TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

Controls Over the Purchase Card Program Were Not Effective in Ensuring Appropriate Use

August 31, 2011

Reference Number: 2011-10-075

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

Phone Number | 202-622-6500

Email Address | TIGTACommunications@tigta.treas.gov

Web Site | http://www.tigta.gov

HIGHLIGHTS

CONTROLS OVER THE PURCHASE CARD PROGRAM WERE NOT EFFECTIVE IN ENSURING APPROPRIATE USE

Highlights

Final Report issued on August 31, 2011

Highlights of Reference Number: 2011-10-075 to the Internal Revenue Service Deputy Commissioner for Operations Support and the Deputy Commissioner for Services and Enforcement.

IMPACT ON TAXPAYERS

From September 1, 2007, through March 31, 2009, the Internal Revenue Service (IRS) made more than 174,000 purchases totaling more than $80 million using purchase cards. However, the IRS does not have the necessary controls in place to ensure that improper and abusive purchases do not occur, any such transactions are promptly detected, and appropriate corrective action is taken.

WHY TIGTA DID THE AUDIT

While the use of purchase cards has been credited with reducing administrative costs, audits of Federal agency purchase card programs have found varying degrees of waste, fraud, and abuse. One of the most common risk factors cited by auditors is a weak internal control environment. The overall objective of this review was to determine whether the IRS’s controls over Federal Government micro‑purchase cards are sufficient to ensure that the IRS’s use of purchase cards is in compliance with all applicable regulations and procedures.

WHAT TIGTA FOUND

While some controls were working as intended, overall management controls were not effective to ensure the appropriate use of IRS purchase cards. TIGTA found violations of applicable laws and regulations that included purchases made without necessary approvals and verification of funding, purchases that were potentially split into two or more transactions to circumvent micro-purchase limits, and purchases made from improper sources. In addition, the IRS did not have a policy to provide guidance for establishing an appropriate span of control over the number of purchase cardholders assigned to approving officials. Until management controls are effectively strengthened, implemented, and enforced, the IRS will continue to be at risk for noncompliance with applicable laws and regulations, and the IRS cannot ensure that improper and abusive purchases do not occur. In addition, if such purchases do occur, the IRS cannot ensure the transactions are promptly detected and that appropriate corrective action is taken.

WHAT TIGTA RECOMMENDED

TIGTA recommended that the Deputy Commissioner for Operations Support and the Deputy Commissioner for Services and Enforcement emphasize to cardholders that split-purchase transactions will not be tolerated. The Chief, Agency-Wide Shared Services, should emphasize the importance of preparing an order log prior to purchase, improve oversight reviews by using data analysis techniques to identify potential split-purchase transactions, and expand oversight reviews to include evaluating the requirement for purchasing office supplies from contract vendors and preferred sources. Finally, the Chief, Agency-Wide Shared Services, should develop and implement guidance for determining an appropriate span of control for approving officials.

The IRS agreed with all our recommendations. The IRS stated it has changed its reviews of split-purchase transactions and expanded oversight reviews to include the use of contract vendors and preferred sources. The IRS plans to provide guidance on oversight and enforcement responsibilities, develop examples and scenarios that constitute a split purchase, review the potential split purchases TIGTA identified, and review the current span of control to identify relevant factors in the development of a policy on span of control. The IRS also plans to emphasize corrective actions regarding the verification of funding prior to purchase and the IRS policy on split-purchase transactions.

August 31, 2011

MEMORANDUM FOR DEPUTY COMMISSIONER FOR OPERATIONS SUPPORT

DEPUTY COMMISSIONER FOR SERVICES AND ENFORCEMENT

FROM: Michael R. Phillips /s/ Michael R. Phillips

Deputy Inspector General for Audit

SUBJECT: Final Audit Report – Controls Over the Purchase Card Program Were Not Effective in Ensuring Appropriate Use (Audit # 200910009)

This report presents the results of our review of controls over the Purchase Card Program. The overall objective of this review was to determine whether the Internal Revenue Service’s controls over Federal Government micro-purchase cards are sufficient to ensure that its use of purchase cards is in compliance with all applicable regulations and procedures. This review was included in our Fiscal Year 2009 Annual Audit Plan and addresses the major management challenge of Erroneous and Improper Payments.

Management’s complete response to the draft report is included as Appendix VII.

Copies of this report are also being sent to the Internal Revenue Service managers affected by the report recommendations. Please contact me at (202) 622-6510 if you have questions or Nancy A. Nakamura, Assistant Inspector General for Audit (Management Services and Exempt Organizations), at (202) 622-8500.

Table of Contents

Background

Results of Review

Controls to Ensure That Funding Is Verified and Available Prior to Purchase Are Not Effective

Recommendation 1:

Recommendation 2:

Purchase Cardholders Appear to Be Splitting Purchases to Circumvent Established Single-Transaction Limits

Recommendations 3:

Recommendations 4 through 6:

Contract Vendors and Preferred Sources for Office Supply Purchases Were Not Always Used

Recommendations 7 and 8:

The Span of Control of Some Approving Officials Appeared to Be Too Large

Recommendation 9:

Appendices

Appendix I – Detailed Objective, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Outcome Measure

Appendix V – The Purchase Card Process and Controls at the Internal Revenue Service

Appendix VI –Glossary of Terms

Appendix VII – Management’s Response to the Draft Report

Abbreviations

CCS	Credit Card Services
FAR	Federal Acquisition Regulation
GSA	General Services Administration
IRS	Internal Revenue Service
OMB	Office of Management and Budget
WebRTS	Web Requisition Tracking System

Background

As a participant in the General Services Administration (GSA) SmartPay Program,[1] the Department of the Treasury selected Citibank MasterCard as the purchase card for all of its bureaus and offices, including the Internal Revenue Service (IRS). The purchase card saves time and administrative costs by allowing employees to make official purchases within predetermined limits instead of preparing procurement requests and associated paperwork. The Federal Acquisition Regulation (FAR)[2] states that the purchase card is the preferred method for making and paying for purchases of goods and services up to $3,000.[3] Federal purchase card programs must also comply with Department of the Treasury regulations,[4] which provide that agencies are to establish procedures for the use and control of the card that comply with the Treasury Financial Manual and that are consistent with the terms and conditions of the current GSA credit card contract.

While the use of purchase cards has been credited with reducing administrative costs, Federal audits of agency purchase card programs have found varying degrees of waste, fraud, and abuse. One of the most common risk factors frequently cited is a weak internal control environment. Internal control is an integral component of an organization’s purchase card program that provides reasonable assurance that the objectives of effective and efficient operations and compliance with applicable laws and regulations are being achieved.

During the period September 1, 2007, through March 31, 2009, the IRS’s purchase card program included 4,270 purchase cardholders under the responsibility of 1,024 approving officials in 16 different IRS business units. The IRS made more than 174,000 purchases totaling more than $80 million. Use of the purchase card as an alternative to the normal procurement method[5] does not relieve the cardholder from the requirements of the FAR, Federal appropriation law, or Department of the Treasury and IRS acquisition regulations and guidelines. These directives also require that comprehensive training and control standards be established by agencies to ensure that purchase cards are properly used by employees. The Purchase Card Guide[6] summarizes IRS policies and procedures relating to the use of the Federal Government Purchase Card. The procedures outlined in this Guide apply to all IRS business units. Key internal controls of the purchase card program in the IRS include:

Mandatory training for all cardholders and approving officials.
Preparation of a requisition for the goods and services in the Web Requisition Tracking System (WebRTS) prior to purchase.
Separation of duties related to funding officials, cardholders, and approving officials.
Preparation and recording of actions for each purchase card transaction in the WebRTS order log prior to purchase.
Review and approval of all purchases by approving and funding officials.
Periodic program oversight reviews to evaluate the effectiveness of controls over the purchase card program.

Within the IRS, the Credit Card Services (CCS) Branch is responsible for managing and providing oversight for the purchase card program. Additional detail on the purchase card process in the IRS is provided in Appendix V.

