CUSTOMER SERVICE ~ INTEGRITY ~ ACCOUNTABILITY Operating efficiently and effectively EPA Needs to Strengthen Its Purchase Card Approval Process Report No. 21-P-0242 September 22, 2021 SmartPay3 United States of America Supporting your msaon lf misuse suspected, call (800) xxx-xxxx x ™ f ------- Report Contributors: Catherine Allen LaTanya Furdge Gabriel Porras-Sanchez Khadija Walker Abbreviations: EPA U.S. Environmental Protection Agency EPAAG EPA Acquisition Guide MCC Merchant Category Code OIG Office of Inspector General PCORS Purchase Card Order Request System Key Definitions: Please see Appendix A for key definitions. Cover Image: Top: The EPA obtains purchase card services through the U.S. General Services Administration. (General Services Administration image). Bottom (left to right): Laboratory accessories, printers, and catering services can all be purchased with a government purchase card. (EPA, U.S. General Services Administration, and National Institute of Health images). Are you aware of fraud, waste, or abuse in an EPA program? EPA Inspector General Hotline 1200 Pennsylvania Avenue, NW (2431T) Washington, D.C. 20460 (888) 546-8740 (202) 566-2599 (fax) OIG Hotline@epa.gov Learn more about our OIG Hotline. EPA Office of Inspector General 1200 Pennsylvania Avenue, NW (2410T) Washington, D.C. 20460 (202) 566-2391 www.epa.gov/oiq Subscribe to our Email Updates Follow us on Twitter @EPAoig Send us your Project Suggestions ------- Office of Inspector General U.S. Environmental Protection Agency At a Glance 21-P-0242 September 22, 2021 Why We Did This Audit We conducted this audit to determine whether the U.S. Environmental Protection Agency's internal controls over its purchase card and convenience check program are adequate to prevent and detect illegal, improper, and erroneous purchases and payments. The Government Purchase Card Abuse Prevention Act of 2012 requires that inspectors general conduct periodic assessments of their agencies' purchase card programs. In response to our 2018 audit (Report No. 18-P- 0232). the EPA implemented new internal controls over its purchase card and convenience check program. However, during our 2019 risk assessment (Report No. 20-P-0006), we found that the EPA's transition to a new purchase card contract adversely affected these newly implemented internal controls, and we determined that we should conduct an audit in 2020. This audit supports an EPA mission-related effort: • Operating efficiently and effectively. This audit addresses a top EPA management challenge: • Complying with key internal control requirements (data quality). Address inquiries to our public affairs office at (202) 566-2391 or OIG WEBCOMMENTS@epa.gov. List of OIG reports. EPA Needs to Strengthen Its Purchase Card Approval Process What We Found Since our 2018 audit and 2019 risk assessment, the EPA has made several improvements to its purchase card and convenience check program to detect illegal, improper, or erroneous purchases. However, the Agency's internal controls are still not adequate to prevent and detect erroneous purchases. The Agency needs to improve oversight of its approximately $25 million in annual purchase card and convenience check expenses to be better stewards of taxpayer dollars. The EPA Acquisition Guide and the Agency's purchase card standard operating procedures establish policy and procedures for using purchase cards and convenience checks. For example, the EPA Acquisition Guide states that the approving official is responsible for determining whether transactions are reasonable and necessary. Of the 25 purchase card and convenience check transactions we analyzed, only two (8 percent) fully complied with the policies and procedures we reviewed. Conversely, 23 transactions (92 percent) had at least one instance of noncompliance. We found that cardholders made and approving officials approved improper purchases and that the EPA's purchase card team did not monitor purchases to ensure timely processing and approval, as required by EPA procedures. We determined that $5,493.97 (5 percent) of the $119,618.66 purchase card and convenience check expenses we reviewed were unallowable. These issues occurred for three reasons. First, cardholders and approving officials lacked knowledge of relevant purchase card policies. Second, cardholders and approving officials underutilized CitiManager's capabilities to document and monitor purchases because they did not believe that the system was user-friendly or that they received adequate training. Third, the purchase card team did not use CitiManager's full capabilities to adequately monitor purchases. As a result, the Agency continues to be at risk of making improper or erroneous purchases, which may result in the misuse or waste of taxpayer funds. Recommendations and Planned Agency Corrective Actions We recommend that the assistant administrator for Mission Support train cardholders and approving officials on purchase card and convenience check requirements; provide training on the use of CitiManager; require that staff use CitiManagerto maintain approvals and documentation; and require the purchase card team to use CitiManager's oversight capabilities. The EPA agreed with our four recommendations and provided acceptable corrective actions or alternative corrective action plans. All recommendations are resolved with corrective actions pending. ------- UNITED STATES ENVIRONMENTAL PROTECTION AGENCY WASHINGTON, D.C. 20460 THE INSPECTOR GENERAL September 22, 2021 MEMORANDUM SUBJECT: EPA Needs to Strengthen Its Purchase Card Program Approval Process Report No. 21-P-0242 FROM: Sean W. O'Donnell TO: Lynnann Hitchens, Acting Principal Deputy Assistant Administrator Office of Mission Support This is our report on the subject audit conducted by the Office of Inspector General of the U.S. Environmental Protection Agency. The project number for this audit was QA&E-FY20-0178. This report contains findings that describe the problems the OIG has identified and the corrective action the OIG recommends. Final determinations on matters in this report will be made by EPA managers in accordance with established audit resolution procedures. The Office of Mission Support is responsible for implementing the recommendations resulting from this audit. The Office of Acquisition Solutions, within the Office of Mission Support, manages the planning, awarding, and administering of contracts and procurement policy for the Agency. In accordance with EPA Manual 2750, your office provided acceptable planned corrective actions and estimated milestone dates in response to the OIG recommendations. All recommendations are resolved, and no further response to this report is required. If you submit a response, however, it will be posted on the OIG's website, along with our memorandum commenting on your response. Your response should be provided as an Adobe PDF file that complies with the accessibility requirements of Section 508 of the Rehabilitation Act of 1973, as amended. The final response should not contain data that you do not want to be released to the public; if your response contains