The CFPB Should Strengthen Internal Controls for Its Government Travel Card Program to Ensure Program Integrity

Purpose

Overall, our objective was to determine the effectiveness of the Consumer Financial Protection Bureau's (CFPB's) internal controls for its government travel card (GTC) program. Specifically, we assessed compliance with policies and procedures and whether internal controls were designed and operating effectively to prevent and detect fraudulent or unauthorized use of travel cards and to provide reasonable assurance that cards are properly issued, monitored, and closed out.

Background

Through its GTC program, the CFPB provides its employees with the necessary resources to arrange and pay for official business travel and other travel-related expenses and receive reimbursements for authorized expenses. The CFPB's Travel and Relocation Office (Travel Office), within the Office of the Chief Financial Officer, oversees the GTC program. In fiscal year 2012, the CFPB spent more than $10 million, or about 3 percent of its incurred expenses, on travel. As of April 30, 2013, the CFPB had 743 active cardholder accounts.

Findings

Overall, internal controls for the CFPB GTC program should be strengthened to ensure program integrity. While controls over the GTC issuance process were designed and operating effectively, we found that controls are not designed or operating effectively to (1) prevent and detect fraudulent or unauthorized use of GTCs and (2) provide reasonable assurance that cards are properly monitored and closed out. Specifically, we found the following:

• Cardholders charged approximately $1,880 in unauthorized transactions on their GTCs.
• Cardholders claimed and received reimbursement for $320 in unallowable laundry and dry-cleaning transactions and $324 in potentially unallowable transactions for lodging and meals and incidental expenses.
• The Travel Office did not ensure that cardholders could not exceed their daily cash-advance limit.
• The Travel Office did not ensure that GTC accounts for separated employees were closed in a timely manner.
• The Travel Office did not approve travel vouchers in a timely manner and send past-due account notifications to cardholders, their supervisors, the Chief Financial Officer, and the Office of Human Capital, as appropriate.
• The Travel Office, cardholders, and cardholders' supervisors did not properly submit or approve Travel Approval Forms and travel authorizations.

For our findings that are based on sample testing, the results cannot be projected to the entire population because we did not use statistical sampling. Total noncompliance may be greater than our results indicate.

Recommendations

Our report includes 14 recommendations designed to assist the CFPB in strengthening its internal controls over the GTC program. We recommend that the Chief Financial Officer collect reimbursements from cardholders who received payments for unallowable expenses. We also recommend that cardholders' supervisors review and approve travel authorizations and travel vouchers. Further, we recommend that the Travel Office provide periodic refresher training for cardholders and their supervisors on the proper use of the GTC and the Travel Card policy and procedure, and ensure proper monitoring of the GTC. In its response to a draft of our report, the CFPB concurred with our recommendations and noted that it is taking actions to implement them.