This review was performed at the Agency-Wide Shared Services Headquarters in Washington, D.C., and in the Employee Support Services CCS Branch offices in Atlanta, Georgia; Kansas City, Missouri; Buffalo, New York; and Nashville, Tennessee, during the period July 2009 through December 2010. We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective. Detailed information on our audit objective, scope, and methodology is presented in Appendix I. Major contributors to the report are listed in Appendix II.

Results of Review

While some controls were working as intended, overall management controls were not effective to ensure the appropriate use of IRS purchase cards. We found violations of applicable laws and regulations that included purchases made without necessary approvals and verification of funding, purchases that were potentially split into two or more transactions to circumvent micro-purchase limits, and purchases made from improper sources. In addition, the IRS did not have a policy to provide guidance for establishing an appropriate span of control over the number of purchase cardholders assigned to approving officials. We found that many individual approving officials are responsible for more than the recommended number of seven cardholders.^{^[7]} Until management controls are effectively strengthened, implemented, and enforced, the IRS will continue to be at risk for noncompliance with applicable laws and regulations for purchase cards, and the IRS cannot ensure that improper and abusive purchases do not occur. In addition, if such purchases do occur, the IRS cannot ensure the transactions are promptly detected and that appropriate corrective action is taken.

Our audit showed that the CCS Branch conducts quarterly oversight reviews of training to ensure that cardholders and approving officials receive required training before a purchase card is issued and refresher training is provided every 2 years. Our control assessment found that this control was working properly and that training had generally been completed as required. The IRS has also developed and maintained a system of internal controls for the purchase card program that are consistent and in conformance with FAR, Treasury Directives, and Office of Management and Budget (OMB) recommendations; however, many of these controls do not prevent purchase cards from being used when proper procedures are not followed. Instead, the primary control is the review and approval of the approving officials to ensure that proper procedures were followed only after purchases are made. The CCS Branch also evaluates compliance with purchase card operating guidance to detect and deter noncompliance. The approving official reviews and CCS Branch oversight reviews were not always effective in identifying noncompliance with purchase card policies and in changing cardholder behaviors.

Controls to Ensure That Funding Is Verified and Available Prior to Purchase Are Not Effective

IRS guidance^{^[8]} clearly states that the use of the purchase card to make purchases not approved, funded, and authorized by or in conformance with applicable IRS purchase card guidelines is an inappropriate use of the purchase card. The guidance also states that purchase cards should not be used under any circumstance without the necessary approval and a prior confirmation of the availability of funds to pay for the purchase. The IRS’s method of requesting and certifying the availability of funds is through the WebRTS. Before a cardholder places an order, a requisition must be submitted and approved as being an appropriate purchase. Once approved, a funding official will determine whether funds are available to be committed (set aside to cover the cost) to support the requisition. In addition, before a cardholder makes a purchase, a WebRTS Purchase Card Log (hereafter referred to as an order log) must be set up with the required information and must reference the number of the approved and funded requisition. Specifically, it is the responsibility of the cardholders and approving officials to prevent violations of the Anti-Deficiency Act^{^[9]} by ensuring that funding commitments/obligations for purchases are properly recorded and available in agency procurement systems and order logs are completed before goods and services are ordered.

We reviewed a statistically valid sample of 78 purchases made during the period September 1, 2007, through March 31, 2009. In 30 (38.5 percent) of the 78 transactions reviewed, purchases totaling $9,504 were made without creating the order log to verify and ensure approved funding was available.

Further review of the 30 purchases showed that although sufficient funding was available to support each of the transactions, these purchases were not made in conformance with applicable IRS purchase card guidelines regarding funding approval and verification, placing the IRS at risk of incurring an Anti-Deficiency Act violation. For example:

In two instances, the requisition was not prepared, approved, or funded until after the purchase was made.
In 28 instances, the purchase cardholder placed the order prior to setting up the order log in the WebRTS. However, a requisition had been prepared, approved, and funded for these transactions prior to making the purchase.[10]

Figure 1 shows detailed results of our sample review.

Figure 1: Purchases Made Prior to Verification of
Approved and Available Funding by the IRS Business Unit

Organization Unit of Cardholder	Purchases Made Prior to Funding Verification	Total Purchases in Audit Sample	Amount of Purchases Prior to Funding Verification	Total Amount of Purchases in Audit Sample
Tax Exempt and Government Entities	0	1	$0.00	$229.08
National Taxpayer Advocate	1	2	49.88	110.23
Large and Mid-Size Business	1	2	171.55	251.65
Office of Appeals	1	2	502.08	624.58
National Headquarters	1	3	1,728.00	2,689.79
Chief Counsel	1	4	88.50	1,293.55
Modernization and Information Technology Services	2	6	399.29	1,677.85
Small Business/Self-Employed	3	13	800.49	4,891.58
Wage and Investment	4	13	2,871.08	7,387.55
Criminal Investigation	8	14	1,789.89	2,537.41
Agency-Wide Shared Services	8	18	1,103.51	6,964.44
Total	30	78	$9,504.27	$28,657.71

Source: Our analysis of a statistically valid sample of 78 purchases made during the period September 1, 2007, through March 31, 2009.

In October 2008, the IRS initiated a monthly oversight review of purchase card transactions to determine whether or not order logs are created in a timely manner (referred to as Timely Creation Reviews). These reviews have also identified high instances of purchase cardholders’ noncompliance by making purchases without prior verification that funding was available. The percentage of noncompliance during this 5-month review period was relatively constant and did not show significant improvement as a result of these reviews. Figure 2 shows the noncompliance rates identified during the Timely Creation Reviews the IRS conducted during October 2008 through February 2009.

Figure 2: Results of IRS Timely Creation Reviews

Month of Review	Noncompliance Rate
October 2008	27.2 percent
November 2008	27.8 percent
December 2008	30.2 percent
January 2009	27.5 percent
February 2009	20.8 percent

Source: Our analysis of the IRS’s Timely Creation Reviews performed during October 2008 through February 2009.

We compared the 30 purchase cardholders identified in our sample with the cardholders identified in these 5 Timely Creation Reviews. We found 21 (70 percent) of the 30 cardholders were also identified as noncompliant in 2 or more of the 5 reviews conducted by the IRS. Further, two purchase cardholders were noncompliant in all five reviews conducted by the IRS.

While the controls are intended to ensure that funding is available prior to purchase, the controls do not prevent the cardholder from using the purchase cards when the procedures are not followed. CCS Branch staff believes that purchases made without the verification of approved funding generally occurred because cardholders waited to set up and complete the order log until the purchase was received and accepted and the transaction was ready to be reconciled in the WebRTS.

The primary control to evaluate whether the cardholder followed procedures and verified that funding was available prior to purchase is the approving official’s review and approval of the order log in the WebRTS. However, these reviews occur after the purchase is made and are not effective because IRS guidance does not show the corrective action that the approving official should take in dealing with cardholders that do not follow the required process. Approving officials normally do not deny payment of goods and services once the transaction has been placed on the purchase card. Instead, they approve the transaction with a problem code to ensure the vendor is paid timely under the Prompt Payment Act.[11] If the purchase is determined to be inappropriate or unnecessary, it can be returned to the vendor for credit. These actions are reactive in nature and do not prevent the problem from occurring.

The CCS Branch’s Timely Creation Reviews are also a control for evaluating whether cardholders verified that funding was available prior to purchase. These oversight reviews were not effective in changing cardholders’ behavior because the CCS Branch does not: 1) notify either the approving official or the cardholder’s supervisor when it identifies noncompliance with funding verification requirements; 2) take or recommend any corrective actions (e.g., lowering card dollar limits, cancelling/suspending cards) against the cardholders; or 3) have supervisory authority over individual purchase cardholders within the IRS’s program offices to take any disciplinary actions (e.g., written reprimands or suspension/removal of cardholder). According to CCS Branch management, they did not take corrective actions because they do not want to unduly restrict the capability of the IRS’s business units to use the purchase card and realize the benefits of the card.