such data, you should identify the data for redaction or removal along with corresponding justification. We will post this report to our website at www.epa.gov/OIG. ------- EPA Needs to Strengthen Its Purchase Card Program Approval Process 21-P-0242 Table of C Chapters 1 Introduction 1 Purpose 1 Background 1 Responsible Offices 3 Scope and Methodology 3 Prior Audits and Risk Assessments 5 2 EPA Needs to Improve Adherence to Its Purchase Card and Convenience Check Approval Policy and Procedures 6 EPA Policy Identifies Approval Procedures for Approving Officials and Purchase Cardholders 6 EPA Staff Did Not Adhere to Purchase Card Policy and Procedures 6 Purchase Card Team Also Identified Issues with Purchase Card and Convenience Check Use 10 Control Weaknesses Hindered Purchase Card Policy Compliance 10 Insufficient Program Controls Increase Risk 12 Recommendations 12 Agency Response and OIG Assessment 13 Status of Recommendations 14 Appendixes A Key Definitions 15 B Results for Each Transaction Tested 16 C Criteria Used to Develop Compliance Tests 17 D Agency Response to Draft Report 20 E Distribution 23 ------- Chapter 1 Introduction Purpose The Office of Inspector General of the U.S. Environmental Protection Agency initiated this audit of the Agency's purchase card and convenience check program for fiscal year 2020 to determine whether the EPA's internal controls over its purchase card and convenience check program were adequate to prevent and detect illegal, improper, and erroneous purchases. Top Management Challenge Addressed This audit addresses the following top management challenge for the Agency, as identified in OIG Report No. 20-N-0231. EPA's FYs 2020-2021 Top Management Challenges, issued July 21, 2020: • Complying with key internal control requirements (data quality). Background Since the inception of its purchase card program in 1987, the Agency has used this payment method to streamline the acquisition process. Purchase cards offer a low-cost, efficient way to obtain goods and services directly from vendors with fully automated invoicing and payment processing. At the EPA, program offices, regions, laboratories, and field offices regularly use purchase cards for small purchases. The EPA obtains purchase card services through a task order under the U.S. General Services Administration's SmartPay master contract. This contract requires the contractor bank to offer internal control tools to help its customers identify unusual spending patterns and monitor transactions that may be instances of misuse, fraud, waste, or abuse. For the EPA's purchase cards, the contractor bank is Citibank, and the internal control tool offered by Citibank is CitiManager, which is designed to: • Prevent purchases beyond credit limits. • Provide online reports. • Block unallowable merchant category codes, or MCCs. • Deactivate and reactivate user accounts. • Provide training and clear guidance. The following laws, regulations, and polices govern the EPA's purchase card and convenience check program: • Government Charge Card Abuse Prevention Act of 2012. This Act requires that the inspector general of each executive agency conduct both periodic risk assessments of the agency's purchase card and convenience check program and periodic audits of the agency's purchase card and convenience check transactions. The purpose of these assessments and audits is to identify and analyze the risk of illegal, improper, or erroneous purchases and payments. The federal purchase card and convenience check program is implemented by each federal agency with the involvement of the General Services Administration and the Office of Management and Budget. 21-P-0242 1 ------- • Office of Management and Budget's Circular A-123, Managements Responsibility for Internal Control. This publication provides purchase card and convenience check guidance that the General Services Administration and other federal agencies must follow. Specifically, Chapter 2, "Internal Controls/' of Appendix B, "Risk Management Framework for Government Charge Card Programs/' provides a framework that identifies the responsibilities of purchase card managers in developing and implementing risk-management controls, policies, and practices that mitigate the potential for purchase card and convenience check misuse. • Federal Acquisition Regulation 13.301(b). This regulation requires agencies to establish procedures for the use and control of purchase cards. • EPA Acquisition Guide. The EPAAG sets many different acquisition policies, one of which is related to simplified acquisitions, including the EPA's purchase card and convenience checks. • EPA Agency-Wide Purchase Card Standard Operating Procedures: CitiManager Purchase Card Automation Process. This document establishes policies and procedures for the proper use of purchase cards and convenience checks. EPA's Purchase Card and Convenience Check Approval Process The EPA's purchase card program allows employees to make purchases at or below the micropurchase threshold—which generally is $10,000—for government use. A convenience check is an optional tool available under the EPA's purchase card program for use when vendors do not accept the purchase card and the product or service is not available from another vendor. The single purchase limit for convenience checks is $2,500. Use of a purchase card expedites the acquisition process, streamlines payment, and reduces the administrative costs associated with traditional paper-based purchase orders. Numerous approval requirements and checkpoints exist to help verify that EPA personnel properly use purchase cards and convenience checks. All purchases made by purchase card or convenience check require prior approval from the proper officials, including a first-line supervisor, an approving official, and a funds control officer. The approving official for a purchase is based upon the purchase being made. For example, the following purchases would require prior approval from the specified approving official: • Information technology items require approval from the information management officer. • Conference facilities require approval from the facilities manager. • Items relating to health and safety require approval from the safety, health, and environmental manager. • Training, regardless of cost or location, requires approval from the training officer. • Protective services and equipment require approval from the security manager. • Paid advertisements for personnel recruitment require approval from the human resources official. After a purchase is made, but before the EPA issues payment, the cardholder must validate that the goods or services have been received; this process is known as third-party verification. The EPA's Cincinnati Finance Center notifies the cardholder and approving official by email that a transaction is awaiting payment, and the cardholder is to validate the transaction within ten days of receiving this notification. The EPA will then pay the transaction via a process referred to as cost allocation, which includes allocating charges to appropriate budget and program funds. 