SOCIAL SECURITY

Office of the Inspector General

SOCIAL SECURITY ADMINISTRATION BALTIMORE MD 21235-0001

November 6, 2001

The Honorable Charles E. Grassley
Ranking Minority Member
Committee on Finance
United States Senate
Washington, D.C. 20510

Dear Senator Grassley:

Thank you for your September 24, 2001 inquiry concerning the Social Security Administration's (SSA) SmartPay program. We share your concerns that the Government may be paying for Federal employees’ personal purchases made through the unauthorized use of Government charge cards.

In responding to your questions, we relied on information from a prior audit, investigations of employees who committed unauthorized use of Government charge cards, and information we obtained from SSA representatives responsible for monitoring SSA’s SmartPay program. The enclosed report contains information related to

We appreciate your interest in SSA’s SmartPay program. We will continue to keep you apprised of SSA’s and our efforts to ensure instances of charge card misuse are minimized.

Page 2 -The Honorable Charles E. Grassley

If you have any questions concerning this matter, please call me or have your staff contact Richard A. Rohde, Special Agent-in-Charge for External Affairs, at 410-966-1722.

Sincerely,

James G. Huse, Jr.
Inspector General of Social Security

Background

In 1998, the General Services Administration (GSA) awarded five contracts that provide Federal agencies a new way to pay for commercial goods and services as well as travel and fleet-related expenses. The GSA SmartPay program is intended to allow Federal employees to do their jobs more efficiently. The GSA SmartPay contracts are effective from November 30, 1998 through November 29, 2003, with five 1-year options to renew. Awards were made to five service providers: Citibank VISA, Bank One, Mellon Bank, Bank of America, and U.S. Bank. The Social Security Administration (SSA) has elected to use Citibank VISA as its vendor for the SmartPay program. The SmartPay program is administered in two categories: travel and Government purchases.

Under the Travel Card Program, Federal employees who travel are issued travel charge cards to use for official travel, as required under the Federal Travel Regulation.1 The contractual relationship is between the employee and Citibank. SSA reimburses the employee for travel expenses, and it is the employee’s responsibility to pay Citibank. In Fiscal Year (FY) 2000, there were about 29,300 cardholders with total charges of $25,003,959. In FY 2001 there were approximately 28,700 cardholders with total charges of $36,929,554.

SSA provides training for new employees on the appropriate use of the travel card. Also, SSA has several controls to monitor the program’s effectiveness and to identify potential misuse of the travel card. For example, SSA has established with Citibank a $10,000 charge limit and a $1,300 limit on automated teller machine (ATM) withdraws. SSA also uses merchant blocking, which permits only certain types of purchases, such as air/rail transportation, lodging, meals, and parking. Also, Citibank suspends cards of individuals who have not paid for charges after 66 days, cancels cards that are 120 days past due, and cancels cards that have unauthorized use.

SSA also monitors the employee's payments to Citibank. WHen an employee's travel card account becomes delinquent,2 SSA sends notification to the cardholder to pay the delinquent account. In addition, the appropriate Deputy Commissioner and the travel authorizing official are informed of the delinquency. The delinquency letter is placed in the employee’s personnel file for 1 year. According to SSA, these letters have been effective in getting employees to repay their delinquent accounts.

Under the Government Purchases Program, some employees have acquisition authority to make small purchases for SSA. The contractual relationship is between SSA and Citibank. In FY 2000, there were about 3,700 cardholders with total actual payment purchases of $50,008,521, and, in FY 2001, there were approximately 3,800 cardholders with total purchases of $50,765,086.

SSA provides training for new cardholders and approving officials. SSA is providing refresher training for current cardholders that must be completed by November 30, 2001. SSA has controls to monitor the program’s effectiveness and to identify potential misuse of Government purchase cards. Some of these improvements were the result of an audit report we issued in June 2000. For example, SSA requires the approving official to monitor purchase card activity by reviewing each cardholder’s monthly activity statement and to question purchases that appear inappropriate. Other controls include limiting purchases to $2,5000 3 per transaction per day, monthly exception routines to identify split orders to stay within the $2,500, merchant blocking, and word searches for certain descriptions of purchases that appear inappropriate. Finally, SSA’s Office of Acquisition and Grants performs periodic internal quality reviews to assess compliance with procedures.

On September 24, 2001, Senator Charles E. Grassley, Ranking Minority Member, Senate Finance Committee, sent a letter to the Inspector General of SSA requesting that the Office of the Inspector General (OIG) communicate its evaluative experience with the SmartPay program at SSA. Senator Grassley made this request in light of recent reports that the Government is paying for Federal employees’ personal purchases made through the unauthorized use of Government charge cards. Senator Grassley specifically requested information in the following areas.

According to SSA, there were 112 instances of Government charge card misuse in FYs 2000 and 2001. The disciplinary action ranged from a reprimand to the employee’s termination. Appendix A contains a full description of each case.

Purchase Card Misuse - 2 cases

Reprimand to termination of employee

We believe these internal control weaknesses increase the potential for fraud, waste and abuse in connection with Government charge card purchases as well as hindering SSA’s ability to detect such actions. To strengthen Government charge card purchase internal controls, we made 10 recommendations to SSA. SSA generally agreed with our recommendations. Appendix B contains a copy of the audit report.

Our Office of Investigations investigated four cases of Government charge card misuse in FYs 2000 and 2001. The disciplinary action ranged from a 7-day suspension to incarceration. Appendix C contains a full description of each investigation.

Purchase Card Misuse - 2 cases

Travel Card Misuse - 2 cases

Disciplinary Action - 30 day suspension;

We will continue to track SSA’s progress in implementing our prior recommendations to improve the controls over Government purchases. We have no planned audits of SSA’s travel card program because of the low incidence of misuse (55 cases/year for approximately 29,000 cardholders). In addition, individual cardholders are obligated to pay Citibank for travel card expenses and are therefore not a debt to the Government.

We have one open investigation; however, the results are not available. We will continue to monitor the SmartPay program by quickly responding to all allegations of fraud and misuse.

We have no new recommendations at this time for correcting program weaknesses.

Conclusion

The SmartPay program is intended to allow Federal employees to do their job more efficiently. However, there are risks associated with the use of Government charge cards. Our prior audit of SSA’s Government purchase card program has shown there are internal control weaknesses that increase the potential for fraud, waste, and abuse. We are encouraged that SSA generally agreed with our findings and recommendations. SSA’s corrective actions, if properly implemented, should significantly improve SSA’s internal controls over the use of Government purchase cards. SSA’s travel card program has a low incidence of misuse, and travel card charges do not result in a debt to the Government. Although we have no planned audits of SSA’s travel card program, we will continue to monitor incidences of potential misuse.

Appendices

Controls over International Merchant Purchase

Authorization Card Payments (A-13-97-91018), June 2000

Instances of Government Charge Card Misuse

Boston 14
New York 30
Philadelphia 17
Atlanta 5
Chicago 7
Dallas 4
Kansas City 3
Denver 0
San Francisco 12
Seattle 6
Headquarters 12 2
Total 110 2

The Boston region reported 14 cases of misuse of Government charge card. Of those, nine were not related to Government authorized travel.

