Board Report: 2013-AA-B-006 March 29, 2013
Our overall objective for this audit was to evaluate the effectiveness of controls over the purchase card program of the Board of Governors of the Federal Reserve System (Board). Specifically, we assessed the effectiveness of controls for issuing cards and ensuring proper use, including (1) determining if controls were adequate to ensure cardholder compliance with Board policies and procedures, and (2) assessing whether controls were adequate to prevent and detect improper use and fraudulent use of purchase cards.
The Board participates in the government-wide purchase card program known as the General Services Administration SmartPay2 program. Through this program, the Board contracts for purchase card services with JPMorgan Chase (JPMC), and it authorizes JPMC to issue purchase cards to designated employees. JPMC invoices the Board for cardholders' purchases, which are required to comply with the Board's Acquisition policy and Purchase Card Procedures. The Board is liable for transactions made by these authorized cardholders.
Overall, we found that controls over the Board's purchase card program can be strengthened. Controls for issuing cards, training new cardholders, and recording and reconciliation by cardholders of purchases were working as intended. However, we found that controls to ensure that cardholders properly use purchase cards and comply with Board policies and procedures were not working as described in the Board's Purchase Card Procedures. We also found that controls designed to prevent and detect unauthorized purchases can be strengthened.
Our testing did not identify any fraudulent purchases. However, we found that more than 60 percent of the purchases in our sample lacked evidence of approval due to the absence of postcertification reviews.
Our report contains three recommendations designed to help strengthen controls for ensuring compliance with purchase card policies and procedures and for detecting potentially unauthorized transactions.
Management stated that it concurred with the process improvements included in our recommendations and have begun implementing parts of the recommendations. Management also provided additional perspective on the recommendations and planned or completed actions to further enhance its processes and related controls.