#«'osx
f Q\
U.S. ENVIRONMENTAL PROTECTION AGENCY
OFFICE OF INSPECTOR GENERAL
U.S. Chemical Safety Board
CSB Purchase Card
Program at Low Risk for
Unauthorized Purchases
JulyS, 2017
Report No. 17-P-0303
-------�
Report Contributors:
Michael D. Davis
Marcia R. Hirt-Reigeluth
Randy Holthaus
Abbreviations
BFS Bureau of the Fiscal Service
CFR Code of Federal Regulations
CSB U.S. Chemical Safety and Hazard Investigation Board
FY Fiscal Year
OIG Office of Inspector General
OMB Office of Management and Budget
U.S.C. United States Code
Cover photo: Government purchase card and dollar amount of CSB's FY 2016 expenditures.
(EPA OIG image)
Are you aware of fraud, waste or abuse in an
EPA or CSB program?
EPA Inspector General Hotline
1200 Pennsylvania Avenue, NW (2431T)
Washington, DC 20460
(888) 546-8740
(202) 566-2599 (fax)
OIG Hotline@epa.qov
Learn more about our OIG Hotline.
EPA Office of Inspector General
1200 Pennsylvania Avenue, NW (2410T)
Washington, DC 20460
(202) 566-2391
www.epa.gov/oiq
Subscribe to our Email Updates
Follow us on Twitter @EPAoiq
Send us your Project Suggestions
-------�
x^fcD ST/if.
* *- U.S. Environmental Protection Agency 17-P-0303
I AA \ Hffirp of Insnprtnr ^pnpral July 5,2017
• u.o. ti ivii ui iiiitri iidi riuicuu
\ Office of Inspector General
I vRf 1
At a Glance
Why We Did This Review
The Office of Inspector General
(OIG) performed this risk
assessment of the U.S.
Chemical Safety and Hazard
Investigation Board's (CSB's)
purchase card use during fiscal
year (FY) 2016, as required by
the Government Charge Card
Abuse Prevention Act of 2012.
The act requires the Inspector
General of each agency to
conduct periodic assessments
of the agency's purchase card
program or convenience check
programs to analyze the risks
of illegal, improper or
erroneous purchases.
In FY 2016, the OIG conducted
an audit of CSB's purchase
card program, and, based on
improvements to its internal
controls, we determined that
CSB's program was at low risk
for illegal, improper or
erroneous purchases and
payments. As a result, we
conducted a risk assessment in
FY 2017, which provided the
data for this report.
This report addresses the
following CSB goal:
• Preserve the public trust by
maintaining and improving
organizational excellence.
CSB Purchase Card Program at Low Risk for
Unauthorized Purchases
What We Found
CSB's purchase card
program, for which it spent
$238,390 in FY 2016, is at
low risk for unauthorized
purchases.
The CSB purchase card program is at low risk for
unauthorized purchases. The CSB should
continue to follow the regulations set forth in its
Charge Card Management Plan and Office of
Management and Budget's guidance governing
agency purchase cards. Our review of nine
sampled transactions found the transactions to be legitimate and that CSB
complied with applicable plans and guidance.
However, the CSB FY 2016 Account Activity Report that CSB originally provided
to the OIG was inaccurate. The CSB purchase card transaction records are
maintained by the U.S. Department of the Treasury's Bureau of the Fiscal
Service (BFS). BFS inadvertently excluded identical purchase transactions made
to the same vendor on the same day for the same dollar amount when it provided
the report to CSB. Identical purchase transactions signify possible unallowed split
transactions, which occur when an agency splits the costs of purchases into
separate transactions to avoid exceeding acquisition thresholds.
Upon learning of its error, BFS generated an accurate report, which CSB
provided to the OIG. The updated report contained an additional 26 transactions,
which were identical to ones previously listed. These 26 possible split
transactions totaled $14,942, bringing the total number and cost of the report's
transactions to 561 and $238,390. We reviewed the transactions in the new
report and did not identify any split transactions.
Recommendation and Planned Agency Actions
We recommend that CSB review and reconcile BFS Account Activity Report
transaction counts and totals to the purchase card records maintained by CSB in
its financial system before providing these reports to the OIG. CSB concurred
with this recommendation and plans to complete the corrective action during the
FY 2018 risk assessment. The recommendation is therefore resolved with
corrective action pending.
Send all inquiries to our public
affairs office at (202) 566-2391
or visit www.epa.gov/oiq.
Listing of OIG reports.