21-P-0242 2 ------- The EPA's purchase card team assists the cardholder and the approving official throughout the transaction process. The purchase card team also conducts audits of purchase card and convenience check transactions. EPA's Purchase Card and Convenience Check Spending During fiscal year 2020, the EPA spent $25.8 million on purchase card and convenience check purchases. The purchases were generally for such items as training, laboratory expenses, and office supplies. Responsible Offices The EPA's purchase card team in the Office of Acquisition Solutions, within the Office of Mission Support, implements and manages the Agency's purchase card and convenience check program. However, the Office of Acquisition Solutions does not supervise the staff responsible for purchase card or convenience check transactions. Each program office assigns a director or manager to oversee the purchase cardholder. The Office of Acquisition Solutions is also responsible for planning, awarding, and administering contracts for the Agency, including: • Issuing and interpreting acquisition regulations. • Administering training for contracting and program acquisition personnel. • Providing advice and oversight to regional procurement offices. • Providing information technology improvements for acquisition. Scope and Methodology We conducted this performance audit from May 2020 through July 2021 in accordance with generally accepted government auditing standards issued by the comptroller general of the United States. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective. We conducted our audit work within the Office of Acquisition Solutions. To answer our objective, we reviewed relevant criteria and the EPA's internal policies and procedures for purchase cards and convenience checks. We interviewed staff and managers in the Office of Acquisition Solutions to gain an understanding of the Agency's purchase card and convenience check program, the relevant internal controls, and new program information since the OIG's 2019 risk assessment of the program. We also interviewed purchase cardholders and approving officials to gain an understanding of the purchase card and convenience check transactions that do not comply with EPA policy and procedures. From the 9,616 purchase card and convenience check transactions made in the second quarter of fiscal year 2020, which totaled $6,828,928.27, we selected 25 (approximately 2 percent) to review. Table 1 lists these 25 transactions, which totaled $119,618.66. We selected transactions from purchase categories that were identified as having noncompliant transactions in prior OIG audits. 21-P-0242 3 ------- Table 1: Transactions selected for review Transaction Transaction date Merchant or vendor* Amount 1 3/11/20 Market to Market $450.00 2 1/9/20 Personalization Mall 346.63 3 3/25/20 In Storage Engine Inc. **62,721.36 4 2/6/20 Vivid Learning System 3,499.00 5 2/12/20 Gettysburg Museum 400.00 6 3/4//20 PayPal 5,000.00 7 3/6/20 PayPal 4,500.00 8 2/12/20 Office Depot 4,818.09 9 3/11/20 Thermo Fisher Scientific 2,568.64 10 3/11/20 Thermo Fisher Scientific 685.20 11 1/24/20 University of Maryland 4,390.00 12 1/13/20 Champion Awards 1,510.00 13 1/22/20 The Gym Doctors 438.63 14 1/10/20 UPS 136.16 15 1/14/20 Amazon 971.94 16 2/11/20 IT Financial Management Assoc. 5,210.00 17 1/7/20 Dive Right in Scuba Inc. 5,441.08 18 2/15/20 Apple 1,249.00 19 3/26/20 Staples 653.97 20 3/12/20 Deco Construction 644.00 21 3/18/20 ACS Advertising Sales 925.00 22 1/30/20 Leco Corporations 6,635.91 23 3/3/20 Walmart Supercenter 52.70 24 1/22/20 Colorado School 3,330.50 25 3/25/20 HpiFederal LLC 3,040.85 Total $119,618.66 Source: OIG selection of purchase card and convenience check transactions made in the second quarter of fiscal year 2020. (EPA OIG table) • Green shade denotes a convenience check transaction; all others are purchase card transactions. ** The purchase card limit for acquisition professional contracting officers is up to $250,000. We developed and documented 30 compliance tests for these 25 transactions. Specifically, we tested for adequate controls to determine the: • Risk of illegal, improper, or erroneous use of purchase cards and convenience checks. • Compliance of these 25 transactions with the EPAAG and the EPA Agency-Wide Purchase Card Standard Operating Procedures. However, because we selected the transactions to review, our results cannot be projected to the audit universe of untested transactions. We assessed the internal controls necessary to satisfy our audit objectives pursuant to the U.S. Government Accountability Office's Standards for Internal Control in the Federal Government, known as the Green Book.1 Any internal control deficiencies we found are discussed in this report. Because our audit was limited to the internal control components and underlying principles deemed 1 As set forth in the Green Book, an entity designs, implements, and operates internal controls to achieve its objectives related to operations, reporting, and compliance. 21-P-0242 4 ------- significant to our audit objectives, our audit may not have disclosed all internal control deficiencies that existed at the time of the audit. We reviewed regulations, Office of Management and Budget guidance, and EPA policies and procedures that pertain to purchases, purchase cards, and convenience checks to determine the specific control activity requirements needed to ensure proper, efficient, and effective management of the purchase card and convenience check program. Prior Audits and Risk Assessments From 2012 through 2019, the EPA OIG completed three risk assessments and two audits that focused on purchase card and convenience check administration and management. The two audits identified findings and resulted in recommendations that the EPA has said it implemented. Below are summaries of our most recent work: • Our 2018 audit, as detailed in OIG Report No. 18-P-0232, EPA's Purchase Card and Convenience Check Program Controls Are Not Effective for Preventing Improper Purchases, issued August 20, 2018, concluded that the cardholders, approving officials, purchase card team, and EPA program officers were not providing the oversight needed to achieve compliance with internal controls. In addition, the EPA's transition to the SmartPay purchase card contract adversely affected the Agency's internal controls. We offered 11 recommendations for improvement, which the Agency reported that it completed by May 2019. • Our 2019 risk assessment, as detailed in OIG Report No. 20-P-0006, EPA's Purchase Card and Convenience Check Program Merits an Audit in Fiscal Year 2020, issued October 18, 2019, followed up on the EPA's corrective actions in response to our 2018 audit. We determined that CitiManager transition issues adversely affected some of the internal controls implemented by the EPA in response to our 2018 audit. Specifically: o Supporting documentation that the EPA uses to verify that transactions comply with federal and Agency acquisition requirements was not uploaded to CitiManager until late April 2019. o Training on bank-generated reports that the EPA could use for oversight purposes, such as delinquency, fraud analytics, and transaction reports, was not provided until June 2019. Consequently, although our risk assessment did not result in any recommendations, we determined that we should conduct an audit of the EPA's purchase card and convenience check program in 2020. The Agency also conducts its own risk assessments of its programs. In a 2018 risk assessment of its purchase card and convenience check program, which was required by the Improper Payments Elimination and Recovery Act of 2010, the Agency determined that there was low risk of improper payments in purchase card and convenience check transactions because every cardholder is assigned an approving official, who must review all transactions made by the cardholders or check writers under his or her purview. As we note above, however, both of the purchase card audits that the OIG completed from 2012 through 2019 resulted in recommendations for improvement. 21-P-0242 5 ------- Chapter 2 EPA Needs to Improve Adherence to Its Purchase Card and Convenience Check Approval Policy and Procedures We found that EPA staff did not adhere to all policies and procedures related to purchase card approvals. Cardholders made and approving officials approved improper purchases, and the purchase card team did not prevent unallowable and untimely purchases. Of the 25 transactions we analyzed for this audit, only two (8 percent) fully complied with the EPAAG and the EPA Agency-Wide Purchase Card Standard Operating Procedures. These instances of noncompliance occurred because cardholders and approving officials lacked knowledge about relevant purchase card policies and underutilized CitiManager's capabilities to document and monitor purchases. The purchase card team also did not use CitiManager to adequately monitor purchases. As a result, the Agency continues to be at risk of making illegal, improper, or erroneous purchases, which may result in the misuse or waste of taxpayer funds. EPA Policy Identifies Approval Procedures for Approving Officials and Purchase Cardholders EPAAG Subsection 13.3.1, "Using the Government-wide Commercial Purchase Card," establishes policy for using purchase cards at the EPA. The guidelines detail requirements for approvals, special approvals, closer scrutiny, mandatory sources, and strategic sourcing. The EPAAG states that oversight of the EPA's purchase card program is accomplished on two levels: individual and organizational. Oversight of individual transactions is meant to ensure that cardholders use purchase cards appropriately and only acquire authorized items. The EPAAG also states that the approving official is responsible for determining whether transactions are reasonable and necessary. In terms of organizational oversight, the approving officials preapprove all purchase card transactions and annually certify that, as the approving officials, they performed all approving responsibilities in accordance with the applicable EPA policies. The EPA Agency-Wide Purchase Card Standard Operating Procedures outlines the procedures that cardholders and approving officials should adhere to when using the purchase card and documenting transactions within CitiManager. These procedures state that a cardholder must submit supporting data for approval before making purchases with blocked MCCs. EPA Staff Did Not Adhere to Purchase Card Policy and Procedures The EPA made several improvements to its purchase card program to detect illegal, improper, and erroneous payments since our 2018 audit and our 2019 risk assessment. For example, the EPA reduced the percentage of transactions for which cardholders did not obtain the required prior approvals or verify funding availability. Despite these improvements, we found that cardholders and approving officials did not adhere to the EPAAG and the EPA Agency-Wide Purchase Card Standard Operating Procedures. We tested 25 transactions against 30 requirements from the EPAAG, EPA Agency-Wide Purchase Card Standard Operating Procedures, and EPA E-Blasts. Only two (8 percent) were in full compliance with these requirements. Conversely, there were 23 transactions (92 percent) with at least one instance of noncompliance. These 23 noncompliant transactions totaled $56,761.14. Appendix B 21-P-0242 6 ------- details the test results for each of the 25 transactions we reviewed. Appendix C provides more details on the criteria we used to test for compliance. Table 2 summarizes the instances of noncompliance we identified across the 25 transactions we reviewed. The table includes only those 14 requirements tested with at least one instance of noncompliance; the transactions were fully compliant with the other 16 requirements we tested. We found that the transactions with the greatest noncompliance did not have the required documentation, complete justifications, or timely cost allocations for purchases. In addition, the purchase card team did not use CitiManager to block unallowable purchases. Finally, although all purchases were approved, approving officials did not approve all purchases in a timely manner. While most of the 23 noncompliant transactions would have been valid had the EPA's policies and procedures been properly followed, we determined that $5,493.97 of the $56,761.14 purchase card and convenience check expenses we reviewed would have been unallowable regardless. Table 2: Noncompliance with policies and procedures by transactions reviewed Criteria tested Number of Test Source Description of noncompliance identified transactions A EPAAG § 13.3.1.16(d)(1) Purchase not approved by approving official by 23rd of the month 6 B EPAAG § 13.3.1.14(k)(3) EPA Agency-Wide Purchase Card Standard Operating Procedures, Step 3(B) Supporting documents not uploaded to or maintained in appropriate systems 17 C EPAAG § 13.3.1.9(f) Justification not provided for using commercial sources 8 D EPAAG § 13.3.1.14Q)(1) Independent verification not provided confirming that goods or services were received 4 E EPA Agency-Wide Purchase Card Standard Operating Procedures, Step 3(B) Transaction not reviewed and validated by cardholder within ten days of being posted 8 F EPAAG § 13.3.1.12 Special purchases made without required prior approval 4 G EPA Agency-Wide Purchase Card Standard Operating Procedures, page 8, 1st and 2nd bullet System internal controls failed to block transactions with unallowable MCCs and transactions that exceeded convenience check limits 12 H EPAAG § 13.3.1.9(c)(1) Third-party payment processing procedures not followed 2 I EPAAG § 13.3.1.15(a) Funds availability not verified before purchase was made 3 J EPAAG § 13.3.1.14(f) Sales taxes paid without justification 1 K EPAAG § 13.3.1.9(d) Prohibited transaction 1 L EPAAG § 13.3.1.9(e) Restricted transaction 1 M EPAAG § 13.3.1.13 Lack of closer scrutiny 4 N EPAAG § 13.3.1.14(b)(1) Split purchase made 3 Source: OIG analysis of transactions we reviewed. (EPA OIG table) Approving Officials Did Not Approve Purchases in Timely Manner As shown in Row A of Table 2, six of the 25 transactions we reviewed had either missing or inadequate evidence of timely approvals in the electronic purchase file. These six transactions totaled $3,453.61. EPAAG Subsection 13.3.1.16(d)(1) states that approving officials shall review and approve cardholder transactions no later than the 23rd of each month, which is the end of the billing cycle. Approving 21-P-0242 7 ------- officials told us that no reminder to approve the transactions is sent and that they sometimes miss the due date. Cardholders Did Not Maintain Required Documentation As shown in Row B of Table 2, supporting documentation for 17 of the 25 transactions we reviewed was not maintained in Agency systems or in CitiManager, as provided in EPAAG Subsection 13.3.1.14(k)(3) and EPA Agency-Wide Purchase Card Standard Operating Procedures, Step 3B, as well as in EPA E-Blast policy updates dated November 26, 2019; August 1, 2019; and March 4, 2020. These 17 transactions totaled $45,923.60. In interviews with us, cardholders and approving officials described various reasons for not using approved Agency systems or CitiManager for this task. They said that CitiManager is difficult to use and navigate; that it is easier to maintain records outside the approved systems, either electronically on their computers or in hard copy form; and that management gives them the option to store files in various ways. Cardholders and Approving Officials Did Not Verify that Transactions Were Appropriate and Timely As shown in Row C of Table 2, for eight of the 25 transactions we reviewed, the cardholder did not justify the use of commercial vendors, as required by EPAAG Subsection 13.3.1.9(f), "Priorities for Use of Mandatory Sources." These eight transactions totaled $15,538.25. If cardholders do not provide a justification when using commercial sources, the Agency cannot determine whether valid purchases were made. For example, for one transaction we reviewed, the cardholder's supervisor instructed the cardholder to quickly purchase a printer, ink, and copy paper for a senior EPA official who was on extended telework because of the coronavirus pandemic—that is, the SARS-CoV-2 virus and resultant COVID-19 disease. The cardholder purchased the printer from a commercial vendor and had it delivered to the official's home. Contrary to the EPAAG, however, the cardholder did not provide justification for the purchase from a commercial vendor. In addition, the cardholder did not first confirm that there was no printer availability in: • Agency inventory or excess inventory from other agencies. • Inventory from Federal Prison Industries Inc. • Inventory from the procurement list maintained by the Committee for Purchase from People Who Are Blind or Severely Disabled. • Wholesale supply sources, including the General Services Administration. • Federal supply schedules, including EPA blanket purchase agreements and EPA strategic sourcing initiatives. As shown in Row M of Table 2, there was no evidence that the cardholder and approving official conducted a closer scrutiny of four of the 25 transactions we reviewed to ensure that the transactions were necessary and appropriate uses of funds, as required by EPAAG Subsection 13.3.1.13. These four transactions totaled $11,460.00. For example, in one transaction we reviewed, a cardholder and approving official ordered $450 of catered food for an EPA-sponsored program. The cardholder and approving official considered the catered food to be light refreshments and, therefore, allowable. EPA Order 1900.3, "Food at an EPA Conference, Workshop, Ceremony, Reception or Observance," defines light refreshments as "coffee, tea, milk, juice ... pretzels, cookies, chips, or muffins;" however, the approved transaction included food—such as chicken wings, chicken satay, and California rolls—and portion sizes that were more typical of a full meal. 21-P-0242 8 ------- As shown in Row F of Table 2, the cardholder did not obtain advance approval before placing the order for four of the 25 transactions we reviewed, as required by EPAAG Subsection 13.3.1.12. These four transactions totaled $10,668.52 and included paid personnel recruiting services, which should have been approved by the human resource official, and special equipment services, which should have been approved by either the chief information officer or the safety, health, and environmental manager, as applicable. As shown in Row H of Table 2, two of the 25 transactions we reviewed used a third-party payment processor, but no justification was provided in the electronic purchase files, as required by EPAAG Subsection 13.3.1.9(c)(1). These two transactions totaled $9,500.00. The General Services Administration considers online transactions made using third-party payment processors, such as PayPal, to be high-risk transactions because they are not direct buyer-seller relationships. Involving a third-party payment processor creates more opportunities for purchase errors. According to the cardholder for both transactions, a third-party payment processor was used because it was the only option to deliver payment to the vendor in a timely manner. However, a direct payment to the vendor is timelier than a payment to a third-party payment processor. Also, these two transactions were split transactions of $4,500 and $5,000, made two days apart for the same service because of the cardholder's erroneous belief that the single-purchase limit was $5,000. EPAAG Subsection 13.3.1.14(b)(1) prohibits splitting purchases into multiple transactions to circumvent the single-purchase limit of $10,000. This instance of noncompliance is included in Row N of Table 2. For another three transactions, as shown in Row I of Table 2, the cardholders did not verify the availability of funds by obtaining approval from the funds control officer prior to making the purchases, per EPAAG Subsection 13.3.1.15(a). These three transactions totaled $1,156.67. When cardholders obligate funds without prior approval and do not use proper channels to request purchases, the Agency is at risk of obligating funds in excess of amounts available to the Agency. When we asked the approving official responsible for these transactions why those items were purchased and approved without obtaining approval from the funds control officer, the approving official replied that the funds control officer was out of the office on the day of the purchase. Purchase Card Team Did Not Block Unallowable Purchases As shown in Row G of Table 2, 12 of the 25 transactions we reviewed used MCCs that are not allowed per EPA Agency-Wide Purchase Card Standard Operating Procedures. These 12 transactions totaled $29,743.49. In addition, CitiManager did not flag the MCCs as unallowable, and the purchase card team did not specifically monitor for unallowable MCCs. When we asked the cardholders who made these 12 purchases why they used unallowed merchants, they stated that they were not aware that these merchants fell under the blocked MCCs. The only one of the 25 transactions we reviewed that was paid by convenience check was for a training facilitator in the amount of $3,330.50, which is over the convenience check limit of $2,500 specified in EPAAG Subsection 13.3.1.14(j)(l). The cardholder told us that a convenience check was used instead of a purchase card because of a firewall that prevented the original purchase. The approving official approved the convenience check without questioning the amount, and CitiManager did not block the payment, even though it was over the allowable convenience check limit. In addition, the purchase cardholder did not verify receipt of goods and services. The cardholder's privileges were suspended but were reinstated after the cardholder took supplemental training. This instance of noncompliance is included in Row D of Table 2. 