This is the accessible text file for GAO report number GAO-02-1041 entitled 'Purchase Cards: Navy Is Vulnerable to Fraud and Abuse but Is Taking Action to Resolve Control Weaknesses' which was released on September 27, 2002. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States General Accounting Office: GAO: Report to Congressional Requesters: September 2002: Purchase Cards: Navy Is Vulnerable to Fraud and Abuse but Is Taking Action to Resolve Control Weaknesses: GAO-02-1041: Contents: Letter: Results in Brief: Background: Weak Purchase Card Control Environment Contributed to Ineffective Controls, but Management has Taken Positive Steps: Critical Internal Controls Were Ineffective: Potentially Fraudulent, Improper, and Abusive or Questionable Transactions: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendixes: Appendix I: Background: Appendix II: Scope and Methodology: Appendix III: Status of GAO Recommendations to Improve Navy Purchase Card Operations: Appendix IV: Status of Previously Identified Fraud Cases: Appendix V: Status of the Former Commander, Space and Naval Warfare Systems Command, Systems Center San Diego: Appendix VI: Comments From the Department of Defense Purchase Card Joint Program Management Office: Appendix VII: Comments from the Under Secretary of Defense (Comptroller): Appendix VIII: GAO Contacts and Staff Acknowledgments: Tables: Table 1: Ratio of Cardholders to Approving Officials, September 2000 through March 2002: Table 2: Historical Purchases vs. Credit Limits for Selected Navy Commands and Marine Corps: Table 3: Lack of Documented Current Training for Cardholders and Approving Officials: Table 4: Reported Results of NAVSUP Mandated Self Assessment of 12 Months of Purchase Card Transactions: Table 5: Program Coordinators’ Span of Control, September 2001: Table 6: Estimate of Fiscal Year 2001 Transactions That Failed Control Tests: Table 7: Purchase Card Transactions with Five Vendors That Sell Products Also Sold by Required Suppliers: Table 8: Accountable Property Items Not Recorded in Property Books: Table 9: Examples of Fraudulent and Potentially Fraudulent Navy Purchase Card Transactions: Table 10: Examples of Improper Purchases: Table 11: Examples of Abusive and Questionable Purchases: Table 12: Number and Value of Transactions in Fiscal Year 2001: Table 13: Estimate of 11 Months of Fiscal Year 2001 Transactions That Failed Control Tests: Table 14: Status of Previous GAO Recommendations: Figures: Figure 1: Navy Purchase Card Program Management Structure, September 2001: Figure 2: Change in Number of Navy-wide Cardholders, October 2000 to March 2002: Figure 3: Available Credit Limits for the Four Major Commands We Audited as of September 2000, September 2001, and March 2002 vs. Average FY 2001 Monthly Purchases: Figure 4: Computers Purchased by the Atlantic Fleet in April 2001 That Remained Unused as of June 21, 2002: Figure 5: Navy Purchase Card Process Approving Officials: Abbreviations: APC: Agency Program Coordinator: DOD: Department of Defense: DON: Department of the Navy: GAO: General Accounting Office: JWOW: Javits-Wagner-O'Day Act: NAS: Naval Audit Service: NAVSEA: Naval Sea Systems Command: NAVSUP: Naval Supply Systems Command: NCIS: Naval Criminal Investigative Service: PCPMO: Purchase Card Program Management Office: PDA: Personal Digital Assistant: SECNAV; Secretary of the Navy: SPAWAR: Space and Naval Warfare Systems Command: USMC: United States Marine Corps: [End of section] United States General Accounting Office: Washington, D.C. 20548: September 27, 2002: The Honorable Charles E. Grassley: Ranking Minority Member: Committee on Finance: United States Senate: The Honorable Stephen Horn: Chairman: The Honorable Janice D. Schakowsky: Ranking Minority Member: Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations: Committee on Government Reform: House of Representatives: The Department of Defense (DOD) is promoting departmentwide use of purchase cards for obtaining goods and services. It reported that for the year ended September 30, 2001, purchase cards were used by about 230,000 cardholders to make about 10.7 million transactions valued at over $6.1 billion. Purchase card transactions include acquisitions at or below the $2,500 micropurchase threshold, payment for commercial training requests valued at or below $25,000, and for payment on contracts. The use of purchase cards has dramatically increased in past years as agencies have sought to eliminate the lengthy process and paperwork long associated with making small purchases. The benefits of using purchase cards versus traditional contracting and payment processes are lower transaction processing costs and less red tape for both the government and the vendor community. We support the use of a well-controlled purchase card program to streamline the government’s acquisition processes. While we support the purchase card program concept, it is important that agencies have adequate internal controls in place to protect the government from fraud, waste, and abuse. In July 2001 and March 2002, we testified on significant breakdowns in internal control over purchase card transactions at two Navy sites in San Diego, California. [Footnote 1] As a result of our work at the two Navy sites and continuing concern about fraud, waste, and abuse in DOD’s purchase card program, you requested that we expand our audits of purchase card controls. On June 27, 2002, we reported [Footnote 2] on control weaknesses in the Army’s purchase card program. This report focuses on purchase card activities at the Navy. The Navy is the second largest purchase card program in DOD. During fiscal year 2001, the Navy had about 2.8 million transactions and $1.8 billion in purchases, and as of September 2001 it had about 28,000 cardholders. We plan to report to you separately on the results of our audit of the Air Force purchase card program. The objective of our audit of the Navy’s purchase card program was to assess the adequacy of internal control over the authorization, purchase, and payment of purchase card transactions during fiscal year 2001, and determine whether the purchase card control weaknesses identified at two Navy units in San Diego were isolated examples or were indicative of Navywide weaknesses with the purchase card program. Specifically, we addressed whether (1) the Navy’s overall control environment and management of the purchase card program were effective, (2) the Navy’s key internal control activities operated effectively and provided reasonable assurance that purchase cards were used appropriately, and (3) indications existed of potentially fraudulent, improper, and abusive or questionable transactions. We supplemented our previous fiscal year 2001 audit work at the Space and Naval Warfare Systems Command Systems Center in San Diego, and the Naval Facilities Engineering Command’s Navy Public Works Center in San Diego by auditing the Navy’s internal control policies, procedures, and key activities at three major warfighting commands (Atlantic Fleet, Pacific Fleet, and the Marine Corps [Footnote 3]), and one other major support command (Naval Sea Systems Command). These six major commands account for about 56 percent of the Navy’s total fiscal year 2001 purchases and 56 percent of the Navy’s total fiscal year 2001 transactions. For each major command audited, we selected a geographic location (e.g., for the Pacific Fleet we selected cardholders based in or near San Diego) where we conducted a case study analysis by testing a statistical sample of purchase card transactions and performing other audit work to evaluate the design and implementation of key internal control procedures and activities. The results of our audit for transactions that comprised the statistical samples can only be projected to the units where we performed testing and cannot be used for projections to the entire command or to the Navy as a whole. However, the cumulative results of all our work offer significant perspective on the adequacy of the design and implementation of purchase card program internal controls across the Navy. We also looked for indications of potentially fraudulent, improper, and abusive or questionable purchases as part of our statistical sampling and through nonrepresentative selections of transactions using data mining of Navy-wide fiscal year 2001 transactions. Our data mining [Footnote 4] included identifying transactions with certain vendors that were more likely to sell items that would be unauthorized or that would be personal items (e.g., department and jewelry stores). Because of the large number of transactions that met these criteria, we did not look at all potential abuses of the purchase card. While we identified some potentially fraudulent, improper, and abusive or questionable purchases, our work was not designed to identify, and we cannot determine, the extent of these purchases. See appendix I for background on the purchase card program and see appendix II for details on our scope and methodology. Finally, per your request, this report also provides the status of (1) the Navy’s progress in implementing the November 30, 2001, recommendations [Footnote 5] to improve purchase card internal controls (see app. III), (2) two potential fraud cases referred to in our March 13, 2002, testimony (see app. IV), and (3) the former commanding officer at the Space and Naval Warfare Systems Command, Systems Center San Diego (see app. V). We requested comments from the Secretary of Defense or his designee on a draft of this report. We received comments from the Director, DOD Purchase Card Joint Program Management Office dated September 16, 2002, and from the Under Secretary of Defense (Comptroller) dated September 23, 2002. We reprinted those comments in appendix VI and appendix VII of this report. We conducted our audit work from November 2001 through July 2002 in accordance with U.S. generally accepted government auditing standards, and we performed our investigative work in accordance with standards prescribed by the President’s Council on Integrity and Efficiency. Results in Brief: A weak overall control environment and breakdowns in key internal controls leave the Navy vulnerable to potentially fraudulent, improper, and abusive purchases. Based on our audit work at four Navy major commands and selected units assigned to those major commands, and our previous audit work at two San Diego units assigned to two other major commands, we found that purchase card internal controls were ineffective. The problems we found across the Navy resulted from a weak overall internal control environment, inadequate guidance, flawed policies and procedures, and a lack of adherence to valid policies and procedures. In response to our previous findings, DOD and the Navy have begun improving the control environment over the purchase card program. For example, subsequent to the congressional hearing on July 30, 2001, which highlighted purchase card control weaknesses at the two San Diego units, DOD directed all military units to reassess the number of cardholders and to ensure that purchase cards are limited to those who need them. At the Navy, this resulted in the reduction in the number of cardholders by more than half—from about 59,000 in June 2001 to about 25,000 in March 2002. DOD also directed all military units to reevaluate cardholder credit limits. This resulted in the four commands that we audited reducing their combined credit limits by about $140 million. The Navy also directed that all cardholders and approving officials take refresher purchase card training. In addition, the Navy reported that it either implemented or is planning to implement all 29 recommendations made in our November 30, 2001, report. However, further improvements are needed to achieve an effective control environment. For example, as of March 2002, the four Navy commands we reviewed continued to have approving officials with spans of control that exceeded DOD and Navy requirements, and cardholder credit limits exceeded demonstrated needs. We also question the effectiveness of transaction monitoring conducted by the four commands that we audited. In November 2001, these four commands completed an analysis of 1,225,000 fiscal year 2001 transactions and found about 0.1 percent of their transactions were for personal use, or prohibited items, or did not fulfill a bona fide mission requirement. In contrast, our analysis of a statistically selected sample of 624 fiscal year 2001 transactions found that about 15 percent of the transactions we reviewed were potentially fraudulent, improper, abusive, or questionable. In addition, we determined that the Navy did not provide cardholders, approving officials, and agency program coordinators with sufficient human capital resources—e.g., time and training—to effectively perform oversight and manage the program. The weaknesses in the Navy’s purchase card control environment at the units audited led to a significant breakdown in key control activities in fiscal year 2001. Specifically, we determined that (1) cardholders did not screen for the availability of goods from required sources, (2) cardholders did not document that someone independent of the cardholder received and accepted the goods and services, (3) many Navy units did not maintain accountability over pilferable property acquired with the purchase card, and (4) cardholders did not reconcile monthly purchase card statements to supporting documentation and approving officials did not review the cardholders’ reconciled bills prior to payment certification. These controls are intended to provide the Navy with reasonable assurance that purchase card transactions are for valid and necessary government expenditures. The high failure rate—80 percent to 98 percent—of cardholder reconciliation and approving official review is of particular concern because it is perhaps the most important control by providing reasonable assurance that purchases are appropriate and for a legitimate government need. The weak control environment and breakdown in key internal controls contributed to potentially fraudulent, improper, and abusive or questionable transactions that went undetected at units in all three Navy commands and the Marine Corps base we audited. For example, two cardholders selected in our Atlantic Fleet statistical sample were part of a fraud investigation conducted by the Naval Criminal Investigative Service (NCIS). Both of these cardholders were part of an overall plot by these cardholders and up to seven vendors to defraud the Navy of nearly $89,000. Our site-specific and Navy-wide data mining transaction reviews identified other potentially fraudulent transactions including the purchase of computers, cell phones, food, cameras, power tools, televisions, personal digital assistants, clothing, and stereos. We also identified numerous examples of improper transactions, which are transactions for goods or services that are intended for government use but are not permitted by law, Navy regulation, or DOD policy. Improper purchases were made for food, clothing, printing services, office supplies, rental cars, and hotel lodging and services. We also identified abusive and questionable transactions at all three Navy commands and the Marine Corps base we audited and in our Navy-wide data mining. Abusive transactions are those where the goods or services are authorized, but are purchased at an excessive cost or for a questionable government need. Questionable transactions are those that could be considered improper or abusive, but the support is insufficient for a determination. The purchase card transactions that we considered to be questionable generally did not include an explanation or advance authorization that would justify these purchases or permit a determination of whether the purchases were improper or abusive. Examples of abusive or questionable purchases include designer leather products such as Coach and Dooney and Bourke merchandise; fine china; athletic equipment; beer; $2,200 flat-panel computer monitors; excessive and uneconomical cell phone use; and transactions for which the Navy does not have any documentation indicating what was purchased. This report includes 19 additional recommendations to (1) improve the overall control environment for the Navy’s purchase card program, (2) strengthen key internal control activities, and (3) increase attention to preventing potentially fraudulent, improper, and abusive or questionable transactions. In written comments on a draft of this report, DOD concurred with 16 and partially concurred with the remaining 3 recommendations and described actions completed, underway, or planned to implement them. While DOD partially concurred with our recommendations dealing with linking the performance appraisals of purchase card officials to achieving performance standards, and maintaining accountability over pilferable property, the actions DOD has agreed to take will implement the most significant aspects of those recommendations. DOD also partially concurred with our recommendation concerning establishing a schedule of disciplinary actions that may be taken against cardholders who make improper or abusive acquisitions and stated that Navy will examine whether actions the department has already taken will appropriately deal with the improper or abusive uses of purchase cards. Background: The Navy’s purchase card program is part of the governmentwide Commercial Purchase Card Program established to simplify federal agency acquisition processes by providing a low-cost, efficient vehicle for obtaining goods and services directly from vendors. DOD has mandated the use of the purchase card for all purchases at or below $2,500 and has authorized the use of the card to pay for specified larger purchases. DOD has seen significant growth in the program since its inception and estimated that in fiscal year 2001 about 95 percent of its transactions of $2,500 or less were made by purchase card. The purpose of the program is to simplify the process of making small purchases. It allows cardholders to make micropurchases of $2,500 or less and pay for training of $25,000 or less without having to execute a contract. The government purchase card can also be used for larger transactions, but only under a contract. For larger transactions, the card is referred to as a “payment card” because it pays for an acquisition made under a legally executed contract. The Navy uses a combination of governmentwide, DOD, and Navy guidance as the policy and procedural foundation for its purchase card program. The Navy purchase card program operates under a governmentwide General Services Administration purchase card contract, as do the purchase card programs of all federal agencies. In addition, government acquisition laws and regulations such as the Federal Acquisition Regulation provide overall governmentwide guidance. DOD and the Navy have issued clarifying guidance to these regulations. The Under Secretary of Defense for Acquisition, Technology, and Logistics—in cooperation with the Under Secretary of Defense (Comptroller)—has overall responsibility for DOD’s purchase card program. The DOD Purchase Card Joint Program Management Office, in the office of the Assistant Secretary of the Army for Acquisitions Logistics and Technology, is responsible for overseeing DOD’s program. The Commander of the Naval Supply Systems Command (NAVSUP) has been designated the Navy’s chief contracting officer, and under his command is the Navy purchase card program manager. However, primary day-to-day management responsibility for the program lies with the agency program coordinators in the Navy’s major commands and local units. Figure 1 depicts the management hierarchy of the Navy purchase card program for the units at the four major commands that we audited. The figure shows each major command where we conducted audit work; for each location we selected for a case study analysis, the figure also shows the total number of subordinate level agency program coordinators, approving officials, and cardholders. It is important to note that at the major commands and the subordinate level units that we audited, most agency program coordinators, approving officials, and cardholders were not dedicated to the purchase card program on a full-time basis. Rather, most individuals had additional job responsibilities and performed purchase card duties when needed. Figure 1: Navy Purchase Card Program Management Structure, September 2001: [See PDF for image} The following management structure data is depicted: Top level: DOD Purchase Card Joint Program Management Office. Second level (reports to first level): Department of Navy eBusiness Operations Office; Navy Agency Program Coordinator. Third level (all report to second level): * Atlantic Fleet, Major Command Agency Program Coordinator: - Norfolk, VA Area; Agency program coordinators at subordinate units (98); Approving officials (286); Cardholders (769); * Pacific Fleet, Major Command Agency Program Coordinator: - San Diego, CA Area; Agency program coordinators at subordinate units (66); Approving officials (168); Cardholders (417); * Naval Sea Systems Command, Major Command Agency Program Coordinator: - Norfolk, VA Area; Agency program coordinators at subordinate units (10); Approving officials (78); Cardholders (235); * U.S. Marine Corps, Major Command Agency Program Coordinator: - Camp Lejeune, NC; Agency program coordinators at subordinate units (15); Approving officials (173); Cardholders (496). Source: GAO analysis of Navy purchase card program organization. [End of figure] At the major commands and units audited, personnel in three positions— agency program coordinator, cardholder, and approving official [Footnote 6]—are collectively responsible for providing reasonable assurance that purchase card transactions are appropriate and meet a valid government need. Agency program coordinators work at both the major command and unit levels. Major command agency program coordinators operate under the direction of the command’s director of the contracting office, and are responsible for the day-to-day management, administration, and oversight of the program. Unit level agency program coordinators develop local standard operating procedures, issue and cancel cards, train cardholders and approving officials, and work with other Navy units and the card-issuing bank. Cardholders are to make purchases, maintain supporting documentation, and reconcile their monthly statements. Approving officials, who typically are responsible for more than one cardholder, are to review each cardholder’s transactions and reconciled statements, and certify for payment their cardholders’ purchases. Appendix I provides additional details on the Navy purchase card program. Weak Purchase Card Control Environment Contributed to Ineffective Controls, but Management has Taken Positive Steps: [Management and employees should establish and maintain an environment throughout the organization that sets a positive and supportive attitude toward internal control and conscientious management. A positive control environment is the foundation for all other standards. It provides discipline and structure as well as the climate which influences the quality of internal control. GAO’s Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999)] We found that the Navy and Marine Corps units we audited had not established an effective internal control environment in fiscal year 2001, and although significant improvements have been made, further action in several areas is necessary. Specifically, we found that in fiscal year 2001, these locations did not (1) effectively evaluate whether approving officials maintained reasonable spans of control, (2) limit purchase card credit limits to historical procurement needs, (3) ensure that cardholders and approving officials were properly trained, (4) utilize the results of purchase card program monitoring efforts, and (5) establish an infrastructure necessary to effectively monitor and oversee the purchase card program. As a result of our July 30, 2001, testimony, the Navy and DOD have taken significant actions to improve purchase card controls, including reducing the number of cardholders by over 50 percent and establishing a Charge Card Task Force to further improve the purchase card processes and controls. Improvement Initiatives Signal Proactive “Tone at the Top:” [Management plays a key role in demonstrating and maintaining an organization's integrity and ethical values, especially in setting and maintaining the organization's ethical tone, providing guidance for proper behavior, removing temptations for unethical behavior, and providing discipline when appropriate. GAO's Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999)] Since the July 30, 2001, congressional hearing, the DOD Comptroller, the DOD Purchase Card Joint Program Management Office, and NAVSUP have issued a number of directives and policy changes citing previous audit findings and the need to improve both the purchase card control environment and adherence to control techniques. Specifically, in response to our November 2001 report, the Navy has acted on or plans to implement all 29 of our recommendations to improve controls over the purchase card program. While we believe that some of the Navy’s actions to implement our recommendations are not sufficient to achieve the necessary changes, planned and implemented actions to date are a significant step forward. In addition, the DOD Comptroller appointed a Charge Card Task Force, which issued its final report on June 27, 2002. The report identified many of the control weaknesses we identified in this and previous reports and testimonies. In the report, the DOD Comptroller stated that this “...is an excellent first step in an on-going process to continually seek ways to improve charge card programs. We must continue to identify new ways of reducing the government’s cost of doing business while at the same time ensuring that we operate in a manner that preserves the public’s trust in our ability to provide proper stewardship of public funds.” The task force report included a number of recommendations including establishing a purchase card concept of operations; accelerating the electronic certification and bill paying process; improving training materials; identifying best practices in areas such as span of control and purchase card management skill sets; and establishing more effective means of disciplining those who abuse the purchase cards. These recommendations address many of the concerns that we previously identified and provide management at the Pacific Fleet, Atlantic Fleet, Naval Sea Systems Command (NAVSEA), and Marine Corps the opportunity to take a proactive role in correcting control weaknesses and ensuring that the purchase card remains a valuable tool. Number of Cardholders Significantly Reduced but Approving Official Span of Control Remains an Issue: Although the Navy significantly reduced the number of purchase cards since our July 30, 2001, testimony, it continued to have approving officials who were responsible for reviewing more cardholder statements than allowed by either DOD or Navy guidance, which limits the number of cardholders that an approving official should review to seven. The convenience of the purchase card must be balanced against the time and cost involved in the training, monitoring, and oversight of cardholders. It must also be balanced against the exposure of the Navy to the legally binding obligations incurred by those transactions. The proliferation of purchase cards and high cardholder-to-approving-official ratios increase the risks associated with the purchase card program. In response to the July 2001 hearing, DOD’s Director of Procurement instructed the directors of Defense agency procurement and contracting departments on August 13, 2001, to limit purchase cards to only those personnel who need to purchase goods and services as part of their jobs. As a result of this heightened concern, the Navy reduced the number of cardholders by more than half— from about 59,000 in June 2001 to about 28,000 by September 2001. In October 2001, the Navy followed up the initial reduction in cardholders with an interim change to the NAVSUP existing purchase card instructions that established minimum criteria for prospective purchase card holders. As shown in figure 2, the Navy continued to reduce the number of cardholders and was down to about 25,000 as of March 2002. Agency program coordinators at the commands we audited told us that the reduction was a result of (1) employee attrition, and (2) cancellation of cards of individuals who no longer needed them. Figure 2: Change in Number of Navy-wide Cardholders, October 2000 to March 2002: [See PDF for image] This figure is a line graph. The vertical axis of the graph represents number of Navy-wide cardholders from 0 to 75,000. The horizontal axis of the graph represents months from October 2000 to March 2002. The following data is approximated from the graph. In October 2000, the number of Navy-wide cardholders appears to be approximately 53,000, peaking at about 59,000 in June, 2001. That number dropped to about 30,000 by July 2001 and remains fairly constant to March 2002. Source: General Services Administration. [End of figure] NAVSUP’s interim change limiting purchase cards also established a maximum ratio of seven cardholders to each approving official, [Footnote 7] and required that Navy and Marine Corps units establish local policies and procedures for approving purchase cards and for issuing them to activity personnel. The Navy’s requirement of a maximum 7-to-1 ratio of cardholders to an approving official is consistent with guidance issued by the Department of Defense Purchase Card Joint Program Management Office on July 5, 2001, shortly before the congressional hearing. As shown in table 1, at the four locations we audited, the average ratio of cardholders to approving officials was well in line with the DOD and Navy limit of seven cardholders per approving official. This average, however, masks the wide range of ratios across units, including those that far exceeded the DOD and Navy prescribed ratio of cardholders to approving official. The problem of high cardholder-to-approving-official ratios remains especially acute at NAVSEA, which at some locations used one approving official to certify a single payment for all the unit’s cardholders. This resulted in approving officials certifying monthly bills that contained thousands of transactions and regularly exceeded $1 million a month. Table 1: Ratio of Cardholders to Approving Officials, September 2000 through March 2002: Command: Atlantic Fleet; Date: Sept. 2000; Average ratio of cardholders to approving official: 3.0 to 1; Number of approving officials with more than 7 cardholders to review: 72; Highest ratio of cardholders to approving official: 66 to 1. Command: Atlantic Fleet; Date: March 2002; Average ratio of cardholders to approving official: 2.8 to 1; Number of approving officials with more than 7 cardholders to review: 15; Highest ratio of cardholders to approving official: 17 to 1. Command: Pacific Fleet; Date: Sept. 2000; Average ratio of cardholders to approving official: 2.7 to 1; Number of approving officials with more than 7 cardholders to review: 53; Highest ratio of cardholders to approving official: 36 to 1. Command: Pacific Fleet; Date: March 2002; Average ratio of cardholders to approving official: 2.5 to 1; Number of approving officials with more than 7 cardholders to review: 32; Highest ratio of cardholders to approving official: 15 to 1. Command: NAVSEA; Date: Sept. 2000; Average ratio of cardholders to approving official: 2.8 to 1; Number of approving officials with more than 7 cardholders to review: 51; Highest ratio of cardholders to approving official: 382 to 1. Command: NAVSEA; Date: March 2002; Average ratio of cardholders to approving official: 2.6 to 1; Number of approving officials with more than 7 cardholders to review: 20; Highest ratio of cardholders to approving official: 375 to 1. Command: Marine Corps; Date: Sept. 2000; Average ratio of cardholders to approving official: 3.3 to 1; Number of approving officials with more than 7 cardholders to review: 84; Highest ratio of cardholders to approving official: 410 to 1. Command: Marine Corps; Date: March 2002; Average ratio of cardholders to approving official: 2.6 to 1; Number of approving officials with more than 7 cardholders to review: 17; Highest ratio of cardholders to approving official: 68 to 1. Source: GAO analysis of Citibank data provided by Navy. [End of table] Cardholder Credit Limits Exceed Procurement Needs: While total financial exposure as measured in terms of purchase card credit limits has decreased in the units we audited, as shown in figure 3, it continues to substantially exceed historical purchase card procurement needs. Figure 3: Available Credit Limits for the Four Major Commands We Audited as of September 2000, September 2001, and March 2002 vs. Average FY 2001 Monthly Purchases: [See PDF for image] This figure is a vertical bar graph. The vertical axis of the graph represents dollars in millions from 0 to 500. The horizontal axis of the graph represents the four major commands. The following data is depicted. Command: Atlantic Fleet; Credit limit, September 2000: $245; Credit limit, September 2001: $201; Credit limit, March 2002: $128. Command: Pacific Fleet; Credit limit, September 2000: $160; Credit limit, September 2001: $159; Credit limit, March 2002: $159. Command: NAVSEA; Credit limit, September 2000: $236; Credit limit, September 2001: $211; Credit limit, March 2002: $199. Command: Marine Corps; Credit limit, September 2000: $443; Credit limit, September 2001: $436; Credit limit, March 2002: $454. Source: GAO analysis of Citibank data provided by Navy. [End of figure] Limiting credit available to cardholders is a key factor in managing the purchase card program and in minimizing the government’s financial exposure. Therefore, to determine the maximum credit available we analyzed the credit limits available to both cardholders and approving officials. [Footnote 8] In August 2001, the Under Secretary of Defense for Acquisition, Technology, and Logistics sent a memorandum to the directors of all defense agencies stating that supervisors should set reasonable limits based on what each person needs to buy as part of his or her job and that every cardholder does not need to have the maximum transaction or monthly credit limit. Similarly, in October 2001, NAVSUP issued an interim change to the purchase card program instruction which requires agency program coordinators to monitor cardholder credit limits and ensure that the credit limits are appropriate for mission requirements. We concur with both the Under Secretary’s statement and NAVSUP’s interim change to the purchase card instructions, and continue to believe that limiting cardholder spending authority is an effective way of minimizing the federal government’s financial exposure. However, we have not seen adequate progress in this area at the locations that we audited. None of the units we visited tied either the cardholder’s or the approving official’s credit limit to the unit’s historical spending. Rather, they often established arbitrary credit limits of $10,000 to $25,000. In some instances, we found cardholders and approving officials who had credit limits that far exceeded historical spending needs. For example, as of September 2001, we identified over 60 cardholders with $9.9 million [Footnote 9] credit limits, and more than 2,300 approving officials with $9.9 million credit limits at the four commands we audited. As shown in table 2, the four commands that we audited had credit limits that clearly exceeded historical needs. Table 2: Historical Purchases vs. Credit Limits for Selected Navy Commands and Marine Corps: Credit limits as of March 2002: Atlantic Fleet: $128 million; Pacific Fleet: $159 million; NAVSEA: $199 million; Marine Corps: $454 million. Fiscal year 2001 average monthly purchase activity: Atlantic Fleet: $14 million; Pacific Fleet: $11 million; NAVSEA: $22 million; Marine Corps: $19 million. Ratio of credit limit[A] to average fiscal year 2001 monthly expenditures: Atlantic Fleet: 9 to 1; Pacific Fleet: 14 to 1; NAVSEA: 9 to 1; Marine Corps: 24 to 1. Cardholders with $9.9 million credit limits as of September 2001: Atlantic Fleet: 7; Pacific Fleet: 15; NAVSEA: 10; Marine Corps: 34. Approving officials with $9.9 million credit limits as of September 2001: Atlantic Fleet: 544; Pacific Fleet: 497; NAVSEA: 614; Marine Corps: 724. [A] Credit limit as of March 2002 to reflect the reduction in credit limits made by the commands. Source: GAO analysis of Citibank data provided by Navy. [End of table] Navy Units Lacked Documented Evidence of Training: [Effective management of an organization's workforce-its human capital-is essential to achieving results and an important part of internal control… Training should be aimed at developing and retraining employee skill levels to meet changing organizational needs. GAO's Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999)] Most of the units we audited did not have documented evidence that their purchase card holders had received the initial or supplemental training required by the Navy purchase card program guidance. Training is key to ensuring that the workforce has the skills necessary to achieve organizational goals. In accordance with NAVSUP Instruction 4200.94, all cardholders and approving officials must receive purchase card training. Specifically, NAVSUP Instruction 4200.94 requires that prior to the issuance of a purchase card account, the prospective cardholder and approving official must receive training regarding both Navy policies and procedures and local procedures. The instruction also requires all cardholders and approving officials to receive refresher training every 2 years. In response to the July 30, 2001, hearing, the Assistant Secretary of the Navy for Research, Development and Acquisition sent a message in August 2001 to all Navy units directing them to train all of their cardholders on or about September 12, 2001, concerning the proper use of the purchase cards. While acknowledging this need, the Navy does not have a database that would enable agency program coordinators to monitor training for cardholders and approving officials. Therefore, the Navy does not have a systematic means to determine whether NAVSUP Instruction 4200.94 or its directives are being carried out. As shown in table 3, we found that from about 56 percent of the fiscal year 2001 transactions at the Marine Corps to about 87 percent of the transactions at the Atlantic Fleet were made by cardholders or approved for payment by approving officials for whom there was no documented evidence of either initial training or refresher training at the time the transaction was made. Managers at all four locations told us that they require all cardholders to receive training prior to receiving their purchase cards. Not all managers were as confident that cardholders and approving officials received follow-up training. Without a centralized training database it would be extremely difficult to track when each cardholder needed the required 2-year refresher training. Table 3: Lack of Documented Current Training for Cardholders and Approving Officials: Percentage[A] of transactions made by cardholders or certified for payment by approving officials without documented current training at the time the transactions were made: Atlantic Fleet units in the Norfolk area: 87%; Pacific Fleet units in the San Diego area: 73%; NAVSEA units in the Norfolk area: 80%; Marine Corps Base, Camp Lejeune: 56%. [A] The numbers represent point estimates for the population based on our sampling tests. The confidence intervals for our sample estimates are presented in appendix II of this report. Source: GAO analysis of Navy records. [End of table] Further, for training to be effective it should be tailored to provide the knowledge needed for the different tasks in purchase card management. However, we found that, even though the functions performed by the agency program coordinators, approving officials, and cardholders are substantially different, the training curriculum for the three positions was identical. Neither NAVSUP nor the major commands had specific guidance or training concerning the role and responsibilities of agency program coordinators or approving officials. Monitoring and Oversight Need Improvement: [Agency internal control monitoring assesses the quality of performance over time. It does this by putting procedures in place to monitor internal control on an ongoing basis as a part of the process of carrying out its regular activities. It includes ensuring that managers and supervisors know their responsibilities for internal control and the need to make internal control monitoring part of their regular operating processes. Ongoing monitoring occurs during normal operations and includes regular management and supervisory activities, comparisons, reconciliations, and other actions people take in performing their duties. GAO's Internal Control Standards: Internal Control Management and Evaluation Tool (GAO-01-1008G, August 2001)] We found evidence that the Pacific Fleet, Atlantic Fleet, Naval Sea Systems Command units, and the Marines Corps base that we audited conducted reviews of the fiscal year 2001 purchase card program. However, we did not find that these commands used the results of those reviews to resolve identified internal control weaknesses. Further, an August 2001 NAVSUP-mandated review of 12 months of purchase card transactions failed to identify the extent of potentially fraudulent, improper, and abusive or questionable transactions identified in either Naval Audit Service or GAO audits. NAVSUP Instruction 4200.94 calls for agency program coordinators10 to perform semiannual reviews of their units’ purchase card program, including the program’s adherence to internal operating procedures, applicable training requirements, micropurchase procedures, receipt and acceptance procedures, and statement certification and prompt payment procedures. These reviews are to serve as a basis for agency program coordinators’ to initiate appropriate action to improve the local program or correct problem areas. Throughout fiscal year 2001, the Navy purchase card instructions did not require that written reports on the results of internal reviews be submitted to either local management or a central Navy office for monitoring and oversight. As a result, the Navy did not have a consistent process for documenting the results of purchase card reviews, identifying systemic problems, or monitoring corrective actions to help provide assurance that the actions are effectively implemented. In October 2001, in response to our previous audit work, the Navy issued an interim change to NAVSUP Instruction 4200.94 that requires each command twice a year to summarize the results of monitoring in their subordinate commands and to forward each summary to NAVSUP. Results of Periodic Reviews: Although agency program coordinators and the Naval Audit Service have conducted periodic reviews of the purchase card program that showed cardholders and approving officials were not adhering to required control procedures, we found no evidence that the commands or units that we audited used the results of those reviews to improve the control environment or adherence to control procedures. The internal control weaknesses identified by agency program coordinators included (1) a lack of independent documentation that the Navy received items ordered, (2) accountable items not recorded in the property records, (3) inadequate documentation for transactions, and (4) split purchases. In addition, the Naval Audit Service issued a report dated May 29, 2002, that was critical of the controls that the Naval Sea Systems Command exercised over the purchase card transactions at eight locations. The Naval Audit Service report not only highlighted findings similar to those listed here, but also identified 265 questionable transactions for such items as gift certificates, clothing, watches, and rental cars. Results of Stand-Down Reviews: In contrast to the findings of the agency program coordinators and the Naval Audit Service, the four major commands reported relatively few, if any, inappropriate purchase card transactions when they conducted a self assessment of transactions in response to a NAVSUP August 2001 directive. In that directive, NAVSUP required that each Navy unit conduct a standdown review of all purchase card transactions the unit made during the previous 12 months and report the results to NAVSUP by November 15, 2001. Based on the results of the reviews conducted by the units we audited, we question the design and performance of the review. Its results do not indicate a thorough and critical analysis of the nature and magnitude of the control weaknesses and of the extent to which fraudulent, improper, or abusive transactions were occurring during the period reviewed. As shown in table 4, the four major commands that we audited represented that they reviewed about 1,225,000 transactions but reported that they found only 1,355 purchases—about 0.1 percent of the transactions reviewed—were for personal use or for prohibited items, or were not bona fide mission requirements. In our statistical sample of 624 fiscal year 2001 transactions, we found 102 potentially fraudulent, improper, and abusive or questionable transactions—about 15 percent of the transactions audited. Furthermore, we found numerous examples of abusive and improper transactions (discussed in more detail in the following section of this report) as part of our data mining. In response to this issue, command level agency program coordinators told us that they did not have sufficient time to perform their transaction reviews. Table 4: Reported Results of NAVSUP Mandated Self Assessment of 12 Months of Purchase Card Transactions: Number of transactions: Atlantic Fleet: 303,000; Pacific Fleet: 214,000; NAVSEA: 321,000; Marine Corps: 388,000. Activities that did not complete review: Atlantic Fleet: 12; Pacific Fleet: 7; NAVSEA: 1; Marine Corps: 0. Purchases not required fulfill bona fide mission requirements: Atlantic Fleet: 0; Pacific Fleet: 86; NAVSEA: 30; Marine Corps: 342. Purchases for personal use: Atlantic Fleet: 5; Pacific Fleet: 14; NAVSEA: 25; Marine Corps: 252. Purchases of prohibited items: Atlantic Fleet: 57; Pacific Fleet: 201; NAVSEA: 68; Marine Corps: 275. Split purchases: Atlantic Fleet: 224; Pacific Fleet: 163; NAVSEA: 1,241; Marine Corps: 1.145. Source: Navy Records. [End of table] Human Capital Resources Are Insufficient for Effective Monitoring and Oversight: [Effective management of an organization's workforce its human capital is essential to achieving results and an important part of internal control. Management should view human capital as an asset rather than a cost. Only when the right personnel for the job are on board and are provided the right training, tools, structure, incentives and responsibilities is operational success possible. GAO's Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999)] The Navy has not provided sufficient human capital resources to enable effective monitoring of purchases and to develop a robust oversight program. The three key positions for overseeing the program and monitoring purchases are the command-level agency program coordinator, the unit-level agency program coordinator, and the approving official. During the period of our review, none of the major command agency program coordinators we audited worked full time in that position. This is despite the fact that they were responsible for managing procurement programs that incurred between 227,000 and 380,000 transactions totaling from about $137 million to about $268 million annually. Further, these agency program coordinators were responsible for managing the procurement activities of cardholders who were located not only on the East and West Coasts of the United States but in some instances on other continents. In addition, these part-time major command coordinators generally had one or two staff in their immediate office—who were also assigned other responsibilities—that helped monitor the program. Considering that the major command agency coordinators are responsible for procurement programs involving hundreds of thousands of transactions and hundreds of millions of dollars, as shown in table 5, the human capital resources at the major command level are inadequate. Table 5: Program Coordinators’ Span of Control, September 2001: Number of people in the major command agency program coordinator office: Atlantic Fleet: 2; Pacific Fleet: 2; NAVSEA: 2; Marine Corps: 3. Number of subordinate level agency program coordinators: Atlantic Fleet: 400; Pacific Fleet: 321; NAVSEA: 46; Marine Corps: 130. Number of approving officials: Atlantic Fleet: 1,088; Pacific Fleet: 926; NAVSEA: 968; Marine Corps: 1,498. Number of cardholder accounts: Atlantic Fleet: 3,543; Pacific Fleet: 2,341; NAVSEA: 2,738; Marine Corps: 4,766. Number of fiscal year 2001 transactions (in thousands): Atlantic Fleet: 303; Pacific Fleet: 227; NAVSEA: 319; Marine Corps: 380. Value of fiscal year 2001 transactions (in millions); Atlantic Fleet: $173; Pacific Fleet: $137; NAVSEA: $268; Marine Corps: $224. Source: GAO analysis of Navy purchase card program data as of September 30, 2001. [End of table] We also found that the major commands we audited did not provide the subordinate level agency program coordinators and approving officials with the time, training, tools, or incentives—also human capital resources—needed to perform their monitoring responsibilities necessary for the operational success of the program. Rather, the responsibilities of approving officials and many subordinate level agency program coordinators fell into the category of “other duties as assigned,” with minimal time, training, or tools to carry out these responsibilities. Further, we found that approving officials and most agency program coordinators generally had other duties of higher priority than monitoring purchases and reviewing cardholders’ statements. This was especially true for approving officials, some of whom were engineers and computer technicians, whose annual ratings generally did not cover their approving official duties. One subordinate level agency program coordinator told us that she knows that some approving officials do not review the cardholder statements because (1) some cardholders make thousands of purchases in a month and (2) the approving officials have other responsibilities. Another agency program coordinator told us that some agency program coordinators and approving officials fear that questioning certain purchases could be career-limiting decisions. Further, neither the Navy nor the major commands have established a position description, an adequate statement of duties, or other information on the scope, duties, or specific responsibilities for subordinate-level agency program coordinators and approving officials. Critical Internal Controls Were Ineffective: [Internal control activities help ensure that management’s directives are carried out. The control activities should be effective and efficient in accomplishing the agency’s control objectives. GAO's Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999)] Basic internal controls over the purchase card program were ineffective at the units in the major commands we audited during fiscal year 2001 primarily because they were not effectively implemented. Based on our tests of statistical samples of purchase card transactions, we determined that key transaction-level controls were ineffective, rendering the purchase card transactions at the units we audited vulnerable to fraudulent and abusive purchases and to the theft and misuse of government property. The problems we found primarily resulted from inadequate guidance and a lack of adherence to valid policies and procedures. The specific controls that we tested were (1) screening for required vendors, (2) documenting independent receipt and acceptance of goods and services, (3) documenting cardholder reconciliation and approving official review prior to certifying the monthly purchase card statement for payment, and (4) recording pilferable property in accountable records. As shown in table 6, the failure rates for the first three attributes that we tested ranged from 58 percent to 98 percent respectively for the Atlantic Fleet units in Norfolk for documenting independent receipt and acceptance obtained with a purchase card and reviewing cardholder statements prior to certifying them for payment. Most transactions in our statistical sample did not contain pilferable property. Thus, we are not projecting the results of that test to the population of transactions that we tested at those units. Table 6: Estimate of Fiscal Year 2001 Transactions That Failed Control Tests: Atlantic Fleet units in the Norfolk area: Percent breakdowns in key purchase card controls[A], Screening for required vendors: 88; Percent breakdowns in key purchase card controls[A], Independent, documented receipt of items purchased: 58; Percent breakdowns in key purchase card controls[A], Proper reconciliation and certification of purchase card statements for payment: 98. Pacific Fleet units in the San Diego area: Percent breakdowns in key purchase card controls[A], Screening for required vendors: 70; Percent breakdowns in key purchase card controls[A], Independent, documented receipt of items purchased: 59; Percent breakdowns in key purchase card controls[A], Proper reconciliation and certification of purchase card statements for payment: 80. NAVSEA units in the Norfolk area: Percent breakdowns in key purchase card controls[A], Screening for required vendors: 90; Percent breakdowns in key purchase card controls[A], Independent, documented receipt of items purchased: 67; Percent breakdowns in key purchase card controls[A], Proper reconciliation and certification of purchase card statements for payment: 86. Marine Corps Base at Camp Lejeune: Percent breakdowns in key purchase card controls[A], Screening for required vendors: 89; Percent breakdowns in key purchase card controls[A], Independent, documented receipt of items purchased: 59; Percent breakdowns in key purchase card controls[A], Proper reconciliation and certification of purchase card statements for payment: 94. [A] The numbers represent point estimates for the population based on our sampling tests. The confidence intervals for our sample estimates are presented in appendix II of this report. [End of table] Little Evidence Cardholders Screen for Required Vendors: Despite DOD and Navy requirements to give priority to certain required vendors, we found that the failure rate to document the necessary screening of purchases ranged from about 70 percent at the Pacific Fleet to about 90 percent at NAVSEA. Because of the units’ failure to document screening for statutory vendors, the Navy and Marine Corps do not know the extent to which cardholders failed to acquire items from these required vendors. The Navy’s purchase card instructions require that prior to using the purchase card, cardholders must document that they have screened all their intended purchase card acquisitions for availability from statutory sources of supply. These sources of supply include vendors qualifying under the Javits-Wagner-O’Day Act (JWOD), Federal Prison Industries, and DOD’s Document Automation and Production Service (DAPS). JWOD vendors are nonprofit agencies that employ people who are blind or have other severe disabilities. JWOD vendors primarily sell office supplies and calendars, which often cost less than items sold by commercial vendors. In a June 2001 letter to all procurement officials, DOD’s Director of Procurement reminded cardholders of the need to purchase listed items from JWOD sources unless they have a specific waiver. Federal Prison Industries employ and provide skills training to inmates of federal prisons. They sell a wide variety of products including textiles, electronics, industrial products, and office furniture. Finally, DAPS is responsible for document automation and printing within DOD, encompassing electronic conversion, retrieval, and output and distribution of digital and hardcopy information. We cannot determine the precise amount spent on purchases that were not made from required vendors; however, as shown in table 7, our analysis of fiscal year 2001 vendor activity showed that the units we audited spent about $235,000 with five vendors (Franklin Covey, Kinko’s, PIP Printing, Kwik Kopy, and Sir Speedy) that sold items or services that are also sold by required vendors. Further, some of the items purchased at Franklin Covey were personal items that are considered to be abusive purchases. We performed a similar vendor analysis of the fiscal year 2001 Navy-wide purchase card activity and found that during fiscal year 2001, the Navy spent about $1.6 million with those five vendors. Due to the diverse nature of items sold by Federal Prison Industries, we did not attempt to identify vendors that sell similar products. Table 7: Purchase Card Transactions with Five Vendors That Sell Products Also Sold by Required Suppliers: Time management products (Franklin Covey); Atlantic Fleet in Norfolk: $39,000; Pacific Fleet in San Diego: $12,000; NAVSEA in Norfolk: $86,000; Marine Corps Base, Camp Lejeune: $10,000; Navywide: $738.000. Items/Services[A]: Printing (Kinko’s, Kwik Kopy, PIP Printing, Sir Speedy); Atlantic Fleet in Norfolk: $31,000; Pacific Fleet in San Diego: $20,000; NAVSEA in Norfolk: $31,000; Marine Corps Base, Camp Lejeune: $6,000 Navywide: $864,000. [A] These amounts represent the total value of purchase that the Navy made directly with these vendors during fiscal year 2001. Some of these purchases could have been for items not sold by required sources of supply. [End of table] We found that NAVSUP and some units provided cardholders with examples of how to document the screening process; however, cardholders failed to use the NAVSUP-suggested purchase log or complete local purchase request forms containing a section to document screening for required sources of supply. For example, the NAVSUP sample purchase card log included in NAVSUP Instruction 4200.94 contains a column for the cardholder to document whether or not he or she screened the items purchased for availability from statutory sources of supply. However, we found that the suggested purchase card log was often not used, or if used, many cardholders did not complete that column. Little Evidence of Independent Receipt and Acceptance of Items Purchased: [Key duties and responsibilities need to be divided or segregated among different people to reduce the risk of error or fraud. This should include separating the responsibilities for ...handling any related assets. Simply put, no one individual should control all the key aspects of a transaction or event. GAO's Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999)] The units we audited generally did not have evidence documenting that someone independent of the cardholder received and accepted items ordered and paid for with a purchase card, as required by NAVSUP Instruction 4200.94. That is, the units generally did not have a receipt, invoice, or packing slip for the acquired goods and services that was signed and dated by someone other than the cardholder. As a result, there is no documented evidence that the government received the items purchased or that those items were not lost, stolen, or misused. Some units have developed a system using ink stamps that need to be completed to document receipt and acceptance; however, these systems have not been implemented effectively. As shown in table 6, we estimated that about 58 percent to 67 percent of the units’ fiscal year 2001 transactions did not have documented evidence of independent receipt and acceptance of goods and services acquired with the purchase card. While some of the items for which these units did not have independent documented receipts were consumable office supplies, other items that failed this key internal control test included laptop computers, digital cameras, and personal digital assistants, which could be subject to theft or misuse. Little Evidence That Monthly Purchase Card Bills Were Reconciled and Reviewed Prior to Certification and Payment: [Transactions and other significant events should be authorized and executed only by persons acting within the scope of their authority. This is the principal means of assuring that only valid transactions to exchange, transfer, use, or commit resources and other events are initiated or entered into. GAO's Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999) Control activities ensure that only valid transactions ... are initiated or entered into ... Control activities are established to ensure that all transactions ... that are entered into are authorized and executed only by employees acting within the scope of their authority. GAO’s Internal Control Standards: Internal Control Management and Evaluation Tool (GAO-01-1008G, August 2001)] We found little evidence of cardholder reconciliation or approving official reviews to confirm that cardholders had reconciled the monthly statement of purchase card transactions back to the supporting documents throughout fiscal year 2001. All levels of the purchase card program recognize effective cardholder reconciliation and approving official review of the monthly statement as a key control activity. DOD’s Purchase Card Joint Program Management Office, the Navy, command procedures, and the units’ operating procedures recognize that cardholder reconciliation and approving official review are central to ensuring that purchase card transactions are appropriate. Under 31 U.S.C. 3325 and DOD’s Financial Management Regulation, [Footnote 11] disbursements are required to be made on the basis of a voucher certified by an authorized agency official. The certifying official is responsible for ensuring (1) the adequacy of supporting documentation, (2) the accuracy of payment calculations, and (3) the legality of the proposed payment under the appropriation or fund charged. The certification function is a preventive control that requires certifying officers to maintain proper controls over public funds. It also helps prevent fraudulent and improper payments, including unsupported or prohibited transactions, split purchases, and duplicate payments. Further, section 2784 of title 10, United States Code, requires the Secretary of Defense to prescribe regulations that ensure that each purchase card holder and approving official is responsible for reconciling charges on a billing statement with receipts and other supporting documentation before certification of the monthly bill. Consistent with these requirements, Navy purchase card guidance calls for cardholders to reconcile the monthly purchase card statements to supporting records. It calls for approving officials to ensure that all cardholder purchases were appropriate and all charges were accurate, and to resolve all questionable purchases with the cardholder. According to NAVSUP Instruction 4200.94, after the approving official reviews the monthly bill, the approving official will certify it for payment. Because certification is necessary for payment, it is likely to occur whether or not cardholders and approving officials have performed required reconciliations and reviews. Thus, when we tested whether the cardholder reconciled the monthly statement and whether the approving official reviewed the monthly statement, we did not simply look for a physical or electronic signature on a form. Rather, for this test we considered that proper reconciliation and review occurred if: * the cardholder signed and dated the monthly bill [Footnote 12] before it was paid, and the monthly bill contained any markings or notes linking the amounts billed to a credit card receipt, invoice, packing slip, or a purchase log; and; * the approving official’s review of the cardholders’ monthly statements was signed and dated prior to certification for payment, and there were virtually any markings or notes on the monthly statements evidencing that review. Our testing revealed that documented evidence of adequate cardholder reconciliation or approving official review of cardholder transactions did not exist for most of our sample transactions. Examples of inadequate documentation included missing statements, invoices, signatures, or dates, or a lack of evidence of cardholder reconciliation or approving official review. Without such evidence, we—and the program coordinators, who are required to semiannually review approving official records—cannot determine whether officials are complying with review requirements. As shown in table 6, the failure rate for this internal control activity at the units in the four commands audited was among the highest of the controls we tested. The failure rates for this attribute were similar to the failure rates that we reported for this attribute in our previous testimony related to two San Diego-based Navy units. The Navy agreed with our initial recommendations concerning the need to clarify the payment certification portion of the purchase card instruction. Based on this audit’s broader review of the Navy’s purchase card program, we believe that the high failure rate may also be attributable to the fact that approving official and cardholder responsibilities fall into the category of “other duties as assigned” without any specific time allocated for their performance, as discussed previously. Further, cardholders and approving officials are not necessarily in the same geographic location. Consequently, while an approving official might be able to review cardholder transactions electronically, the approving official will not necessarily be able to review the documentation supporting the transaction. Approving officials and cardholders told us they had many duties of a higher priority than reviewing the monthly purchase card statements. A large workload, especially in “other duties as assigned,” and geographical separation of cardholders and approving officials can lead to less attention than expected or desired. For example, one NAVSEA approving official’s ability to promptly and accurately review cardholders’ monthly statements was hampered because (1) the approving official was responsible for reviewing the statements of nearly 400 cardholders and regularly certified for payment monthly statements exceeding $1 million and (2) the approving official who was located in Rhode Island was responsible for reviewing the statements of cardholders not only located in Rhode Island but also cardholders located in Virginia, Washington, and Florida. We identified numerous instances of purchases that had not been adequately reviewed and reconciled to the monthly statements, but in which the statements were, nonetheless, certified for payment. Such activities allow potentially fraudulent, improper, and abusive or questionable purchases (discussed in more detail in the following section of this report) to go undetected. Also, mistaken or other improper charges by vendors might not be detected. The following are examples of such charges that we identified: * At Camp Lejeune, we found 29 transactions totaling over $50,000 for which the Marine Corps was unable to provide any supporting documentation concerning what was purchased or whether the items purchased had a legitimate government use. The vendors that the Marine Corps paid without adequate supporting documentation included Internet vendors, rental car companies, gift stores, and a stereo store. Considering that Camp Lejeune did not have documentation that cardholders and approving officials routinely reconciled or reviewed the monthly statements prior to payment, neither the Marine Corps nor we can determine whether these accounts had been compromised and someone was using them to fraudulently obtain goods or services at the government’s expense. Navy purchase card instructions require cardholders to retain documentation received from the vendor, such as a sales slip or cash register receipt to verify the accuracy of the charges made. The purpose of maintaining this documentation is to provide an audit trail that supports each decision to use the card and any required special approvals. * In December 2000, NAVSEA paid a hotel $12,200 despite the fact that neither the cardholder nor the approving official had any evidence concerning how the hotel arrived at the $12,200 amount. When we questioned the cardholder concerning the charge, he gave us a written statement that the transaction was for the rental of a conference room and audiovisual equipment. The statement also said that he did not authorize the purchase of any food. However, a copy of the bill we obtained from the hotel showed that the Navy paid $8,260 for food. Major Commands Failed to Maintain Accountability for Pilferable Items: [An agency must establish physical control to secure and safeguard vulnerable assets. Examples include security for and limited access to assets such as cash, securities, inventories, and equipment which might be vulnerable to risk of loss or unauthorized use. Such assets should be periodically counted and compared to control records. GAO's Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999)] We found accountable items acquired with purchase cards that were often not recorded in property records of the units we audited. In addition, officials at three of the four major commands could not locate some of the property items included in our statistical samples. While some or all of the items might, in fact, be at the installation, officials could not provide conclusive evidence that they were in the possession of the government. Unrecorded property and items that cannot be located indicate a weak control environment and problems in the property management system. Consistent with GAO’s internal control standards, DOD’s Property, Plant and Equipment Accountability Directive and Manual, which was issued in draft for implementation on January 19, 2000, requires accountable property to be recorded in property records as it is acquired. Accountable property includes items that can be easily pilfered, such as computers and related equipment, and cameras. Entering such items in the property records is an important step to help ensure accountability and financial control over these assets and, along with periodic inventory, to deter theft or improper use of government property. Table 8 contains the results of our review of property management records and inspection of accountable property. Table 8: Accountable Property Items Not Recorded in Property Books: Command/Base: Atlantic Fleet units located in Norfolk; Transactions with property items: 35; Transactions with items not in property book: 15; Transactions with items the command could not demonstrate were in government possession: 12. Command/Base: Pacific Fleet units located in San Diego; Transactions with property items: 42; Transactions with items not in property book: 23; Transactions with items the command could not demonstrate were in government possession: 15. Command/Base: NAVSEA units located in Norfolk; Transactions with property items: 21; Transactions with items not in property book: 14; Transactions with items the command could not demonstrate were in government possession: 8. Command/Base: Marine Corps Base at Camp Lejeune; Transactions with property items: 16; Transactions with items not in property book: 8; Transactions with items the command could not demonstrate were in government possession: 0. Source: GAO analysis of stratified random samples from Navy and Marine Corps purchase card transaction files. [End of table] One example of the Navy’s failure to record pilferable property in property management records involved Atlantic Fleet transactions with a computer vendor, GTSI. On September 30, 2000, the Navy contracted with GTSI to purchase 430 computers, 213 flat panel monitors, and other computer hardware and software using the GSA Multiple Award Schedule pricing. GTSI shipped the computers, monitors, and equipment to the Atlantic Fleet warehouse in November and December 2000, and the Atlantic Fleet paid GTSI about $757,000 for those items in January 2001. While the Atlantic Fleet’s documents concerning these two transactions show that an employee at the warehouse signed as receiving the computers, the Atlantic Fleet did not record the serial numbers of the computers or the monitors, and did not record the computers or monitors in any type of property accountability system. After we contacted GTSI and obtained the serial numbers, we were able to determine that between January 2001 and January 2002, the Atlantic Fleet shipped 243 of the computers and 126 flat panel monitors to land- and seabased Atlantic Fleet users. However, the Atlantic Fleet could not provide us adequate evidence confirming the location of the 187 remaining computers and 87 flat panel monitors. Effectively managing accountable property has long been a problem area, and the use of the purchase card has added further difficulties. With about 25,000 Navy cardholders, the number of people buying accountable property has greatly expanded as the purchase card program has grown. Cardholders are responsible for reporting on the accountable property they buy—so that it can be recorded in the unit’s accountable property books—but they often do not. Change in Navy Property Accountability Policy: As we previously reported, [Footnote 13] on August 1, 2001, the Navy modified its policy concerning pilferable property by changing the definition of what it considered pilferable property. This change in the definition has contributed to the lack of accountability over such property. Unlike the previous policy, which specifically defined pilferable items, the new policy provides commanding officers with latitude in determining what is and what is not pilferable. The new policy defines pilferable to be an item—regardless of cost—that is portable, can be easily converted to personal use, is critical to the activity’s business/mission, and is hard to repair or replace. Citing the “hard to repair or replace” criterion in the new policy, some unit commanders told us they have determined that only desktop and laptop computers would be considered pilferable items. Thus, these units do not maintain accountability over numerous pilferable items, such as digital cameras and personal digital assistants (PDAs), leaving them vulnerable to possible theft, misuse, or transfer to personal use. However, not all unit commanders made this assertion and continued to maintain accountability over items that were considered pilferable under the previous policy. Potentially Fraudulent, Improper, and Abusive or Questionable Transactions: We identified numerous purchases at the installations we audited and through our Navy-wide data mining that were potentially fraudulent, improper, and abusive or questionable. As discussed in appendix II, our work was not designed to identify, and we cannot determine, the extent of potentially fraudulent, improper, and abusive or otherwise questionable transactions. However, considering the control weaknesses identified at each unit audited, it is not surprising that these transactions were not detected or prevented. In addition, the existence of similar improper, and abusive or questionable transactions in our Navy-wide data mining of selected transactions provides additional indications that a weak control environment and ineffective specific controls exist throughout the Navy. In addition, appendix IV contains an update on two fraud investigations involving Navy units based in San Diego that we discussed in our March 2002 testimony. Potentially Fraudulent Purchases: We considered potentially fraudulent purchases to include those made by cardholders that were unauthorized and intended for personal use. Potentially fraudulent purchases can also result from compromised accounts in which a purchase card or account number is stolen and used to make a potentially fraudulent purchase. Potentially fraudulent transactions can also involve vendors charging purchase cards for items that cardholders did not buy. The Navy and the major commands we audited had policies and procedures that were designed to prevent and detect potentially fraudulent purchases. For example, as discussed previously, approving officials are required to review the