Skip top navigation Skip to content

Print   Email  Share

MEMORANDUM

TO: Germaine Roseboro
Chief Financial Officer
FROM: Milton A. Mayo, Jr.
Inspector General
SUBJECT: Performance Audit of the Equal Employment Opportunity Commission's Charge Card Program (OIG Report No. 2012-08-PURCH)

The Office of Inspector General (OIG) engaged the independent certified public accounting firm of Harper, Rains, Knight and Company, P.A (HRK) to conduct a performance audit of the agency's charge card program which included both purchase and travel cards. The audit covers agency charge card activity for fiscal years 2011-12. The contract required that the audit be done in accordance with U.S. generally accepted government auditing standards contained in Government Auditing Standards issued by the Comptroller General of the United States.

In their report HRK notes deficiencies in key controls relating to the charge card program. Findings were issued in the following areas:

  1. Lack of internal controls in place to ensure policies and procedures over the charge card program are current and sufficient
  2. Internal Controls over the operating effectiveness of EEOC charge card policies and procedures are not operating effectively
  3. Non-compliance with required charge card training policy and procedures
  4. Non-compliance with account creation policies and procedures
  5. Lack of sufficient documentation evidencing transaction approval
  6. Lack of documentation to support a purchase card transaction
  7. Non-compliance with cardholder account closure policies and procedures
  8. Lack of monitoring controls in place over Merchant Category Codes (MCC)
  9. Lack of monitoring controls in place over monthly spending limits.

Based on the above findings and the results of their testing of operating effectiveness of the EEOC purchase card/convenience check program, HRK concluded that the EEOC's purchase card/convenience check program is not operating in compliance with applicable laws and regulations.

EEOC management was given the opportunity to review the draft report and to provide comments. Management comments are included in Appendix D of the report.

The Office of Management and Budget issued Circular Number A-50, Audit Follow Up, to ensure that corrective action on audit findings and recommendations proceed as rapidly as possible. EEOC Order 192.002, Audit Follow up Program, implements Circular Number A-50 and requires that for resolved recommendations, a corrective action work plan should be submitted within 30 days of the final audit report date describing specific tasks and completion dates necessary to implement audit recommendations. Circular Number A-50 requires prompt resolution and corrective action on audit recommendations. Resolutions should be made within six months of final report issuance.

cc:

Claudia Withers
Raj Mohan
George Betters
Leta Jackson

U.S. EQUAL EMPLOYMENT
OPPORTUNITY COMMISSION
WASHINGTON, DC

PERFORMANCE AUDIT OF THE
CHARGE CARD PROGRAM

MARCH 26, 2013

HARPER, RAINS, KNIGHT & COMPANY, P.A.
CERTIFIED PUBLIC ACCOUNTANTS
RIDGELAND, MISSISSIPPI

Table of Contents

Independent Auditors' Report

Results in Brief.

Objective 1 - To determine whether internal controls are in place to detect and prevent fraud, waste, abuse and misuse in the EEOC's purchase card program.

Objective 2 - To evaluate the effectiveness of the processes and procedures over EEOC's purchase card program. Specifically, determine if procedures for issuing purchase cards/convenience checks, monitoring the use of the purchase cards/convenience checks, and providing training to employees having responsibilities for purchase cards/convenience checks are adequate.

Objective 3 - To determine if the EEOC's purchase card/convenience check program is operating in compliance with laws and regulations.

Recommendations.

Appendices.

Appendix A.

Appendix B.

Appendix C.

Appendix D.

HRK&CO Logo

Milton A. Mayo, Jr.
Inspector General
U.S. Equal Employment Opportunity Commission
131 M Street, NE
Washington, D.C. 20507

Independent Auditors' Report

We were engaged by the U.S. Equal Employment Opportunity Commission ("EEOC"), Office of Inspector General ("OIG"), to conduct a performance audit of EEOC's charge card program, which includes both purchase and travel cards. EEOC uses purchase cards to reduce the administrative cost of processing small dollar purchases and travel cards to reduce the cost of official travel and for the convenience of the traveler.

Purchase and travel cards are at a high risk for misuse, fraud, waste, and abuse. Accordingly, if the internal controls governing EEOC's purchase and travel card programs are not sufficient, properly designed, and fully implemented, EEOC will not be able to detect and prevent fraudulent purchases or other improper uses and abuses of the cards.

