management Controls - Army Purchase Card Program (Aug. 3, 2001). [18] Section 4520 defines the approving official as an individual who (1) reviews cardholder statement(s), (2) is responsible for authorizing cardholder purchases, and (3) ensures that the statement is reconciled and submitted to the designated billing office on time. [19] For example, the April 30 letter cites the Financial Management Regulation, volume 10, chapter 10, section 1203, which says that (1) cardholders are to reconcile each statement against supporting documentation and sign the statement and (2) approving officials are to reconcile the cardholders’ statement and sign the consolidated monthly bill. [20] 63 Comptroller General Decisions 245, 247 (1984). In requesting the Comptroller General’s approval of the purchases, the agency represented that “the parkas would be labeled as [agency] property, centrally controlled, and issued and reissued to employees only for job requirements.” GAO’s Mission: The General Accounting Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO’s Web site (www.gao.gov) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as “Today’s Reports,” on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select “Subscribe to daily E-mail alert for newly released products” under the GAO Reports heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061 To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470 Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: