CONSUMER FINANCIAL PROTECTION BUREAU
1700 G ST NW, Washington DC 20552
Ms. Cynthia Gray
Senior OIG Manager for Financial Management and Internal Controls
Inspector General
Board of Governors of the Federal Reserve System and
Consumer Financial Protection Bureau
20th and C Streets, NW
Washington, DC 20551
Dear Ms. Gray,
Thank you for the opportunity to review and comment on the Office of Inspector General's draft report entitled Opportunities Exist for the CFPB to Strengthen Compliance with Its Purchase Card Policies and Procedures. We have reviewed the report and appreciate the recommendations provided.
The Consumer Financial Protection Bureau's (CFPB or Bureau) Office of Procurement supports the Bureau's mission by establishing processes and executing contract actions to provide goods and services. In May 2011, the Bureau implemented a purchase card program to streamline the acquisition process for qualifying purchases. The CFPB's Office of Procurement actively manages the purchase card program and ensures that the program complies with applicable laws, regulations, policies, and procedures.
In keeping with the Bureau's overarching policy of transparency and efforts to be open and accountable for Bureau spending, we were happy to provide OIG with unrestricted access to our full database of purchase cardholder statements in the CitiDirect system from the beginning of the program through present. We also provided access to the same Citi reporting system that we use for our internal audit process, which enabled the OIG team to efficiently review cardholder activity in-depth, including 3,324 transactions under $3,000.
We appreciate the notation throughout OIG's report of multiple "Commendable Actions" for CFPB-initiated internal control innovations, including the new exit procedures and the quarterly compliance review we proactively instituted prior to your audit. Also, your team praised our immediate corrective action to revise the convenience check log in response to the single transaction, related to an inadvertent cardholder error, identified during the audit.
We are pleased that your thorough audit concluded that our office has not only established adequate internal processes and procedures, but also is operating effectively to ensure that the program is in compliance with applicable laws, regulations, and internal procedures. This enables the Bureau to prevent and detect potentially improper or fraudulent purchase cards transactions.
We are also pleased by your acknowledgement that CFPB has implemented a number of changes to further enhance our existing internal controls and oversight process, including refining our purchase card application and closure processes and increasing the number of approving officials, setting low dollar credit limits, and restricting the allowable merchant category codes (MCCs) for cardholders.
Further, we concur with your recommendations and have taken the following corrective actions:
Recommendation 1 - Direct the Approving Officials to ensure that
a. cardholders maintain appropriate supporting documentation in their purchase card files.
Concur. On September 12, 2013, the Senior Procurement Executive sent a memorandum (attached) to all approving officials reinforcing the importance of periodically checking cardholder files to ensure they are maintaining required records. The draft Purchase Card policy requires AOs to maintain appropriate supporting documentation: "The AO ensures that the CH file is complete and accurate and that purchases conform to Bureau policy. The AO is also responsible for obtaining the CH file upon departure and retaining those records for three years from the date of purchase."
b. use convenience checks as the last resort and, if used, document the reason in their convenience check logs.
Concur. As noted in the report, CFPB immediately updated the convenience check logs to include a column for each cardholder to note the reason for using a convenience check, rather than a credit card. CFPB expects this change to bring cardholder compliance with this policy from 99.97% to 100%.
c. document the reason for any purchases that may have an appearance of a split transaction.
Concur. In the course of its audit of 3,324 micro-purchases, OIG identified one transaction that initially appeared to be split. The Bureaus was pleased to learn that the transaction was ultimately validated as proper (i.e., it was not, in fact, split). The APC's quarterly compliance review has been updated to include a review of a CCRS report on split tickets for the period to avoid the appearance of split tickets in the future. The APC will follow up with cardholders and document the results of the report.
Recommendation 2 - Ensure that the APC
a. expands the quarterly compliance audit to include review of receipts, invoices, and payment of taxes.
Concur. The quarterly compliance audit template has been updated to include the review of receipts, invoices, and payment of taxes. This expansion of our existing process will identify any taxes inadvertently charged by those vendors that lack the ability to separate taxes from total transaction amounts on Citibank statements.
b. assesses the effectiveness of the recently implemented exit procedures for separating cardholders, including the exit checklist and related system, and makes adjustments as necessary.
Concur. The quarterly compliance audit template has been updated to include the review of the effectiveness of current exit procedures for cardholders separating from service at the Bureau.
c. uses available reports from CCRS as appropriate.
Concur. The quarterly review has been updated to include the use of the CCRS report for split tickets. This enhancement of our current process, which tracks transaction trends to identify potentially noncompliant transactions and which identified all of the potentially split tickets identified by OIG during its audit, will provide additional assurance of compliance.
We are grateful to you and your staff for their professionalism and courtesy in conducting this review.
Sincerely,
/signed/
David P. Gragan
Assistant Director for Procurement