Our audit objectives over the purchase and travel card programs were:

  • (1) To determine whether internal controls are in place to detect and prevent fraud, waste, abuse and misuse in the EEOC's purchase card program.
  • (2) To evaluate the effectiveness of the processes and procedures over EEOC's purchase card program. Specifically, determine if procedures for issuing purchase cards/convenience checks, monitoring the use of the purchase cards/convenience checks, and providing training to employees having responsibilities for purchase cards/convenience checks are adequate.
  • (3) To determine if the EEOC's purchase card/convenience check program is operating in compliance with laws and regulations.

To perform our audit, we interviewed personnel at EEOC's Central Services Division (CSD) within the Office of the Chief Financial Officer (OCFO). We reviewed the existing EEOC charge card policies and procedures, guidance issued by regulatory agencies, and charge card data supplied EEOC's third party service providers. We selected samples of the agency's controls over both the issuance and closing of purchase and travel cardholder accounts. We selected a statistical sample of charge card activity made during fiscal years (FY) 2011 and 2012 to conduct control and substantive tests over EEOC's program. The audit work was completed in January 2013.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Further background information appears in Appendix A. Our complete scope, methodology, and criteria are contained in Appendix B.

Results in Brief

EEOC has developed standard operating procedures (SOPs) for EEOC's Government Commercial Purchase Card and Government-wide Travel Card Programs on the proper use of purchase and travel cards, however the version provided to us during our test period was out of date and did not include any updates for the current accounting system in operation as of October 1, 2011. We did find that the SOPs were substantially compliant with OMB A-123, Appendix B; however the documents did not address all requirements.

Our audit found deficiencies in key controls related to the charge card program, such as support for issued cardholder accounts, account activation and closure support, approvals of transactions, required training, charge card limits, and supporting documentation for transactions. These violations of policies were generally unnoticed due to a lack of oversight and monitoring procedures in place to ensure internal controls are operating effectively. HRK issued nine (9) Statement of Fact (SOF) Memorandums to EEOC concerning the identified deficiencies and best practices.

Though EEOC's SOPs substantially comply with OMB A-123, Appendix B and other Federal guidance, the identified deficiencies in the operating effectiveness of internal controls over EEOC's charge card programs suggest that significant steps be taken to ensure that controls are operating effectively.

We recommended EEOC update their SOPs to the current operating environment and establish oversight and monitoring controls to address identified weaknesses.

EEOC Response

EEOC generally concurred with our findings and stated it is taking actions to address the effectiveness of the internal control environment over the charge card program.

EEOC's responses are included in their entirety as Appendix D.

Auditor Conclusion

Management's responses, once implemented, should strengthen the Agency's control environment over charge card activity and address the deficiencies identified in our performance audit. However no audit procedures have been applied to management's responses presented in this report.

Results and Findings

Objective 1 - To determine whether internal controls are in place to detect and prevent fraud, waste, abuse and misuse in the EEOC's purchase card program.

We found EEOC has standard operating procedures (SOPs) CSD-704 and 705 covering the Government-wide Travel Card and Government Commercial Purchase Card programs, respectively.

Finding No.1 - Lack of internal controls in place to ensure policies and procedures over the charge card program are current and sufficient.

While we found EEOC to have SOPs, the documents provided were dated as of June 2011. On October 1, 2011, EEOC moved from the Department of the Interior's Business Center (IBC) accounting system (Momentum) to Global Computer Enterprises' (GCE) Financial Cloud Solutions (FCS). While EEOC has updated their SOPs as of November 12, 2012, these updated SOPs were never provided to the auditor and EEOC operated under the outdated SOPs for all of FY 2012.

In addition, we found EEOC lacked the following OMB A-123, Appendix B requirements in their SOPs:

  • Timely payments of travel card payments and disciplinary actions for untimely payments.
  • OMB Memorandum on Strategic Sourcing requirements.
  • Certain requirements for convenience checks, such as 1) reconciliation of check register information to transaction data on statements and 2) procedures for cardholders and/or custodians of the property to follow when property is determined to be missing, stolen or damaged.