supporting documentation for each transaction for legality and proper government use of funds. However, our testing showed that these control activities had not been implemented as intended. Although collusion can circumvent what otherwise might be effective internal control activities, a robust system of guidance, internal control activities, and oversight can create a control environment that provides reasonable assurance of preventing or quickly detecting fraud, including collusion. However, in auditing the Navy’s internal control at units assigned to four major commands during fiscal year 2001, we did not find that the processes and activities were operating in a manner that provided such assurance. The Navy does not have an automated system that identifies, captures, and reports key information on potentially fraudulent purchases that have been identified or are being investigated within the purchase card program. In table 9, we identified instances of fraudulent and potentially fraudulent transactions at the commands we audited and by making inquiries with Naval Criminal Investigative Service. All of the purchases that we discuss in this section were included in monthly cardholder statements that were certified and paid by the Navy. Table 9: Examples of Fraudulent and Potentially Fraudulent Navy Purchase Card Transactions: Type of items purchased: Personal items: remote control helicopter items, Internet purchases, highway toll tags, and a dog; Command: Atlantic Fleet; Total: $250,000; Individuals involved: Cardholder. Type of items purchased: Televisions, car batteries, tires, air conditioner parts, and other auto supplies; Command: Atlantic Fleet; Total: $150,000; Individuals involved: Cardholder. Type of items purchased: Electrical and other spare part items; Command: Atlantic Fleet; Total: $89,000; Individuals involved: Cardholders and vendors. Type of items purchased: Personal items purchased at department store; Command: Atlantic Fleet; Total: $40,000; Individuals involved: Cardholder. Type of items purchased: Unidentified Internet purchases; Command: Marine Corps; Total: $15,000; Individuals involved: Compromised account. Type of items purchased: Personal items from Wal-Mart, Sun Coast Videos, New Monde Junior Clothing Store, and Journey’s Shore Store; Command: Marine Corps; Total: $12,200; Individuals involved: Cardholder. Type of items purchased: Power tools; Command: Atlantic Fleet; Total: Between $3,000 and $5,000; Individuals involved: Cardholder. Type of items purchased: Six months worth of long-distance phone calls; Command: Marine Corps; Total: $4,800; Individuals involved: Unauthorized use of card by military serviceman other than cardholder. Type of items purchased: Palm Pilots, color television, camera, and other unauthorized items; Command: Pacific Fleet; Total: $2,500; Individuals involved: Cardholder. Type of items purchased: Cell phone charges and pizza; Command: Atlantic Fleet; Total: $2,000; Individuals involved: Compromised account. Type of items purchased: Internet pornography; Command: Navy-wide; Total: $40; Individuals involved: Compromised accounts. Source: GAO analysis of Naval Criminal Investigative Service files and Navy records. [End of table] The following examples of fraud are illustrative of the cases in table 9: * An approving official’s failure to review a cardholder’s statements promptly contributed to an Atlantic Fleet cardholder making over $250,000 in unauthorized purchases between September 2000 and July 2001. In July 2001, when a command supply official began reviewing the cardholder’s monthly statements, he noticed that over $80,000 of those charges were unsupported. Included in those unsupported charges were numerous transactions with suspicious vendors. After command supply officials asked the cardholder about the unsupported purchases, the cardholder admitted to making thousands of dollars of illegal Internet purchases and illegally purchasing EZ Pass prepaid toll tags, expensive remote control helicopters, and a dog. The Navy decided to prosecute the cardholder, and a court martial is pending. * An approving official’s failure to review a cardholder’s statements and the cardholder’s failure to keep evidence of what was purchased contributed to an Atlantic Fleet cardholder fraudulently using his purchase card from January 2000 through October 2000 to purchase an estimated $150,000 in automotive, building, and home improvement supplies. The cardholder sold some of the items to generate cash. According to Navy investigators, the cardholder destroyed many of the requisitions, receipts, and purchase logs for the stolen items in an attempt to cover up his actions. In addition, according to Navy criminal investigators, if the monthly purchase card billing statements were properly reviewed, the cardholder’s fraudulent activities would have been exposed. In exchange for pleading guilty to multiple counts of larceny and other criminal violations, the cardholder’s jail time was reduced to 24 months. * An approving official’s failure to adequately review a cardholder’s statements contributed to two Atlantic Fleet cardholders conspiring with at least seven vendors to submit about $89,000 in fictitious and inflated invoices. The cardholders had the vendors ship supply items to an Atlantic Fleet warehouse and the personal items directly to their residences. The cardholders also had vendors inflate the price and/or quantity of items purchased. According to Navy investigators, the cardholders would sell, use, and barter the illegally obtained items, while the vendor sales representatives received inflated sales commissions and an estimated $3,000 to $5,000 in Navy property that was given to them as bribes. One vendor sales representative who admitted to conspiring to supply false invoices said that he could not get sufficient business until he altered the invoices like the other vendors. According to the caller who informed NCIS of the illegal activity, it was common knowledge that the cardholders were getting kickbacks because of their positions as Navy buyers. Based on the results of the NCIS investigations, one of the cardholders received 24-months confinement and a bad conduct discharge while the other received a 60-day restriction and reduction in rank. In another case of potential fraud, we found that in March 1999 the Navy inappropriately issued five government purchase cards to individuals who did not work for the government. The individuals who received the Navy purchase cards worked for a consulting company that occasionally provided services to the Navy. NAVSUP Instruction 4200.94 limits the Navy purchase card to authorized government personnel in support of official government purchases. Between March 1999 and November 2001 these individuals used the Navy purchase cards to make purchases totaling about $230,000 with vendors including airlines, hotels, rental car companies, gas stations, restaurants, a florist, and golf courses. We discovered these charges in November 2001 as part of our data mining for suspicious transactions at the Pacific Fleet. Within a week of our inquiries to the Pacific Fleet concerning the charges on these accounts, the Pacific Fleet agency program coordinator instructed Citibank to (1) immediately deactivate the accounts and (2) close the accounts once the balances were paid. While the consulting company ultimately paid Citibank for all charges made with those cards, the consulting company was 30 days past due on the account 28 times during the 38 months that the accounts were open. Further, the Navy was contractually liable for all purchases made with the cards and would have been responsible for payment if the consulting company had failed to pay. The risk to the Navy was real because, when the Navy had Citibank deactivate the accounts in November, the company, which still owed $8,600, threatened to withhold payment unless the Navy reopened the accounts. In addition, the consulting company contacted Citibank directly and tried to assume control of the accounts by claiming the company had “spun off from the Navy.” While the consulting company did eventually pay Citibank, it was not until March 2002—4 months after the accounts were deactivated. Our Office of Special Investigations researched some of the charges and found that, by using a Navy purchase card, the consulting company avoided paying state sales taxes and obtained discounts at airlines and hotels that are typically offered only to the federal government. The airline discounts are particularly advantageous because airlines offer the federal government significantly discounted tickets that are not encumbered with the penalties and limitations that are imposed upon private sector companies and the general public. Finally, Citibank does not post an interest charge on past due accounts. Thus, by using the Navy purchase card, the company avoided paying interest on the past due accounts. Based on the results of our work, we referred this case to the Naval Criminal Investigative Service for further investigation. Navy’s Fraud Database Does Not Include Key Data: We attempted to obtain examples of other potentially fraudulent activity in the Navy purchase card program from NCIS in Washington, D.C. NCIS investigators acknowledged that they have investigated a number of purchase card fraud cases; however, their investigation database does not permit a breakdown of fraud cases by type, such as purchase cards. Purchase card program officials and NCIS officials said that they had no information on the total number of purchase card fraud investigation cases throughout the Navy that had been completed or were ongoing. Based on our identification of a number of fraudulent and potentially fraudulent cases at the installations that we audited, we believe that the number of cases involving fraudulent and potentially fraudulent transactions could be significant. Without such data, the Navy does not know the significance, in numbers or dollar amounts, of fraud cases that have been or are being investigated and is hampered in taking corrective actions to prevent such cases in the future. Improper Purchases and Transactions: Our audit work at the four commands and our Navy-wide data mining identified numerous examples of improper transactions. Improper transactions are those purchases that, although approved by the Navy officials and intended for government use, are not permitted by law, regulation, or DOD policy. We identified the following three types of improper purchases. * Purchases that do not serve an authorized government purpose. * Split purchases, in which the cardholder circumvents cardholder single-purchase limits. The Federal Acquisition Regulation guidelines prohibit splitting purchase requirements into more than one transaction to avoid the need to obtain competition on purchases over the $2,500 micropurchase threshold. Cardholders also split purchases to circumvent higher single-transaction limits for payments on contracts exceeding the micropurchase threshold. * Purchases from improper sources as previously discussed. Various federal laws and regulations require procurement officials to acquire certain products from designated sources such as JWOD vendors. The JWOD program is a mandatory source of supply for all federal entities. It generates jobs and training for Americans who are blind or have other severe disabilities, requiring federal agencies to purchase supplies and services furnished by nonprofit agencies—such as the National Industries for the Blind and the National Industries for the Severely Handicapped—who employ such individuals. The improper transactions that resulted from purchasing items from nonstatutory sources were previously discussed in the section on adherence with control procedures. We believe that if the Navy better monitored the vendors with which its cardholders conducted business, the Navy could minimize its number of improper purchases. Such monitoring could also provide the Navy the opportunity to leverage its purchase volume and negotiate discounts with frequently used vendors. Purchases That Do Not Serve an Authorized Government Purpose: We found several instances in which cardholders purchased goods, such as clothing, that were not authorized by law or regulation. The Federal Acquisition Regulation, 48 C.F.R. 13.301(a), provides that the governmentwide commercial purchase card may be used only for purchases that are otherwise authorized by law or regulations. Therefore, a procurement using the purchase card is lawful only if it would be lawful using conventional procurement methods. Under 31 U.S.C. 1301(a), “[a]ppropriations shall be applied only to the objects for which the appropriations were made…” In the absence of specific statutory authority, appropriated funds may only be used to purchase items for official purposes, and may not be used to acquire items for the personal benefit of a government employee. Improper transactions, as shown in table 10, were identified as part of our review of fiscal year 2001 transactions and related activity at the four commands and as part of our Navy-wide data mining of transactions with questionable vendors. Table 10: Examples of Improper Purchases: Description of items: Clothing, Gore-tex jackets, and other clothing; Vendor: Cabellas. Description of items: Clothing, Civilian clothes for military personnel; Vendor: Nordstrom and Hecht’s. Description of items: Clothing, Flight jacket; Vendor: San Diego Leather. Description of items: Clothing, Polo shirts; Vendor: Islander Hardware and Sporting Goods. Description of items: Meals/Food, Meals and light refreshments for training events; Vendor: Hotels, catering services. Description of items: Meals/Food, Personal meals; Vendor: Local restaurants. Description of items: Meals/Food, Coffeemakers; Vendor: Service Merchandise. Description of items: Other, Cell phone time charges; Vendor: Various vendors. Description of items: Other, Sales taxes; Vendor: Various vendors. Description of items: Other, Radio/stereos; Vendor: Bose. Description of items: Other, Personal travel luggage; Vendor: California Luggage. Description of items: Other, Lodging; Vendor: Various hotels. Description of items: Other, Rental cars; Vendor: Various rental car companies. Source: GAO analysis of Navy purchase card transactions. [End of table] The following examples of improper transactions are illustrative of the type of cases included in table 10. * We identified a Pacific Fleet cardholder who used the purchase card in January 2001 to buy a $199 leather flight jacket as a personal gift for an official visitor. Secretary of the Navy (SECNAV) Instruction 7042.7J specifically identifies flight jackets as a prohibited personal gift to a visitor. In November 2001, when we questioned the deputy commander concerning the flight jacket, he told us that the purpose of the gift was to recognize the individual’s contributions to the Navy’s San Diego installations. The deputy commander subsequently told us that the personnel involved with the gift were counseled, and that he, the deputy commander, had reimbursed the Navy for the jacket in January 2002. * We identified purchases of clothing by NAVSEA that should not have been purchased with appropriated funds. Generally, agencies may not use appropriated funds to purchase clothing for civilian employees. One exception is 5 U.S.C. 7903, which authorizes agencies to purchase protective clothing for employee use if the agency can show that (1) the item is special and not part of the ordinary furnishings that an employee is expected to supply, (2) the item is essential for the safe and successful accomplishment of the agency’s mission, not solely for the employee’s protection, and (3) the employee is engaged in hazardous duty. Further, according to a Comptroller General decision dated March 6, 1984, [Footnote 14] clothing purchased pursuant to this statute is property of the U.S. government and must only be used for official government business. Thus, clothing purchases, except for rare circumstances in which the purchase meets stringent requirements, is usually considered a personal item for which appropriated funds should not be used. In one transaction, a NAVSEA cardholder purchased polo shirts and other gifts for a “Bring-Your-Child-to-Work Day” at a total cost of about $1,600. * In another example of clothing for personal use from our Navy-wide data mining, several charges for amounts from $70 to $230 were identified at Hecht’s and Nordstrom. We were informed that these were for purchases of civilian clothes—slacks, shirts, and suits—for enlisted personnel who were serving in an official capacity as assistants to admirals and general officers, and to wear when playing in a jazz band. The Director, Purchase Card Unit, Defense Contracting Command Washington, informed us that this appears to be a fairly widespread practice. Clothing needs of military personnel are covered by the clothing allowances that they receive. * As part of our data mining of Navy-wide purchase card transactions, we identified two purchases in which cardholders purchased Bose headsets at $300 each. The headsets were for personal use—listening to music— while taking commercial flights and, therefore, should not have been purchased with the Navy purchase card. * At NAVSEA, we identified charges to hotels in Newport News and Portsmouth, Virginia, totaling about $8,000 for locally based NAVSEA employees to attend meetings at which they were inappropriately provided meals and refreshments at the government’s expense. The cardholders told us that they authorized the hotels to bill for audiovisual equipment and conference room rental. The cardholders said the hotel was not authorized to bill for food. However, despite the cardholders’ assertion, the detailed bills showed that the hotels charged NAVSEA about $7,000 for meals including breakfasts, lunches, and snacks. Pursuant to 31 U.S.C. 1301(a), "[a]ppropriations shall be applied only to the objects for which the appropriations were made .. ." In the absence of specific statutory authority, appropriated funds may only be used to purchase items for official purposes, and may not be used to acquire items for the personal benefit of a government employee. For example, without statutory authority, appropriated funds may not be used to furnish meals or refreshments to employees within their normal duty stations. [Footnote 15] Free food and other refreshments normally cannot be justified as a necessary expense of an agency's appropriation because these items are considered personal expenses that federal employees should pay for from their own salaries. [Footnote 16] * Three of the four commands audited paid improper and abusive phone charges. For example in June 2001, the Atlantic Fleet paid $1,175 for monthly service charges for 22 phones. We determined that some cell phone calls were long distance toll calls that were not for legitimate government business. The Navy’s and Atlantic Fleet’s command level procedures prohibit the use of cell phones for other than officially approved uses. In addition, even though Atlantic Fleet guidance requires subordinate units to verify monthly cell phone usage, the units were not reviewing the monthly bills as required. Our audit of the calls made using the cell phones determined that some were to personal residences—not military facilities or merchants supplying goods and services to the Navy. In addition, we found wasteful charges for cell phones. For example, the Navy paid for 13 months of service at $15 per month for a cell phone that had been returned to the vendor. It was not until we inquired about the lack of use on the phone that the Navy realized it was paying for a phone that had been returned over 1 year earlier. Split Purchases: Another category of improper transaction is a split purchase, which occurs when a cardholder splits a transaction into segments to avoid the requirement to obtain competition for purchases over the $2,500 micropurchase threshold or to avoid other established credit limits. The Federal Acquisition Regulation prohibits splitting a purchase into more than one transaction to avoid the requirement to obtain competition for purchases over the $2,500 micropurchase threshold. Navy purchase card instructions also prohibit splitting purchases to avoid other established credit limits. Once items exceed the $2,500 threshold, they are to be purchased through a contract in accordance with simplified acquisition procedures that are more stringent than those for micropurchases. Our analysis of data on purchases at the four major commands we audited and our data mining efforts identified numerous occurrences of potential split purchases. In addition, internal auditors at all four commands that we audited identified split purchases as a continuing problem. In some of these instances, the cardholder’s purchases exceeded the $2,500 limit, and the cardholder split the purchase into 2 or more transactions of $2,500 or less. For example, a Camp Lejeune cardholder made 8 transactions totaling about $17,000 on 1 day to purchase combat boots. In addition, a NAVSEA cardholder made 14 purchases totaling over $30,000 in 1 day from an electronic supply store. All the commands that we audited said that cardholders splitting purchases to circumvent the micropurchase threshold was a problem. As we previously reported, by circumventing the competitive requirements of the simplified acquisition procedures, the commands may not be getting the best prices possible for the government. For the Navy to reduce split transactions, it will need to monitor the vendors with whom cardholders are conducting business. Better Management of Transactions with Frequently Used Vendors Could Result in Additional Savings: The Navy has not proactively managed the purchase card program to identify opportunities for savings. Purchase card sales volume has grown significantly over the last few years with the Navy now using the purchase card to procure nearly $2 billion a year in goods and services. We believe that the Navy could better leverage its volume of purchases and negotiate discounts with frequently used vendors. For example, during fiscal year 2001, the Navy paid over $1 million each to 122 different vendors using the purchase card. In total during fiscal year 2001, the Navy paid those 122 vendors about $330 million. However, the Deputy Director of the Navy eBusiness Operations Office told us that, despite this heavy sales volume, the Navy had not negotiated reduced-price contracts with any of the vendors. As previously stated, one of the benefits of using purchase cards versus traditional contracting and payment processes is lower transaction processing costs and less red tape for both the government and the vendor. Through increased analysis of purchase card procurement patterns, the Navy has the opportunity to leverage its high volume of purchases and achieve additional savings from vendors by negotiating volume discounts similar to those the General Service Administration (GSA) has negotiated in its Multiple Award Schedule program. Under GSA’s Multiple Award Schedule, participating vendors agree to sell their products at preferred customer prices to all government purchasing agents. According to the Deputy Director of the Navy’s eBusiness Operations Office, 74 of the 122 vendors with which the Navy spent more than $1 million using the purchase card during fiscal year 2001 did not participate in the Multiple Award Schedule program. In addition, for 48 of the vendors with which Navy spent more than $1 million and that did participate in the Multiple Award Schedule, the opportunity existed for the Navy to negotiate additional savings. GSA encourages agencies to enter into blanket purchase agreements (BPAs) and negotiate additional discounts with Multiple Award Schedule vendors from which they make recurring purchases. By analyzing Navy-wide cardholder buying patterns, the Navy should be able to achieve additional savings by identifying vendors and vendor categories for which it uses the purchase card for significant amounts of money and negotiate discounts with them. For example, during fiscal year 2001, the Navy spent about $65 million with 5 national computer vendors (Dell, Gateway, CDW Computer Centers, Micro Warehouse, and GTSI), $22 million with 3 office supply companies (Corporate Express, Staples, and Office Depot), and $9 million with 2 national home improvement stores (Home Depot and Lowe’s). While 8 of these 10 vendors participate in GSA’s Multiple Award Schedule program, the Navy could not tell us whether its purchases from these vendors were made using that program’s preferred price schedules. Further, considering the Navy’s volume of purchases, it is reasonable to assume that it could negotiate additional savings with these and other vendors if it used historical purchase card sales data as a bargaining tool. Abusive and Questionable Purchases: We identified numerous examples of abusive and questionable transactions at each of the four installations we audited. We defined abusive transactions as those that were authorized, but in which the items were purchased at an excessive cost (e.g., “gold plated”) or for a questionable government need, or both. Abuse can be viewed when the conduct of a government organization, program, activity, or function falls short of societal expectations of prudent behavior. Often, improper purchases such as those discussed in the previous section are also abusive. Transactions that are both improper and abusive were discussed previously, such as the excessive