In other purchase card reviews, such as the Purchase Card Criteria Review,[12] a more proactive approach is taken by the CCS Branch in providing a warning and restricting purchase card use for repeat offenders. A similar proactive approach by the CCS Branch to implement corrective actions involving cardholders identified in the Timely Creation Reviews would provide a greater level of compliance with the purchase card funding verification procedures. When an inappropriate use of the purchase card is identified, the CCS Branch should notify Labor Relations. Inappropriate use of the purchase card is considered an employee conduct issue that could result in disciplinary action, and the Guide to Penalty Determinations^{^[13]} provides guidance for potential disciplinary actions for misuse of the purchase card. When purchase card transactions are funded prior to making a purchase, but the order log is not established until after purchase, the CCS Branch does not consider this situation as an inappropriate use of the purchase card. We believe that repeated noncompliance with the funding verification requirements, including establishing the order log prior to purchase, is an inappropriate use of the purchase card and should be referred to Labor Relations.

When cardholders are noncompliant with funding verification requirements, the IRS has an increased risk that it will be unable to appropriately prioritize the use of limited resources for purchases as program area budgets are expended. As a result, managements’ decision making ability for allocating a fixed budget across competing needs and making the best use of available funding sources is negated. In addition, associated appropriations may be overspent, which could result in violations of the Anti-Deficiency Act.

Continued noncompliance with purchase card procedures could also weaken the overall internal control system. According to the Government Accountability Office,[14] repeated nonadherence by agency personnel to established internal control policies and procedures (such as failure to set up an order log in the WebRTS prior to making a purchase) may not constitute a violation of law or regulation. However, if allowed to continue, this failure to follow proper procedures will contribute to erosion and weakening of the internal control system. Prompt administrative and disciplinary actions (e.g., informal admonishment; formal reprimand; additional required training; suspension of card privileges; cancellation of the cardholder’s account; and, for more serious incidences of noncompliance, termination of employment) can be effective in reducing persistent lack of adherence to policies and procedures by cardholders and other program personnel. When administrative corrective actions are taken and documented, program management, oversight personnel, and auditors will be able to identify repeat offenders and determine that appropriate steps are being taken to address potentially significant problems before they escalate.

Recommendations

The Chief, Agency-Wide Shared Services, should:

Recommendation 1: Update current purchase card guidance to include the actions required (e.g., approving officials reporting noncompliance to the CCS Branch) when purchases are identified that were made without prior verification and documentation of approved and available funding. This guidance should emphasize the importance of preparing the WebRTS order log prior to purchase and should be provided to all purchase cardholders, their supervisors, and approving officials IRS-wide. In addition, the guidance should include a range of corrective actions (e.g., lowering of purchase card limits to loss of purchase card privileges) that should be taken in response to recurring or persistent lack of adherence to internal controls and procedures.

Management’s Response: The Chief, Agency-Wide Shared Services, agreed with our recommendation and will develop corrective actions, update the Purchase Card Guide, and send communication to purchase cardholders and approving officials regarding the implementation of corrective actions.

Recommendation 2: Provide clear guidance to the CCS Branch on the performance of its oversight and enforcement responsibilities. In addition, current purchase card guidance should be revised to include a requirement for the CCS Branch to notify the cardholder’s supervisor and approving official when it determines that purchase card procedures were not followed and provide clarification as to when the CCS Branch should notify Labor Relations on noncompliance of purchase card transactions.

Management’s Response: The Chief, Agency-Wide Shared Services, agreed with our recommendation and will ensure the CCS Branch is provided guidance on the performance of its oversight and enforcement responsibilities for compliance with the purchase card procedures. The guidance will also identify noncompliance circumstances that warrant referral by the CCS Branch to Labor Relations.

Purchase Cardholders Appear to Be Splitting Purchases to Circumvent Established Single-Transaction Limits

A single transaction (i.e., purchase) may consist of multiple items to a single vendor, but the total dollar amount cannot exceed the cardholder’s single-transaction limit.[15] By definition a split purchase means separating a purchase that exceeds a cardholder’s single-purchase limit or threshold into two or more transactions as a means of getting around the cardholder’s purchase limit.[16] No Federal Government purchase cardholder may split purchases that exceed the cardholder’s limit just to use the purchase card. Doing so is a violation of Federal procurement law.

The approving official review and approval of the order log in the WebRTS is a control to evaluate whether the cardholder followed procedures, including the single-transaction limit. However, the focus of these reviews is on individual transactions. A split-purchase transaction is not always readily identifiable through this type of review because the transaction is divided between two or more individual transactions. The OMB recommends that all Federal agencies perform reviews to identify split purchases and encourages the use of innovative approaches such as data mining (i.e., data analysis) to detect and prevent misuse of purchase cards.^{^[17]} In applying the single-transaction limit, the purchase cardholder must consider the total value of known requirements per order at the time of purchase.[18] When training is involved, the purchase cardholder must consider the total value of training requested for all attendees by a single manager.[19] Examples of these inappropriate split-purchase transactions are provided on the Agency-Wide Shared Services’ web site; however, the Purchase Card Guide does not include these examples or provide a link to the examples.

In October 2009, the IRS initiated its first review to identify instances of purchase cardholders attempting to split purchases. However, this review was not yet reflected in the CCS Branch guidance documents. This review was intended to be a control over split purchases. Our analysis of the documentation for the IRS’s Split-Purchase Review identified that the review was based on a random sample of 403 (1 percent) from a total of 34,726 transactions occurring between April 4, 2009, and July 3, 2009. Based on this review, the IRS identified only one potential split purchase. We do not believe that reviewing a random sample of transactions is the most effective method of identifying split purchases. A better approach would be to systemically analyze all transactions for specific characteristics of a potential split-purchase transaction.

In contrast, we analyzed an extract of Citibank database of purchases made by IRS purchase cardholders between September 1, 2007, and March 31, 2009, to identify potential split purchases. Our criteria[20] included transactions that were:

Performed by the same cardholder.
Conducted with the same vendor.
Charged on the same day.
In excess of $3,000.

Our analysis identified 843 potential split purchases involving 3,066 individual transactions made by 437 purchase cardholders. While we provided the complete listing of purchases to the IRS for its information and subsequent review, we requested that the IRS evaluate 368 of the transactions where the transaction amount was evenly divided (i.e., $1,520.02 and $1,520.02) on the day of the purchase to determine whether a split purchase had actually occurred. The IRS determined that some transactions did have the potential to be split purchases.

IRS analysis of these 368 transactions determined the following:

111 transactions involved Treasury Commercial Vehicle cards,[21] which have a higher single-transaction limit, and were not split purchases.
220 transactions were not considered to be split purchases.
37 transactions totaling $48,390 had the potential to be split purchases

Examples of potential split purchases that IRS identified include the following:

18 separate transactions, totaling $16,500, for a group of employees to attend the same training class. All 18 transactions were conducted on the same day with the same vendor by the same cardholder. The total value of the known requirements for the training requested for all attendees per manager must be under $3,000 to use the purchase card.
2 separate transactions, totaling $5,652, for the purchase of file boxes. Both transactions were conducted on the same day with the same vendor by the same cardholder.