The lack of these OMB requirements, in and of themselves, does not indicate a lack of compliance, however it does identify weakened policies and procedures to detect and prevent fraud, waste, abuse and misuse.

Finding No.2 - The internal controls over the operating effectiveness of EEOC charge card policies and procedures are not operating effectively.

We identified two key deficiencies in EEOC's internal control over the operating effectiveness of the charge card program: (1) heavy reliance on third party providers to implement and manage the program with no oversight at EEOC; and (2) lack of monitoring of the controls identified in the SOPs. During our testing, EEOC personnel were unable to provide support for issuance of cardholder accounts, approvals of cardholder transactions, and documentation of required training of active cardholders. EEOC personnel indicated this information is maintained solely by its service providers. We could not find any evidence that EEOC monitors the cardholder information for accuracy or completeness or that they have any oversight of activities conducted by the service provider.

Objective 2 - To evaluate the effectiveness of the processes and procedures over EEOC's purchase card program. Specifically, determine if procedures for issuing purchase cards/convenience checks, monitoring the use of the purchase cards/convenience checks, and providing training to employees having responsibilities for purchase cards/convenience checks are adequate.

Finding No.3 - Non-compliance with required charge card training policy and procedures.

We tested the effectiveness of the documentation of training controls over new and existing accounts by requesting supporting documentation supporting the timely completion of training.

For new accounts, we haphazardly selected a statistical sample 28 accounts out of a universe of 762 to test the documentation of the certification of completion of initial GSA SmartPay Purchase Cardholder Training. EEOC could not provide us documentation evidencing the completion of training for any of the cardholders selected.

For existing accounts we inquired with EEOC on how the refresher course training is tracked and how they demonstrate the control over refresher course training is operating effectively. EEOC provided us two memoranda from the OCFO to all non-responders, the first was dated March 5, 2012 requesting the training to be completed by April 2, 2012, and the second was dated October 11, 2012 requesting the training to be completed by November 10, 2012. The three-year refresher course was originally to be completed during February and March of 2012. As of November 7, 2012 of the 618 cardholders, 210 (34%) had not completed training.

Finding No.4 - Non-compliance with account creation policies and procedures.

We tested the statistic sample of 28 cards activated in FY 2011 and FY 2012 for compliance with cardholder account activation requirements indentified in EEOC SOPs CSD-704 and 705. Per the SOPs, the activation packet should contain: the Citibank Government Purchase Card Setup Form (Cardholder Application), certification of completion of GSA SmartPay Purchase Cardholder Training, the Account Setup Form Completed by the Credit Card Purchase Manager, the signed Delegation of Authority memorandum, and the signed Employee Acknowledgement Form. Additionally, we requested and obtained a listing of the purchase authority delegated to each of the cardholders in the sample to determine if the levels of credit are in line with EEOC position and policies.

We found a significant lack of documentation to evidence the application packet policies and procedures had been performed. Of the 28 samples, EEOC was unable to provide us any documentation for 18 of the cardholders. EEOC was able to provide copies of the Cardholder Application for the remaining 10 cardholders tested, however no other documentation was provided for these 10 cardholders. We did not find any exceptions in the appropriateness of level of credit for each cardholder.

Finding No.5 - Lack of sufficient documentation evidencing transaction approval requirements.

We selected a statistical sample of 72 charge card transactions from FY 2011 and 2012. We identified 46 instances of missing documentation to evidence the approval of an Authorizing Official (AO) and 51 instances of missing evidence to support the availability of funds prior to purchase.

Finding No.6 - Lack of documentation to support a purchase card transaction.

We selected a statistical sample of 72 purchase and travel card transactions, consisting of 61 purchase card transactions and eleven travel card transactions. EEOC was not able to provide any support for 17 of the purchase card transactions. These 17 purchase card transactions totaled to $263,466.89 of the $510,688.12 sampled dollars.

Finding No.7 - Non-compliance with cardholder account closure policies and procedures.

For account closures, we selected a statistical sample of 24 closures during FY 2011 and 2012. EEOC was unable to provide documentation to evidence the controls over account closure for 17 of the accounts in our sample. EEOC was able to provide complete documentation the remaining 7 accounts.

