Skip to Navigation
Skip to Main content
OIG Home
OIG Home

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: 2013-AA-B-006 March 29, 2013

Controls over the Board's Purchase Card Program Can Be Strengthened

available formats

Summary of Findings

Overall, we found that controls over the Board's purchase card program can be strengthened. Controls for issuing cards, training new cardholders, and reconciliation of purchases and assignment of accounting codes by cardholders were working as intended. However, we found that controls implemented to ensure that cardholders properly use purchase cards and comply with Board policies and procedures were not working as described in the Board's Purchase Card Procedures. We also found that controls designed to prevent and detect unauthorized purchases can be strengthened. Specifically, we found the following:

  • Approving officials did not conduct postcertification reviews to review and approve cardholders' purchases and did not detect instances of cardholders' noncompliance with existing policies and procedures.
  • Procedures used to provide guidance to cardholders and approving officials are incomplete and outdated.
  • The program coordinator did not conduct monthly reviews of a sample of cardholders' and divisions' purchases as required
  • The program coordinator has not blocked or flagged certain merchant category codes (MCCs) that could potentially allow cardholders to use their purchase cards for unauthorized transactions.7
  • The program coordinator did not review available JPMC reports of unusual activity or declined card use.

Our testing did not identify any fraudulent purchases. However, we found that more than 60 percent of the purchases in our sample lacked evidence of approval due to the absence of postcertification reviews. Our report contains three recommendations designed to help strengthen controls for ensuring compliance with purchase card procedures and for detecting potentially unauthorized transactions.

  • 7. According to the GSA's SmartPay2 glossary, an MCC is a four-digit code that identifies the type of business a merchant conducts (e.g., courier services, uniforms, utilities). There are 1,004 MCCs. Merchants select an MCC with their bank based on their primary business. However, merchants may offer products that are unrelated to their primary business. Federal agencies may block certain codes to prevent unallowable purchases and flag others that may pose a risk of improper use.  Return to text

LINKS TO THE BOARD AND THE CFPB

RELATED SITES AND RESOURCES