While the IRS may have had a valid business need to purchase these items, they should have used another procurement method. When purchases are split in this manner, normal procurement policies and procedures are not followed and the micro-purchase/single-transaction dollar limits are circumvented. Split-purchase transactions can also result in the overpayment for goods and services. In addition, IRS guidelines indicate that split purchases are an inappropriate use of the purchase card, and the Guide to Penalty Determinations contains a range of disciplinary actions that may be taken when purchase card misuse is identified. In such situations, Labor Relations should be consulted to determine the appropriate actions to take.[22]

In 257 of 368 transactions (i.e., the 257 transactions that did not involve the use of the Treasury Commercial Vehicle cards), the IRS’s evaluation focused in part on whether or not a separate requisition was prepared for the transactions and, if so, the purchase was determined not to be a split purchase. However, this is not the only factor that should be considered. The IRS’s evaluation should have also considered the total value of known requirements per order at the time of purchase (see footnote 18 on page 9 for an example). We did not conduct additional audit tests on the potential split-purchase transactions we identified because the scope of this audit was to evaluate the controls over the use of the purchase card, which includes the IRS’s process to monitor purchase card use. We have a subsequent audit planned to look at nonconforming purchase card transactions. However, we believe additional CCS Branch research and analysis is necessary to fully evaluate whether a split purchase occurred in these 257 transactions, as well as the remaining 2,698 transactions, for a total of 2,955[23] transactions we identified with indicators of split purchase. Because the IRS’s current record retention period is 3 years, the IRS should focus their review on the potential split purchases occurring within the past 3 years.[24]

Recommendations

Recommendation 3: The Deputy Commissioner for Operations Support and the Deputy Commissioner for Services and Enforcement should emphasize to all purchase cardholders, supervisors, funding officials, and approving officials that circumvention of the micro-purchase card single-transaction limits through split-purchase transactions will not be tolerated and agency personnel are expected to comply with purchase card policies and procedures.

Management’s Response: The Chief, Agency-Wide Shared Services, agreed with our recommendation and will issue a communication on behalf of the Deputy Commissioner for Operations Support and Deputy Commissioner for Services and Enforcement to all purchase cardholders and approving officials outlining the policy on split purchases.

The Chief, Agency-Wide Shared Services, should:

Recommendation 4: Update the Purchase Card Guide to include examples to clearly explain scenarios that constitute a split purchase. In addition, a reference to the Guide to Penalty Determinations should be provided to alert the cardholders of the disciplinary actions that may be taken if they knowingly make split-purchase transactions.

Management’s Response: The Chief, Agency-Wide Shared Services, agreed with our recommendation and will consult with the Director, IRS Procurement, about the definition of a split purchase to assist in developing examples and various scenarios. The CCS Branch will update the Purchase Card Guide with scenarios that constitute a split purchase and inform purchase cardholders of disciplinary actions that may be taken if they knowingly make split-purchase transactions.

Recommendation 5: Improve split-purchase oversight reviews conducted by the CCS Branch by using data analysis techniques to identify potential split purchases for further in-depth analysis to detect purchase cardholders who divided what should be a single transaction into two or more separate purchases to avoid exceeding the single-transaction limit. In addition, current purchase card guidance should be updated to include this oversight review.

Management’s Response: The Chief, Agency-Wide Shared Services, agreed with our recommendation and on May 3, 2011, implemented a change to Split-Purchase Reviews. The Split-Purchase Review is now conducted using Citibank’s data mining tool and 100 percent of these transactions are reviewed. Any findings of a split purchase will be referred to Labor Relations.

Recommendation 6: Conduct an in-depth evaluation of the 2,955 potential split-purchase transactions we identified for which supporting documentation is available within the current (3 year) record retention period to determine whether or not a split purchase occurred and take appropriate actions. The in-depth evaluation of these transactions should consider the total value of known requirements per order at the time of purchase regardless of whether separate requisitions were prepared.

Management’s Response: The Chief, Agency-Wide Shared Services, agreed with our recommendation and will perform an in-depth evaluation of the purchase card transactions that are less than 3 years old and make the results available to the Treasury Inspector General for Tax Administration.

Contract Vendors and Preferred Sources for Office Supply Purchases Were Not Always Used

Micro-purchases are subject to the requirements of FAR Subpart 8, which provides that certain products be acquired from designated sources, including statutorily preferred vendors. The FAR requires all Federal agencies to purchase office supplies from contract vendors and preferred sources. If a contract vendor and preferred source for supplies is not used, the purchase should be documented in the WebRTS with the required justification by purchase cardholders. Our review showed that 56 (71.8 percent) of the 78 transactions sampled were for the purchase of office supplies. In 23 (29.5 percent) instances either a contract vendor and/or preferred source was not used, and the cardholder did not justify the use of an alternative contract vendor and/or preferred source in the WebRTS. This included:

8 (10.3 percent) instances where a contract vendor was not used.
14 (17.9 percent) instances where a contract vendor was used, but a preferred source of supplies, such as an AbilityOne program supplier, was not used.
1 (1.2 percent) instance where neither a contract vendor nor a preferred source was used.

The remaining 33 of 56 purchases were either from preferred sources (13 instances) or the supporting documentation (e.g., invoices/receipts provided by the vendor) did not show the source of the purchase (20 instances). In these 20 (35.7 percent) instances, a contract vendor was used, but we could not determine whether or not a preferred source was used.

Purchase cardholders either do not fully understand the requirement for contract vendors or preferred sources of office supplies or they failed to enter the required justification in the WebRTS to document why they were not using contract vendors and preferred sources. There are currently no specific controls to ensure that cardholders purchase office supplies only from contract vendors and preferred sources. As with the funding control previously mentioned, the control for ensuring the appropriate sources are used is an after-the-fact review. The approving official’s review, including review of supporting documentations (e.g., invoices/receipts), and approval of the order log in the WebRTS is the primary control to evaluate whether the cardholder followed procedures and used contract vendors and preferred sources as required. However, our audit results showed that this control was not effective. In addition, while the CCS Branch Transaction Reviews currently include a sample of purchases every month to measure the overall compliance of purchase card activity, the scope of these reviews does not include an evaluation of whether purchase cardholders are using contract vendors and preferred sources when purchasing office supplies. The CCS Branch should expand its Transaction Reviews to specifically include an evaluation of whether appropriate office supply sources are being used by purchase cardholders. In addition, all transaction-related reviews would be more effective if cardholder supervisors and approving officials were notified, in addition to individual purchase cardholders, when transactions are identified that are not in compliance with regulations and purchase card procedures.

When contract vendors and preferred sources for office supply purchases are not used, the IRS is not in compliance with Federal procurement policies, which could result in the Federal Government failing to obtain the best value for its purchases and failing to meet social-economic procurement goals.[25]

Recommendations

The Chief, Agency-Wide Shared Services, should:

Recommendation 7: Reemphasize the statutory requirement for purchasing office supplies from contract vendors and preferred sources to both cardholders and approving officials. In addition, the importance of properly documenting the occasional circumstances in which this cannot be accomplished should also be addressed.

Management’s Response: The Chief, Agency-Wide Shared Services, agreed with our recommendation and stated communication was sent on February 1, 2011, to purchase cardholders and approving officials reminding them of the requirement to use contract vendors and preferred sources and to document order logs when these sources cannot be used.

Recommendation 8: Expand the scope of the monthly Transaction Reviews currently conducted by the CCS Branch to include an evaluation of whether contract vendors and preferred sources are being used by purchase cardholders for office supply purchases. In addition, current purchase card guidance should be updated to reflect this oversight review.

Management’s Response: The Chief, Agency-Wide Shared Services, agreed with our recommendation and changed the monthly Transaction Review in July 2011 to include an evaluation of whether contract vendors and preferred sources are being used. The Purchase Card Guide will also be updated to reflect this review and notification will be sent to all purchase cardholders and approving officials.

The Span of Control of Some Approving Officials Appeared to Be Too Large

The GSA recommends that the ratio of purchase cardholders to approving officials be no more than seven to one (assuming an average of six or seven transactions per cardholder each month). The OMB also requires that the span of control for approving officials be periodically evaluated and that Federal agencies report the ratio of purchase cardholders to approving officials.

For the quarterly report ending June 30, 2009, the IRS reported a ratio of 3.4 purchase cardholders for each approving official. While the overall ratio of purchase cardholders to approving officials in the IRS is less than seven to one, many individual approving officials are responsible for much more than seven purchase cardholders.