OFFENSE
EMPLOYEE FAILED TO TIMELY PAY GOVERNMENT-RELATED TRAVEL CARD EXPENSES OR TRAVEL ADVANCES

$1,600.00 Credit Card Report Counseling-late payment

$4,000.00 Credit Card Report Counseling-late payment

$102.00 Credit Card Report Counseling-late payment

$900.00 Credit Card Report Counseling-late payment

$1,400.00 Credit Card Report Counseling-late payment

OFFENSE
IMPROPER USE OF CHARGE CARD WHERE EMPLOYEE USED VISA CARD TO PURCHASE SOMETHING NOT RELATED TO AUTHORIZED GOVERNMENT TRAVEL

$1,000.00 Credit Card Report Counseling-used for other expenses while on official travel

$300.00 Credit Card Report Counseling-fixed his personal vehicle, in assoc. w/ official travel. May decide to de-activate card, pending decision.

$190.00 Credit Card Report Counseling-paid for spouse's dinner while on official travel

$400.00 Credit Card Report Reprimand-initially counseled, then used card for 3 months to pay for personal bills.

$2,100.00 Credit Card Report Reprimand and 120 day letter. Employee used for personal reasons, additionally, was late in making payments.

$900.00 Credit Card Report Counseling and deactivation of card. Used to pay rent.

$50.00 Credit Card Report Counseling- expenses to personal vehicle while in travel, not associated with official business.

$1,000.00 Credit Card Report Counseling- personal use on weekend to take side trip while on official travel.

The New York Region reported 30 cases of misuse of the Government charge card. Following is the information provided.

Misuse and/or delinquencies come to the region’s attention based on the Monthly Activity Reports and Delinquency Reports received from Citibank.

At least one employee was reprimanded, and at least four employees were suspended.

The Philadelphia Region reported 17 cases of charge card misuse.
Following is a summary of the Philadelphia Region activity:

This does not accurately reflect the number of instances where there was misuse or failure to repay a debt -- rather, this reflects the number of disciplinary or adverse actions taken based on this type of activity.

Type of offense: 6 relate to Government-related travel, and 11 relate to non-Government related travel issues. We are unable to ascertain the amount of money involved and how the misuse was discovered because of the short turnaround time. In most cases, Citibank notifies SSA’s Financial Management Team. However, there are certain timeframes involved with various follow-ups, etc.

Of the 17 cases noted above, SSA reprimanded 5 employees, and suspended 12. Suspensions were: 3 days (2); 5 days (2); 10 days (3); 14 days (1); 20 days (1); 30 days (1); and 45 days (2).

The Atlanta region reported five cases of misuse of the Government charge card. All five cases involved charges and/or cash advances related to authorized Government travel and unrelated to Government travel.

1. The employee failed to promptly pay $1,702. Another employee reported this to the District Manager. The employee was reprimanded, and the card was deactivated.

2. The employee failed to pay a delinquent balance of $10,000 in cash advances that were not work-related. The employee served a 7-day suspension and is making payments through payroll deductions.

3. The employee failed to pay a delinquent balance of $14,000. Her checks were returned due to insufficient funds. The employee was identified on the delinquent account listing for the Atlanta region. She was reprimanded.

4. The employee failed to promptly pay $16,691.05. The misuse was discovered on the scheduled regional office review. The employee served a 7-day suspension.

5. The employee failed to pay $15,000. This was discovered on the delinquent account list. In addition, the employee was directing Social Security benefit checks to her personal bank account and was using the funds to help pay off her Government charge card The employee resigned.

The Chicago region reported seven cases of misuse of the Government charge card unrelated to authorized Government travel.

Offense - Late Payment and Not Travel-Related
Type Amount - $2,561
How Discovered - Regional Office Review of Citibank Account Cycle Report
Disposition - Reprimand
Description of Misuse - Improper ATM withdrawals. Employee entered into and was complying with late payment agreement with Citibank.

Offense - Late Payment and Not Travel-Related
Type Amount - $3,214
How Discovered - The employee self-reported
Disposition - Reprimand
Description of Misuse - Employee charged hotel rooms while evading ex-husband who was stalking her.

Offense - Late Payment and Not Travel-Related
Type Amount - $3,498
How Discovered - Regional Office Review of Citibank Account Cycle Report
Disposition - 1-Day Suspension
Description of Misuse - Improper ATM withdrawals.

Dallas Region

The Dallas region reported four cases of misuse of the Government charge card for authorized travel.

1. The employee failed to promptly pay Government-related travel expenses. Citibank reported the past due accounts to Financial Management. Management counseled the employee in July 2000 about $578.73 past due and again in November 2000 for still owing $295.15. Citibank accepted a post-dated check dated December 26, 2000 for the remainder, which was inadvertently returned marked "account closed." Citibank indicated it tried several times with no success to contact employee. The employee was reprimanded in July 2001 while still owing $148.77.

2. The employee failed to promptly pay Government-related travel expenses. Citibank reported the delinquent account to Financial Management. There was an outstanding balance of $6,108.88. The employee only paid $1,850.04 of the total bill. Management counseled the employee in March 2001. The employee agreed to pay the balance by April 5, 2001, but, on April 12, the employee admitted he did not have the money and stated he would get a personal loan. The manager then received a second notice about the delinquency and counseled with the employee again on April 23, 2001. The account remained unpaid, and the employee was terminated during probation on May 7, 2001 for this and for unacceptable use of unscheduled leave.

3. The employee failed to promptly pay Government-related travel expenses. The delinquent account Citibank reported to Financial Management had a past due amount of $489.41 (is now paid). Proposing a 2-day suspension for not paying promptly (delay of 8 months) and misrepresenting facts to a supervisor on efforts to pay debt.

4. The employee failed to promptly pay Government-related travel expenses. Citibank reported the past due account to Financial Management. The employee incurred a $10,000 debt and subsequently signed a statement in April 2001 that she would pay $5,000. By May 31, 2001, the employee had only paid $1,900. The employee was suspended for 5 days on September 10, 2001 and advised that continued failure to pay could result in further disciplinary action.

The Kansas City region reported three cases of misuse of the Government charge card. Of those, one was not related to Government-authorized travel.

1. The employee failed to promptly pay credit card charges not related to Government business. Citibank reported the past due account to Financial Management. The employee was reprimanded in August 2001 for failure to pay $262.42.

2. The employee failed to promptly pay Government-related travel expenses. Citibank reported the past due account to Financial Management. The employee was reprimanded in July 2001 for failure to pay $2,244.57. The employee served a 14-day suspension in September 2001 for failure to pay $2,244.57.

3. The employee failed to promptly pay Government-related travel expenses. Citibank reported the past due account to Financial Management. The employee was reprimanded in November 2001 for failure to pay $2,375.93. The employee served a 10-day suspension in April 2001 for failure to pay $2,375.93.

The Denver region reported no cases of Government charge card misuse for the last 2 years.