In addition, we performed an analytical review of closed accounts to determine if there was any charge card activity after the account was closed. We identified one account that was reported closed as of June 26, 2012 where a cash advance in the amount of $1,875.75 and an associated fee for $42.20 was recorded on August 2, 2012.

Finding No.8 - Lack of monitoring controls in place over Merchant Category Codes (MCC).

We found that EEOC relies heavily on the Citibank standard Federal government MCC codes as a primary control over the identification and prevention of fraud, waste, abuse, and misuse; however, we found that EEOC does not regularly monitor the use of MCC nor has EEOC created an agency-specific list to prevent improper purchases relevant to EEOC. We identified nine allowable MCC codes ranging from Barber and Beauty Shops (MCC 7230) to Medical Services Health Practitioners - Not Elsewhere Classified (MCC 8099), that have the potential for being improper in the normal business activities of EEOC.

Finding No.9 - Lack of monitoring controls in place over monthly spending limits.

We identified three instances of cardholders exceeding the monthly spending limit established by EEOC. In July and September of 2011, one cardholder had monthly activity of $27,184.82 and $59,146.46, respectively. In March of 2012, another cardholder had monthly activity of $25,523.47. Both cardholders have monthly limits if $25,000.

Objective 3 - To determine if the EEOC's purchase card/convenience check program is operating in compliance with laws and regulations.

OMB A-123, Appendix B Improving the Management of Government Charge Card Programs, section 4.3 describes the responsibilities of management over the agency's charge card program:

"The general responsibilities of charge card managers in implementing risk management controls, policies and practices are:

  • Implementing the appropriate controls to ensure compliance with Federal laws, Federal and agency regulations, and for monitoring program effectiveness;
  • Ensuring that any risk management polices and practices established in the agency's charge card management plan are carried out effectively and that the charge card management plan is updated with enhanced risk management policies and practices, as applicable."

As reported under Objective 1, EEOC has implemented appropriate controls to ensure compliance with Federal laws as well as Federal and agency regulations. However, we did identify issues with the timeliness of updates to the SOPs. Our testing of operating effectiveness reported in Objective 2, identified deficiencies in EEOC's ability to provide oversight on the effectiveness of these programs and to ensure policies and practices established in its charge card SOPs are monitored and violations addressed.

Based on the findings identified above, EEOC's purchase card/convenience check program is not operating in compliance with OMB A-123, Appendix B established under the authority of 31 U.S.C. 1111, Executive Order 11541, the Chief Financial Officers Act of 1990 (P.L. 101-576) and the Office of Federal Procurement Policy Act (41 U.S.C. Chapter 7).

Recommendations

We recommend that the Chief Financial Officer of the U.S. Equal Employment Opportunity Commission:

  • 1) Perform further analysis on its government charge card operations to identify all of the controls that should be implemented per OMB directives. This would include the identification of procedures performed utilizing the new accounting system (FCS) as well as current duties of personnel interacting with the system. Specifically, EEOC should:

    • Meet with all process lead personnel to determine what controls are or should be in place to ensure that fraud, waste, abuse and misuse are not present in the charge card program;
    • Identify all requirements in OMB Circular A-123, Appendix B and determine the procedures necessary to comply with the requirements; and
    • Ensure policies and procedures are reviewed on an annual basis or more frequently if substantial changes have occurred in EEOC's systems or laws and regulations have been issued to ensure that policies and procedures are appropriate for the current environment.
  • 2) Develop a system to either 1) identify and track all of its charge card activity, including open accounts, closed accounts, cardholder approver levels, and cardholder training; or 2) perform an evaluation of its service providers controls over the charge card program to ensure that controls are appropriate and operating effectively. Additionally, EEOC should monitor all of its controls, whether performed at EEOC or at a service provider at least annually to ensure that the controls remain adequate and continue to operate effectively.
  • 3) Develop policies and procedures to identify and track all cardholder-required training. Documentation should be maintained following NARA requirements for cardholders who have successfully completed training requirements. For cardholders who have not successfully completed training requirements, EEOC should document notification(s) of the required training and all corrective actions taken against the cardholder, until the successful completion of training can be demonstrated.
  • 4) Further develop its controls over the retention of application documents for charge card accounts. The Purchase Card Program Manager should maintain the documentation identified above for all account applications electronically or in hard copy. The policy or procedure should establish an appropriate period of time for retention of records.
  • 5) Monitor its controls over transaction approval, whether performed at EEOC or at a service provider, at least annually to ensure that the controls remain adequate and continue to operate effectively.
  • 6) Implement policies and procedures over record retention for purchase and travel card transactions. EEOC should monitor these controls at least annually to ensure that the controls remain adequate and continue to operate effectively.
  • 7) Improve its controls over the closure of charge card accounts. The Purchase Card Program Manager should maintain documentation of all account closures electronically or in hard copy. Documentation should include evidence of the name of the DRM or A/OPC who received the employee's charge card, the date the card was turned into the DRM or A/OPC , the date the card was physically destroyed, and the date that account closure was confirmed by the Charge Card Vendor.
  • 8) Develop and implement policies and procedures to require reviews of total cardholder activity to ensure compliance with monthly spending authority for all cardholders. Documentation of authority to exceed cardholders spending limits should be maintained by management. Penalties for exceeding authorized spending limits should be established and enforced.
  • 9) Develop additional monitoring controls as a best practice. The Office of Management and Budget does not currently require these controls. EEOC should consider developing and implementing policies and procedures to use data mining to monitor charge cardholder activity. Data mining should target the nature and frequency of purchases and fees. Effective use of data mining techniques can help to prevent and identify improper purchases, unnecessary fees, split transactions, and progress of refund requests. This control would improve the agency's ability to prevent and detect improper or unnecessary charges.
  • 10) Consider supplementing the listing of disallowed merchant category codes used by its charge card vendor with additional disallowed codes based on EEOC's policies on purchases and travel expenses.

We appreciate the cooperation and courtesies that EEOC personnel extended to us during this audit.

Felder Signature

Harper, Rains, Knight & Company, P.A.


Appendices




Appendix A

Background

A U.S. government purchase card is an internationally accepted credit card issued by individual contractors and available to personnel in all federal agencies under a single General Services Administration (GSA) contract. The purpose of Charge Card Programs is to minimize the paperwork needed to make purchases with proper authorization.

Effective Charge Card Programs depend on the users having been properly trained to manage their card use. Treasury Financial Manual, Vol.1, Part 4, Section 4525, requires each agency to have its own internal procedures for using purchase cards, so cardholders must be made aware of the applicable laws, regulations, and procedures developed by their agency. Management's understanding of internal controls is essential in ensuring accountability at all levels of charge card use.

Charge cards allow the same individual to order, pay for, and receive goods and services. Purchase and travel cards are at a high risk for misuse, fraud, waste, and abuse. Accordingly, if the internal controls governing the Equal Employment Opportunity Commission's (EEOC) purchase and travel card programs are not sufficient, properly designed, and fully implemented, EEOC will not be able to detect and prevent fraudulent purchases or other improper use of the cards.

The Office of the Chief Financial Officer (OCFO) at EEOC has responsibility for overall management of the commercial purchase card program. The OCFO has established policies and procedures relating to the program which are contained in the EEOC's Government-wide Travel Card and Government Commercial Purchase Card programs standard operating procedures (SOPs). Included in the user's guide are responsibilities for individuals and EEOC offices, guidance on authorized use of the purchase card, purchase limits, reconciliation and payments and training requirements for those involved with the use of the agency's purchase card.

Key roles within the EEOC's purchase card program include the Charge Card Program Manager (CCPM), Agency /Organization (A/OPC) Program Coordinator, Approving Officials (AO), and Cardholders. The CCPM is responsible for the day to day oversight and administration of purchase card operations within the agency. This includes establishing new purchase card accounts, closing accounts, and increasing or decreasing purchase limits and monitoring merchant category restrictions. AOs are usually the office director or supervisor designated to approve purchase card transactions, monitor purchase card activity in an organization, and certify the invoice for payment for the purchase card services. Each cardholder is assigned an approving official who will review cardholder transactions to ensure that the purchases are valid and allowable. Purchase cards reflect the cardholder's name and may only be used by the named employee. Cardholders may purchase supplies and services within their delegated procurement authority. The purchase charge card is the primary method for making purchases valued up to $3,000 for supplies, $2,500 or less for services and $2,000 for construction.

Convenience checks are payment instruments drawn on the purchase card account. Convenience checks may be written only to vendors who do not accept the purchase charge card, for emergency incident response, and for other Commission approved purposes that comply with Public Law 104-134, the Debt Collection Improvement Act of 1996.

Appendix B

Objective, Scope, Methodology, and Criteria

Objective

The audit objectives were as follows:

  • (1) To determine whether internal controls are in place to detect and prevent fraud, waste, abuse and misuse in the EEOC's purchase card program.
  • (2) To evaluate the effectiveness of the processes and procedures over EEOC's purchase card program. Specifically, determine if procedures for issuing purchase cards/convenience checks, monitoring the use of the purchase cards/convenience checks, and providing training to employees having responsibilities for purchase cards/convenience checks are adequate.
  • (3) To determine if the EEOC's purchase card/convenience check program is operating in compliance with laws and regulations.

Scope

The scope of this audit covered testing of purchase card program transactions covering the fiscal years (FY 2011-FY 2012). The audit was conducted in accordance with generally accepted government auditing standards: the audit was planned to obtain sufficient, appropriate, evidence to provide a reasonable basis for findings and conclusions based on the objectives.

Our performance audit was not designed to, and we did not, perform a financial audit of the amounts obligated or expended by EEOC.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Methodology

We conducted interviews and process walkthroughs with officials at EEOC's Central Services Division (CSD) within the OCFO organization, to understand the internal controls, processes, systems, and procedures used to manage the agency's charge card program. Our consideration of internal controls relevant to our audit objectives would not necessarily disclose all matters that might be significant deficiencies. Because of inherent limitations in internal controls, noncompliance may nevertheless occur and not be detected.

We selected statistical samples of the agencies controls over the issuance of purchase and travel accounts and closing of cardholder accounts at separation. Sample items were tested for compliance with EEOC policies and procedures as well as compliance with the requirements of OMB Circular A-123, Appendix B.

We selected a statistical sample of purchase and travel card transactions during FY 2011 and 2012. Testing performed over the sample included verification of: transaction support, transaction approval, allowable MCC codes, evidence to support amounts were available prior to purchase, appropriate purchases for government use, dispute of unauthorized charges, purchases were from the required sources of supply and service, cardholder not splitting purchases, and balances paid timely. Based upon these tests and assessments, we concluded the data was sufficiently reliable to be used in meeting the objectives.

Criteria

We used the following to perform the audit:

  • GAO Government Auditing Standards, 2011 Revision
    • Chapter 7: Field Work Standards for Performance Audits
    • Chapter 8: Reporting Standards for Performance Audits
  • GAO Standards for Internal Control in the Federal Government, November 1999
  • OMB Circular A-123, Appendix B Improving the Management of Government Charge Card Programs, Revised January 15, 2009
  • Treasury Financial Manual, Vol.1, Part 4, Section 4525
  • 31 U.S.C. §§ 3321, 3322, 3327, 3335, 3901
  • Public Law 112-194 "Government Charge Card Abuse Prevention Act of 2012"

Appendix C

Acronyms and Abbreviations

A/OPC
Agency/Organization Purchase Manager
CCPM
Charge Card Purchase Manager
CPA
Certified Public Accountant
CSD
Central Services Division
EEOC
Equal Employment Opportunity Commission
FY
Fiscal Year
GAGAS
Generally Accepted Government Auditing Standards
GAO
U.S. Government Accountability Office
GSA
General Services Administration
MCC
Merchant Category Code
OCFO
Office of Chief Financial Officer
OIG
Office of Inspector General
OMB
Office of Management and Budget
P.A.
Professional Association
U.S.C.
United States Code

Appendix D

Equal Employment Opportunity Commission Response

EEOC Seal
U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION
Washington, D.C. 20507

Office of the Chief Financial Officer

February 15, 2013

Mr. Matthew N. Farage, CPA.CITP, CISA
Harper, Rains, Knight, & Company, P.A.
700 12th Street, NW, Suite 700
Washington, DC 20005

Dear Mr. Farage:

Thank you for providing the U.S. Equal Employment Opportunity Commission (EEOC) with an opportunity to respond to the Statement of Facts (SOF) for the audit of EEOC's Purchase and Travel Card Programs. Generally, the Office of the Chief Financial Officer agrees with each SOF cause, effect, and recommendation, except as indicated in the enclosed response.

Please feel free to contact me at germaine.roseboro@eeoc.gov, (202) 663-4238 should you have any questions or concerns.

Sincerely,

Germaine P. Roseboro
Chief Financial Officer

Enclosure

cc:

Willie Eggleston, EEOC
Office of Inspector General

George R. Betters, Director
Central Services Division, OCFO

L. Shelly Jackson, Supervisor
Central Services Division, OCFO

Raj Mohan, Director
Financial Operations Division


Response to Harper, Rains, Knight and Company
Statement of Fact (SOF) for
the U.S. Equal Employment Opportunity Commission
Purchase and Travel Card Programs
February 15, 2013

1. SOF #1: Documentation of Charge Card Policies and Procedures

a. EEOC agrees with the SOF, with the exception that EEOC currently performs annual reviews and updates of our policies and Procedures in accordance with OMB Circular 123. EEOC's last policy update was November 12, 2012. However, an older version of our policy was provided to the auditors.

b. EEOC will comply with the recommendation by identifying the process lead personnel; posting the latest version of the user guide in a readily accessible location on our intranet; disseminating yearly reminders or as policy changes mandate of individual responsibility and program maintenance requirements to process lead personnel and users; and implement reviews by the Office of the Chief Financial Officer (OCFO) of randomly selected Headquarters and Field Offices to assess the Agency's overall compliancy with internal and OMB policies.

2. SOF #2: Documentation of Charge Card Policies and Procedures - Internal Controls

a. EEOC agrees with the SOF.

b. EEOC will comply with the recommendation by maintaining a record of Purchase and Travel Card user account activity for activation; account limit increase and decrease; training; account closures; and policy notifications within OCFO. Additionally, EEOC will provide contractor's with a monthly report of personnel whose accounts should be closed; will review contractor quarterly reports for appropriate contract deliverables, and will implement measures to monitor the contractor's performance, such as delinquency services and closing accounts, for compliancy with the contract requirements.

3. SOF #3: Charge Card Training Requirements

a. EEOC agrees with the SOF.

b. EEOC will comply with the recommendation by documenting and enforcing the training requirements for purchase card participants by maintaining copies within OCFO of employees' certificates of initial training before their accounts are processed for activation; and maintaining a copy within OCFO of employees' refresher training certificates.

c. EEOC will comply with the recommendation by documenting and enforcing the training requirements for travel card participants by requiring program leads at Headquarters and the Field Offices to ensure users or the Program Leads maintain a copy of travel card holders initial and refresher training certificates. Additionally, EEOC will conduct reviews of randomly selecting offices to assess the Agency's compliancy with enforcing and documenting the policy for travel card holders initial and refresher training requirements.

d. OCFO will direct the service contractor to inactivate purchase and travel card holder accounts of EEOC users and approving officials who do not complete refresher training within a timely manner.

4. SOF#4: Compliance with SOP-CSD-704 and SOP-CSD-705-Opening Accounts

a. EEOC agrees with the SOF, except for establishing timeframes for retention of records. EEOC Records Order, 201.001 establishes timeframes for EEOC records retention.

b. EEOC will comply with the recommendation as stated above in SOF# 2 and SOF #3; and by maintaining within OCFO a complete copy of purchase card holder initial application packets; and requiring Headquarters and Field Office program leads to ensure that the user or the program lead maintains a complete copy of travel card holder initial application packets.

c. EEOC will comply with the recommendation by conducting reviews of randomly selected offices to assess the Agency's compliancy with the policy for maintaining travel card user records; and as applicable, implement measures to monitor the service contractor's performance for compliancy with contract requirements for record keeping/deliverables.

5. SOF#5: Transaction Approval Requirements

a. EEOC agrees with the SOF, except for travel card transactions. All temporary duty and permanent change of station travel requires a travel authorization prior to the commencement of travel. Carlson Wagonlit will not charge transportation tickets without an approved authorization. Authorizations are approved for funding when it interfaces with the financial system.

b. EEOC will issue instructions in the Financial Management Guidance for the Fiscal Year 2013 audit to obligate funds for credit card purchases. EEOC will also emphasize to all card holders that support for all purchases should be maintained for subsequent audits

6. SOF#6: Supporting Documentation for Charge Card Transactions

a. EEOC agrees with the SOF except for travel card transactions related to transportation purchases which are maintained in the E2 travel system indefinitely.

b. EEOC will comply with the recommendation as stated above in SOF#1; and by developing and posting on EEOCs intranet a Question and Answer (Q&A) Fact Sheet for quick reference of user and approving official responsibilities. In addition to EEOC's User Guide, the Q&A will be included as a reference source in each user and approving official authorization letter.