21-P-0242 9 ------- Purchase Card Team Also Identified Issues with Purchase Card and Convenience Check Use During our interviews with the purchase card team, we learned that the team conducts a 5-percent monthly review of purchase card transactions, routinely provides E-Blast notifications to the purchase card community, and uses various reports to monitor compliance with purchase card requirements. These monthly reviews have identified the same issues that we observed during our audit, such as cardholders not: • Providing supporting documentation. • Storing documents electronically. • Receiving third-party verifications. • Obtaining preapprovals. • Processing payments in a timely manner. • Providing justifications for using nonmandatory sources. Control Weaknesses Hindered Purchase Card Policy Compliance We identified three control weaknesses that contributed to the instances of noncompliance described in the previous section: • Cardholders and approving officials lacked knowledge of relevant purchase card policies and specific requirements regarding closer scrutiny of certain purchases, restricted transactions, required resources, and prohibited transactions. • Cardholders and approving officials underutilized CitiManager's capabilities to document and monitor purchases because they did not believe that the system is user-friendly or that they received adequate training. • The purchase card team did not use CitiManager's full capabilities to adequately monitor purchases to prevent unallowable transactions. Cardholders and Approving Officials Lacked Knowledge of Requirements Based on our interviews with cardholders and approving officials, we found that many of the noncompliant purchases we identified were due to the infrequency of purchases and a lack of familiarity with purchase card and convenience check requirements. One approving official said that a cardholder may conduct infrequent transactions and cannot remember all the purchase requirements. Another approving official felt that the training received was not adequate to allow a full understanding of the acquisition professional's authority to make purchases above the single-transaction limits. Cardholders and approving officials also stated that there was insufficient time allotted to follow proper purchasing channels because they needed to purchase items quickly. One cardholder purchased engraved plaques using a commercial vendor because the plaques needed to be purchased quickly for an upcoming award ceremony. Another cardholder used a commercial vendor when buying a printer because upper management needed the printer immediately to work from home. In both of these instances, the cardholders did not evaluate the purchase request to ensure that the resulting 21-P-0242 10 ------- transaction would comply with federal and Agency acquisition rules. Neither complied with EPAAG requirements to use mandatory sources or provide justifications for using commercial vendors. In some instances, supervisors instructed cardholders to make purchases, which the cardholders made and the approving officials approved, without raising questions. One cardholder purchased items from a commercial vendor at the instruction of a direct-line supervisor; this purchase was also approved by the approving official, contrary to EPAAG requirements that approving officials review and potentially disapprove the cardholder's decision. There appears to be few, if any, implemented consequences for cardholders and approving officials who make erroneous purchases. One approving official explained that purchase card performance is not part of annual performance reviews. However, the EPAAG states that cardholders and approving officials may be personally liable for unapproved or improper purchases. Cardholders and Approving Officials Underutilized CitiManager's Capabilities We noted that cardholders and approving officials do not consistently or effectively use CitiManager. For example, management in the Office of Mission Support and the Office of the Chief Financial Officer does not require that purchase approvals be maintained in CitiManager. As a result, records are not stored in a central location for Agency use. In addition, cardholders and approving officials do not access CitiManager's built-in purchase card monitoring tools to assist with document approvals or to notify cardholders and approving officials of purchases needing prompt payment. Most cardholders and approving officials also do not use CitiManager to maintain purchase card records and approvals or to run system reports. Only one of the 23 cardholders and the associated approving officials for the transactions we reviewed performed purchase card reviews in CitiManager. Most of the cardholders and approving officials we interviewed found CitiManager difficult to use to adequately monitor transactions, process transactions, and maintain records. These are examples of what some of the cardholders and approving officials said: • They attempted to obtain assistance by email or phone from CitiManager's help desk, but Citibank did not adequately resolve problems. As a result, cardholders and approving officials found other methods to maintain records, and records are not transparently available for approving officials and the purchase card team to review. • The records they enter into CitiManager sometimes disappeared and could not be retrieved. As a result, they did not trust the system. • They did not receive adequate training from the EPA's purchase card team, the General Services Administration, or Citibank to effectively use CitiManager. Purchase Card Team Did Not Use CitiManager's Full Capabilities The purchase card team is responsible for monitoring the implementation, quality, and consistency of the internal controls for the EPA's purchase card and convenience check program. However, the purchase card team did not use CitiManager's full capabilities to implement the available internal controls. 