The San Francisco region reported 12 cases of misuse of the Government charge card. Of those, two were not related to Government-authorized travel, and three involved both authorized travel and personal purchases.

Case 1

1. The employee failed to pay her debt to AMEX and Citibank VISA. In addition, she withdrew $580 in cash on her Citibank VISA card and charged a rental U-Haul truck for non-Government business.

2. In each case, the amount of money involved $650 (AMEX) and $740 (Citibank VISA).

3. The Regional Financial Management Team called the Manager after AMEX and VISA reported that the balance was several months overdue.

4. The employee was issued a 5-day suspension. The suspension was placed in abeyance, and the employee agreed to repay the balances via a payment plan.

1. The employee failed to pay the Government Citibank VISA promptly and used the VISA card to purchase personal items (that is, tires and several personal long distance calls) while on business travel/training.

2. The amount of money involved: $906.73

3. The Regional Financial Management Team informed the manager after VISA reported the balance was 30 days overdue.

4. A proposal to suspend the employee for 7 days was issued. The deciding official mitigated the penalty to a 1-day suspension because the employee was remorseful and accepted full responsibility for his misconduct.

Case 3

1. The employee made ATM cash withdrawals not related to Government travel that were not promptly paid. The employee made several ATM cash withdrawals and incurred charges to Mirage Hotel and Squire Motor Inn. The situation was discussed with the employee. The employee said the bill was paid, but the check used for payment bounced. A $10.00 fee was charged to the account.

2. Money involved: $1,653.31

3. The Regional Travel Card Program Coordinator called the manager after Citibank reported inappropriate charges and withdrawals.

4. The employee agreed to alternative discipline – a 2-day suspension.

Case 4

1. The employee was charged with failure to promptly pay Government-related travel expenses. The outstanding balance is over 90 days past due.

2. Money involved: $3,142.31

3. The Team Leader, Financial Management Team, called the manager after Citibank reported the balance was several months overdue.

4. The employee was issued a 10-day proposed suspension. There has not been a decision made on this case. The decision is still pending.

Case 5:

1. The employee was charged with failure to promptly pay Government-related travel expenses. The balance has been outstanding since 1999.

2. Money involved: $385.00

3. The Regional Travel Card Program Coordinator called the manager after the Citibank reported the balance was several months overdue.

4. The employee was issued a 7-day proposed suspension. There has not been a decision made on this case. It is still pending.

Case 6

1. Employee falsified travel vouchers and used the Citibank charge card to make inappropriate transactions.

2. Money involved: over $10,000

3. The Financial Management Officer called the manager.

4. The employee was removed.

Case 7

1. The employee made cash withdrawals and charges not related to Government travel that were not paid promptly.

2. Money involved: 140.03

3. The Financial Management Office called the manager.

4. The employee was issued a written reprimand.

Case 8

1. The Employee failed to promptly pay Government-related travel expenses.

2. Money involved: $491.26

3. The Travel Management Coordinator contacted the manager.

4. The employee was issued a 14-day suspension, which was held in abeyance with a signed agreement to repay.

1. The employee used his Government travel card in three circumstances. The first was for charges/withdrawals made while on travel covered by a travel order. The second was for charges/withdrawals made while traveling under approved official time but without a travel order. The third was for charges/withdrawals made unrelated to any apparent travel. On most of the trips, the employee withdrew on a daily basis more than the allowed amount for the entire trip on a daily basis while on travel.

2. Money involved: $9,110.42

3. The Financial Management Team discovered the misuse and reported it to management.

4. The employee was suspended for 10 days.

Case 10

1. The employee used his Government travel card while on authorized travel during training. The employee filed his vouchers timely for repayment, but he failed to promptly pay his bill.

2. Money involved: $5,338.87

3. The Financial Management Team discovered the misuse and reported it to management.

4. The employee' s appointment was terminated.

Case 11

1. The employee used her Government travel card while on authorized travel during training. The employee filed her vouchers timely for repayment, but she failed to promptly pay her bill.

2. Money involved: $2,102.48

3. The Financial Management Team discovered this case and reported it to management.

4. The Employee signed a repayment agreement to repay $200 per pay period until the debt is repaid.

1. The employee charged and made cash withdraws not related to Government travel and that were not promptly paid.

2. Money involved: $1,056.70

3. The Office of the Inspector General investigated because of falsified travel vouchers.

4. The employee was removed because of falsified travel vouchers, misused Citibank Travel Card, and absent without leave.

The Seattle region reported six cases of unauthorized use of Government charge cards.

1. Unauthorized charges in relation to change in duty station Amount: $4,169.83 How misuse discovered: Delinquent report Disposition: 15-day suspension per settlement agreement

2. Cash withdrawals and charges not related to Government travel Amount: $1,270.38 How misuse discovered: Delinquent report Disposition: 3-day suspension

3. Cash withdrawals and charges not related to Government travel Amount: $4,300 (approx.) How misuse discovered: Delinquent report Disposition: 3-day suspension per settlement agreement

4. Cash withdrawals not related to Government travel and not paid promptly Amount: $1,781.77 How misuse discovered: Delinquent report Disposition: 5-day suspension

5. Cash withdrawals and charges not related to Government travel and not paid promptly Amount: $4,274.28 How misuse discovered: Delinquent report Disposition: removal (due to multiple charges including misuse of Government travel card)

6. Cash withdrawals and charges not related to Government travel; not paid promptly Amount: $3,799.57 How misuse discovered: Delinquent report Disposition: 14-day suspension (because of multiple charges including misuse of Government travel card)

Headquarters reported 14 cases of unauthorized Government travel card and purchase card charges.

Travel Cards

Nature of Misuse - Unauthorized cash withdrawals
Amount - $5,004.30
Action Taken - 15-day suspension

Nature of Misuse - Unauthorized credit card purchase (Laptop computer pawned)
Amount - $2,472.00
Action Taken - Removal

Purchase Card
An employee was determined to have used his Government purchase card to purchase a television, two small compact disk players, and some children’s computer software for personal use. The case resulted from an anonymous complaint to the Office of the Inspector General. The employee was suspended for 30 days as a result of a settlement agreement.

Review of the Social Security Administration’s Internal Controls over International Merchant Purchase Authorization Card Payments
(A-13-97-91018), June 2000

Office of the Inspector General

June 19, 2000

William A. Halter
Deputy Commissioner
of Social Security

Inspector General

Review of the Social Security Administration’s Internal Controls over International Merchant Purchase Authorization Card Payments (A-13-97-91018)

The attached final report presents the results of our audit. Our objective was to determine whether the Social Security Administration’s internal controls provided reasonable assurance that International Merchant Purchase Authorization Card purchases were appropriately authorized and the processing and reporting of purchases were complete, accurate, and properly classified.

Please comment within 60 days on corrective action taken or planned on each recommendation. If you wish to discuss the final report, please call me or have your staff contact Steven L. Schaeffer, Assistant Inspector General for Audit, at (410) 965-9700.