cell phone charges at the Atlantic Fleet. Questionable transactions are those that appear to be improper or abusive but for which there is insufficient documentation to conclude either. We consider transactions to be questionable when they do not fit within the Navy guidelines on purchases that are acceptable for the purchase card program, and when there is not a reasonable or documented justification to acquire the item purchased. When we examined the support for questionable transactions, we usually did not find evidence of why the Navy or Marine Corps needed the item purchased. Consequently, the cardholder provided an after-the-fact rationale that the item purchased was not improper or abusive. To prevent unnecessary costs, these types of questionable purchases require scrutiny before the purchase, not after. Table 11 identifies examples of both abusive and questionable purchases. Table 11: Examples of Abusive and Questionable Purchases: Description of purchase: Questionable purchases of computer equipment; Where identified: Atlantic Fleet, Pacific Fleet; Total amount: $613,000. Description of purchase: High-cost flat panel computer monitors; Where identified: Atlantic Fleet, Pacific Fleet, and NAVSEA; Total amount: $185,000. Description of purchase: Designer leather products from the Coach Store, Dooney and Bourke, and Franklin Covey, and others; Where identified: Atlantic Fleet, Pacific Fleet, NAVSEA, Marine Corps, and Navy-wide data mining; Total amount: $163,000. Description of purchase: Unknown goods from electronic retailers, Internet sites, gift stores, department stores, and home improvement stores; Where identified: Pacific Fleet, NAVSEA, Marine Corps; Total amount: $111,000. Description of purchase: Meals, beer, and refreshments; Where identified: Atlantic Fleet, Pacific Fleet, NAVSEA, Navy-wide data mining; Total amount: $43,000. Description of purchase: Palm Pilots without documented need; Where identified: Atlantic Fleet, Pacific Fleet; Total amount: $41,000. Description of purchase: Audiovisual equipment from Bose, Bang and Olufsen, and others; Where identified: Atlantic Fleet, Pacific Fleet, Navy-wide data mining; Total amount: $28,000. Description of purchase: Expenses at casinos; Where identified: Navy-wide data mining; Total amount: $4,200. Description of purchase: China, and accessories for commanding officers; Where identified: Pacific Fleet, Navy-wide data mining; Total amount: $3,900. Description of purchase: Bose clock radios; Where identified: Navy-wide data mining; Total amount: $2,400. Description of purchase: Oakley sunglasses; Where identified: Marine Corps; Total amount: $220. Source: GAO analysis of Navy purchase card transactions. [End of table] The following include details of some of the abusive and questionable purchases in table 11. * Computer and related equipment exceeding documented need— The Navy used the purchase card to acquire computer and computer-related items far in advance of its needs. Considering that computer prices decrease over time while their capabilities improve, warehousing computers and related items is an especially ineffective use of government funds. Despite this time, price, and capability relationship, we found in our statistical sample that the Atlantic Fleet, Pacific Fleet, and NAVSEA purchased computers, monitors, and printers that often remained unused for more than 12 months. For example, the computers purchased by the Atlantic Fleet in September 2000 that were discussed in the section on pilferable property had Pentium III microprocessors. By the time the Atlantic Fleet issued some of those computers in January 2002, the manufacturer was selling computers with Pentium IV microprocessors at a cost of less than what the Atlantic Fleet paid for the Pentium IIIs. Further, our statistical sample at the Atlantic Fleet identified 22 other computers that the Navy purchased in April 2001 that, as shown in figure 4, were unused and still in their original boxes in June 2002. Similarly, we found two $3,500 laser printers purchased in September 2000 that were selected in our statistical sample of Pacific Fleet transactions still in their original boxes at a Pacific Fleet warehouse in January 2002. Figure 4: Computers Purchased by the Atlantic Fleet in April 2001 That Remained Unused as of June 21, 2002: [See PDF for image - photograph] We have previously identified DOD’s inventory management as an area at high risk for fraud, waste, and abuse. In our report on DOD major management challenges and program risk [Footnote 17] we stated that because of its unreliable inventory management systems managers may request funds to obtain additional items that were on hand. Our review of fiscal year 2001 Atlantic Fleet transactions found that despite having these unopened items, the unit had in fact purchased additional computers after September 2000 and the Pacific Fleet purchased laser printers after June 2001. * Designer leather goods—In September and October 2000, NAVSEA made two separate transactions totaling nearly $1,800 to obtain designer leather folios and PDA holders costing up to $300 each made by Coach and Dooney and Bourke. Two of the folios were given as gifts to a visiting officer in the Australian Navy, while other designer items were personal preferences of the cardholders and requesting individuals. * Flat panel monitors—Our statistical sample selected transactions containing 243 flat panel monitors purchased by the Atlantic Fleet, Pacific Fleet, and NAVSEA. The cost of the monitors selected in our sample ranged from $550 to $2,200. Conversely, the 17-inch standard monitors selected in the sample cost about $200. As we have reported in the past, we believe the purchase of flat panel monitors—particularly those that cost far in excess of standard monitors—to be abusive and not an effective use of government funds in the absence of a documented need based on technical, space, or other considerations. Further, in our statistical sample, we found that some of the flat panel monitors that the Atlantic Fleet purchased were placed in a warehouse and not issued for more than a year after the Navy took possession. Warehousing flat panel monitors is especially inefficient because, like computers, as time passes the price of flat panel monitors decreases and technology increases. The flat panel monitors that we found still in the box cost the Navy $709 each. As of June 2002, the GSA price for the same flat panel monitors was about $480. * Personal digital assistants—We found that the Atlantic Fleet and Pacific Fleet purchased PDAs for staff without documenting why the staff needed them to perform their official duties. In one instance, the Atlantic Fleet purchased 90 PDAs for $32,500 in October 2000 without any documented justification of need. As of June 1, 2002, 14 of the 90 PDAs had not been issued and were still in inventory. Further, the competitive bid price worksheet showed that the Navy did not accept the lowest bid for the PDAs. According to the competitive bid worksheet, the Atlantic Fleet received three bids for the PDAs that ranged from a low of $30,400 to a high of $32,850. The Atlantic Fleet accepted the middle bid of $32,500. Federal Acquisition Regulation allows purchasing agents to reject lower bids if the purchasing agent determines that the items being delivered do not conform to the applicable specifications, or if the vendors cannot deliver the goods or services within the specified time requirements. We saw no evidence that quality or timeliness were a factor in selecting the higher priced bid. * Clock radios—As part of our Navy-wide data mining we inquired about a $2,443 transaction with Bose Corporation on September 30, 2000. In response to that inquiry, the Navy command that made the purchase told us that it purchased seven Bose “Wave Radios” costing $349 each. The command justified the purchase by stating that Navy regulations require all visiting office quarters to be supplied with a clock radio. While we do not question the need to supply visiting officer quarters with clock radios, we do question the judgment of purchasing $349 clock radios when there are numerous models of clock radios made by GE, Sony, and Panasonic costing about $15 from GSA. Disciplinary Actions Seldom Taken Against Those Who Misuse Purchase Cards: In our November 30, 2001, report [Footnote 18] and March 13, 2002, testimony [Footnote 19] on the purchase card controls at the Space and Naval Warfare Systems Command (SPAWAR) Systems Center and NPWC, we recommended that action be taken to help provide assurance that cardholders adhere to applicable purchase card laws, regulations, internal control and accounting standards, and policies and procedures. Specifically, we recommended that the Commander, Naval Supply Systems Command, revise NAVSUP Instruction 4200.94 to include specific consequences for noncompliance with purchase card policies and procedures. In response to the November 2001 report, DOD did not concur with that recommendation and stated that existing Navy policy clearly identifies consequences for fraud, abuse, and misuse. On May 29, 2002, the Navy told us that in response to our recommendation, the Assistant Secretary of the Navy for Research, Development and Acquisition issued a Naval Message reiterating compliance; accountability; and consequences of fraud, abuse, and misuse. While we would agree that the issuance of such a message has benefits, we continue to believe that the Navy needs to establish specific consequences for these purchase card problems because existing Navy policy does not identify any specific consequences for failure to follow control requirements. Currently, the Navy has not established specific disciplinary and/or administrative consequences—such as withdrawal of cardholder status, reprimand, suspension from employment for several days, and, if necessary, firing. Unless cardholders and approving officials are held accountable for following key internals controls, the Navy is likely to continue to experience the types of fraudulent, improper, and abusive and questionable transactions identified in our work. As part of this audit, we asked the agency program coordinators at each command that we audited whether any cardholders referred to in this report were disciplined for improper, abusive, or questionable purchases; or if the reduction in the number of cardholders could be attributed to individuals who lost the card because they made improper, abusive, or questionable purchases. However, according to the agency program coordinators, only one of the cardholders referred to in this report lost a card for improper, abusive, or questionable purchases, and no one has received any disciplinary actions for abusing the purchase card. Conclusions: We support the use of a well-controlled purchase card program. It is a valuable tool for streamlining the government’s acquisition processes. However, the Navy program is not well controlled and as a result is vulnerable to fraud, waste, and abuse. The primary cause of the control breakdowns is the lack of adherence to valid policies and procedures. Nonetheless, the control environment at the Navy has improved over the last year. For example, the Navy has reduced the number of cardholders by over 50 percent, from 59,000 to 25,000, thus improving the prospects for effective program management. However, further actions are needed to achieve an effective control environment. For example, leadership by major command and unit management and a strong system of accountability must be established for effective program control. Strengthening the control environment will require a commitment by the Navy to build a robust purchase card control infrastructure. Recommendations for Executive Action: In our November 30, 2001, report on control weaknesses at two units in San Diego, we made 29 recommendations to improve management of the purchase card program primarily at the two locations audited. Based on the broader scope of our current work we are making the following additional recommendations to strengthen the overall control environment and improve internal controls for the Navy’s purchase card program. Overall Program Management and Environment: We recommend that the Director of the Department of the Navy eBusiness Operations Office take the following actions. * Direct all agency program coordinators to review the number of cardholders who report to an approving official and make the changes necessary to prevent approving officials from having the responsibility of reviewing more cardholders than allowed by Navy and DOD policies. * Establish a database that maintains information on all purchase card training taken by cardholders, approving officials, and agency program coordinators. Require that agency program coordinators update that database whenever these purchase card program officials take training. * Establish specific training courses for cardholders, approving officials, and agency program coordinators tailored to the specific responsibilities associated with each of those roles. * Direct agency program coordinators to review an approving official’s overall workload and determine whether the approving official has the time necessary to perform the required review functions. * Establish job descriptions that identify responsibility and performance standards for cardholders, approving officials, and agency program coordinators. * Link the cardholders’, approving officials’, and agency program coordinators’ performance appraisals to achieving their performance standards. * Work with the Naval Audit Service and Command Evaluation staff to begin periodic audits of the purchase card program to provide Navy management—at the command and unit level—an independent assessment of the control environment and whether the agency program coordinators, approving officials, and cardholders are adhering to control procedures. * Identify vendors with which the Navy or Marine Corps uses purchase cards to make frequent purchases, evaluate Navy purchasing practices with those vendors, and forward the results of that evaluation to the Assistant Secretary of the Navy for Research, Development and Acquisition to contract with them, when applicable, to optimize Navy purchasing power. We recommend that the Secretary of the Navy modify the definition of “Pilferable Personal Property” in SECNAV Instruction 7320.10 dated August 1, 2001, by eliminating the requirement that a portable item easily converted to personal use also be difficult to repair or replace, and specifically identify items such as computers, cameras, personal digital assistants, and audiovisual equipment as meeting the definition of being pilferable and thus accountable. Specific Internal Control Activities: We recommend that the Director of the Department of the Navy eBusiness Operations Office modify NAVSUP Instruction 4200.94 to provide cardholders, approving officials, and agency program coordinators detailed instructions on the following specific control activities: * timely and independent receiving and acceptance of items obtained with a purchase card and documenting the results of that process; * screening purchases for their availability from required vendors and documenting the results of the screening; * promptly reconciling of the monthly purchase card statements to supporting documentation and documenting the results of that reconciliation; * promptly reviewing of a cardholder purchase card statement by the approving official prior to certifying the statement for payment and documenting the results of that review, and; * prompt cardholder notification to property accountability officer of the pilferable property obtained with the purchase card, and approving official responsibility for monitoring that the pilferable property has been recorded in the accountability records. Potentially Fraudulent, Improper, and Abusive or Questionable Purchases: We recommend that the Director, Department of Navy eBusiness Operations Office take the following actions. * Modify NAVSUP Instruction 4200.94 to require cardholders to maintain documented justification and advanced approval of purchases that fall outside the normal procurements of the cardholder in terms of either dollar amount or type of purchase. * Establish a Navy-wide database of known purchase card fraud cases by type of fraud that can be used to identify deficiencies in existing internal control and to develop and implement additional control activities, if warranted or justified. * Establish a Navy-wide data mining, analysis, and investigation function to supplement other oversight activities. This function should include providing oversight results and alerts to major commands and installations when warranted. * Modify NAVSUP Instruction 4200.94 to include a schedule of disciplinary actions as a guide for taking actions against cardholders who make improper or abusive acquisitions with the purchase card. We also recommend that the Under Secretary of Defense (Comptroller) direct the Charge Card Task Force to assess the above recommendations and to the extent applicable, incorporate them into its future recommendations to improve purchase card policies and procedures throughout DOD. Agency Comments and Our Evaluation: In written comments on a draft of this report, which are reprinted in appendixes VI and VII, DOD concurred with 16 of our 19 recommendations. DOD partially concurred with the remaining 3 recommendations dealing with (1) linking the performance appraisals of purchase card officials to achieving performance standards, (2) maintaining accountability over pilferable property, and (3) establishing a schedule of disciplinary actions that will be taken against cardholders who make improper or abusive acquisitions. However, the actions that DOD plans to take on these 3 recommendations appear to address their most significant aspects. Concerning linking staff performance to purchase card performance standards, DOD responded that the Department of Navy eBusiness Operations Office will work with the Navy Human Resources Office to determine the need, legality, and feasibility of adding cardholder, approving official, and agency program coordinator performance standards to performance appraisals. Such measures are an important aspect of the purchase card program and are responsive to our recommendation. We encourage the Navy eBusiness Operations Office to work expeditiously with the Navy Human Resources Office to develop performance standards that make carrying out this fiduciary responsibility a matter to be considered in assessing staff. Regarding property more susceptible to theft, DOD stated that Navy would modify its definition of pilferable property to be the same as the DOD definition of pilferable property. By adopting the DOD definition, the Navy will remove the requirement that the item be “hard to repair or replace” from its definition of pilferable property. DOD did not, however, agree with the aspect of our recommendation that it provide commanders examples of items considered pilferable. DOD stated that a listing of specific pilferable items would require continual update and vigilance, and prove ultimately to be subjective and unscientific. We agree that a listing of specific pilferable items would require periodic updating. That was not the intent of our recommendation. Instead, we believe that providing commanders examples of types of pilferable property that can be easily removed from Navy facilities and have immediate use outside the Navy, would help ensure that items such as camera equipment and laptop computers are consistently included in accountable records. Concerning our recommendation to establish a schedule of disciplinary actions that will be taken against cardholders who abuse their purchase card privileges, DOD stated that the department has already taken actions to deal with improper and abusive uses of purchase cards, and that the Navy’s eBusiness Operations Office will examine whether actions that have already been taken are appropriate. However, DOD also stated that to the extent the recommendation contemplates the prescription of mandatory disciplinary or other actions, it is objectionable. DOD stated that disciplinary and other actions in response to improper and abusive purchase card use are properly addressed as matters of command and supervisory discretion. We never contemplated that the schedule would prescribe mandatory actions. Rather, we intended the schedule to be a guide of disciplinary actions to be taken against cardholders. It would also serve as an important internal control feature that clearly identified the consequences associated with improper and abusive purchase card use and would serve as a deterrent to such abuse. Further, the schedule of disciplinary actions could include a range of actions that would be appropriate for various types of purchase card misuse. Commanders and supervisors would still maintain their discretion to select the specific disciplinary action, if any, depending on the circumstances of individual cases. To eliminate any confusion concerning the intent of our recommendation, we made a slight modification to the text of the recommendation. As agreed with your offices, unless you announce the contents of this report earlier, we will not distribute this report until 30 days from its date. At that time, we will send copies to interested congressional committees; the Secretary of Defense; the Under Secretary of Defense for Acquisition, Technology, and Logistics; the Under Secretary of Defense, Comptroller; the Secretary of the Navy; the Assistant Secretary of the Navy for Research, Development and Acquisition; the Director of the Defense Finance and Accounting Service; and the Director of the Office of Management and Budget. We will make copies available to others upon request. In addition, the report will be available at no charge on the GAO web site at [hyperlink, http://www.gao.gov]. Please contact Gregory D. Kutz at (202) 512-9505 or kutzg@gao.gov, John Ryan at (202) 512-9587 or ryanj@gao.gov, or John Kelly at (202) 512-6926 or kellyj@gao.gov if you or your staffs have any questions concerning this report. Major contributors to this report are acknowledged in appendix VIII. Singed by: Gregory D. Kutz: Director: Financial Management and Assurance: Signed by: Ronald D. Malfi: Director: Office of Special Investigations: [End of section] Appendix I: Background: The Navy’s purchase card program is part of the Governmentwide Commercial Purchase Card Program, which was established to streamline federal agency acquisition processes by providing a low-cost, efficient vehicle for obtaining goods and services directly from vendors. According to the General Services Administration (GSA), the Department of Defense (DOD) reported that during fiscal year 2001 it used purchase cards for more than 10.7 million transactions, valued at $6.1 billion. The Navy’s reported purchase card activity—MasterCards issued to civilian and military personnel—totaled about 2.8 million transactions, valued at $1.8 billion, during fiscal year 2001. This represented nearly 30 percent of DOD’s purchase card activity for fiscal year 2001. According to unaudited fiscal year 2001 purchase card data, four commands included in our current audit—Atlantic Fleet, Pacific Fleet, Naval Sea Systems Command, and the Marine Corps—made about $173 million, $137 million, $268 million, and $224 million, respectively, in purchase card acquisitions. In addition, according to unaudited fiscal year 2001 purchase card data for the two commands included in our March 2002 testimony, the Naval Facilities Engineering Command (Public Works Center) and Space and Naval Warfare Systems Command made about $117 million and $85 million in purchase card acquisitions respectively. See table 12 for further detail on fiscal year 2001 purchase card spending. Table 12: Number and Value of Transactions in Fiscal Year 2001: Navy major command: Atlantic Fleet; Number of transactions (in thousands): 307; Cost of transactions (in millions): $173; Percent of Navy purchase card costs: 10. Navy major command: Pacific Fleet; Number of transactions (in thousands): 227; Cost of transactions (in millions): $137; Percent of Navy purchase card costs: 8. Navy major command: Naval Sea Systems Command; Number of transactions (in thousands): 319; Cost of transactions (in millions): $268; Percent of Navy purchase card costs: 15. Navy major command: Marine Corps; Number of transactions (in thousands): 380; Cost of transactions (in millions): $224; Percent of Navy purchase card costs: 12. Navy major command: Naval Facilities Engineering Command; Number of transactions (in thousands): 224; Cost of transactions (in millions): $117; Percent of Navy purchase card costs: 6. Navy major command: Space and Naval Warfare Systems Command; Number of transactions (in thousands): 114; Cost of transactions (in millions): $85; Percent of Navy purchase card costs: 5. Navy major command: Other major commands; Number of transactions (in thousands): 1,255; Cost of transactions (in millions): $804; Percent of Navy purchase card costs: 44. Navy major command: Total; Number of transactions (in thousands): 2,826; Cost of transactions (in millions): $1,808; Percent of Navy purchase card costs: 100. Source : GAO analysis of Navy purchase card program data. [End of table] Because the four commands have cardholders located throughout the world, we limited our testing of the transactions made by the units of those commands to cardholders located in specific geographical areas, and used a case study approach