At the time of our review, 4,270 employees had been given purchase cards, and 1,024 employees had been assigned the responsibility of approving the individual purchases made by the purchase cardholders. Out of the 1,024 approving officials in the IRS, 922 (90 percent) had 7 or fewer purchase cardholders assigned to them. However, 102 approving officials had more than 7 purchase cardholders assigned to them, and 28 (2.7 percent) approving officials had more than 31 purchase cardholders assigned to them. These 28 approving officials had 32 percent of the purchase cardholders assigned to them.

Figure 3 shows a detailed breakdown of the number of purchase cardholders assigned to approving officials.

Figure 3: Number of Purchase Cardholders Assigned to Approving Officials

Number of Purchase Cardholders	Total Cardholders	Percentage of Total Cardholders	Number of Approving Officials	Percentage of Total Approving Officials
1 – 7	1,896	44.4%	922	90.0%
8 – 15	559	13.1%	53	5.2%
16 – 23	315	7.4%	16	1.6%
24 – 31	134	3.1%	5	0.5%
Over 31	1,366	32.0%	28	2.7%
Totals	4,270	100%	1,024	100%

Source: Our analysis of IRS purchase cardholders and approving officials as of May 4, 2009.

The IRS currently does not have an established policy that addresses the number or range of purchase cardholders that can be assigned to approving officials. The IRS’s business units identify approving officials and establish the span of control; however, the CCS Branch has not evaluated whether the approving official’s current span of control is appropriate. In evaluating whether the current span of control is appropriate, various factors should be taken into consideration, including:

The number of cardholders currently assigned.
The number of purchase transactions made by the individual cardholders.
Whether purchase card oversight is the primary job responsibility or a collateral duty.
Trends of cardholder noncompliance.

When approving officials have too many purchase cardholders under their responsibility or the approving official role is a collateral duty, approving officials may not be able to provide adequate oversight to ensure purchase card transactions are in compliance with the guidelines. For example, during our review we found that:

12 (40 percent) of 30 purchases made without prior verification of approval and funding were later approved by officials who were responsible for more than 7 purchase cardholders.

· 6 (26.1 percent) of 23 purchases where contract vendors and preferred sources were not used for supplies were approved by officials who were responsible for more than 7 purchase cardholders.

We did not conduct an in-depth analysis of the approving officials’ span of control, and a direct correlation could not be made between the errors presented earlier in this report and the number of purchase cardholders for which the approving officials were responsible. However, we believe that the greater the workload of the individual approving official, particularly if it is not the primary role and responsibility, the greater the risk that inappropriate use of the purchase card could go undetected.

Recommendation

Recommendation 9: The Chief, Agency-Wide Shared Services, should identify relevant factors for determining the appropriate span of control for approving officials, evaluate whether the current span of control provides appropriate oversight, and develop and implement policy guidance for establishing a span of control within business units.

Management’s Response: The Chief, Agency-Wide Shared Services, agreed with our recommendation and will review the current span of control and collaborate with business unit organizations to identify relevant factors in support of their program activities to develop a policy on span of control.

Appendix I

Detailed Objective, Scope, and Methodology

The overall objective of this review was to determine whether the IRS’s controls over Federal Government micro-purchase cards are sufficient to ensure that the IRS’s use of purchase cards is in compliance with all applicable regulations and procedures. To accomplish this objective, we:

I. Reviewed the purchase card use procedures to identify any potential weaknesses and noncompliance with applicable regulations and procedures.

A. Obtained and reviewed Department of the Treasury, OMB, and IRS policies and guidance for issuing and using purchase cards and for authorizing and approving purchases.

B. Interviewed CCS Branch personnel responsible for the issuance, use, and monitoring of IRS purchase cards and for identifying and correcting noncompliance in the use of purchase cards by employees.

C. Identified and reviewed the processes the IRS currently employs to monitor the use of purchase cards.

D. Identified the type of reviews that the IRS performs (i.e., those performed during our audit period and those currently being performed) to ensure that purchase cards are being used by employees in accordance with regulations and procedures.

II. Determined whether purchases made during the audit period September 1, 2007, through March 31, 2009, were in compliance with prescribed regulations and purchase card procedures.

A. Obtained from Citibank a database of purchases made by IRS employees from
September 1, 2007, through March 31, 2009.

B. Assessed the reliability of computer-processed purchase card data received from Citibank and determined that the data were sufficiently reliable to use for audit tests. The Treasury Inspector General for Tax Administration’s Information Services Office provided a data quality and reliability assurance statement that the Citibank database of purchase transactions was complete and reliable to use for audit tests.

C. Selected a statistically valid sample of purchases made during the audit period.^{^[26]} The population of purchases made was 174,734 and the sample size was 78. The confidence level of the sample was 90 percent, the expected error rate was 5 percent, and the precision rate was ± 4 percent.

D. Reviewed the sample of transactions to verify that purchases were made in accordance with established procedures.

III. Determined whether purchase cardholders[27] and approving officials received appropriate training.

A. Obtained a database of all IRS employees who had been issued a purchase card as of May 4, 2009.

B. Selected a statistically valid sample of employees who had been assigned a purchase card.^{^[28]} The population of employees with purchase cards was 4,270 and the sample size was 80. The confidence level of the sample was 90 percent, the expected error rate was 5 percent, and the precision rate was ± 4 percent.

C. Identified which IRS business unit the employee is assigned to and determined the type of training the employee should have received.

D. Analyzed IRS training records for the period January 1, 2007, through March 31, 2009, and determined whether each employee in the sample and his or her respective approving official had completed all of the required training (initial functional training or refresher training) during that period.

IV. Determined whether the IRS has an adequate monitoring system for the purchase card program to ensure that cards are being used by employees in accordance with applicable regulations and current procedures.

A. Obtained documentation of IRS reviews performed during the audit period and evaluated whether the scope of the reviews was sufficient to identify noncompliance with regulations and procedures.

B. Observed a training review as it was being conducted and assessed whether the review was properly performed.

Internal controls methodology

Internal controls relate to management’s plans, methods, and procedures used to meet their mission, goals, and objectives. Internal controls include the processes and procedures for planning, organizing, directing, and controlling program operations. They include the systems for measuring, reporting, and monitoring program performance. We determined the following internal controls were relevant to our audit objective: the terms and conditions of the current GSA credit card contract, the FAR,[29] Department of the Treasury regulations,[30] and the IRS’s policies, procedures, and practices for administering the Purchase Card Program. We evaluated these controls by interviewing management, reviewing applicable documentation, and analyzing a sample of purchases.

Appendix II

Major Contributors to This Report

Nancy A. Nakamura, Assistant Inspector General for Audit (Management Services and Exempt Organizations)

Alicia Mrozowski, Director

Julia Moore, Audit Manager

Darryl Roth, Audit Manager

Mildred Rita Woody, Audit Manager

Tom Cypert, Lead Auditor

Robert Beel, Senior Auditor

Theresa Haley, Senior Auditor

Ken Henderson, Senior Auditor

Tina Augustine, Auditor

Robert Carpenter, Information Technology Specialist

Appendix III

Report Distribution List

Commissioner C

Office of the Commissioner – Attn: Chief of Staff C

Chief Counsel CC

National Taxpayer Advocate TA

Chief, Agency-Wide Shared Services OS:A

Director, Employee Support Services OS:A:ESS

Director, Procurement OS:A:P

Director, Office of Legislative Affairs CL:LA

Director, Office of Program Evaluation and Risk Analysis RAS:O

Office of Internal Control OS:CFO:CPIC:IC

Audit Liaisons:

Deputy Commissioner for Operations Support OS

Deputy Commissioner for Services and Enforcement SE

Chief, Agency-Wide Shared Services OS:A

Appendix IV

Outcome Measure

This appendix presents detailed information on the measurable impact that our recommended corrective actions will have on tax administration. This benefit will be incorporated into our Semiannual Report to Congress.