We determined whether the Social Security Administration's (SSA) internal controls provided reasonable assurance that International Merchant Purchase Authorization Card (IMPAC) purchases were appropriately authorized and the processing and reporting of purchases were complete, accurate, and properly classified.

The IMPAC, a Federal credit card purchasing program implemented in 1982, was designed to streamline Federal payment procedures, reduce paperwork, and lower the administrative costs of purchasing supplies and services. IMPAC was originally a manual process. However, the Office of Acquisition and Grants (OAG) automated this process in October 1995, developing the Purchase Card Reporting System (PCRS) to capture, process, and report transaction data. In June 1997, OAG developed a system to ensure appropriate use of SSA’s IMPAC program. Additionally, SSA’s Office of Operations reviews IMPAC transactions during its On-site Security Control and Audit Reviews of field offices.

Since November 1998, the Citibank Corporation, as the contracted financial institution, has issued IMPAC cards and provided related services to Federal cardholders. From September 1, 1996, through November 30, 1997, SSA's 2,356 micro-purchasers (authorized cardholders) made 99,734 IMPAC expenditures, totaling approximately $33.9 million.

We audited 12 SSA cardholders: 4 from Headquarters and 8 from Philadelphia (Region III). These cardholders purchased 2,428 items or services totaling approximately $1.5 million from September 1, 1996, through November 30, 1997. We conducted this audit from July through November 1998 at SSA Headquarters; two field offices in Baltimore, Maryland; and six field offices in Harrisburg, Wilkes-Barre, and Philadelphia, Pennsylvania. In October and November 1999, we revisited selected cardholders to confirm that conditions noted during our initial reviews were still valid.

Although SSA had established internal controls for IMPAC purchases, we found implementation and adherence weaknesses. Of particular concern were incidences where appropriate records/documentation were not maintained. Our specific findings were as follows.

To strengthen its internal controls over the IMPAC process, we recommend that SSA:

SSA generally agreed with our recommendations. However, SSA only agreed in part with Recommendation 4. SSA plans to incorporate the PCRS process into Citibank's Electronic Access System. The approving official's paper copy of the monthly statement will continue to serve as the final step in the post-review certification process to ensure the validity of the transactions made by his/her cardholders.

Also, SSA did not agree with Recommendation 9. SSA stated it is not possible to build into the PCRS edits for incorrect codes. However, SSA has included an edit in PCRS Version 4.2 to ensure that Common Accounting Numbers and sub-object class codes used for each transaction are valid. Before the end of Fiscal Year 2000, SSA will include in its micro-purchase Acquisition Management Reviews a verification process to ensure the sub-object class code is correct.

We agree with SSA's plan to incorporate the PCRS process into Citibank's Electronic Access System, which will enable the authorizing officials to review cardholder transactions electronically. However, we continue to recommend that SSA re-emphasize the authorizing official responsibility until the process with Citibank is fully implemented. We also agree with SSA's modification of the PCRS to ensure that only valid sub-object class codes are used for IMPAC transactions.

IMPAC Transactions Had Partial or No Required

Written Management Approval Was Not Always Obtained for IMPAC

Automated IMPAC Purchasing Procedures Did Not Provide for

Split Purchases Were Used to Exceed IMPAC Spending

FO - Field Office
GSA - General Services Administration
IMPAC - International Merchant Purchase Authorization Card
OAG - Office of Acquisition and Grants
OMB - Office of Management and Budget
PCRS - Purchase Card Reporting System
SOC- Sub-Object Class
SSA - Social Security Administration

Introduction

We determined whether the Social Security Administration's (SSA) internal controls provided reasonable assurance that International Merchant Purchase Authorization Card (IMPAC) purchases were appropriately authorized and the processing and reporting of these purchases were complete, accurate, and properly classified.

The IMPAC, a Federal credit card micro-purchasing program implemented in 1982, was designed to streamline Federal payment procedures, reduce paperwork, and lower the administrative costs of purchasing supplies and services.1 Since November 1998, the General Services Administration (GSA) has contracted with the Citibank Corporation to issue the IMPAC and provide related services to Federal cardholders. 2 From September 1, 1996, through November 30, 1997, SSA's 2,356 micro-purchaserslocated at Headquarters and field offices (FO) made 99,734 transactions, totaling approximately $33.9 million.

Micro-purchasing was automated in October 1995 by the Purchase Card Reporting System (PCRS) developed by the Office of Acquisition and Grants (OAG). The PCRS enables cardholders nationwide to certify and update acquisition activity within 1 week of notification by the contracted financial institution that a purchase has been posted. The PCRS also allows for additional financial accounting information, including a Common Accounting Number, sub-object class (SOC) code, and purchase description. The PCRS eliminates the requirement that a cardholder send the paper Statement of Account to SSA’s Office of Financial Policy and Operations.

In June 1997, OAG developed an oversight system for SSA’s micro-purchase card program. The system identifies purchases that appear inconsistent with established regulations and procedures, such as (1) purchase of prohibited or restricted supplies or serves, 3(2) orders split or divided to stay below the micro-purchase or delegated dollar limit, (3) repeat purchases from the same vendor, and (4) inadequate PCRS descriptions. Questionable purchase data are forwarded to the cardholder to verify and to provide supporting documentation.

SSA’s Office of Operations also includes a review of FOs’ IMPAC transactions as part of its On-Site Security Control and Audit Review system. This Review system helps determine whether FO managers have implemented internal controls required by SSA’s Program Operations Manual System and Administrative Instructions Manual System instructions as well as requirements governing SSA operations.

We reviewed prior Office of the Inspector General audits and examined IMPAC program policies and procedures. We interviewed 12 SSA cardholders and their authorizing officials and reviewed their internal controls to safeguard IMPAC use. Cardholders at these sites had purchased 2,428 items or services, totaling approximately $1.5 million, from September 1, 1996, through November 30, 1997. We selected the cardholders based on travel proximity to Headquarters. We conducted site visits at SSA Headquarters; two FOs in Baltimore, Maryland; six FOs in Harrisburg, Wilkes-Barre, and Philadelphia, Pennsylvania. We conducted our work from July through November 1998. In October and November 1999, we revisited selected cardholders to confirm that conditions noted during our initial reviews were still valid.

We conducted our audit in accordance with generally accepted government auditing standards.

Results of Review

SSA has established internal controls for IMPAC purchases. However, SSA needs to improve implementation and compliance with these controls, particularly maintenance of appropriate records and documentation.

Although we did find 2 Headquarters cardholders maintained complete purchase logs, the remaining 10 did not include required information. Five cardholders had incomplete purchase logs: two at Headquarters and three at FOs. The remaining 5 FOs had no purchase log, and acquisition activity for approximately 1,160 (48 percent) of 2,428 PCRS entries could not be tracked.

One cardholder at Headquarters who had incomplete purchase logs failed to post 721 (92 percent) of 784 transactions, not complying with the required minimum elements. The other Headquarters cardholder failed to post 63 of 90 (70 percent) transactions because of billing problems with the vendor.