to evaluate each command’s local purchase card program. According to unaudited fiscal year 2001 purchase card data, Pacific Fleet cardholders in San Diego made about $35 million in purchase card acquisitions; Atlantic Fleet cardholders located in the Norfolk area made about $48 million in purchase card acquisitions; Naval Sea Systems Command cardholders in the Norfolk area made about $49 million in purchase card acquisitions; and Marine Corps cardholders at Camp Lejeune made about $36 million in purchase card acquisitions. The Pacific Fleet, Atlantic Fleet, and the Marine Corps are warfighting units, while the Naval Sea Systems Command is a support command. The Pacific Fleet is responsible for providing trained and combat-ready naval forces to the Commander-in-Chief U.S. Pacific Command. Its headquarters is in Honolulu, and its lower echelon commands are located in Honolulu and San Diego. The Atlantic Fleet provides trained, combat-ready forces to support the United States and the North Atlantic Treaty Organization (NATO) commanders in regions of conflict. Its headquarters and lower echelon commands are located in Norfolk. The Naval Sea Systems Command is responsible for providing the Navy operationally superior and affordable ships, systems, and ordnance. NAVSEA is headquartered in Washington, D.C., and has major shipbuilding and repair facilities on both the East and West Coasts including Norfolk. The Marine Corps is responsible for providing a highly flexible, combat-ready force in a high state of readiness, prepared to support the military’s strategy. The Marine Corps has bases located throughout the United States, including Camp Lejeune. Governmentwide Purchase Card Program Guidelines: The purchase card can be used for both micropurchases and payment of other purchases. Although most cardholders have limits of $2,500, some have limits of $25,000 or higher. The Federal Acquisition Regulation, Part 13, “Simplified Acquisition Procedures,” establishes criteria for using purchase cards to place orders and make payments. DOD and the Navy have supplements to this regulation that contain sections on simplified acquisition procedures. U.S. Treasury regulations govern purchase card payment certification processing and disbursements. DOD’s Purchase Card Joint Program Management Office, which is in the Office of the Assistant Secretary of the Army for Acquisition Logistics and Technology, has issued departmentwide guidance related to the use of purchase cards. However, each service has its own policies and procedures governing the purchase card program. Navy Purchase Card Acquisition and Payment Processes: The Naval Supply Systems Command (NAVSUP) is responsible for the overall management of the Navy’s purchase card program, and has published NAVSUP Instruction 4200.94, Department of the Navy Policies and Procedures for Implementing the Governmentwide Purchase Card Program. Under the NAVSUP instruction, each Navy command’s head contracting officer authorizes agency purchase card program coordinators in local Navy units to obtain purchase cards and establish credit limits. The program coordinators are responsible for administering the purchase card program within their designated span of control and serve as the communication link between Navy units and the purchase card issuing bank. The other key personnel in the purchase card program are the approving officials and the cardholders. Figure 5 illustrates the standard process in which the Navy purchase card is used to acquire goods and services and certify the monthly bill for payment. Figure 5: Navy Purchase Card Process Approving Officials: [See PDF for image] This figure is a flow chart, depicting the following data: * Purchase cardholder orders/charges goods and services; items picked up, and/or, vendor ships items; * Independent documentation that items have been received and accepted; - Pilferable items are recorded in accountable property records; * Monthly purchase card statements are received from bank; * Cardholder reconciles underlying receipts/sales slips to monthly purchase card statements, identifies any invalid charges, and prepares dispute forms; - Cardholder logs items not received and follows up to (1) confirm receipt or (2) dispute the charge; * Approving official reviews cardholder support, and certifies monthly statements for payment; - DFAS processes purchase card payments to Citibank; * Approving official reviews cardholder support, and certifies monthly statements for payment; - Cardholder or approving official logs disputed charges and sends forms to Citibank for credit; - Citibank reverses disputed charges and credits monthly statement. If operating effectively, the approving official is responsible for ensuring that all purchases made by the cardholders within his or her cognizance are appropriate and that the charges are accurate. The approving official is supposed to resolve all questionable purchases with the cardholder before certifying the bill for payment. In the event an unauthorized purchase is detected, the approving official is supposed to notify the agency program coordinator and other appropriate personnel within the command in accordance with the command procedures. After reviewing the monthly statement, the approving official is to certify the monthly invoice and send it to the Defense Finance and Accounting Service (DFAS) for payment. Cardholders: A purchase cardholder is a Navy employee who has been issued a purchase card. The purchase card bears the cardholder’s name and the account number that has been assigned to the individual. The cardholder is expected to safeguard the purchase card as if it were cash. Designation of Cardholders: When a supervisor requests that a staff member receive a purchase card, the agency program coordinator is to first provide training on purchase card policies and procedures and then establish a credit limit and issue a purchase card to the staff member. Ordering Goods and Services: Purchase cardholders are delegated limited contracting officer ordering responsibilities. As limited contracting officers, purchase cardholders do not negotiate or manage contracts. Rather, cardholders use purchase cards to order goods and services for their units and their customers as well. Cardholders may pick up items ordered directly from the vendor or request that items be shipped directly to an end user (requesters). Upon receipt of purchased items, the cardholder is to record the transaction in his or her purchase log and obtain documented independent confirmation from the end user, the supervisor, or another individual that the items have been received and accepted by the government. The cardholder is also to notify the property book-officer of accountable items received so that these items can be recorded in the accountable property records. Payment Processing: The purchase card payment process begins with receipt of the monthly purchase card billing statements. Section 2784 of title 10, United States Code, requires DOD to issue regulations that ensure that purchase cardholders and each official with authority to authorize expenditures charged to the purchase card reconcile charges with receipts and other supporting documentation before paying the monthly purchase card statement. NAVSUP Instruction 4200.94 states that upon receipt of the individual cardholder statement, the cardholder has 5 days to reconcile the transactions appearing on the statement by verifying their accuracy documentation supporting the transaction and to notify the approving official in writing of any discrepancies in the statement. In addition, under NAVSUP Instruction 4200.94, before the credit card bill is paid, the approving official is responsible for (1) ensuring that all purchases made by the cardholders within his or her cognizance are appropriate and that the charges are accurate and (2) the timely certification of the monthly summary statement for payment by the DFAS. The instruction further states that within 5 days of receipt, the approving official must review and certify for payment the monthly billing statement, which is a summary invoice of all transactions of the cardholders under the approving official’s purview. The approving official is instructed to presume that all transactions on the monthly statements are proper unless notified in writing by the purchase cardholder to the contrary. However, the presumption does not relieve the approving official from reviewing the statements for blatantly improper purchase card transactions and taking the appropriate action prior to certifying the invoice for payment. In addition, the approving official is responsible for forwarding disputed charge forms for submission to Citibank for credit. Under the Navy’s task order, Citibank allows the Navy up to 60 days after the statement date to dispute invalid transactions and request a credit. Upon receipt of the certified monthly purchase card summary statement, a DFAS vendor payment clerk is to (1) review the statement and supporting documents to confirm that the prompt-payment certification form has been properly completed and (2) subject it to automated and manual validations. DFAS effectively serves as a payment processing service and relies on the approving-official certification of the monthly bill as support to make the payment. The DFAS vendor payment system then batches all of the certified purchase card payments for that day and generates a tape for a single payment to Citibank by electronic funds transfer. Figure 5 illustrates the current design of the purchase card payment process for the Navy command units we reviewed. [End of section] Appendix II: Scope and Methodology: We reviewed key purchase card controls for units of four Navy commands. In addition, as you requested, we followed up on (1) the status of the recommendations we made in our November 30, 2001, report, (2) the status of the former commanding officer of SPAWAR Systems Center San Diego, (3) the status of two potential fraud cases that we reported on in the March 2002 testimony, and (4) any other fraud cases we identified as part of this audit. Our review of key purchase card controls for the Atlantic Fleet, Pacific Fleet, NAVSEA, and the Marine Corps covered: * the overall management control environment, including (1) management’s attitude in establishing the needed controls, (2) the numbers of cardholder and approving officials, (3) cardholder and approving official credit limits, (4) training for cardholders and approving officials, [Footnote 20] (5) monitoring and audit of purchase card activity, and (6) effectiveness of purchase card infrastructure; * tests of statistical samples of key controls over purchase card transactions made during the first 11 months of fiscal year 2001 including (1) screening for required vendors, (2) documentation of independent confirmation that items or services paid for with the purchase card were received, (3) proper certification of the monthly purchase card statement for payment, and (4) substantive tests of pilferable property items included in our sample transactions to verify whether they were recorded in an accountable record; * analytical reviews of transactions entered into during the last month of fiscal year 2001; * data mining of the population of fiscal year 2001 transactions to identify potentially fraudulent, improper, and abusive or questionable transactions; [Footnote 21] * analysis and audit work related to invoices and other information obtained from Franklin Covey, from which, based on interviews with cardholders and our review of other transactions, we had reason to believe that the units at the four commands had made improper and abusive or questionable purchases during fiscal year 2001; * analysis of the population of fiscal year 2001 purchase card transactions, for the four command units, to identify purchases that were split into two or more transactions to avoid the micropurchase threshold or other spending limits; and; * analysis of the population of Navy-wide fiscal year 2001 purchase card transactions to determine whether the Navy was effectively managing its purchases with frequently used vendors. In addition, our Office of Special Investigations worked with DOD’s criminal investigative agencies, Citibank, and credit card industry representatives to identify known and potentially fraudulent purchase card cases. Our Office of Special Investigations also investigated potentially fraudulent or abusive purchase card transactions that we identified while analyzing fiscal year 2001 purchase card transactions at the units in the four commands. Because the Navy does not have a database of purchase card fraud cases, we were unable to determine the extent of known fraud cases at either the case study locations or Navy-wide. We used as our primary criteria applicable laws and regulations; our Standards for Internal Control in the Federal Government; [Footnote 22] and our Guide for Evaluating and Testing Controls Over Sensitive Payments. [Footnote 23] To assess the management control environment, we applied the fundamental concepts and standards in the GAO internal control standards to the practices followed by management in the areas reviewed. Statistical Samples of Internal Control Procedures: To test controls, we selected stratified random probability samples from the population of purchase card transactions by cardholders who had mailing addresses at the four locations we visited. All purchase card transactions subjected to sampling occurred during the first 11 months of fiscal year 2001. We performed analytical reviews on the transactions that occurred during the last month of fiscal year 2001. Specifically, we selected 150 transactions of Atlantic Fleet cardholders based in Norfolk from a population of 72,000 transactions totaling $43 million; 166 transactions of Pacific Fleet cardholders based in San Diego from a population of 46,000 transactions totaling $30 million; 158 transactions from Naval Sea Systems Command cardholders based in Norfolk from a population of 46,000 transactions totaling $41 million; and 150 Marine Corps cardholders based in Camp Lejeune from a population of 52,000 transactions totaling $32 million. Within each command we stratified the population of transactions by the dollar value of the transaction and by whether the transaction was likely to be for a purchase of computer-related equipment. With this statistically valid probability sample, each transaction in the population had a nonzero probability of being included, and that probability could be computed for any transaction. Each sample element was subsequently weighted in the analysis to account statistically for all the transactions in the population, including those that were not selected. Table 13 presents our test results on cardholder and approving official training and three key transaction-level controls, and shows the confidence intervals for the estimates for the population of purchase card transactions made by units at the four commands during the first 11 months of fiscal year 2001. Although we projected the results of those samples to the populations of transactions at the respective commands, the results cannot be projected to the population of Navy-wide transactions or commands. Because most of the sampled transactions did not contain pilferable property, we did not project the results of that attribute test to the populations of transactions tested. Table 13: Estimate of 11 Months of Fiscal Year 2001 Transactions That Failed Control Tests: Key purchase card control: Training; Atlantic Fleet, Norfolk, Point estimate: 87%; Atlantic Fleet, Norfolk, Interval[A]: 77% to 94%; Pacific Fleet, San Diego, Point estimate: 73%; Pacific Fleet, San Diego, Interval[A]: 61% to 83%; Naval Sea Systems Command, Norfolk, Point estimate: 80%; Naval Sea Systems Command, Norfolk, Interval[A]: 67% to 89%; Marine Corps, Camp Lejeune, Point estimate: 56%; Marine Corps, Camp Lejeune, Interval[A]: 43% to 68%. Key purchase card control: Independent, documented receipt of items purchased; Atlantic Fleet, Norfolk, Point estimate: 58%; Atlantic Fleet, Norfolk, Interval[A]: 46% to 70%; Pacific Fleet, San Diego, Point estimate: 59%; Pacific Fleet, San Diego, Interval[A]: 48% to 70%; Naval Sea Systems Command, Norfolk, Point estimate: 67%; Naval Sea Systems Command, Norfolk, Interval[A]: 54% to 78%; Marine Corps, Camp Lejeune, Point estimate: 59%; Marine Corps, Camp Lejeune, Interval[A]: 47% to 71%. Key purchase card control: Screening for required vendors; Atlantic Fleet, Norfolk, Point estimate: 88%; Atlantic Fleet, Norfolk, Interval[A]: 78% to 95%; Pacific Fleet, San Diego, Point estimate: 70%; Pacific Fleet, San Diego, Interval[A]: 58% to 80%; Naval Sea Systems Command, Norfolk, Point estimate: 90%; Naval Sea Systems Command, Norfolk, Interval[A]: 79% to 97%; Marine Corps, Camp Lejeune, Point estimate: 89%; Marine Corps, Camp Lejeune, Interval[A]: 78% to 96%. Key purchase card control: Proper certification of purchase card statements for payment; Atlantic Fleet, Norfolk, Point estimate: 98%; Atlantic Fleet, Norfolk, Interval[A]: 89% to 99%; Pacific Fleet, San Diego, Point estimate: 80%; Pacific Fleet, San Diego, Interval[A]: 70% to 88%; Naval Sea Systems Command, Norfolk, Point estimate: 86%; Naval Sea Systems Command, Norfolk, Interval[A]: 75% to 94%; Marine Corps, Camp Lejeune, Point estimate: 94%; Marine Corps, Camp Lejeune, Interval[A]: 86% to 98%. [A] The projections represent point estimates for the populations based on our statistical samples. The intervals are two-sided 95 percent confidence intervals. [End of table] Data Mining: In addition to selecting statistical samples of Pacific Fleet, Atlantic Fleet, Naval Sea Systems Command, and Marine Corps transactions to test specific internal controls, we also made nonrepresentative selections of fiscal year 2001 transactions from these commands and the Navy as a whole. We conducted separate analysis of acquisitions that were potentially fraudulent, improper, and abusive or otherwise questionable. Our data mining for potentially fraudulent, improper, and abusive or questionable transactions was limited in scope. For this review, we scanned the population of transactions at the four commands visited and the overall Navy database for vendors that are likely to sell goods or services (1) on NAVSUP’s list of prohibited items, (2) that are personal items, and (3) that are otherwise questionable. Our expectation was that transactions with certain vendors had a more likely chance of being fraudulent, improper, and abusive or questionable. Because of the large number of transactions that met these criteria we did not look at all potential abuses of the purchase card. Rather, we made nonrepresentative selections of transactions with the vendors that fit these criteria. For example, we reviewed, and in some cases made inquiries, concerning 443 transactions and other related transactions on the same monthly purchase card statement with vendors that sold such items as sporting goods, groceries, luggage, flowers, and clothing. While we identified some potentially fraudulent, improper, and abusive or questionable transactions, our work was not designed to identify, and we cannot determine, the extent of fraudulent, improper, and abusive or questionable transactions. Our data mining also included nonrepresentative selections of acquisitions that these units made during fiscal year 2001 that may have been split into multiple transactions to circumvent either the micropurchase competition requirements or cardholder single-transaction thresholds. We briefed DOD managers (including officials in DOD’s Purchase Card Joint Program Management Office) and Navy managers (including NAVSUP, Pacific Fleet, Atlantic Fleet, Naval Sea Systems Command, and the Marine Corps officials) on the details of our review, including our objectives, scope, and methodology and our findings and conclusions. We received comments from the Director, DOD Purchase Card Joint Program Management Office dated September 16, 2002, and have reprinted those comments in appendix VI. We also received comments from the Under Secretary of Defense (Comptroller) dated September 23, 2002, and have reprinted those comments in appendix VII. We conducted our audit work from November 2001 through July 2002 in accordance with U.S. generally accepted government auditing standards, and we performed our investigative work in accordance with standards prescribed by the President’s Council on Integrity and Efficiency. [End of section] Appendix III: Status of GAO Recommendations to Improve Navy Purchase Card Operations: In our November 30, 2001, report [Footnote 24] we made 29 recommendations to the Navy to address key findings related to the weak management control environment and internal control discussed in our July 30, 2001, testimony. [Footnote 25] In response to our November 2001 report, DOD concurred with 19 recommendations, partially concurred with 7 recommendations, and disagreed with 3 recommendations. On May 29, 2002, the Navy provided us with its assessment of its corrective actions to implement all 29 recommendations. The following chart summarizes (1) those recommendations, (2) the Navy’s representations as to actions taken, and (3) our observations on the status of the recommendations. We noted in many instances the Navy had taken positive steps to improve the purchase card controls; however, given the significant control problems that exist, the Navy will need to diligently monitor the purchase card program to attain and maintain a high level of adherence to the policies and directives. Table 14: Status of Previous GAO Recommendations: Proliferation of Cardholders: The Commanding Officers of the SPAWAR and the Navy Public Works Center San Diego work with the NAVSUP and DOD’s Purchase Card Joint Program Management Office to do the following: GAO recommendation: Establish specific policies and strategies governing the number of purchase cards to be issued with a focus on minimizing the number of cardholders; Status of GAO recommendation, as reported by Navy: The Navy Purchase Card Program Management Office (PCPMO) issued policy as an interim change to NAVSUP Instruction 4200.94 – Navy purchase card Internal Management Controls, establishing guidance for span of control and criteria for issuing card accounts as well as minimum requirements for regular account maintenance by the agency program coordinator. Navy PCPMO issued letters to all activities with accounts outside the recommended span of control directing immediate corrective action be taken. Span of control is being monitored on a continual basis; GAO observation on the status of recommendation: Implemented. However, our current audit work found that operating units are not adhering to the interim policy. GAO recommendation: Develop criteria for identifying employees eligible for the privilege of cardholder status. As part of the effort to develop these criteria, assess the feasibility and cost-benefit of performing credit checks on employees prior to assigning them cardholder responsibilities to ensure that employees authorized to use government purchase cards have demonstrated credit worthiness and financial integrity; Status of GAO recommendation, as reported by Navy: The Navy PCPMO issued policy as an interim change to NAVSUP Instruction 4200.94 – Navy purchase card Internal Management Controls establishing eligibility criteria for issuing card accounts. The issue of credit checks was deferred to DOD; GAO observation on the status of recommendation: Partially implemented. The criterion on eligibility for cardholder’s duties has been developed. However our current audit work found that operating units are not adhering to the interim policy. The issue of credit checks has not been addressed. GAO recommendation: Develop policies and strategies on credit limits provided to cardholders with a focus on minimizing specific cardholder spending authority and minimizing the federal government’s financial exposure; Status of GAO recommendation, as reported by Navy: The Navy PCPMO issued policy as an interim change to NAVSUP Instruction 4200.94 – Navy purchase card Program Internal Management Controls, establishing guidance on creating and maintaining credit limits and reporting guidelines for cardholders and billing officials. Credit limits are being assessed across the Navy and will be addressed through letters to the activities where it appears existing credit limits exceed mission requirements. Credit limits are now a critical element in the revised semiannual review procedures; GAO observation on the status of recommendation: Implemented. However, our current audit work identified operating units that have not successfully implemented the reduction in credit limits to a reasonable amount. Training: The Commander of NAVSUP: GAO recommendation: Confirm that required training has been completed and documented; Status of GAO recommendation, as reported by Navy: The Navy conducted a departmentwide purchase card stand-down that required all program participants to complete the Navy Purchase Card Training Tutorial CD-ROM and provide documentation to the activity program coordinator as well the Navy PCPMO. The account of any program participant (with the exception of deployed personnel) who did not complete the training was canceled and will not be reinstated until documentation is presented to show successful completion of the training. Annual and semiannual reporting requirements now include the status of training for all program participants; GAO observation