21-P-0242 11 ------- We determined that CitiManager provides monitoring controls and can run various management reports to increase oversight. For example, CitiManager can run reports to identify required approvals, unallowable MCCs, potential split purchases, purchases requiring closer scrutiny, and transaction overrides. The purchase card team was not aware or did not take advantage of these capabilities. For example, when we looked at the 9,616 purchases made in the second quarter of 2020, we found that half of those purchases used unallowable MCCs, despite CitiManager's ability to identify and block purchases made with unallowable MCCs. Although the purchase card team reviews 5 percent of transactions on a monthly basis and found errors similar to those identified in this report, the purchase card team did not take sufficient action to improve or implement internal controls over the purchase card and convenience check program to prevent further errors. Insufficient Program Controls Increase Risk The Government Charge Card Abuse Prevention Act of 2012 requires agencies that use purchase cards and convenience checks to establish internal controls to identify improper purchases. Insufficient implementation of key program controls, such as system monitoring and enforcement of employee adherence to Agency laws, regulations, and policies, may increase the risk of illegal, improper, and erroneous purchases. When control weaknesses, such as the ones found in this audit, are identified, the Agency needs to improve program control implementation to reduce risk and to demonstrate better stewardship and management of the approximately $25 million in taxpayer dollars that the EPA spends annually on purchase card and convenience check transactions. Recommendations We recommend that the assistant administrator for Mission Support: 1. Require annual training for all cardholders and approving officials on targeted purchase card and convenience check requirements, based on findings in audits and reviews, including those regarding closer scrutiny, restricted transactions, required resources, and prohibited transactions. 2. Provide CitiManager training and support to cardholders, approving officials, and the purchase card team that will establish the expectation that they use and enable them to effectively use CitiManager for the documentation, justification, and approval of purchases. 3. Require cardholders and approving officials who have completed the training in Recommendation 2 to maintain approvals and purchase documentation in CitiManager. Update all relevant policies and procedures to reflect this requirement. 4. Require the purchase card team to identify and use CitiManager management reports that will help provide oversight of the program. Update all relevant policies and procedures to reflect this requirement. 21-P-0242 12 ------- Agency Response and OIG Assessment The Agency agreed with Recommendations 1 and 4. For Recommendation 1, we recommended that all cardholders attend training. The EPA responded that it will provide targeted training. As long as this targeted training is provided to all cardholders, we agree that the corrective action should be acceptable. For Recommendation 4, we recommended that the purchase card team identify and use CitiManager management reports that will help provide oversight of the program. The EPA responded that it will enhance its knowledge of and expertise in CitiManager reporting capabilities. Provided that this knowledge enhancement includes using CitiManager reports to help provide oversight, we agree that the corrective action should be acceptable. We will further assess both corrective actions after their expected completion date of January 31, 2022. For Recommendation 2, the Agency proposed an alternative approach, stating that it would use the Purchase Card Order Request System, or PCORS, instead of Citibank, to document, justify, and approve purchase card transactions. The Agency plans to complete this corrective action by June 30, 2022, and will provide us with updates on system deployment. The Agency's alternative approach meets the intent of our recommendation to provide training and support to the staff to effectively use the purchase card system. The OIG will review the updates in the next year for improvements. For Recommendation 3, in alignment with the Agency's alternative approach for Recommendation 2 to use PCORS instead of Citibank to process purchase card transactions, the Agency will require cardholders and approving officials to also maintain approvals and purchase documentation in PCORS . The Agency's alternative approach meets the intent of our recommendation to maintain approvals and documentation. The Agency plans to complete the corrective action by June 30, 2022. Therefore, we consider the four recommendations resolved with corrective actions pending. The Agency's full response is in Appendix D. 21-P-0242 13 ------- Status of Recommendations RECOMMENDATIONS Potential Planned Monetary Rec. Page Completion Benefits No. No. Subject Status1 Action Official Date (In $000s) 1 12 Require annual training for all cardholders and approving officials R Assistant Administrator for 1/31/22 $5 on targeted purchase card and convenience check requirements, Mission Support based on findings in audits and reviews, including those regarding closer scrutiny, restricted transactions, required resources, and prohibited transactions. 2 12 Provide CitiManager training and support to cardholders, R Assistant Administrator for 6/30/22 approving officials, and the purchase card team that will Mission Support establish the expectation that they use and enable them to effectively use CitiManager for the documentation, justification, and approval of purchases. 3 12 Require cardholders and approving officials who have completed R Assistant Administrator for 6/30/22 the training in Recommendation 2 to maintain approvals and Mission Support purchase documentation in CitiManager. Update all relevant policies and procedures to reflect this requirement. 4 12 Require the purchase card team to identify and use CitiManager R Assistant Administrator for 1/31/22 management reports that will help provide oversight of the Mission Support program. Update all relevant policies and procedures to reflect this requirement. 1 C = Corrective action completed. R = Recommendation resolved with corrective action pending. U = Recommendation unresolved with resolution efforts in progress. 21-P-0242 14 ------- Appendix A Key Definitions CitiManager: An online tool offered by Citibank that provides a processing interface for purchase cardholders and approving officials, with user-managed customization and preferences. Convenience Check: A payment tool intended only for authorized purposes where purchase cards are not accepted, such as to pay merchants that do not accept purchase cards. Convenience checks have a $2,500 single-transaction limit. Purchase Card: A government charge card that provides a streamlined purchasing process, eliminates the use of purchase orders in many cases, and reduces administrative costs. For EPA program office cardholders, the standard single-transaction limit is $10,000. Acquisition professional contracting officers may use the purchase card to place orders or make payments up to the simplified acquisition threshold of $250,000. Third-Party Verification: The validation that goods or services have been received after a purchase is made but before the EPA issues payment. 