In the 8 FOs with incomplete or no purchase logs, we found 376 of 697 transactions not posted. During interviews, FO cardholders reported being unfamiliar with procedures regarding purchase log maintenance. On average, FOs process relatively few transactions a month, approximately six per office. We believe maintaining a complete and accurate purchase log is neither a burdensome nor a highly complex task relative to the small number of monthly transactions processed.

Documentation, whether in paper or electronic form, should be complete, accurate, and facilitate tracing the transactions from inception to completion.6 In general, documentary evidence should include (1) request documentation;7 (2) notes of conversation with the vendor;8 (3) a copy of the payment document, if any, showing a purchase has been made and has a zero balance due; and (4) proof of delivery, if any,such as any delivery tickets and packing slip receipts issued by the vendor and given to an individual other than the requester.

For the four Headquarters cardholders, at least 99 percent of all reviewed transactions, totaling $1,182,550, was either partially maintained or not maintained at all (see Table 1). One cardholder accounted for 1,035 (60 percent) of the 1,731 reviewed Headquarters’ transactions. Of these, only 2 transactions had complete documentation, 805 contained partial documentation, and the remaining 228 were not documented at all. This cardholder was aware of the required documentation procedures but did not comply with them, believing the procedures were in conflict with the Vice President’s initiative on paperless processing.

Required Documentation Maintained

Number Of Transactions

Percent of Transactions

Dollar Amount

The remaining 696 transactions processed by the 3 other Headquarters cardholders also showed a lack of understanding as to what constituted complete documentation. They stated they were unfamiliar with relevant policies and procedures.

Nearly All Reviewed IMPAC Purchases Had No Available Documentation

We found the same pattern with the reviewed FO cardholders. As seen in Table 2, only 1 of the 697 transactions had all the required documentation. The remaining 696 transactions, totaling $297,358, had either partial documentation or none at all. FO cardholders had differing viewpoints about the types of documentation they were required to maintain. The lack of required documentation at both Headquarters and FOs limited our ability to determine the validity of the purchase transactions.

Required Documentation Maintained

Number Of Transactions

Percent of Transactions

Dollar Amount

Written Management Approval Was Not Always Obtained for IMPACPurchases

Of the 2,428 IMPAC transactions processed by 12 cardholders, 1,448 (60 percent) were not approved by management in writing before the purchases were made. Eleven cardholders accounted for 480 (33 percent) of these transactions not having written management approval, with 1 cardholder accounting for the remaining 968 (67 percent). Cardholders and supervisors told us they had verbal management approval, but they could provide no evidence of the approval. Without written approval, management does not have an opportunity to confirm that purchases are appropriate and for official Government purposes.

60 Percent of IMPAC Purchases Did Not Have Written Management Approval

Automated IMPAC Purchasing Procedures Did Not Provide for Separation of Duties

Before micro-purchasing was automated, the manual process had provisions for separation of duties 9 and allowed for supervisory review of all purchases, 10 making it more difficult for a cardholder to make unauthorized purchases without detection. There was no provision in the PCRS requiring approving officials to certify the authenticity of purchases. Cardholders were allowed to unilaterally certify their own purchases after retrieving and reviewing the weekly PCRS transactions. According to OAG, the approving official’s certification of PCRS transactions was excluded to make IMPAC purchases easier for management use.

We believe this situation increases the potential for cardholders to make unauthorized purchases without detection. For example, while we were tracing the disposition of sensitive itmes 11 purchased by cardholders (as reflected in the PCRS), we found that one cardholder could not locate a laptop computer listed for $1,340. After reviewing available documents and interviewing staff, we determined the cardholder’s manager did not approve the laptop purchase requisition. We also found (1) the description on the purchase requisition did not match the description on either the invoice or the PCRS; (2) the individual for whom the laptop computer was intended and who supposedly made the request did not know about the purchase; (3) the invoice indicated a different laptop computer brand name than was actually requested; and(4) the laptop computer was not noted in the component's custodial official’s records of sensitive, expendable items.12

This example illustrates what can happen when one individual authorizes, processes, records and reviews a purchase transaction. Without effective checks and balances, there is an increased risk of error, fraud, waste, or abuse when only one person controls all key aspects of a transaction.

SSA’s policy states the cardholder is responsible for IMPAC card security and must prevent its use by others. 13 Although we found that 8 of 12 cardholders did not share their micropurchase cards, 4 cardholders at FOs did. For example, in one FO, the cardholder’s responsibilities were inappropriately delegated to an administrative assistant who was asked to assume the role of micro-purchaser. We were told unauthorized individuals were allowed IMPAC access because (1) the cardholder was not aware permitting others to use the cards was problematic and (2) the FO needed to prioritize workloads (for example, having to choose between assigning a person to process claims or make IMPAC purchases).

To further corroborate our findings, we reviewed the IMPAC portion of 33 On-Site Security Control and Audit Review reports conducted by SSA’s integrity staff. These reports covered the same time frame as our audit. We found 10 incidences where cards were accessible to individuals other than the cardholders. We also found that unauthorized individuals made IMPAC purchases by telephone.

If a cardholder allows an unauthorized person access to the IMPAC, the authorized cardholder is responsible for any purchases that unauthorized user makes. We believe allowing cards to be used by unauthorized persons can potentially compromise the integrity of the IMPAC process, creating situations for increased incidences of micropurchasing fraud, waste, and abuse.

Split purchases are made when procurements exceed a spending threshold and the purchaser intentionally splits the procurement into smaller purchases. To test whether cardholders made split purchases, we used the PCRS to list all transactions made on the same day to the same vendor. From this list, we identified 203 transactions from Headquarters. Of these, we identified eight as split purchases. We determined that these split purchases were made because no SSA oversight existed to identify and resolve them. These purchases were not authorized under IMPAC procedures, and the cardholder should have forwarded them to a contracting officer who had authority to procure above the $2,500 single purchase limit. 14 By splitting purchases, cardholders can exceed the $2,500 micro-purchasing limit, expediting the purchasing process, circumventing the more complicated and laborious competitive bidding process and exemption from the Federal Acquisition Streamlining Act of 1994.

Nearly One-Third of Reviewed FO Cardholders Allowed Others IMPAC Access

Cardholders are required to update the PCRS with each week’s purchase activity by describing the product or service purchased. Also, as part of the certification process, the cardholder inputs the applicable description of the items/services purchased and the appropriate SOC data, as approved.

When we compared 2,428 purchase descriptions entered into the PCRS against the documentation maintained by each cardholder, we found that 350 transactions did not include sufficient information to determine the transaction’s validity. In addition, we could not determine the accuracy of descriptions for another 476 transactions because documentation was not available for review. Cardholders informed us the purchase descriptions were not accurate because they did not follow the policy guidance OAG provided. 15

Because OAG relies on complete purchase descriptions to identify purchases that appear inconsistent with established regulations and procedures, it is imperative that cardholders give correct and accurate purchase descriptions. Without these, OAG’s capability to fully monitor IMPAC spending is restricted.