on the status of recommendation: Partially implemented. Our current audit work identified operating units that have not complied with the requirement. GAO recommendation: Incorporate into purchase card training programs any relevant changes in policies and procedures made as a result of the recommendations in this report; Status of GAO recommendation, as reported by Navy: In progress. The NAVSUP Instruction 4200.94 is in the final stages of being revised to incorporate all interim changes issued by policy letter as a result of the GAO report. The expected release date is summer 2002. Navy PCPMO training materials are being updated to incorporate relevant changes. Department of Navy (DON) PCPMO conducted the Semi Annual Agency Program Coordinator (APC) Conference on May 7, 2002, in Norfolk covering a broad range of topical material, including changes in policies and procedures. Attendance was mandatory for all command level APCs and encouraged for subordinate level APCs. The second semiannual conference is scheduled for November 2002 in San Diego; GAO observation on the status of recommendation: In progress, not implemented. The Navy has not completed the necessary changes in its policy. Rebates: The Commander of the NAVSUP work with the Navy Comptroller and the Defense Finance and Accounting Service to: GAO recommendation: investigate ways to maximize potential rebates, such as (1) working with Citibank to facilitate timely receipt of monthly purchase card statements and (2) reducing the time associated with mailing and receipt of hard copy billing statements; Status of GAO recommendation, as reported by Navy: In progress. Fielding of on-line statement distribution, review, approval and certification process is ongoing. Currently 54 percent of DON activities are implemented with the remainder expected to be implemented within the next 12 months; GAO observation on the status of recommendation: In progress, not implemented. However, Navy has taken steps to address this recommendation. GAO recommendation: establish effective policies and procedures for routinely calculating and verifying Citibank rebates; Status of GAO recommendation, as reported by Navy: The Navy requested independent verification of the Citibank rebate process by Naval Audit Service. Navy PCPMO also requested the Defense Contract Audit Agency to conduct an audit of the banks’ rebate calculation; GAO observation on the status of recommendation: In progress, not implemented. The Naval Audit Service has not responded to NAVSUP request for periodic audits. GAO recommendation: develop guidance for routine distribution of rebate earnings to Navy units and activities; Status of GAO recommendation, as reported by Navy: The Navy made a determination to retain the rebates at the department level in lieu of disbursing them to lower echelons; GAO observation on the status of recommendation: Implemented. The Navy’s actions appear to meet the intent of our recommendation. Monitoring and Review: The Commander of the Naval Supply Systems Command: GAO recommendation: establish in NAVASUP Instruction 4200.94, further guidelines for an effective internal review program, such as having reviewers analyze monthly summary statements to identify (1) potentially fraudulent, improper, and abusive purchases and (2) any patterns of improper cardholder transactions, such as purchases of food or other prohibited items; Status of GAO recommendation, as reported by Navy: The Navy PCPMO issued policy as an interim change to NAVSUP Instruction 4200.94 – Semiannual Major Claimant Reporting Requirement that establishes more comprehensive reviews, elevates reporting requirements and provides uniformity of evaluation and rating criteria. The Assistant Secretary of the Navy for Research, Development and Acquisition now requires purchase card reviews be made part of procurement management reviews, and ordered a one-time expanded semiannual review by all Navy activities to be completed and results reported to the Navy PCPMO by the summer of 2002. Navy PCPMO is conducting routine transaction screening to identify potentially fraudulent, improper, and abusive purchases; GAO observation on the status of recommendation: Implemented. However, our current audit work found that operating units are not effectively conducting and or utilizing the results of the program monitoring process. Continued diligent monitoring by the Navy purchase card program officials will be necessary to attain and maintain a high level of adherence to the policy. GAO recommendation: revise NAVSUP Instruction 4200.94 to require that (1) written reports on the results of internal reviews along with any recommendations for corrective actions be prepared and submitted to local management and cognizant commands and (2) commands identify and report systemic weaknesses and corrective action plans to the Naval Supply Systems Command for monitoring and oversight; Status of GAO recommendation, as reported by Navy: The Navy PCPMO issued policy as an interim change to NAVSUP Instruction 4200.94 – Semiannual Major Claimant Reporting Requirement that establishes more comprehensive reviews, elevates reporting requirements, and provides uniformity of evaluation and rating criteria. The NAVSUP Instruction is being revised to incorporate interim policy to include reporting of systemic weaknesses. Navywide purchase card stand-down required a top-to-bottom review and notice to the Navy PCPMO of compliance with purchase card policies and procedures by all activities. Results of all annual and semiannual reviews, along with any systemic weaknesses, will be reported to the activity commander/commanding officer and to the Navy PCPMO through command level agency program coordinators; GAO observation on the status of recommendation: Implemented. However, our current audit work found that even though Navy has made changes in its policy, not all operating units are adhering to the interim policy. GAO recommendation: require purchase card Agency Program Coordinators to report in writing to the unit commander and the Commander of Naval Supply Systems Command any internal control weakness identified during the semiannual program reviews; Status of GAO recommendation, as reported by Navy: Navy-wide purchase card stand-down required a top-to-bottom review and notice of compliance to purchase card policies and procedures by all activities. Results of all annual and semiannual reviews, along with any systemic weaknesses, will be reported to the activity commander/commanding officer and to the Navy PCPMO through command level agency program coordinators; GAO observation on the status of recommendation: Implemented. However, our current audit work found that, although Navy has made changes in policy, not all operating units have successfully implemented the standdown. GAO recommendation: disclose systemic purchase card control weaknesses along with corrective action plans in the Secretary of the Navy’s Annual Statement of Assurance; Status of GAO recommendation, as reported by Navy: Navy included systemic purchase card weaknesses identified from the semiannual report in the Secretary of the Navy’s Annual Statement of Assurance; GAO observation on the status of recommendation: Implemented. The Navy included purchase card control weaknesses in the SECNAV fiscal year 2001 Annual Statement of Assurance. Receipt of Goods and Services: GAO recommendation: The Commander of the Naval Supply Systems Command revise NAVSUP Instruction 4200.94 to eliminate ambiguous language suggesting that advance independent authorization of a purchase can be substituted for independent confirmation that goods and services ordered and paid for with a purchase card have been received and accepted by the government; Status of GAO recommendation, as reported by Navy: In progress. The NAVSUP Instruction 4200.94 is in the final stages of being revised to incorporate all interim changes issued by policy letter as a result of the GAO report; GAO observation on the status of recommendation: In progress, not implemented. Navy has not completed the necessary changes in its policy. GAO recommendation: The Commanding Officer of the SPAWAR Systems Center San Diego and the Commanding Officer of the Navy Public Works Center San Diego implement procedures to require and document independent confirmation of receipt of goods and services acquired with a purchase card; Status of GAO recommendation, as reported by Navy: The Navy PCPMO issued policy as an interim change to NAVSUP Instruction 4200.94 – Separation Of Functions. It provides detailed guidance on proper receipt, inspection, and acceptance procedures. Public Works Center San Diego and SPAWAR Systems Center San Diego both incorporated specific guidelines into their local internal operating procedures. Navy-wide purchase card stand-down also reiterated the requirement for independent receipt and acceptance; GAO observation on the status of recommendation: Reported implemented. However, because we did not conduct additional tests at SPAWAR or the Navy Public Works Center, we cannot verify the extent to which this recommendation has been implemented. Proper Payment Certification: To provide assurance that certifications of monthly purchase card statements for payment reflect certifying officer responsibilities in 31 U.S.C. 3325, 3528, and the approving official’s informed judgment that purchases are proper: GAO recommendation: the Commander of the Naval Supply Systems Command revise NAVSUP Instruction 4200.94 to require that (1) cardholders notify approving officials prior to payment that purchase card statements have been reconciled to supporting documentation, (2) approving officials certify monthly statements only after reviewing them for potentially fraudulent, improper, and abusive transactions, and (3) approving officials verify, on a sample basis, supporting documentation for various cardholders’ transactions prior to certifying monthly statements for payment; Status of GAO recommendation, as reported by Navy: In progress. The NAVSUP Instruction 4200.94 is being revised to incorporate all interim changes issued by policy letter as a result of the GAO report. The expected completion date is summer 2002; GAO observation on the status of recommendation: In progress, not implemented. The Navy has not completed the necessary changes in its policy. GAO recommendation: the Navy Comptroller withdraw the June 3, 1999, policy memorandum or revise the policy guidance to be consistent with the preceding recommendation for revising payment certification guidance in NAVSUP Instruction 4200.94; Status of GAO recommendation, as reported by Navy: The Navy Comptroller policy letter dated June 3, 1999, was rescinded effective March 12, 2002; GAO observation on the status of recommendation: Implemented. Proper and Timely Accounting: GAO recommendation: The Commanding Officers of the SPAWAR and Navy Public Works Center San Diego monitor and confirm that purchase card transactions are recorded to projects that benefited from the goods and services or to relevant overhead accounts promptly, in accordance with internal control standards and federal accounting standards; Status of GAO recommendation, as reported by Navy: Both Public Works Center San Diego and SPAWAR Systems Center San Diego concurred and are complying. Internal operating procedures at both sites include guidance on the issue; GAO observation on the status of recommendation: Reported Implemented. However, because we did not conduct additional tests at SPAWAR or the Navy Public Works Center, we cannot verify the extent to which this recommendation has been implemented. GAO recommendation: The Commander of the Naval Supply Systems Command revise NAVSUP Instruction 4200.94 to require that purchase card expenses be properly classified in the Navy’s detailed accounting records; Status of GAO recommendation, as reported by Navy: The Navy PCPMO issued policy as an interim change to NAVSUP Instruction 4200.94 – Standards of Compliance for Timely Recording and Classifying of Navy Purchase Card Commitments and Obligations, which reiterated existing Navy and DOD Financial Management Regulation policy regarding the issue; GAO observation on the status of recommendation: Implemented. GAO recommendation: The Commanding Officers of SPAWAR and Navy Public Works Center San Diego verify that their detail purchase card transaction records reflected the proper object classification of expense; Status of GAO recommendation, as reported by Navy: Both Public Works Center San Diego and SPAWAR Systems Center San Diego concurred and are complying. The Navy issued policy as an interim change to NAVSUP Instruction 4200.94 – Standards of Compliance for Timely Recording and Classifying of Navy Purchase Card Commitments and Obligations, which reiterated existing Navy and DOD Financial Management Regulation policy regarding the issue; GAO observation on the status of recommendation: Reported Implemented. However, because we did not conduct additional tests at SPAWAR or the Navy Public Works Center, we cannot verify the extent to which this recommendation has been implemented. Accountable Property: GAO recommendation: We recommend that the Commanding Officers of SPAWAR and the Navy Public Works Center San Diego require and verify that accountable property obtained using a purchase card is promptly recorded in property records as it is acquired, in accordance with DOD and Navy policies and procedures; Status of GAO recommendation, as reported by Navy: Both the Navy Public Works Center San Diego and SPAWAR Systems Center San Diego concurred and are complying; GAO observation on the status of recommendation: Implemented. However, the Navy changed its policy addressing accountable and pilferable property in August 2001, and has represented that the Navy Public Works Center San Diego and SPAWAR Systems Center San Diego are complying with a policy that we believe needs to be changed. This report contains additional recommendations concerning maintaining accountability over pilferable property. The following were our recommendations to identify and address potentially fraudulent, improper, and abusive purchase card transactions prior to payment. Fraudulent, Improper, and Abusive Transactions: The Commander of the NAVSUP: GAO recommendation: Immediately cancel all known active compromised purchase card accounts; Status of GAO recommendation, as reported by Navy: All compromised accounts are closed; GAO observation on the status of recommendation: Implemented. GAO recommendation: Determine whether purchases of excessive cost, questionable government need, or both, such as items for personal use, including personal digital assistants (such as Palm Pilots), and flat screen computer monitors, that were identified by GAO are proper government purchases. If not, the Commander should prohibit their purchase; Status of GAO recommendation, as reported by Navy: At the direction of the Navy PCPMO, a 100% transactional review was conducted at all activities, with one of the review elements being purchases made at excessive cost and/or of questionable need. Where activities identified items of excessive cost or questionable need, they certified to the Navy PCPMO that appropriate action was taken; GAO observation on the status of recommendation: Partially implemented. Current audit work indicates that not all units performed the 100% transaction review, and that the transaction reviews performed were not thorough enough to identify items of excessive cost or questionable need. GAO recommendation: Establish written policies and criteria requiring documented justifications and procurement management approval for types of items that can be acquired with a government purchase card; Status of GAO recommendation, as reported by Navy: Revised Navy Instruction and updated training materials will reference and clarify existing acquisition policy addressing this issue; GAO observation on the status of recommendation: In progress, not implemented. Navy has not completed the necessary changes in its policy. GAO recommendation: Examine purchase card acquisition guidance to determine whether the purchase card is the right vehicle for acquiring certain goods and services, such as vehicle and equipment maintenance, installation of upgraded computer software, and other recurring or installation-wide services, or whether these items should be subject to negotiated contracts; Status of GAO recommendation, as reported by Navy: Navy instruction and purchase card training is being revised to provide expanded guidance on the use of mandatory sources of supply and the requirement to utilize existing contractual vehicles to the maximum practical extent; GAO observation on the status of recommendation: In progress, not implemented. Navy has not completed the necessary changes in its policy. GAO recommendation: Work with the Under Secretary for Acquisition, Technology, and Logistics and DOD’s Purchase Card Joint Program Office to determine whether the purchase card should be used to acquire computers and other equipment or property items individually that could be more economically and efficiently procured through bulk purchases; Status of GAO recommendation, as reported by Navy: Navy instruction and purchase card training is being revised to provide expanded guidance on the use of mandatory sources of supply and the requirement to utilize existing contractual vehicles to the maximum practical extent; GAO observation on the status of recommendation: In progress, not implemented. Navy has not completed the necessary changes in its policy. GAO recommendation: Revise NAVSUP Instruction 4200.94 to make it consistent with the Federal Acquisition Regulation, 48 C.F.R. 13.301(a), which states that the “card may be used only for purchases that are otherwise authorized by law or regulation.” The clarifying guidance should specifically state that in the absence of specific statutory authority, purchases of items for the personal benefit of government employees, such as flowers or food, are not permitted and are therefore improper transactions; Status of GAO recommendation, as reported by Navy: Revised instruction will specifically state that in absence of specific statutory authority, purchase of items for the personal benefit of government employees, such as flowers or food, are not permitted and are therefore improper transactions; GAO observation on the status of recommendation: In progress, not implemented. Navy has not completed the necessary changes in its policy. Split Purchases: The Commanding Officers of the SPAWAR and Navy Public Works Center San Diego: GAO recommendation: prohibit splitting purchases into multiple transactions as required by the Federal Acquisition Regulation and emphasize this prohibition in purchase card training provided to cardholders and approving officials; Status of GAO recommendation, as reported by Navy: The language in the NAVSUP Instruction 4200.94, both in the existing and upcoming revised versions, prohibits split purchases. Training emphasizes the prohibition on split purchases, as will all future annual and semiannual program reviews. Agency program coordinators have an on-line tool to proactively monitor split purchases; GAO observation on the status of recommendation: Reported implemented. However, because we did not conduct additional tests at SPAWAR or the Navy Public Works Center, we cannot verify the extent to which this recommendation has been implemented. GAO recommendation: require approving officials to monitor monthly purchase card statements and identify and report to them regarding any split purchases and the names of cardholders who made the transactions; Status of GAO recommendation, as reported by Navy: Agency program coordinators have been given the necessary tools to proactively monitor split purchases and are required to report such purchases to the appropriate local management; GAO observation on the status of recommendation: Reported partially implemented. Because we did not conduct additional tests at SPAWAR or the Navy Public Works Center, we cannot verify the extent to which this recommendation has been implemented. Further, the Navy’s response addresses actions that the agency program coordinators can take. Our recommendation was to have the approving officials monitor for splitting and report the names of cardholders who made split purchases. Overall Accountability: GAO recommendation: To help ensure that cardholders adhere to applicable purchase card laws, regulations, internal control and accounting standards, and policies and procedures, we recommend that the Commander of the Naval Supply Systems Command revise NAVSUP Instruction 4200.94 to include specific consequences for noncompliance with these guidelines and enforce the guidelines; Status of GAO recommendation, as reported by Navy: NAVSUP Instruction 4200.94 refers commanders to applicable existing regulations that they should use to guide an appropriate course of action taking into account the specific circumstances of the event. Assistant Secretary of the Navy for Research Development and Acquisition issued a Naval message dated August 31, 2001, reiterating compliance, accountability, and consequences of fraud, abuse, and misuse; GAO observation on the status of recommendation: Not implemented. The Navy has not made the necessary changes in its policies to establish specific consequences for noncompliance with the provisions of NAVSUP Instruction 4200.94, which address internal control policies and procedures (e.g., required training, independent receipting, statutory vendor screening, splitting purchases, cardholder account reconciliation, disputing improper charges, approving official review and certification). [End of section] Appendix IV: Status of Previously Identified Fraud Cases: In our March 13, 2002, testimony, we identified a number of cases of potentially fraudulent purchase card use that we referred to our Office of Special Investigations for further investigation. One case involved transactions totaling about $164,000 with a communication contractor. A second case involved payment for food and refreshments at a local hotel. The information provided below summarizes the status of those cases. Communications Contractor: In the March testimony, we reported that during fiscal year 2001, SPAWAR made 75 transactions totaling about $164,000 for what appeared to be advance payments for services to a telecommunications contractor. Our Office of Special Investigations subsequently learned that the transactions were payments made by SPAWAR based on cost estimates provided by the contractor. In almost all 75 transactions, the amount paid by SPAWAR was more than the actual cost incurred by the contractor—even after the actual expenses were adjusted for estimated overhead and standard profit margin. Further, the work paid for by the purchase card was work that should have been paid for under an existing delivery order contract. According to contractor and SPAWAR personnel, the purchase card was used because it was a faster vehicle to get work done. The SPAWAR official also told us that when there was no funding remaining on a particular delivery order contract line item, SPAWAR used the purchase card rather than modifying the contract. Our Office of Special Investigations determined that SPAWAR overpaid the contractor about $34,000 for the 75 transactions identified in the March testimony. A SPAWAR official told us that on September 10, 2002, it received a check from the contractor in the amount of $9,862. The payment represented a refund for work the contractor did not perform on 4 transactions. The SPAWAR official also told us that the contractor disagrees with our Office of Special Investigations assessment that the contractor over charged SPAWAR about $24,000 on the 71 other transactions we reviewed. Food and Refreshments at a Local Hotel: The SPAWAR Inspector General and Staff Judge Advocate investigated the use of a Navy purchase card at a San Diego hotel for an off-site meeting in which SPAWAR used appropriated funds to pay for meals provided to Navy personnel. As we have previously reported, without statutory authority, appropriated funds may not be used to furnish meals or refreshments to employees within their normal duty stations. [Footnote 26] The SPAWAR Inspector General told us the investigation determined that a SPAWAR Deputy Program Manager, Assistant Program Manager, and cardholder used the purchase card to improperly purchase food. Further, the SPAWAR Inspector General found that both the Assistant Program Manager and the cardholder made false statements to GAO when asked about purchasing food. However, the investigation has not been completed and we are not aware of any actions—administrative or disciplinary—that have been taken against the SPAWAR Deputy Program Manager, the Assistant Program Manager, or the cardholder for improper use of the purchase card. Appendix V: Status of the Former Commander, Space and Naval Warfare Systems Command, Systems Center San Diego: In our March 13, 2002, [Footnote 27] testimony on the purchase card controls at SPAWAR Systems Center and NPWC, we reported that the commanding officer of the Space and Naval Warfare Command, Systems Center San Diego, was relieved of his command in December 2001 for matters unrelated to the purchase card program. According to the SPAWAR Inspector General, on December 8, 2001, the admiral in charge of SPAWAR held a nonjudicial punishment hearing and found that the SPAWAR System Center commanding officer had violated two articles of the Uniform