Type and Value of Outcome Measure:

· Protection of Resources – Potential; $48,390 (see page 8)

Methodology Used to Measure the Reported Benefit:

To determine the protection of resources, we analyzed an extract of Citibank database purchases made by IRS purchase cardholders between September 1, 2007, and March 31, 2009, to identify potential split purchases. Our criteria^{^[31]} included transactions that were:

Performed by the same cardholder.
Conducted with the same vendor.
Charged on the same day.
In excess of $3,000.

Our analysis identified 843 potential split purchases involving 3,066 individual transactions made by 437 purchase cardholders. We requested that the IRS evaluate 368 of the transactions where the transaction amount was evenly divided (i.e., $1,520.02 and $1,520.02) on the day of the purchase to determine whether a split purchase had actually occurred.

From the 368 transactions, the IRS identified 37 transactions totaling $48,390 that appeared to be split transactions. All of these transactions occurred on the same day to the same vendor. While the IRS may have had a valid business need to purchase these items, it should have used another procurement method.

Appendix V

The Purchase Card Process and Controls
at the Internal Revenue Service

Credit Card Services Branch responsibilities in the Purchase Card Program

Within the IRS, the CCS Branch is the Agency/Organization Program Coordinator. CCS Branch responsibilities include:

Oversight responsibility of the IRS’s Purchase Card Program.
Training and certifying new purchase cardholders^{^[32]} and approving officials and providing refresher training every 2 years for existing purchase cardholders and approving officials.
Processing new account applications.
Processing purchase card account maintenance issues such as cancellations, name and address changes, limit changes, and acceptance issues.
Issuing program guidance for the Purchase Card Program.
Conducting periodic program reviews to monitor compliance with established controls.

Purchase card process and controls at the Internal Revenue Service

The Office of Procurement Policy provides policy guidance for the Purchase Card Program as it relates to the FAR, the Department of the Treasury, and the IRS. Within the IRS’s business units, the Purchase Card Program includes:

· Funding officials who ensure that funding is available to pay for the purchase.

Individual cardholders who place orders with an approved vendor, record the date when the goods or services are received and accepted, and reconcile internal information relating to the transaction posted in the WebRTS with data from Citibank.

· Approving officials who review the purchase information and can either approve or disapprove the transaction in the WebRTS. Approved purchase card transactions are scheduled for payment to Citibank.

In general, the purchase card process in the IRS involved the following controls:

The program office identifies the goods and services it needs and determines the total known requirements. Based on the requirements, the program office determines the most appropriate method for purchasing these items. If the cost of the total value of the known requirements is less than $3,000, a purchase card can be used for the transaction.
The cardholder/requestor creates a requisition in the WebRTS.
The program office approver is responsible for ensuring that the goods and services ordered are necessary and appropriate and for entering the proper approval into the WebRTS.
The funding official is responsible for funding approved WebRTS requisitions and for entering the appropriate accounting code into the WebRTS. This step ensures sufficient funds are present to cover the cost of the transaction.
The cardholder creates a purchase card order log (referred to as an order log) in the WebRTS referencing the requisition number which verifies funding has been committed and records other required information about the purchase.
The cardholder places the order[33] with an approved vendor. The cardholder records the date when the goods or services are received and accepted in the WebRTS order log.
Once Citibank downloads[34] a batch of transactions, the cardholder then associates and reconciles transactions posted in the WebRTS.
The approving official then reviews the order log for compliance with all applicable guidance and can either approve or disapprove the transaction in the WebRTS. The approving official is responsible for ensuring that the purchase cardholder maintains copies of any documentation used to create the request into the WebRTS (email, etc.) and maintains documents to support receipt and acceptance entered into the system.

Through an interface with the Integrated Financial System, funding is obligated and approved purchase card transactions are scheduled for payment to Citibank.
A separate invoice for each master account is sent by Citibank to the Beckley Finance Center for payment, and the Beckley Finance Center processes approved purchase card transactions for payment.

Purchase card approving official responsibilities

As part of its control standards, the IRS requires that every purchase made by an employee with a purchase card be reviewed and evaluated by an approving official. Approving officials must perform the following for each transaction:

Determine whether the transaction is a purchase for official IRS business.
Determine whether approval was obtained prior to the purchase.
Confirm that each purchase was allowable within existing IRS and business organization guidelines.
Ensure there is approved funding available for each transaction.
Confirm that the order log shows that the goods or services were actually received.
Identify and address any possible cardholder misuse (e.g., approval/funding not secured prior to purchase, split purchases, etc.).
Ensure that the cardholder has all required supporting documentation.
Review supporting documentation for transaction accuracy.

The Internal Revenue Service monitoring of the purchase card controls

CCS Branch employees perform several reviews to monitor the effectiveness of controls in the Purchase Card Program. The CCS Branch reviews included:

Cardholder and Approval Official Training Reviews – quarterly reviews to verify that employees are receiving sufficient training.
Transaction Reviews – monthly reviews to compare a sample of Citibank transaction reports to purchase information documented in the WebRTS.^{^[35]}
Purchase Card Criteria Reviews – monthly reviews to determine whether the purchase card was activated and used at least 2 times in the past 12 months and whether the transactions were processed in a timely manner.
Purchase Card Hierarchy Reviews – monthly reviews to evaluate organizational movement of employees.
Received Date Reviews – monthly reviews to verify that received dates are entered in the WebRTS order log.
Timely Creation Reviews – monthly reviews to verify that the purchase was created timely in the WebRTS order log.^{^[36]}
Split-Purchase Reviews – annual reviews to identify when a single purchase is divided into two or more separate purchases to avoid exceeding the single-transaction limit.^{^[37]}

Appendix VI

Glossary of Terms

Term	Definition
AbilityOne Program	A preferred source of suppliers that provides employment opportunities for people who are blind or have other severe disabilities in the manufacture and delivery of products and services to the Federal Government. Federal agencies are required to purchase certain supplies and services from designated nonprofit agencies serving people with disabilities, formerly known as the Javits-Wagner-O’Day Program.
Agency/Organization Program Coordinator	The liaison between the IRS, the bank, and the cardholder.
Anti-Deficiency	Making or authorizing an expenditure or obligation exceeding an amount available in an appropriation or fund for the expenditure or obligation.
Approving Official	The IRS’s employee responsible for oversight and approval of the purchase card activity for the purchase cardholders under his or her purview. The approving official may be different than the purchase cardholder’s supervisor.
Collateral Duties	Official duties and responsibilities assigned to an employee in addition to the primary duties of the employee’s position.
Contract Vendors	The IRS has established a desk supply contract with two vendors (Corporate Express and Office Depot) to promote competition and to achieve better service and prices. One of the key elements of this mandatory supply contract is the provision of next-day desktop delivery to a minimum of 90 percent of approximately 5,500 order sites, located in nearly 800 facilities in the 48 contiguous United States.
Data Mining	An automated process used to scan databases to detect patterns, trends, and anomalies for use in risk management or other areas of analysis.
Federal Acquisition Regulation (FAR)	The codification and publication of uniform policies and procedures for acquisitions by all Executive Branch agencies.
Integrated Financial System	The IRS’s administrative financial accounting system.
Order Point	The location for which orders are shipped.
Preferred Sources	Suppliers mandated by Congress for social/economic purposes.
Purchase Card Order Log	A recording of actions that track each step of a purchase, including the posting date of the transaction and the association, reconciliation, and approval of the transaction.
Purchase Cardholders	The individual IRS employee who has been trained and authorized to use the Government Purchase Card.
Reconciliation	Process of comparing purchase transaction information in the WebRTS with Citibank records to ensure accuracy.
Requestor	Individuals responsible for preparing/inputting requisitions into the automated system and creating the routing path for the requisition. This could be the cardholder, a budget analyst, or other individual in the business unit with the appropriate permissions as a requestor in the WebRTS.
Single-Transaction Limit	Each purchase card account has a limit on the dollar amount for any one transaction. The maximum allowable single-transaction limit for micro-purchases is $3,000 ($2,500 for services; $2,000 for construction).
SmartPay	A GSA program that provides charge cards to Federal Government agencies through contracts negotiated with major national banks.
Span of Control	In the purchase card program, this refers to the number of cardholders, purchase cards, and purchase card transactions assigned to an approving official.
Split Purchase	Separating a small purchase that exceeds a cardholder’s single-purchase limit or threshold into two or more transactions as a means of circumventing the cardholder’s purchase limit.
Web Requisition Tracking System (WebRTS)	An automated requisition system used by the IRS to monitor and control purchase activity; it is used in lieu of a hard copy Requisition for Equipment, Supplies or Services (Form 1334).