We also discovered problems with SOC coding. In our review of one cardholder at Headquarters, we found the same SOC had been charged for all items/services purchased during our review period. Of the cardholder’s 1,035 transactions, 417 (40 percent), totaling $253,107, contained incorrect SOC codes. We believe these transactions should have been allocated among 21 other SOC codes rather than charged to the same SOC. Additionally, for the eight FO components, approximately 11 percent of the SOCs did not match the items purchased. There was no edit process to prevent cardholders from either deliberately or accidentally entering incorrect SOCs into the PCRS. By incorrectly recording purchases under the wrong SOC, management’s ability to maintain accurate accounting and budgetary data is compromised.

No Edit Processes to Ensure Assignment and Entry of Correct SOCs

Over One-Third of Reviewed Transactions Did Not Have Accurate Purchase Descriptions

SSA’s Micro-Purchasing in SSA Field Activities Training Course states cardholders cannot make a purchase without assurance that funds are available. Although the Training Course recommends the use of electronic mail procedures for budget review and approval of micro-purchase requests, we found no evidence that our sampled cardholders were using this process. They did not consistently provide documentary evidence of budget approval for transactions completed during our review period.16

At Headquarters, reviewed cardholders were responsible for 1,731 transactions totaling $1.2 million. Of these, 1,099 (63 percent), totaling $582,488, had no evidence of budgetary approval. Cardholders did not obtain approvals because Common Accounting Number and SOC financial data had not been assigned to purchased items.

For the reviewed FOs, we found similar results. Of 697 transactions totaling $297,920, 419 transactions (60 percent), totaling $132,252, did not have appropriate budgetary approval. In contrast to Headquarters cardholders maintaining evidence to support their budgetary approval for purchased items/services, the FOs had no formal budget approval process. FOs confirmed their expenditures by checking against their budget allocations provided by their regional offices. As a result, for the FOs, we could not determine whether there was appropriate budget approval granted or the cardholder had exceeded budget limitations. Regardless of location (Headquarters or FO), we believe cardholders will continue to process micro-purchases without obtaining the required budgetary approval unless management conducts ongoing reviews to ensure documentation for budgetary approval is obtained.

Nearly Two-Thirds of Sample Did Not Have Appropriate Budgetary Approval

Conclusions and Recommendations

We found numerous internal control weaknesses in the IMPAC micro-purchasing process. These included incidences in which required purchase logs were not always maintained, purchase documentation was insufficient, management approval missing, separation of duties not enforced, supervisory reviews not conducted, unauthorized individuals given IMPAC access, split purchases made, purchase descriptions inaccurate, and budget approval not obtained. We believe these internal control weaknesses increase the potential likelihood for fraud, waste and abuse in connection with IMPAC purchases, as well as hindering SSA’s ability to detect such actions.

To strengthen IMPAC internal controls, we recommend that SSA:

SSA generally agreed with our recommendations. However, SSA only agreed in part with Recommendation 4. SSA plans to incorporate the PCRS process into Citibank's Electronic Access System. The approving officer’s paper copy of the monthly statement will continue to serve as the final step in the post-review certification process to ensure the validity of the transactions made by his/her cardholders.

Also, SSA did not agree with Recommendation 9. SSA stated it is not possible to build into the PCRS edits for incorrect codes. However, SSA has included an edit in PCRS Version 4.2 to ensure that Common Accounting Numbers and SOC codes used for each transaction are valid codes. Before the end of Fiscal Year 2000, SSA will include in its micro-purchase Acquisition Management Reviews a verification process to ensure the SOC code is correct.

SSA also provided other comments that we addressed. See Appendix A for the full text of SSA’s comments.

We agree with SSA's plan to incorporate the PCRS process into Citibank's Electronic Access System, which will enable the authorizing officials to review cardholder transactions electronically. However, we continue to recommend that SSA re-emphasize the authorizing official responsibility until the process with Citibank is fully implemented. We also agree with SSA's modification of the PCRS to ensure that only valid SOCs are used for IMPAC transactions.

Agency Comments

COMMENTS ON THE OFFICE OF THE INSPECTOR GENERAL (OIG) DRAFT REPORT, "REVIEW OF THE SOCIAL SECURITY ADMINISTRATION’S (SSA) INTERNAL CONTROLS OVER INTERNATIONAL MERCHANT PURCHASE AUTHORIZATION CARD PAYMENTS" (A-13-97-91018)

Thank you for the opportunity to review and provide comments on this draft report. We agree that SSA should strengthen its International Merchant Purchase Authorization Card (IMPAC) internal controls to ensure that credit purchases are valid; proper and appropriately authorized; controls are in place to prevent and/or discover waste or fraud; and budgetary restraints are observed.

We offer the following comments.

OIG Recommendation 1

Reinforce knowledge of policies and procedures on the maintenance of complete and accurate purchase logs so that IMPAC purchases are processed appropriately.

SSA Comment

We agree. Although our current Administrative Instructions Manual System (AIMS) and the computer-based training course already specify this requirement, we will ensure that all new purchase card related training and policy emphasize the need for purchase logs.

OIG Recommendation 2

Require documentation procedures be incorporated into AIMS in accordance with General Accounting Office (GAO) standards and those described in SSA’s Training Course. All cardholders should be required to comply with the established documentation procedures.

SSA Comment

We agree and will incorporate into the appropriate AIMS instruction the required documentation procedures before September 30, 2000.

Cardholders have always been required to comply with these procedures. However, as an improvement to our oversight efforts and to expand the remote purchasing reviews we have conducted for some time, we implemented on site Acquisition Managment Reviews of Headquarters micro-purchasers in April 2000. In addition, as part of the regional office's Acquisition Improvement Plans, some of the regional contracting officers have begun on-site reviews in their respective regions.

OIG Recommendation 3

Reinforce knowledge of policies and procedures on the management approval of all purchase requisitions to confirm that purchases are appropriate and are for official Government purposes.

SSA Comment

We agree and will periodically issue appropriate reminders. The first of these reminders will be issued by August 31, 2000.

OIG Recommendation 4

Require adherence to GAO and SSA micro-purchasing policies and procedures that require separation of duties. For example, reinstitute the requirement for an authorizing official’s approval when certifying IMPAC purchases. Incorporate such micro-purchasing procedures in Purchase Card Reporting System (PCRS) guidance as well as the AIMS.

SSA Comment

We agree, in part, with this recommendation. We agree with the need for separation of duties and for approving officials (AO) reviewing the activity of their micro-purchasers. However, we do not agree that this requirement must be in the PCRS.

The AO's paper copy of the monthly statement will continue to serve as the final step of the post-review certification process to ensure the validity of the transactions made by his/her cardholders. In addition, to provide for a system of checks and balances, we require a separation of duties when items are received at the office. See Module 9, Inspection and Acceptance of SSA’s Micro-Purchasing in SSA Field Activities training course.

We plan to incorporate the PCRS process into Citibank's Electronic Access System (EAS). This conversion would provide EAS to all cardholders to certify their transactions and to the AOs for the review process. The EAS would then eliminate the "paper" statement of account and business account summary that the bank is now mailing to the cardholders and AOs.

OIG Recommendation 5

Require proper recording and accounting of all expendable purchased items considered sensitive.