Code of Military Justice, including dereliction of duty and conduct unbecoming an officer. The admiral issued the commanding officer a punitive Letter of Reprimand, relieved him of his command at SPAWAR Systems Center San Diego, and endorsed the captain’s request for retirement from the Navy. Subsequently, information came to our attention that the former commanding officer of SPAWAR System Center San Diego was still employed by SPAWAR at the same rank he held—captain—when the admiral determined he was derelict in his duties and acted in a manner unbecoming an officer. In June 2002, our Office of Special Investigations contacted a DOD official and inquired if the former commanding officer was still on the Navy payroll as a captain. On July 31, 2002, a senior Navy official informed us that the former commanding officer was still on the Navy payroll and employed by SPAWAR as a Navy captain, but his retirement would become effective August 1, 2002. [End of section] Appendix VI: Comments From the Department of Defense Purchase Card Joint Program Management Office: Reply To Attention Of: Department Of The Army: Office Of The Assistant Secretary Of The Army: Acquisition Logistics And Technology: 103 Army Pentagon: Washington DC 20310-0103: September 16, 2002: Mr. Gregory D. Kutz: Director: Financial Management and Assurance: United States General Accounting Office: Washington, D.C. 20548: Dear Mr. Kutz: This is the Department of Defense (DoD) response to the General Accounting Office (GAO) draft report, GAO-02-1041 "PURCHASE CARDS: Navy is Vulnerable to Fraud and Abuse but is Taking Action to Resolve Control Weaknesses," August 20, 2002 (GAO Code 192041). The Department of Defense concurs or partially concurs with all the recommendations contained in the draft report, with the exception of the recommendation to include the GAO draft report recommendations in the DoD Charge Card Task Force report. Detailed comments on each of these recommendations are enclosed. The Under Secretary of Defense (Comptroller) will respond to the Task Force report recommendation under separate correspondence. The Department appreciates the opportunity to comment on the draft report. My staff point of contact on this matter is Mr. Dennis Hudner. He may be reached at (703) 681-3315 or dennis.hudner@saalt.army.mil. Sincerely, Signed by: Bruce E. Sullivan: Director, Purchase Card Joint Program Management Office: Enclosure: Draft Gao Report (GAO-02-1041), Navy is Vulnerable to Fraud and Abuse But is Taking Action to Resolve Control Weaknesses: Recommendation #1: Direct all agency program coordinators to review the number of cardholders who report to an approving official and make the changes necessary to prevent approving officials from having the responsibility of reviewing more cardholders than allowed by Navy and DOD policies. DOD Response #1: Concur. The established DOD span of control of Approving Officials (AO) to Card Accounts is 1:7. The Department of Navy (DON) initiated actions to bring all AO accounts within this span of control as of August 2002. This metric is monitored by the Navy on a monthly basis and corrective action is taken as required. Recommendation #2: Establish a database that maintains information on all purchase card training taken by cardholders, approving officials, and agency program coordinators. Require that agency program coordinators update the database whenever these purchase card program officials take training. DOD Response #2: Concur. The DON eBusiness Operations Office (DON eBUSOPSOFF) has agreed to establish a database format for all APCs to implement by January 2003, concurrent with the establishment of their revised training program (to include computer-based training and video tele-training). Recommendation #3: Establish specific training courses for cardholders, approving officials, and agency program coordinators tailored to the specific responsibilities associated with each of those roles. DOD Response #3: Concur. Specific Navy role-based training for APCs, AOs and Card Holders is currently under development. The training for AOs and Card Holders will be completed by September 2002. The remaining training for APCs will be completed by October 2002. Training will be delivered via CDROM as well as from the DON eBUSOPSOFF web site. A role-based desk guide for each particular participant has already been completed and will be available via the DON eBUSOPSOFF web site by September 2002. Effective January 2003, the DON will also offer role-based training for APCs, AOs and Cardholders via established video tele-training from their Naval Supply School, Athens, Georgia. This training will supplement the role-based training offered via the web site, CDROM and desk guides. All role-based training is designed to address the DON purchase card program users' specific electronic reconciliation and certification system (i.e. CitiDirect or WinSALTS). Additionally, the DoD cardholder, approving official, and certifying official training module went live on the Defense Acquisition University's Continuing Learning web site on August 26, 2002. The DoD will mandate this training for all defense components. The web site offers a certification of completion upon satisfactory completion of the course. Recommendation #4: Direct agency program coordinators to review an approving official's overall workload and determine whether the approving official has the time necessary to perform the required review functions. DOD Response #4: Concur. Recommendation #5: Establish job descriptions that identify responsibility and performance standards for cardholders, approving officials, and agency program coordinators. DOD Response #5: Concur. A DON desk guide has been developed which describes the responsibilities and procedures for APCs, AOs and Card Holders to follow. This desk guide will be promulgated via CDROM in November 2002 and via the DON eBUSOPSOFF web site in September 2002. In addition, the DoD Concept of Operations was developed with a recommendation that the APCs have specific knowledge, skills and abilities in their job description/performance criteria. Recommendation #6: Link the cardholders, approving officials, and agency program coordinators performance appraisals to achieving their performance standards. DOD Response #6: Partially concur. Roles and responsibilities will be outlined in DON desk guide. Internal management controls have been identified (e.g., span of control ratios, credit limit determination, delinquency management, separation of functions). The DoD generally uses broad performance standards/criteria with which they perform performance appraisals; job responsibilities can usually be measured against these criteria. The DON eBUSOPSOFF, however, will work with their Human Resources Office to determine the need/legality/feasibility of adding card specific performance standards/criteria for card officials. Recommendation #7: Work with the Naval Audit Service and Command Evaluation staff to begin periodic audits of the purchase card program to provide Navy management – at the command and unit level – an independent assessment of the control environment and whether the agency program coordinators, approving officials, and cardholders are adhering to control procedures. DOD Response #7: Concur. The DON eBUSOPSOFF and the Assistant Secretary of the Navy (Research Development & Acquisition) Acquisition Business Management (ABM) office are already engaged with the Naval Audit Service (NAVAUDSVC) to finalize a schedule of purchase card command assessments. The NAVAUDSVC began these reviews in May 2002. Recommendation #8: Identify vendors with which the Navy or Marine Corps use the purchase cards to make frequent purchases, evaluate Navy purchasing practices with those vendors, and forward the results of that evaluation to the Assistant Secretary of the Navy for Research, Development and Acquisition to, where applicable, contracts with them to optimize Navy purchasing power. DOD Response #8: Concur. The DON eBUSOPSOFF will data mine FY2002 purchase card transaction files and stratify the volume of purchases by vendor. This data will be forwarded to the ASN (RDA) ABM for further evaluation to determine if any DON-wide contracts should be established. Data will be extracted and forwarded to ASN (RDA) ABM by November 2002. Recommendation #9: We recommend that the Secretary of the Navy modify the definition of "Pilferable Personal Property" in SECNAV Instruction 7320.10 dated August 10, 2001, by eliminating the requirement that a portable item easily converted to personal use also be difficult to repair or replace, and specifically identify items such as computers, cameras, personal digital assistance and audio visual equipment as meeting the definition of being pilferable and thus accountable. DOD Response #9: Partially concur. The Defense Property, Plant and Equipment Accountability Instruction, DoDI 5000.64, sub-paragraph 5.3.1, states: "Accountable records shall be established for all property purchased, leased (capital leases), or otherwise obtained, having a unit acquisition cost of $5,000 or more (and land, regardless of cost), and items that are sensitive or classified." Sub-paragraph 5.3.2 of the DoDI 5000.64, allows additional and/or separate records or other record keeping instruments when required by law, policy, regulation, Agency direction, or for managerial purposes (e.g., pilferable items, property hazardous to heath and human safety). Property not meeting the minimum accountability threshold is still subject to appropriate internal controls which, depending on the property, can include an accountable property record. The Department of the Navy policy is consistent with the above, in that, it draws attention to mission related assets "critical to the activity's mission/business objective" and "hard to repair or replace." The Navy's approach provides a meaningful framework and a necessary degree of flexibility for individual military units and end-users, and is wholly consistent with both the spirit and intent of DoDI 5000.64, and reflects good management practices. A listing of specific pilferable items (e.g., camera equipment, computers), as recommended by the GAO, would require continual update and vigilance, and prove ultimately to be subjective and unscientific. Moreover, the definition of pilferable is not the issue; it is at what point the Services decide which items, below the DoD minimum threshold, should be monitored. Such decisions, we believe, are best left to the discretion of the Military Departments and Defense Agencies. The Navy is going to revise its Instruction to use the same definition of pilferable property as what is in DoDI 5000.64. Recommendation #10: Revise NAVSUP Instruction 4200.94 to provide cardholders, approving officials, and agency program coordinators detailed instructions on timely and independent receiving and acceptance of items obtained with a purchase card and documenting the results of that process. DOD Response #10: Concur. The Navy completely revised their Naval Supply Instruction 4200.94, which will be reissued in September 2002 as the DON eBUSOPSOFFINST 4200.1. Recommendation #11: Revise NAVSUP Instruction 4200.94 to provide cardholders, approving officials, and agency program coordinators detailed instructions on screening purchases for their availability from required vendors and documenting the results of the screening. DOD Response #11: Concur. This subject is addressed in the revised Naval Supply Instruction 4200.94, which will be reissued in September 2002 as the DON eBUSOPSOFFINST 4200.1. Recommendation #12: Revise NAVSUP Instruction 4200.94 to provide cardholders, approving officials, and agency program coordinators detailed instructions on timely reconciling of the monthly purchase card statements to supporting documentation and documenting the results of that reconciliation. DOD Response #12: Concur. This subject is addressed in the revised Naval Supply Instruction 4200.94, which will be reissued in September 2002 as the DON eBUSOPSOFFINST 4200.1. Recommendation #13: Revise NAVSUP Instruction 4200.94 to provide cardholders, approving officials, and agency program coordinators detailed instructions on timely reviewing of a cardholder purchase card statement by the approving official prior to certifying the statement for payment and documenting the results of that review. DOD Response #13: Concur. This subject is addressed in the revised Naval Supply Instruction 4200.94, which will be reissued in September 2002 as the DON eBUSOPSOFFINST 4200.1. Recommendation #14: Revise NAVSUP Instruction 4200.94 to provide cardholders, approving officials, and agency program coordinators detailed instructions on timely cardholder notification to property accountability officer of the pilferable property obtained with the purchase card, and approving official responsibility for monitoring that the pilferable property has been recorded in the accountability records. DOD Response #14: Concur. This subject is addressed in the revised Naval Supply Instruction 4200.94, which will be reissued in September 2002 as the DON eBUSOPSOFFINST 4200.1. Recommendation #15: Modify NAVSUP Instruction 4200.94 to require cardholders to maintain documented justification and advanced approval of purchases that fall outside the normal procurements of the cardholder in terms of either dollar amount or type of purchase. DOD Response #15: Concur. This subject is addressed in the revised Naval Supply Instruction 4200.94, which will be reissued in September 2002 as the DON eBUSOPSOFFINST 4200.1. Recommendation #16: Establish a Navy-wide database of known purchase card fraud cases by type of fraud that can be used to identify deficiencies in existing internal control and to develop and implement additional control activities, if warranted or justified. DOD Response #16: Concur. The DoDIG has been tasked by the Director of Defense Procurement to develop a centralized database of fraud cases with which management decisions can be made as to the adequacy of internal control systems. In addition, the Navy has agreed to establish a database of Navy-specific fraud cases to be maintained by the Naval Criminal Investigative Service (NCIS). Recommendation #17: Establish a Navy-wide data mining, analysis, and investigation function to supplement other oversight activities. This function should include providing oversight results and alerts to major commands and installations when warranted. DOD Response #17: Concur. The DoDIG, DFAS and DCIS are currently performing data mining on a centralized database of DoD transactions. Transactions identified as having high potential for fraud are referred to the defense component audit or investigative activity for action. In addition, the Navy established a DON-wide data mining, analysis and investigation function in the DON eBUSOPSOFF in June 2002 to supplement other oversight activities. The DON is currently piloting use with a level 3 APC activity. At the conclusion of the pilot, the DON will analyze for potential distribution to all level 3 activities within the Department of the Navy. Recommendation #18: Modify NAVSUP Instruction 4200.94 to include a schedule of disciplinary actions that will be taken against cardholders who make improper, or abusive acquisitions with the purchase card. DOD Response #18: Partially Concur. To the extent that this recommendation contemplates the prescription of mandatory disciplinary or other actions, it is objectionable. Disciplinary and other actions in response to improper and abusive uses of the purchase card are properly addressed by commanders and supervisors, as matters of command and supervisory discretion. It is improper to dictate or establish mandatory or expected guidelines to commanders and supervisors what action they must take. In addition, the Department has already taken actions to deal with improper and abusive uses of charge cards, including purchase cards. Some of these actions are as reflected in the June 27, 2002, "Department of Defense Charge Card Task Force Final Report" and other actions have been taken since then. As a result, it is clearly known at all command and supervisory levels in the Navy and elsewhere that improper and abusive use of purchase cards is serious and must be addressed. Nevertheless, the DON eBUSOPSOFF will examine whether actions, in addition to the Departmental actions that have already been taken, are necessary or appropriate in order to deal with cases of improper or abusive uses of the purchase card. Recommendation #19: That the Under Secretary of Defense (Comptroller) direct the Charge Card Task Force to assess the above recommendations and to the extent applicable, incorporate them into its future recommendations to improve purchase card policies and procedures throughout DoD. DOD Response #19: The Under Secretary of Defense (Comptroller) will respond to this recommendation under separate correspondence. [End of section] Appendix VII: Comments from the Under Secretary of Defense (Comptroller): Under Secretary Of Defense: Comptroller: 1100 Defense Pentagon: Washington DC 20301-1100: September 23, 2002: Mr. Gregory Kutz: Director Financial Management and Assurance: U.S. General Accounting Office: Washington, DC 20548: Dear Mr. Kutz: This is the Department of Defense response to the General Accounting Office (GAO) draft report GAO-02-1041, "Purchase Cards: Navy Is Vulnerable to Fraud and Abuse but Is Taking Action to Resolve Control Weaknesses," dated August 20, 2002. The Department agrees that the Charge Card Task Force will assess the report's recommendations. To the extent applicable, we will incorporate them into departmental policies and procedures. Comments on this recommendation are enclosed. The Office of the Under Secretary of Defense for Acquisition, Technology and Logistics is addressing the other recommendations in a separate letter to the GAO. The Department appreciates the opportunity to comment on this draft report. My staff point of contact on this matter is Mr. Chuck Crichley. He may be reached by e-mail: crichlec@osd.pentagon.mil or by telephone at (703) 697-8618. Sincerely, Singed by: Dov S. Zakheim: Enclosure: As stated: Office Of The Under Secretary Of Defense (Comptroller): Draft Audit Report "Purchase Cards: Navy Is Vulnerable to Fraud and Abuse but Is Taking Action to Resolve Control Weaknesses:" General Accounting Office (GAO) Draft Report GAO-02-1041: August 20, 2002: Comments On Recommendation #19: Recommendation. The GAO recommends that the Under Secretary of Defense (Comptroller) (USD(C)) direct the Charge Card Task Force to assess the above recommendations and to the extent applicable, incorporate them into its future recommendations to improve purchase card policies and procedures throughout DOD. OUSD(C) Response: Concur. The Charge Card Task Force will assess the report's recommendations and, to the extent applicable, incorporate them into departmental policies and procedures. [End of section] Appendix VIII: GAO Contacts and Staff Acknowledgments: GAO Contacts: John Kelly, (202) 512-6926: John Ryan, (202) 512-9587: Acknowledgments: Individuals who made key contributions to this testimony include Fannie Bivins, Bertram Berlin, Kriti Bhandari, Francine DelVecchio, K. Eric Essig, Michael Hansen, Kenneth Hill, Jeffrey Jacobson, Tram Le, John Ledford, Latrealle Lee, Stephen Lipscomb, Susan Mason, Melissa McDowell, Sidney Schwartz, Carolyn Voltz, and Robert Wagner. [End of section] Footnotes: [1] U.S. General Accounting Office, Purchase Cards: Control Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-01-995T (Washington, D.C.: July 30, 2001) and Purchase Cards: Continued Control Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-02-506T (Washington, D.C.: Mar. 13, 2002). [2] U.S. General Accounting Office, Purchase Cards: Control Weaknesses Leave Army Vulnerable to Fraud, Waste, and Abuse, GAO-02-732 (Washington, D.C.: June 27, 2002). [3] The Navy treats the entire Marine Corps as a major command in managing the purchase card program. [4] In our work, data mining involved the manual or electronic sorting of purchase card data to identify and select transactions with unusual or questionable characteristics for further follow-up and analysis. [5] U.S. General Accounting Office, Purchase Cards: Card Control Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-02-32 (Washington, D.C.: Nov. 30, 2001). [6] Approving officials are also referred to as either billing officials or certifying officials. DOD often uses these three terms interchangeably. [7] The approving official is responsible for reviewing and verifying the monthly purchase card statements of the cardholders under his or her purview. The approving official is responsible for verifying that all purchases were necessary and were made for official government purposes in accordance with applicable policies, laws, and regulations. Unless otherwise specified, the approving official must also be the certifying officer for his/her cardholders and in that capacity must certify that the monthly purchase card statement is appropriate and ready for payment. [8] There are two credit limits that can restrict a cardholder’s ability to use a purchase card—the approving official’s credit limit and the cardholder’s credit limit—both of which are set by the unit agency program coordinator. A cardholder’s credit limit is the maximum amount that a cardholder can purchase in a billing cycle, normally 1 month. An approving official’s credit limit is the maximum amount that all the cardholders who report to an approving official may spend. However, the available credit limit of the approving official cannot exceed the sum of the credit limits available to all of the cardholders he or she authorizes for payment. [9] The maximum credit limit allowed by NAVSUP Instruction 4200.94 is $9.9 million. [10] NAVSUP Instruction 4200.94 authorizes agency program coordinators to administer the purchase card program within their designated units, establish credit limits, and authorize the issuance of cards to Navy employees. Agency program coordinators also serve as the communication link between the purchase card issuing bank and their units. [11] DOD Financial Management Regulation, Volume 5, Chapter 33, section 330305, “Accountable Officials and Certifying Officers.” [12] In pencil, ink, or electronically. [13] U.S. General Accounting Office, Purchase Cards: Continued Control Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-02-506T (Washington, D.C.: Mar. 13, 2002). [14] 63 Comptroller General Decisions 245, 247 (1984). In requesting the Comptroller General’s approval of the purchases, the agency represented that “the parkas would be labeled as [agency] property, centrally controlled, and issued and reissued to employees only for job requirements.” [15] 72 Comp. Gen. 178, 179 (1993); 65 Comp. Gen. 508, 509 (1986). [16] 65 Comp. Gen. 738, 739 (1986). [17] U.S. General Accounting Office, Performance and Accountability Series: Major Management Challenges and Program Risks, Department of Defense, GAO-01-244 (Washington, D.C.: January 2001). [18] GAO-02-32. [19] GAO-02-506T. [20] We also tested the statistical samples of transactions to determine whether the units had documented evidence that cardholders had received required purchase card training. [21] We considered potentially fraudulent purchases to include those made by cardholders that were unauthorized and intended for personal use. The transactions we determined to be improper are those purchases intended for government use, but not for a purpose that is permitted by law, regulation, or DOD policy. We also identified as improper numerous purchases made on the same day from the same vendor that appeared to circumvent cardholder single-transaction limits. Many of the purchases we found to be abusive or questionable fall into categories described in GAO’s Guide for Evaluating and Testing Controls Over Sensitive Payments (GAO/AFMD-8.1.2, May 1993). The guide states, “Abuse is distinct from illegal acts (noncompliance). When abuse occurs, no law or regulation is violated. Rather, abuse occurs when the conduct of a government organization, program, activity, or function falls short of societal expectations of prudent behavior.” [22] Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1) was prepared to fulfill our statutory requirement under the Federal Managers’ Financial Integrity Act to issue standards that provide the overall framework for establishing and maintaining internal control and for identifying and addressing major performance and management challenges and areas at greatest risk of fraud, waste, abuse, and mismanagement. [23] Guide for Evaluating and Testing Controls Over Sensitive Payments (GAO/AFMD-8.1.2) provides a framework for evaluating and testing the effectiveness of internal controls that have been established in various sensitive payment areas. [24] GAO-02-32. [25] GAO-01-995T. [26] 72 Comp. Gen. 178,179 (1993); 65 Comp. Gen. 508, 509 (1986). [End of section] GAO's Mission: The General Accounting Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO’s Web site [hyperlink, http://www.gao.gov] contains abstracts and fulltext files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as “Today’s Reports,” on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to [hyperlink, http://www.gao.gov] and select “Subscribe to daily E-mail alert for newly released products” under the GAO Reports heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800: U.S. General Accounting Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: