This document is an HTML formatted version of a printed document. The printed document may contain agency comments, charts, photographs, appendices, footnotes and page numbers which may not be reproduced in this electronic version. If you require a printed version of this document contact the United States Securities and Exchange Commission, Office of Inspector General, Mail Stop 11-7, 450 Fifth Street N.W., Washington, D.C. 20549 or call (202) 942-4460.

Commercial Credit Card Program

Audit Report No. 258
September 30, 1997

Executive Summary

We found that the Commission’s credit card program was generally efficient and effective, although some improvements in management controls are needed. Our recommendations include establishing authorized merchant categories as a spending control; reviewing the appropriateness of established purchasing limits; encouraging additional use of the card when appropriate; and enhancing monitoring of card usage by obtaining additional reports and improving coordination. The Office of Administrative and Personnel Management, in its comments (attached), generally concurred with the recommendations.

Scope and Objective

We began this audit after receiving a request from the General Services Administration (GSA) seeking possible enhancements to its commercial credit card contract, which was being reissued. Our objective was to evaluate the effectiveness and efficiency of the Commission’s credit card program.

During the audit, we reviewed available documentation, tested controls and surveyed card holders. The controls tested included supervisory approval of statements of account, procedures for setting spending limits, and follow up actions on status reports by the Program Administrator. We also interviewed staff from the Comptroller’s Office, the Program Administrator and other staff in the Office of Administrative and Personnel Management (OAPM), and approving officials from the Central and Pacific Regional Offices.

We performed the audit between November 1996 and June 1997 in accordance with generally accepted government auditing standards.

Background

Under a GSA contract, federal employees chosen by their agency can make small purchases with a government VISA card. The card is issued by the Colorado National Bank, doing business as the Rocky Mountain BankCard System (RMBCS). Using the credit card (rather than an imprest fund or a purchase order) improves government cash management and controls over small purchases.

The Office of Administrative and Personnel Management (OAPM) has issued regulations for the Commission’s credit card program (SECR 10-6). Under the regulations, the office head nominates employees who are willing to serve as cardholders. The Associate Executive Director of OAPM issues the employees a Delegation of Authority for procurement and sets spending limits. RMBCS then issues the credit card in the employee’s name. The card may only be used by the designated cardholder for official business purchases. The purchase of furniture and equipment must be approved in advance by OAPM, while ADP and telecommunications supplies and services must be approved by the Office of Information Technology.

At the end of the billing cycle, RMBCS sends a Statement Of Account (SOA) to the cardholder and a summary report to the approving official. These documents show the transactions for the period. The card holder must reconcile the statement to his or her records and forward a signed copy to the approving official within two days. The approving official then certifies the statement and forwards it to the Comptroller.

OAPM has also designated an Agency Program Coordinator (APC). Among other duties, the APC acts as liaison to the RMBCS, gives instructions to approving officials and card holders on card usage and their reporting responsibilities, and follows up on disputed purchases, credits for returned items, and billing errors.

Audit Results

We found that although some improvements are needed, the Commission’s credit card program card was generally effective and efficient. Our detailed findings and recommendations follow.

Spending Controls

GSA requires agencies to establish several limits on cardholder purchases to control unauthorized spending. For example, cardholders may purchase up to a set amount in any one store or in any one month, and authorized merchant categories are defined. The Commission’s credit card regulation (SECR 10-6) states that "merchant type codes are used as an activity type code on an individual’s card to identify those merchants who provide supplies and services that are unauthorized for that cardholder."

The Office of Administrative and Personnel Management has set purchase limits (see next finding), but has not limited merchant categories. GSA has established several merchant categories, including hotels, general retail, mail/phone order, gasoline service stations, and others. It has defined various combinations of these categories to create a table of merchant activity codes to meet cardholder spending requirements.

Recommendation A

The Office of Administrative and Personnel Management should establish authorized merchant categories for Commission cardholders.

Purchase Limits

The single purchase limit is based on the total price of items purchased at one time at a particular merchant. Transactions exceeding the authorized limits are denied at the point of sale.

For each cardholder, the agency chooses one of the following limits: $100, $250, $500, $1000, $1500, $2000, $2500, $3000, $5000, $10,000, and $25,000. OAPM has established a limit of $2500 for most cardholders (the amount below which purchases can be made without competition).

Agencies also establish monthly purchase limits. OAPM has established a limit of $99,000 for each office and $50,000 for most cardholders.

We reviewed spending patterns for a judgment sample of six cardholders. All of their single and monthly purchases were well below $2500 and $50,000, respectively, suggesting that these limits may be too high. Excessive spending limits increase the risk of improper usage.

Under GSA guidance, agencies are cautioned to impose realistic spending limits. The established limits should reflect actual spending history and budgetary trends. Now that OAPM has several years experience with the credit card program, it should be able to impose more realistic spending limits.

Recommendation B

In consultation with approving officials, OAPM should evaluate single and monthly purchase spending limits for all cardholders and make changes as appropriate.

Program Participation

One objective of the credit card program is to improve government cash management by providing an alternative to imprest funds and purchase orders. Cash maintained in imprest funds is subject to theft and pays no interest, while purchase orders incur administrative expenses.

Based on our review, use of the credit cards could be expanded, thereby improving cash management. For example, two field offices (Denver and Ft. Worth) did not have credit cards, relying instead on their imprest funds. Also, one cardholder informed us that the cardholder’s supervisor discouraged use of the card.

Since the program is relatively new, Commission staff may be unclear as to when use of the card is appropriate. OAPM indicated that it has made presentations on the credit card program at administrative conferences, and has issued regulations on the program (SECR 10-6). It should continue its efforts to expand use of the card.

Recommendation C

OAPM should encourage all offices to participate in the credit card program. It should issue informal guidance explaining when each small purchase method (the credit card, imprest fund, and purchase order) should be used.

PROGRAM MONITORING

Under the Commission’s credit card regulation, the Agency Program Coordinator (APC) implements and administers the credit card program, under the general direction of the Associate Executive Director of OAPM. Among other duties, the

APC monitors any approving official’s account whose balance has reached 80% of the monthly office limit, and processes and monitors all disputed purchases, credits or billing errors and provides findings to the Office of the Comptroller.

We reviewed the monitoring procedures of the Agency Program Coordinator (APC), including the reports received by the APC. Currently, the APC receives a New Account (G022) report, which is used to verify processing of new cards, and a Statistical Summary (G089) report, which provides information on the number and amount of transactions, and the number of agency accounts. Other reports are available which would assist the APC’s monitoring efforts.

The APC could better resolve delinquencies by using the Disputed Transaction Status Report (F107) which lists all disputed transactions, and the Invoice Status Report (F109), which includes a summary of delinquent invoices and activity detail for the last two invoices. By following up on problems in these reports, the APC could help ensure that invoices are paid as soon as possible.

For example, we found two delinquent invoices listed on the Invoice Status Report: one for $149 plus penalty which was 449 days past due, and one for $510 plus penalty which was 237 days past due. In addition, we found an unpaid penalty. The APC told us he was not aware of these delinquencies.

The APC could monitor whether any cards are inactive by using the Prenotification of Reissue of Credit Cards (R803) Report. This report lists account information and expiration dates. By using this report, we identified two cardholders (since March 1995) who had not used their cards as of December 1996. They told us that Commission administrative staff were holding their cards.

Based on our discussions with OAPM and the Office of the Comptroller, the two offices need to coordinate better, and to assign monitoring duties more clearly. For example, the role of each office in resolving discrepancies was not clearly defined.

Recommendation D

OAPM should order agency-level Disputed Transaction, Invoice Status, and Prenotification of Reissue reports from the credit card contractor. It should use the reports to resolve delinquencies and cancel unneeded cards (including those described above), in consultation with approving officials and the Office of the Comptroller.

Recommendation E

OAPM and the Office of the Comptroller should clearly define their respective monitoring functions.

APPROVING OFFICIAL REVIEW

During our review of documentation for a sample of six cardholders, we found two Statements of Account (SOA) that were not signed by the approving official. These unsigned SOAs were processed by the Comptroller’s Office. Review and approval of the Statement of Account is an important control which helps prevent unauthorized use of the credit card.

Recommendation F

The Office of the Comptroller should remind its staff to contact the approving official for any unsigned Statements of Account.