SSA Comment

We agree. Within the next two months SSA will research this issue and send an acquisition alert to all cardholders, which will also include the information in the revised AIMS.

OIG Recommendation 6

Require that only authorized cardholders be able to process IMPAC transactions.

SSA Comment

We agree. This policy is clearly specified in the AIMS as well as training documents. The acquisition alert dated September 1998 reiterates that purchase cards are for the exclusive use of the cardholder and certifications should be conducted by the responsible cardholder only. We will periodically issue acquisition alerts as reminders.

OIG Recommendation 7

Investigate all potential violations of purchase limitations to ensure appropriate IMPAC use.

SSA Comment

We agree. We developed the Purchase Card Information System and continue to use it to identify violations of limits (i.e., order splitting and restricted/prohibited purchases). Also, on August 18, 1999, we revised the Purchase Card Information System, permitting analysts performing acquisition management reviews to more effectively tailor and manipulate data for more efficient and focused remote reviews.

OIG Recommendation 8

Require cardholders to provide adequate descriptions of purchased items to ensure the effectiveness of the PCRS monitoring system.

We agree. The current micro-purchase computer-based training that was released to FOs in 1994 and to Headquarters in March 1996 requires this kind of documentation. The PCRS online instructions have included this requirement since we released the program in October 1995. Additionally, last year we posted an instruction manual that stresses the same requirement.

We will issue periodic acquisition alerts as a reminder stressing the need for entering adequate purchase descriptions in the PCRS when cardholders purchase multiple items. We will emphasize prioritizing them as to quantity, price or sensitive items.

OIG Recommendation 9

Establish an edit process in the PCRS to identify incorrect sub-object class codes (SOC).

SSA Comment

We disagree. It is not possible to build into PCRS edits for INCORRECT codes. However, we have included in PCRS Version 4.2 an edit to ensure that the common accounting number and sub-object class code used for each transaction are VALID codes.

Before the end of the fiscal year we will include in our micropurchase AMRs a verification process to ensure the SOC code is correct. We will reemphasize the FACTS guidance in periodic acquisition alerts.

OIG Recommendation 10

Require appropriate budget approval and accounting classification of all IMPAC purchases as a means of maintaining proper fiscal control.

SSA Comment

We agree and will explore possible ways to ensure that budget approval is documented in the file. We believe the perceived lack of budget approval is most likely a documentation deficiency. In the interim, the Agency will emphasize the need for such documentation when reviewing micro-purchase files.

BACKGROUND (Page 1)

We believe the first sentence should read: "…. program authorized by Executive Order 12352 in 1982 and implemented in SSA in 1988, was designed to streamline Federal acquisition and payment procedures…."

The second sentence and footnote 2 should be reversed, since the OIG audit involved the time period for IMPAC purchases under the General Services Administration (GSA) contract with Rocky Mountain Bankcard System, Inc. and not Citibank Corporation.

We would also like to point out that GSA awarded several contracts to other financial institutions in 1998 for its new GSA SmartPay Program. Agencies could choose, from these contractors, the one who can best meet the agency's needs. SSA chose Citibank Corporation, effective November 30, 1998, to handle our purchase card program.

RESULTS OF REVIEW

Required Purchase Logs Were Incomplete or Nonexistent (Page 3)

The first paragraph states that the actual delivery date should be included in the purchase log according to the micropurchasing course referred to in footnote 5. The course requires that the purchaser keep a record of the fact that delivery occurred. Therefore, we suggest that number 6 in the second sentence read "delivery occurred" rather than "actual delivery date." Also, in footnote 5, the sentence should say, "The cardholder checks off the "delivery occurred" column …" (not the "delivery date" column).

Paragraph 3, second sentence needs to be clarified as follows: "The other Headquarters cardholder failed to post 63 of 90 (70 percent) transactions because of billing problems with the vendor." Purchases should be recorded in the purchase log as they are made. Each purchase is a transaction. Billing problems are unrelated to the log. The number of billings that result, including incorrect billings, etc., are not reflected in the log. Therefore, billing problems should not justify a cardholders failure to post any transactions.

The report states that "…(3) a copy of the payment document showing a purchase has been made and has a zero balance due; and (4) proof of delivery, such as any delivery tickets and packing slip receipts issued by the vendor and given to an individual other than the requester."

To correctly summarize or quote the documentation requirement, the report should be revised to say: "… (3) a copy of the payment document, if any (this requirement only applies if the purchase was made in person or if payment was made by third party draft rather than by purchase card); and (4) proof of delivery, if any. (This only applies if the vendor provides a packing slip or other proof of delivery.)"

The words "if any" make "requirements" (3) and (4) optional. Since very few purchases are made in person, it would be rare to find any type of payment document in file. Also, the purchaser cannot control whether the vendor provides proof-of-delivery documents. Many vendors may not provide packing slips or, even if provided, the person receiving the package may discard the slip so that it is never provided to the purchaser.

In addition, Footnote 7 could be interpreted to mean that the request documentation must include all the elements listed. We suggest that Footnote 7 be changed to read as follows:

"Request documentation may include such things as what the cardholder was asked to purchase, for whom, required delivery date, suggested source, justification, and any approvals obtained. If the purchaser is the requestor, it need only include what it is that you are going to purchase."

Management Approval Was Not Always Obtained for IMPAC Purchases (Page 5)

At a minimum, we suggest the title of this section be rewritten as: "Written Management Approval Was Not Always Obtained for IMPAC Purchases."

Our instructions to micro-purchasers do not state that written management approval is required prior to making a purchase. We only require that management approval be obtained. (Our training says that the purchaser must follow the component's internal approval rules.) If management approves the items to be purchased, whether verbally or in writing, management has had the opportunity to confirm that the proposed purchases are appropriate for official Government purposes.

Automated IMPAC Purchasing Procedures Did Not Provide for Separation of Duties (Page 6)

Regarding the first paragraph, on February 17, 1995, while purchase card transactions were still processed manually, SSA eliminated the requirement for the paper statement of account to be signed by both the cardholder and the cardholder’s approving official (AO). Specifically, we eliminated the requirement for the AO to sign the paper statement of account prior to it being sent to the Office of Finance (OF). However, we retained the requirement for the AO to review all purchases by cardholders. This review was accomplished by reviewing the monthly Business Account Summary. As stated in our February 17, 1995 message (Acquisition Alert #95-2), "The BAS [Business Account Summary] allows the AO [Approving Official] to review purchases by CHs [cardholders] and provides monthly expenditure verification reporting, and is an important part of the SSA system of checks and balances. This report should be used by the AO as part of the SSA system of controls to prevent fraud, waste or abuse."

Prior to this change, FOs rarely used the purchase card. A survey revealed that the requirement to send the paper statement of account (and supporting documentation) to the AO for sign-off prior to forwarding to OF was a major barrier to purchase card use in SSA. The paper process for using the purchase card was so cumbersome and time consuming that using a third party draft or paper requisition was preferable for purchases.