Appendix VII

Management’s Response to the Draft Report

DEPARTMENT OF THE TREASURY

INTERNAL REVENUE SERVICE

WASHINGTON, D.C. 20224

CHIEF

AGENCY-WIDE

SHARED SERVICES

July 25, 2011

MEMORANDUM FOR MICHAEL R. PHILLIPS

DEPUTY INSPECTOR GENERAL FOR AUDIT

FROM: David A. Grant /s/ David A. Grant

Chief, Agency-Wide Shared Services

SUBJECT: Draft Audit Report - Controls Over the Purchase Card Program Were Not Effective in Ensuring Appropriate Use (Audit #200910009)

Thank you for the opportunity to respond to the draft audit report. The audit was conducted to verify the Internal Revenue Service's (IRS) purchase card controls were sufficient to prevent waste, fraud, and abuse.

After reviewing the draft report, we concur with the recommendations and will develop corrective actions as listed. Please note the data for this audit goes through FY 2009 and many of the proposed corrective actions have already been implemented. Please see our response to the nine recommendations attached.

We appreciate the continued support and assistance provided by your office. If you have any questions, please contact me at (202) 622-7500, or a member of your staff may contact Mary Beth Murphy, Director, Employee Support Services, at (202) 283-7784. For matters concerning audit follow-up, please contact Larry Pugh, Office of Strategy and Finance, Agency-Wide Shared Services, at (202) 622-4541.

Attachment

RECOMMENDATION #1: Update current purchase card guidance to include the actions required (e.g., approving officials reporting noncompliance to the CCS Branch) when purchases are identified that were made without prior verification and documentation of approved and available funding. This guidance should emphasize the importance of preparing the WebRTS order log prior to purchase and should be provided to all purchase cardholders, their supervisors, and approving officials IRS-wide. In addition, the guidance should include a range of corrective actions (e.g., lowering of purchase card limits to loss of purchase card privileges) that should be taken in response to recurring or persistent lack of adherence to internal controls and procedures.

CORRECTIVE ACTION: We agree with this recommendation. Credit Card Services (CCS) will develop corrective actions, update PC Guide and send communication via email to Purchase Cardholders/PC Approving Officials regarding implementation of corrective actions.

IMPLEMENTATION DATE: October 17, 2011

RESPONSIBLE OFFICIAL: Director, Employee Support Services, Agency-Wide Shared Services

CORRECTIVE ACTION MONITORING PLAN: Employee Support Services (ESS) will enter accepted corrective actions into the Joint Audit Management Enterprise System (JAMES). These corrective actions are monitored on a monthly basis until completion.

RECOMMENDATION #2: Provide clear guidance to the CCS Branch on the performance of its oversight and enforcement responsibilities. In addition, current purchase card guidance should be revised to include a requirement for the CCS Branch to notify the cardholder's supervisor and approving official when it determines that purchase card procedures were not followed and provide clarification as to when the CCS Branch should notify Labor Relations on noncompliance of purchase card transactions.

CORRECTIVIE ACTION: We agree with this recommendation. The Director, Employee Support Services, will ensure the CCS Branch is provided guidance on the performance of their oversight and enforcement responsibilities for compliance with the Purchase Card Program procedures. The guidance will identify non-compliance circumstances warranting referral by CCS Branch to Labor Relations.

IMPLEMENTATION DATE: October 17, 2011

RESPONSIBLE OFFICIAL: Director, Employee Support Services, Agency-Wide Shared Services

RECOMMENDATION #3: The Deputy Commissioner for Operations Support and the Deputy Commissioner for Services and Enforcement should emphasize to all purchase cardholders, supervisors, funding officials, and approving officials that circumvention of the micro-purchase card single-transaction limits through split-purchase transactions will not be tolerated and agency personnel are expected to comply with purchase card policies and procedures.

CORRECTIVE ACTION: We agree with this recommendation. The Chief, Agency-Wide Shared Services will issue a communication on behalf of the Deputy Commissioner for Operations Support and Deputy Commissioner for Services and Enforcement to all Cardholders and PC Approving Officials outlining policy on split purchases.

IMPLEMENTATION DATE: September 1, 2011

RESPONSIBLE OFFICIAL: Director, Employee Support Services, Agency-Wide Shared Services

RECOMMENDATION #4: Update the Purchase Card Guide to include examples to clearly explain scenarios that constitute a split purchase. In addition, a reference to the Guide to Penalty Determinations should be provided to alert the cardholders of the disciplinary actions that may be taken if they knowingly make split-purchase transactions.

CORRECTIVE ACTION: We agree with this recommendation. We will consult with the Director, IRS Procurement, about the definition of a split purchase to assist in developing examples and various scenarios. CCS Branch will update PC Guide with scenarios that constitute a split purchase and inform the cardholders of the disciplinary actions that may be taken if they knowingly make split-purchase transactions.

IMPLEMENTATION DATE: January 15, 2012

RESPONSIBLE OFFICIAL: Director, Employee Support Services, Agency-Wide Shared Services

RECOMMENDATION #5: Improve split-purchase oversight reviews conducted by the CCS Branch by using data analysis techniques to identify potential split purchases for further in-depth analysis to detect purchase cardholders who divided what should be a single transaction into two or more separate purchases to avoid exceeding the single transaction limit. In addition, current purchase card guidance should be updated to include this oversight review.

CORRECTIVE ACTION: We agree with this recommendation. On May 3, 2011, CCS implemented a change to split purchase review. Split Purchase review is conducted using Citibank's data mining tool. One hundred percent of these transactions are reviewed. Any findings of a split purchase will be referred to Labor Relations.

IMPLEMENTATION DATE: Completed May 3, 2011

RESPONSIBLE OFFICIAL: Director, Employee Support Services, Agency-Wide Shared Services

CORRECTIVE ACTION MONITORING PLAN: Employee Support Services (ESS) will enter accepted corrective actions into the Joint Audit Management Enterprise System (JAMES). These corrective actions are monitored on a monthly basis until completion.

RECOMMENDATION #6: Conduct an in-depth evaluation of the 2,955 potential split purchase transactions we identified for which supporting documentation is available within the current (3 year) record retention period to determine whether or not a split purchase occurred and take appropriate actions. The in-depth evaluation of these transactions should consider the total value of known requirements per order at the time of purchase regardless of whether separate requisitions were prepared.

CORRECTIVE ACTION: We agree with this recommendation. TIGTA provided a spreadsheet of 3,066 potential split purchases using data extraction tools. Of the 3,066, TIGTA identified 368 for CCS to perform in-depth review (these were transactions split in equal amounts). CCS performed an in-depth review of these 368 in September 2010. The remaining 2,698 transactions that are less than 3 years old (as documentation is only required to be kept for 3 years) will be reviewed by CCS. The results will be reviewed and made available to TIGTA.

IMPLEMENTATION DATE: October 17, 2011

RESPONSIBLE OFFICIAL: Director, Employee Support Services, Agency-Wide Shared Services

RECOMMENDATION #7: The Chief, Agency-Wide Shared Services, should reemphasize the statutory requirement for purchasing office supplies from contract vendors and preferred sources to both cardholders and approving officials. In addition, the importance of properly documenting the occasional circumstances in which this cannot be accomplished should also be addressed.

CORRECTIVE ACTION: We agree with this recommendation. Communication was sent February 1, 2011, to Purchase Cardholders and PC Approving Officials reminding them of the requirement to use contract vendors and preferred sources and to document Order Logs when these sources cannot be used.