-------�
UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
WASHINGTON, D.C. 20460
THE INSPECTOR GENERAL
July 5, 2017
The Honorable Vanessa Allen Sutherland
Chairperson and Board Member
U.S. Chemical Safety and Hazard Investigation Board
1750 Pennsylvania Avenue NW, Suite 910
Washington, D.C. 20006
Dear Ms. Sutherland:
This is our report on the risk assessment of the U.S. Chemical Safety and Hazard Investigation Board's
(CSB's) purchase card program for fiscal year 2016. This report contains a finding that describes a
problem the Office of Inspector General (OIG) has identified and the corrective action the OIG
recommends. This report represents the opinion of the OIG and does not necessarily represent the final
CSB position.
CSB's planned corrective action meets the intent of the recommendation. As a result, you are not
required to provide a written response to this report. However, if you submit a response, it will be posted
on the OIG's public website, along with our memorandum commenting on your response. Your
response should be provided as an Adobe PDF file that complies with the accessibility requirements of
Section 508 of the Rehabilitation Act of 1973, as amended. The final response should not contain data
that you do not want to be released to the public; if your response contains such data, you should
identify the data for redaction or removal along with corresponding justification.
We will post this report to our website at www.epa.gov/oig.
Sincerely,
Arthur A. Elkins Jr.
-------�
CSB Purchase Card Program at Low Risk
for Unauthorized Purchases
17-P-0303
Table of C
Purpose 1
Background 1
Scope and Methodology 1
Prior Report 2
Results of Audit 2
CSB Needs to Verify BFS Account Activity Report(s) of
Purchase Card and Convenience Check Transactions 2
CSB Is Compliant With OMB Split-Purchase Transaction Requirements 4
Conclusion 4
Recommendation 4
CSB Comments and OIG Evaluation 5
Status of Recommendations and Potential Monetary Benefits 6
Appendices
A CSB Response 7
B Distribution 9
-------�
Purpose
Our audit objective was to perform a risk assessment of the U.S. Chemical Safety
and Hazard Investigation Board's (CSB's) purchase card use during fiscal year
(FY) 2016. The Government Charge Card Abuse Prevention Act of 2012, at
41 U.S.C. § 1909(d), requires the Inspector General of each agency to conduct
periodic assessments of the agency's purchase card or convenience check
programs to analyze the risks of illegal, improper or erroneous purchases.
Background
CSB is an independent federal agency charged with investigating industrial
chemical incidents and hazards. Headquartered in Washington, D.C., the agency's
board members are appointed by the President and confirmed by the U.S. Senate.
CSB was established by the Clean Air Act Amendments of 1990 and became
operational in 1998.
The Government Charge Card Abuse Prevention Act of 2012 reinforced
administration efforts to prevent waste, fraud and abuse of governmentwide
charge card programs. The act requires all executive branch agencies to establish
and maintain safeguards and internal controls for purchase cards, travel cards,
integrated cards and centrally billed accounts. The act also requires the Office of
Inspector General (OIG) to conduct periodic risk assessments of an agency
purchase card program or convenience check programs to analyze the risks of
illegal, improper or erroneous purchases. These risk assessments will be used to
determine the necessary scope, frequency, and number of audits that the OIG
needs to conduct of these programs.
Scope and Methodology
We conducted this charge card audit from March to May 2017 in accordance with
generally accepted government auditing standards issued by the Comptroller
General of the United States. Those standards require that we plan and perform
the audit to obtain sufficient, appropriate evidence to provide a reasonable basis
for our findings and conclusions based on our objective. We believe that the
evidence obtained provides a reasonable basis for our findings and conclusions
based on our audit objective.
We reviewed, analyzed and documented internal controls. CSB completed
561 purchase card and convenience check transactions, with a total net value of
$238,390, for FY 2016. We judgmentally selected a sample of nine transactions,
valued at $19,117, based on the amount and type of transaction, to review for
legitimate purchases, proper authorization, and approvals based on CSB's
management plan requirements. We analyzed CSB's Charge Card Management
Plan to determine if it had controls that prevented fraud, waste and abuse of
purchase cards.
17-P-0303
1
-------�
Prior Report
In FY 2016, the OIG conducted an audit of CSB's purchase card program.
Report No. 16-P-0260. CSB Has Improved Its Controls Over Purchase Cards,
issued August 11, 2016, assessed CSB's program as low risk based on the
improvements to its purchase card internal controls. There were two
recommendations in the report. One of the recommendations was corrected prior
to the completion of the audit, while the other was completed by December 31,
2016. Based on the results of the audit, the OIG determined that a risk assessment
should be performed in FY 2017.
Results of Audit
The CSB purchase card program continues to be at low risk for unauthorized
purchases. The CSB should continue to follow the regulations set forth in its
Charge Card Management Plan and Office of Management and Budget's
(OMB's) guidance governing agency purchase cards. Our review of nine sampled
transactions worth $19,117 found the transactions to be legitimate and that CSB
complied with applicable plans and guidance. In addition, as part of our risk
assessment, we reviewed the report for possible split transactions and did not find
any.