To date, AOs continue to receive monthly statement of accounts directly from the purchase card bank and are required to review these monthly statements. Thus, we cannot agree that the current policy "increases the potential for cardholders to make unauthorized purchases without detection."

Unauthorized Individuals were Allowed IMPAC Access (Page 7)

Prior to May 1999, SSA’s policy that third party draft (TPD) cashiers could not have purchase cards prevented them from requesting purchase cards for their administrative assistants and other lower-graded staff whom they called upon to make purchases for the office. (Nearly all FO administrative assistants have been appointed TPD cashiers along with service representatives and others.)

SSA consulted with the Department of Treasury and on May 11, 1999 issued Acquisition Alert 99-08 to the field. This Alert changed Agency policy allowing SSA TPD cashiers to also have purchase cards. Since then a variety of communications have been sent to the field encouraging managers to get purchase cards for the individuals who are actually doing the purchasing for the office.

Split Purchases Were Used to Exceed IMPAC Spending Threshold (Page 7)

At the time of the audit, we did not have a quick means to identify split purchases. Since then, however, we developed an automated Purchase Card Information System (PIS). The PIS produces a report of apparent split purchases. We use it when we perform acquisition management reviews.

The PCRS Contained Insufficient or Inaccurate Information (Page 8)

Regarding the statement "Over One-Third of Reviewed Transactions Did Not Have Accurate Purchase Descriptions." One of the twelve cardholders who were audited accounted for 60 percent of the headquarters transactions (1,035 transactions reviewed). It would be helpful if the report included statistics with and without the transactions made by the one purchaser.

IMPAC Purchases Were Made Without Evidence of Budget Approval (Page 9)

As in our comments above concerning page 8 of the report, statistics excluding the one cardholder who accounted for more than 60 percent of the headquarters transactions would prove beneficial.

The second paragraph states that, "Cardholders did not obtain [budgetary] approvals because common accounting number and sub-object codes financial data had not been assigned to purchased items." The report concludes that cardholders did not obtain budgetary approvals because auditors saw no evidence of common accounting number and sub-object class codes assigned to the purchase somewhere in the file. Current training does not require that either of these numbers be assigned at this stage. The training says, "Budget approval involves checking the CAN and SOC to ensure that the money is available for the specific item or items being requested." Therefore, the manager must check his/her budget and look under the correct common accounting number and object class in the budget.

In general, there are only a few object classes (usually 4) that can apply to a purchase. For example, 2,600 represents supplies. The other classes are printing, advisory and assistance services, and equipment.

Since offices generally have only two common accounting numbers (CAN) that apply to purchases (one for information technology systems (ITS) and one for non-ITS), we see no need to require the CAN to be written on each purchase request. It only needs to be checked for funds sufficiency prior to purchase.

We believe that component budget staffs are following SSA procedures and are providing budgetary approval prior to purchase. Headquarters component budget offices and component managers are not likely to tolerate significant micro-purchase activity that bypasses budgetary controls.

It would be helpful if the report included explanations given by the headquarters micro-purchasers as to when and how the budgetary approval was accomplished. By not providing the headquarters purchasers’ explanations of this apparent deficiency, the report does not give a complete picture of the operation of the headquarters micro-purchase program.

Regarding the third sentence: "FOs confirmed their expenditures by checking against their budget allocations provided by their regional offices.

If the "confirming of expenditures" was done prior to purchase, then this is a sufficient budget approval process. Based on the above, we believe each statement that budgetary approval was not obtained should be revised to say that there was no documentation reflecting budgetary approval in the file.

Major Report Contributors

Shirley E. Todd, Director, General Management Audit Division
Carolyn Neuwirth, Deputy Director, General Management
Frank H. Williams, Jr., Auditor-in-Charge
Steve Weal, Senior Auditor
Mark C. Meehan, Senior Auditor

For additional copies of this report, please contact Office of the Inspector General’s Public Affairs Specialist at (410) 966-5998. Refer to Common Identification Number A-13-97-91018.

Office of the Inspector General Investigations of Government Charge Card Misuse

Below are descriptions of cases worked by the Office of Investigations regarding the misuse of Government issued charge card accounts.

On November 3, 1997, the Office of the Inspector General Fraud Hotline forwarded an anonymous complaint to the Office of Investigations. The complaint claimed that an employee allegedly used his Government purchase card to make personal purchases. The investigation uncovered purchases including a color television, a video cassette recorder, portable compact disk players, and children’s educational computer software. The employee initially denied making these purchases and falsifying a purchase document to hide the purchase of the television. The Office of Investigations fully investigated the matter, but, ultimately, the U.S. Attorney’s Office declined to prosecute the case, and it was referred for administrative action. The investigation also discovered that the employee may have violated the Federal Acquisition Regulation and the Social Security Administration’s micropurchase policy, as delineated in the Administrative Instructions Manual System (AIMS), which prohibits "split" procurements. On at least three occasions, the employee had structured purchases to reflect amounts less than his allowed maximum purchase authority. For example, on September 26, 1997, the employee placed an order for $9,945.75 in computer and computer-relatedequipment. This order was split into four smaller orders of $2,490, $2,499, $2,475 and $2,481.75 thereby avoiding the total single purchase limit. On December 22, 2000, the employee was suspended for 30 days.

From August to November 1999 an Office of Hearings and Appeals employee used a Government purchase card to pay for a rental car for personal use. A routine review of credit card charges revealed what appeared to be unauthorized and excessive charges for a rental car on the account entrusted to the subject. The employee pled guilty to conversion of Federal funds and resigned from her position. On August 15, 2000, she was sentenced to 6 days' incarceration, 3 years’ probation, and $8,096 in restitution.

In May 2000, a SSA employee used his Government-issued Citibank VISA card for personal automated teller machine withdrawals, airline tickets, and hotel reservations in California. He allegedly suffered from mental illness (depression) and resigned from SSA on June 1, 2000. The Assistant U.S. Attorney for the Western District of Washington declined to criminally prosecute because of lack of criminal intent.

In May 2000, the Office of Investigations was contacted after a SSA quarterly review of travel accounts identified a potential problem with a GS-15 employee’s Government issued Citibank VISA account. The review showed a balance of over $16,000, including $9,513 as past due. The account record also showed several payments on the account had been returned for insufficient funds. The balance included cash advances of $10,778.50 from December 1999 though April 2000. During the Office of Investigations’ interview of the employee, he admitted that he had misused the Citibank VISA card. He also admitted that he had been counseled by his superiors about prior misuses of payments on personal loans to one individual that had interest rates of approximately 120 percent. The employee denied involvement in illicit habits or relationships and claimed that his financial problems and debt were the result of living above his means. The employee was suspended for 7 days and required to secure financial counseling through the Employee Assistance Plan.

OIG Contacts and Staff Acknowledgments

Shirley E. Todd, Director, General Management Audit Division (410) 966-9365

In addition to those named above:

Jim Klein, Audit Manager
Randy Townsley, Senior Auditor
Tom Sipes, Special Agent-in-Charge
Steve Cathcart, Assistant-Special-Agent-in-Charge
Kimberly Beauchamp, Writer-Editor