IMPLEMENTATION DATE: Completed February 1, 2011

RESPONSIBLE OFFICIAL: Director, Employee Support Services, and Chief, Agency-Wide Shared Services

RECOMMENDATION #8: Expand the scope of the monthly Transaction Reviews currently conducted by the CCS Branch to include an evaluation of whether contract vendors and preferred sources are being used by purchase cardholders for office supply purchases. In addition, current purchase card guidance should be updated to reflect this oversight review.

CORRECTIVE ACTION: We agree with this recommendation. CCS will implement a change to the monthly transaction review in July 2011 to include evaluation of whether contract vendors and preferred sources are being used. The Purchase Card Guide will be updated to reflect this review and notification will be sent to all PC holders and approvers.

IMPLEMENTATION DATE: January 15, 2012

RESPONSIBLE OFFICIAL: Director, Employee Support Services, Agency-Wide Shared Services

RECOMMENDATION #9: The Chief, Agency-Wide Shared Services, should identify relevant factors for determining the appropriate span of control for approving officials, evaluate whether the current span of control provides appropriate oversight, and develop and implement policy guidance for establishing a span of control within business units.

CORRECTIVE ACTION: We agree with this recommendation. The Director, Employee Support Services, will review the current span of control and collaborate with Business Organizations to identify relevant factors in support of their program activities to develop policy on span of control.

IMPLEMENTATION DATE: May 25, 2012

RESPONSIBLE OFFICIAL: Director, Employee Support Services

[3] Section (§) 807 of Pub. L. No. 108-375 (118 Stat. 2010) requires that the micro-purchase threshold be adjusted for inflation every 5 years. Pursuant to that provision, § 2.101 of the FAR was amended (71 Federal Register 57366, September 28, 2006) raising the micro-purchase threshold to $3,000.

[4] Treasury Financial Manual, Volume I, Part 4-4500, “Government Purchase Cards.” FAR, 48 C.F.R. § 13.301(b) (2002).

[5] In the normal Federal procurement process, acquisition personnel, after determining their agency’s requirements (that is, the goods and services the agency needs), post a solicitation on the Federal Business Opportunities web site. Interested companies prepare their offers in response to the solicitation and, in accordance with applicable provisions of the FAR, agency personnel evaluate the offers.

[6] Internal Revenue Service Purchase Card Guide (Document 9185, dated February 2009).

[7] Audit Guide: Auditing and Investigating the Internal Control of Government Purchase Card Programs (GAO-04-87G, dated November 1, 2003).

[8] Inappropriate Use of: Government Purchase Card; Government Travel Card (Individual and Centrally Billed); Convenience Check Program (Document 12337, revision dated May 12, 2010).

[10] Cardholders have the ability to view requisitions within the WebRTS to determine whether or not they have been funded without setting up an order log. However, there is no way to document whether or not they took this action to determine whether funding had been approved prior to making a purchase unless they set up an order log and attach the approved, funded requisition document as required by IRS purchase card policy and procedures.

[12] See Appendix V for more information on this review.

[13] Internal Revenue Service Guide to Penalty Determinations For Use With IRM 6.751.1 (dated August 13, 2007).

[14] Audit Guide: Auditing and Investigating the Internal Control of Government Purchase Card Programs (GAO-04-87G, dated November 1, 2003).

[15] The maximum allowable single-transaction limit for micro-purchases is $3,000 ($2,500 for services; $2,000 for construction).

[16] For example: Joe, a cardholder, needs to buy 100 widgets, and the total value of the transaction is $4,000 (or $40 per widget). Joe knows that the micro-purchase threshold is $3,000. In order to make the transaction less than the micro-purchase limit, he asks the store to split his order into 2 separate transactions: 1 for $2,800 (70 widgets) and 1 for $1,200 (30 widgets). This action is called a “split transaction” and is a violation of Federal procurement regulations. Approving officials should make sure that their assigned cardholders are aware of the prohibition on split transactions and should monitor cardholder use to check that split transactions are not occurring. The most common indicator of a split transaction is multiple transactions with the same vendor for the same items on the same day (or within a period of a few days), where the total amount of the transactions exceeds the micro-purchase limit.

[17] Improving the Management of Government Charge Card Programs, (OMB Circular No. A-123, Appendix B, dated January 15, 2009).

[18] In the above example, Joe, a cardholder, needs to buy 70 widgets and the total value of the transaction is $2,800 (or $40 per widget). However, due to an unforeseen change in widgets needed, Joe subsequently needs an additional 30 widgets with a value of $1,200. While the resulting total widgets ordered is $4,000 and exceeds the single‑transaction limit, this would not be a split purchase because the needs or requirements for the additional widgets were not known at the time of the original purchase.

[19] The total amount of identical training for employees of a single manager cannot exceed $3,000.

[20] Audit Guide: Auditing and Investigating the Internal Control of Government Purchase Card Programs (GAO-04-87G, dated November 1, 2003).

[21] Treasury Commercial Vehicle cards are used for acquiring information technology products and have up to $100,000 single-transaction limits. None of the 111 transactions exceeded $100,000.

[22] The IRS’s Inappropriate Use of: Government Purchase Card; Government Travel Card (Individual and Centrally Billed); Convenience Check Program (Document 12337, revision dated May 12, 2010) states, that if the Travel/Purchase Cardholder/Convenience Check customer’s manager identifies inappropriate use of a Credit Card/Convenience Check Program, the manager must consult with Labor Relations before taking any action. If appropriate based on the information available, the manager may also need to contact the Treasury Inspector General for Tax Administration. Labor Relations will advise the manager on appropriate actions to take based upon the facts/circumstances and the appropriate penalty guide.

[23] The 2,955 total transactions was calculated by subtracting the 111 Treasury Commercial Vehicle card transactions from the 3,066 total transactions identified.

[24] IRS guidance requires purchase card holders to retain documentation relating to activity on the purchase card for 3 years from the payment date of the master invoice (which is 30 days from the billing cycle end date).

[25] It is the policy of the United States, as stated in the Small Business Act, that all small businesses have the maximum practicable opportunity to participate in providing goods and services to the Federal Government. To ensure that small businesses get their fair share, the Small Business Administration negotiates annual procurement preference goals with each Federal agency and reviews each agency’s results.

[26] We believed that selecting a statistically valid sample of purchases was the most appropriate way to evaluate transactions because it allows us to make inferences and project our results to the whole population from which our sample was derived.

[27] See Appendix VI for a glossary of terms.

[28] We believed that selecting a statistically valid sample of employees with purchase cards was the most appropriate way to evaluate training.

[30] Treasury Financial Manual, Volume I, Part 4-4500, “Government Purchase Cards.” FAR, 48 C.F.R. § 13.301(b) (2002).

[31] Audit Guide: Auditing and Investigating the Internal Control of Government Purchase Card Programs (GAO-04-87G, dated November 1, 2003).

[32] See Appendix VI for a glossary of terms.

[33] Only after the funding official has certified the funding can the procurement take place. This occurs once the requisition reaches Status 66 (i.e., funding is available and the requisition has been approved) in the WebRTS.

[34] The Citibank download process involves the posting of transactions to cardholder’s account.

[35] Transaction Reviews are conducted to evaluate compliance with various controls for each transaction; however, the reviews did not include verifying whether contract vendors and preferred sources for office supply purchases are used. These reviews should be expanded to include the evaluation of appropriate use of contract vendors and preferred sources for office supply purchases (see page 13).

[36] Timely Creation Reviews identified noncompliance with controls intended to ensure that funding was verified and available before purchases are made; however, the reviews were not effective in changing cardholder behaviors and stronger corrective actions are needed to deter further noncompliance (see page 4).

[37] Split-Purchase Reviews are conducted to detect split-purchase transactions; however, the CCS Branch methodology for identifying transactions to include in Split-Purchase Reviews needs to include a data analysis technique to identify transactions with high potential for meeting the characteristics of a split purchase (see page 8).