During the course of our risk assessment, we found that the original CSB
FY 2016 Account Activity Report that the CSB provided to us was inaccurate.
The report did not include any identical purchase transactions made to the same
vendor on the same day for the same dollar amount. CSB obtained and provided
the OIG with an updated report from the Department of the Treasury's Bureau of
the Fiscal Service (BFS). The updated report contained an additional
26 transactions totaling $14,942, increasing the number of transactions to
561 totaling $238,390.
CSB Needs to Verify BFS Account Activity Report(s) of
Purchase Card and Convenience Check Transactions
The CSB should review and reconcile the BFS Account Activity Report(s)
transaction counts and totals to the purchase card records maintained by CSB in
its financial system before providing the BFS report to the OIG. The original CSB
FY 2016 Account Activity Report provided to the OIG was inaccurate,
understating the total number of transactions by 26, and the total value of the
transactions by $14,942. While reviewing one of the nine transactions in our
sample, we found that there were two purchase transactions that looked identical,
as they were to the same vendor on the same day for the same dollar amount.
However, only one transaction was shown in the original CSB FY 2016 Account
Activity Report.
17-P-0303
2
-------�
We asked CSB about the missing transaction and were informed that BFS had
retrieved the report. The CSB informed BFS of the error. The BFS acknowledged
that it had failed to include all of the necessary attributes needed to pull all
transactions that look identical for both open and closed cardholders, and it
advised CSB of that error. As a result, none of those identical transactions were
included in the original CSB FY 2016 Account Activity Report. After BFS
identified the reason for the incomplete retrieval, it pulled another report, which
the CSB provided to the OIG. The updated report contained an additional
26 transactions totaling $14,942, increasing the number of transactions to
561 totaling $238,390.
The U.S. Government Accountability Office Standards for Internal Control in the
Federal Government, Principle 16 - Perform Monitoring Activities, Internal
Control System Monitoring, defines management's responsibilities in Sections
16.04 and 16.05:
Management monitors the internal control system through ongoing
monitoring and separate evaluations. Ongoing monitoring is built
into the entity's operations, performed continually, and responsive
to change. Separate evaluations are used periodically and may
provide feedback on the effectiveness of ongoing monitoring.
Management performs ongoing monitoring of the design and
operating effectiveness of the internal control system as part of the
normal course of operations. Ongoing monitoring includes regular
management and supervisory activities, comparisons,
reconciliations, and other routine actions. Ongoing monitoring may
include automated tools, which can increase objectivity and
efficiency by electronically compiling evaluations of controls and
transactions.
The CSB did not reconcile the original FY 2016 Account Activity Report
transaction counts and totals to the purchase card records maintained by CSB in
its financial system before providing the BFS report to the OIG. Although CSB
has a process to reconcile cardholders' respective purchase card logs to the
monthly CitiBank e-statement, with reviews by the program manager and the
approving official, CSB does not consolidate the cardholder purchase card logs on
a monthly or annual (fiscal year) basis. Consequently, when CSB received the
original CSB FY 2016 Account Activity Report from BFS, it was unable to verify
the accuracy of the report, and did not know that some of the transactions were
missing.
17-P-0303
3
-------�
CSB Is Compliant With OMB Split-Purchase Transaction Requirements
The CSB is compliant with the OMB and BFS split-purchase transaction
requirements. During our review of the updated CSB FY 1016 Account Activity
Report we looked for identical transactions and the possibility of CSB splitting
purchases to avoid complying with acquisition thresholds. We found that all 26 of
the newly identified transactions were identical to 19 transactions listed in the
original report. Of these, we identified two separate cases where transactions
appeared to possibly have been split, circumventing the current micro-purchase
threshold of $3,500. A micro-purchase is defined in 48 CFR 2.101 as
"an acquisition of supplies or services using simplified acquisition procedures,
the aggregate amount of which does not exceed the micro-purchase threshold."
A July 20, 2007, email from BFS to CSB addressed the issue of split transactions
for training. According to BFS:
... individual charges can be made on your [CSB] purchase card....
We [BFS] are interpreting each micro-purchase as an individual
transaction and not as a split transaction. This is due to the fact
they are for different employees.
We found that CSB identified the payment for training for each individual
employee as a separate transaction. Therefore, we determined that CSB was
compliant with split-purchase transaction requirements.
Conclusion
CSB did not reconcile the original BFS-retrieved FY 2016 Account Activity
Report transaction counts and totals to the purchase card records maintained by
CSB in its financial system before providing the BFS report to the OIG. Without a
reconciliation, CSB was unable to verify the accuracy of the report, and did not
know that some of the transactions were missing. Based on the results of our
purchase card assessment, we determined that CSB is low risk. Therefore, we
plan to conduct a required annual risk assessment, in accordance with
OMB M-13-21, in FY 2018.