7. SOF#7: Cardholder Account Closure Procedures

a. EEOC agrees with the SOF, except to also identify mishandling of the service contractor to issue payment against a card holder's account that had been closed 37 days prior to submission of the check for payment as a cause for ineffective operation. Also, we need clarification regarding the 9 accounts closed for non-payment. We have no record of purchase card accounts closed due to non-payment.

b. EEOC will comply with the recommendation as stated above in SOF#2; and by requiring the Agency, Headquarters and Field Office Program Leads to maintain a log of purchase and travel card holder account closures with the data specified in the audit recommendation; and implementing measures to monitor the service contractor's performance for compliance with the contractor requirements or unprecedented issues.

c. EEOC will comply with the recommendation by conducting reviews of randomly selected offices to assess the Agency's compliancy with the policy for maintaining purchase and travel card holder closed account documentation.

8. SOF#8: Purchase Card Best Practices

a. EEOC agrees with the SOF.

b. EEOC does not have the software to use data mining. At present, budgetary constraints forbid the consideration of this recommendation. EEOC will consider it at a later date.

c. EEOC has reviewed the recommendation, but will continue to use the existing list of disallowed Merchant Category Codes (MCC) specified by the service contractor. No further action will be taken to supplement the current disallowed MCC list.

9. SOF#9: Cardholder Credit Card Limits

a. EEOC disagrees with the SOF. The Central Services Division Standard Operating Procedures (SOP)-CSD-705 procedures for card limit increases and decreases is followed for card holder limit change requests. The SOF Condition, Cause, and Effect are related to EEOC's "…accounting system [that is] designed to make payments on its charge card accounts to Citibank daily, thus allowing charge cardholders to spend, in total, above their monthly limits…"

b. EEOC will discuss this with Citibank to determine the proper course of action to take since EEOC processes purchase card payments on a daily basis. EEOC will further discuss the possibility of establishing a weekly limit for purchase card purchases.

EEOC Seal
U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION
Washington, D.C. 20507

Office of the Chief Financial Officer

March 7, 2013

Mr. Matthew N. Farage, CPA.CITP, CISA
Harper, Rains, Knight, & Company, P.A.
700 12th, NW, Suite 700
Washington, DC 20005

Dear Mr. Farage:

Thank you for providing additional information addressing your position for Statement of Facts (SOF) numbered 5, 7, and 8 for the audit of EEOC's Purchase and Travel Card Programs. Please see additional comments below.

  • SOF #5, Transaction Approval Requirements - The $859 was authorized. See attached screen shot from E2. Lodging and taxes total $829. The $30 for shuttle service, although not initially included on the authorization, was in fact approved by the Administrative Officer/District Resources Manager (funds approval) and the Approving Official on the E2 travel voucher before the document interfaced with the financial system (at that time Momentum). All E2 travel authorizations and travel vouchers must have funds and management approval before the documents can transmit to the financial system.
  • SOF #7, Card Holder Account Closure Procedures - We agree with your recommendation. The 9 questionable closed accounts were for travel and not purchase cards. After researching further Cunningham, Coffey, Lucero, Felix, Estevez and Hardy have left the agency. Their accounts were closed due to separation. The 3 other employee accounts were closed for non-payment.
  • SOF #8, Purchase Card Best Practices - We agree with the recommendation to consider adding to the list of prohibited MCC's.

Please feel free to contact me at germaine.roseboro@eeoc.gov or (202) 663-4238 should you have additional questions or concerns.

Sincerely,

Germaine P. Roseboro
Chief Financial Officer

cc: Willie Eggleston, EEOC
Office of Inspector General

George R. Betters, Director
Central Services Division, OCFO

L. Shelly Jackson, Supervisor
Central Services Division, OCFO

Raj Mohan, Financial Operations Division