Recommendation
We recommend that the Chairperson, U.S. Chemical Safety and Hazard
Investigation Board:
1. Require that CSB review and reconcile the Bureau of the Fiscal Service
Account Activity Report(s) transaction counts and totals to the purchase
card records maintained by CSB in its financial system before providing
the Bureau of the Fiscal Service report to the Office of Inspector General.
17-P-0303
4
-------�
CSB Comments and OIG Evaluation
In response to the recommendation, CSB committed to review and reconcile all
Account Activity Reports that they provide to the OIG in the future for
consistency and accuracy with the purchase card records maintained by CSB.
CSB's planned corrective action, scheduled for completion for our risk
assessment next year, meets the intent of our recommendation. CSB's complete
response to our recommendation is in Appendix A.
17-P-0303
5
-------�
Status of Recommendations and
Potential Monetary Benefits
RECOMMENDATIONS
Potential
Planned
Monetary
Rec.
Page
Completion
Benefits
No.
No.
Subject
Status1
Action Official
Date
(in $000s)
1 4 Require that CSB review and reconcile the Bureau of the Fiscal R Chairperson, 3/31/18
Service Account Activity Report(s) transaction counts and totals U.S. Chemical Safety and
to the purchase card records maintained by CSB in its financial Hazard Investigation Board
system before providing the Bureau of the Fiscal Service report
to the Office of Inspector General.
1 C = Corrective action completed.
R = Recommendation resolved with corrective action pending.
U = Recommendation unresolved with resolution efforts in progress.
17-P-0303
6
-------�
CSB Response
Appendix A
U.S. Chemical Safety and
Hazard Investigation Board
1750 Pennsylvania Avenue NW, Suite 910 | Washington, DC 20006
Phone, (202) 261 7600 | Fax (202) 281-7S50
www-csb.gov
Vanessa Allen Sutherland
Chairperson and Member
May 18,2017
Mr. Randy P. Holthaus
Project Manager Efficiency Audits
Environmental Protection Agency Region 6
Office oflnspcctor General
1445 Ross Avenue
Dallas. TX 75202
Dear Randy,
Thank \ou for the opportunity to comment on your discussion document. In follow-up to
our phone conversation, the problem was that the U.S. Chemical Safety and Hazard
Investigation Board (CSB) did not cross check a report. Bureau of the Fiscal Services
(BPS) pulled from Citibank in response to your audit request for the population of FY
2016 card activity. As a result the CSB provided vou an incomplete report and had to
ask BI ;S to pull a second report from Citibank with additional attributes to capture the
complete population, CSB acknowledges this error and to prevent it from reclining in
future audits we will cross check the Citibank transaction counts and totals against a
report we pull from our financial system before providing the Citibank report to the
auditors.
We also talked about split purchases to keep transactions under the micro-purchase
threshold and CSB's control system- which includes:
1. Cardholder and Approving Official Trainiit" All cardhoideis and approving
officials are trained on the micro-purchase threshold and that they cannot split
purchases to stay within the threshold.
2. Supervisor Reviews. Supervisors review- the monthly statements, and should
flag unusual activity such as multiple transactions to the same vendor.
3. Financial Review. CSB's Financial Specialist reviews even purchase eard and
convenience check transaction This is done both weekly as part of routine
budget updates, and monthly when reviewing and approving purchase card
statements.
17-P-0303
7
-------�
U.S. Chemical Safety and
Hazard Investigation Board
4. BFS Audit. As part of its service agreement. BFS conducts an annual audit of
CSB's purchase card program. 'Iheir review includes looking lor transactions lhat
appear to be split fa) stay under the micro-purchase threshold.
Our control system appears to be working. I do not recall instances where BFS or GIG
audits have identified any split purchases. Iherefore. 1 do not believe that CSB needs to
take additional steps with respect to preventing split purchases.
CSB does agree, how e\ et\ to assure that reports and documentation provided to the IG
from our outsourcing support is reviewed more thoroughly b\ us to assure that the
documents are complete and accurate. We agree to implement this commitment
immediately, which will apply to any subsequent audits performed by the IG on CSB
operations.
Finally. 1 am agreeable to having your team move straight to a final report on this audit
topic (bypassing the Draft report stage). If the HP A IG decides to forgo making a
recommendation to the CSB. we will still implement the corrective step we outlined
above.
Best regards,
Vanessa Allen Sutherland
17-P-0303
8
-------�
Appendix B
Distribution
Chairperson and Board Member, U.S. Chemical Safety and Hazard Investigation Board
Board Members, U.S. Chemical Safety and Hazard Investigation Board
Director of Administration and Audit Liaison, U.S. Chemical Safety and Hazard
Investigation Board
General Counsel, U.S. Chemical Safety and Hazard Investigation Board
17-P-0303
9
-------� |