21-P-0242 15 ------- Appendix B Results for Each Transaction Tested The transactions identified below align with those listed in Table 1 of this report. The criteria tested align with those identified in Table 2 of this report. The rows highlighted in green indicate fully compliant transactions. The row highlighted in orange identifies a convenience check transaction; all other transactions were made with purchase cards. Value of Criteria tested Instances of transaction A B c D E F G H I J K L M N noncompliance 1 $450.00 X X X X X 5 2 346.63 X X 2 3 62,721.36 0 4 3,499.00 X X 2 5 400.00 X X X 3 6 5,000.00 X X X X 4 7 4,500.00 X X X X 4 8 4,818.09 X X X X X 5 9 2,568.64 X X X 3 10 685.20 X X X 3 11 4,390.00 X X 2 12 1,510.00 X X 2 13 436.63 X 1 14 136.16 0 15 971.94 X X X X 4 16 5,210.00 X X X 3 17 5,441.08 X X X X 4 18 1,249.00 X 1 19 653.97 X X X X X X X 7 20 644.00 X 1 21 925.00 X X X X X 5 22 6,635.91 X X 2 23 52.70 X X X X X X 6 24 3,330.50 X X X 3 25 $3,040.85 X X 2 Instances of noncompliance 6 17 8 4 8 4 12 2 3 1 1 1 4 3 74 Source: OIG analysis of transactions we reviewed. (EPA OIG table) 21-P-0242 16 ------- Appendix C Criteria Used to Develop Compliance Tests The 14 compliance tests identified in Table 2 are based on the EPA Agency-Wide Purchase Card Standard Operating Procedures: CitiManager Purchase Card Automation Process and EPAAG Section 13.3.1, "Using the Government-wide Commercial Purchase Card/' which establish policy and procedures for using government purchase cards at the EPA. The EPAAG details requirements for approvals, special approvals, closer scrutiny, mandatory sources, and strategic sourcing. Specific EPAAG subsections used for this audit are listed below; note that titles of subsections are included only where appropriate: • EPAAG Subsection 13.3.1.6(e)(2)(iv). Validating all purchase cardholder transactions by reviewing and approving the purchase cardholder's transactions pursuant to the requirements specified in the Agency purchase card standard operating procedure and Subsection 13.3.1.13(k) no later than the 23rd of each month, which is the end of each monthly billing cycle. • EPAAG Subsection 13.3.1.9(c)(1). To best protect the interests of the Agency, third-party payment processors or mechanisms may only be used when no other vendor can supply the product or service or meet the delivery, quantity, or quality requirements and the vendor will accept payment only through the third-party payment processor or mechanism. • EPAAG Subsection 13.3.1.9(d), "Prohibited Transactions." All Agency purchase cardholders are prohibited from using the purchase card for the following: (a) Any order that is not a necessary expense of appropriated funds for official government business. (b) Travel-related expenses, such as per diem, lodging, and transportation. (c) Gasoline, oil, or similar items for government-owned or -leased boats or vehicles. (Personnel should use the official EPA fleet management cards.) (d) Cash advances. (e) Long-term rental or lease of land and buildings. (f) Individual employee memberships in professional organizations, associations, and so on. (g) Gift cards and gift certificates, in any denomination. Any purchase cardholder or approving official that violates this prohibition shall have his or her purchase card or approving official account suspended or permanently revoked, based upon the decision of the Office of Acquisition Solutions director or the EPA's National Program Card Program Manager. (h) Printing or photocopying services, except for the initial publication of articles written by EPA employees printed in privately published journals, textbooks, and encyclopedias, which includes page charges, open-access fees, and reprints. 21-P-0242 17 ------- • EPAAG Subsection 13.3.1.9(e), "Restricted Transactions." The following transactions are prohibited for program office purchase cardholders; however, they may be ordered by acquisition professional purchase cardholders, consistent with applicable law and regulation: (a) Any order that requires a statement of work or specifications. (b) Any order in which Agency or federal acquisition regulations require, or it is advantageous to the government to include, contract clauses (for example, construction over $2,000 or a potential for conflicts of interest.) (c) Any order requiring the cardholder to accept a vendor's terms or sign a vendor's agreement or contract. (d) Construction, alteration, or repair of public buildings. (e) Expert services or consultants, as a statement of work is required. (f) Personal services because they create an employer/employee relationship in which the EPA supervises contractor employees. Such services must be authorized by statute. (g) Leasing of aircraft, boats, or motor vehicles, including buses and limousines. (h) Institutional memberships in associations. Also see EPA Order 1800.2, Participation in Professional Societies and Associations. (I) Communication services, such as connection and use of cellphones, internet, or email. (j) Any order requiring advance payment before receipt of the item, except subscriptions to publications for the auditory and visual use of the Agency, registration fees, and training. (k) Automatic recurring charges in which the vendor will continue to bill unless the purchase cardholder takes action to prevent the charges, such as monthly charges for a cable television. (I) Gym memberships. (m) Health and wellness memberships and employee welfare memberships. • EPAAG Subsection 13.3.1.9(f), "Priorities for Use of Mandatory Sources." Federal Acquisition Regulation, Part 8.002, "Priorities for Use of Mandatory Sources," lists priorities for use of mandatory sources. In addition, although not mandatory, the Agency has a required source for office supplies. Purchase cardholders shall satisfy requirements for supplies and services from or through mandatory government sources before using a commercial vendor. • EPAAG Subsection 13.3.1.12. Before placing an order, the cardholder shall obtain approval from the appropriate individual as identified, such as the information management officer; safety, health, and environmental manager; and human resource or printing officials. • EPAAG Subsection 13.3.1.13(a). Purchase cardholders and approving officials are advised to use caution when placing orders for clothing, entertainment, novelty items, nonmonetary awards, light 21-P-0242 18 ------- refreshments, conference support, gym memberships, health and wellness memberships, and employee welfare memberships. These purchases require closer scrutiny to ensure that they are necessary expenses for the appropriated funds being used. • EPAAG Subsection 13.3.1.14(b)(1), "Plan and Consolidate Your Requirements to Avoid Splitting Orders." Purchase cardholders shall not split requirements to circumvent single purchase limits or to avoid any required approvals. • EPAAG Subsection 13.3.1.14(f), "Tax Exempt Status." Purchase cardholders shall remind vendors that orders are for the U.S. government and are tax exempt. If a vendor insists on charging tax, the purchase cardholder should not place the order unless there is no alternative. • EPAAG Subsection 13.3.1.14(h)(1). Independent verification of receipt or third-party verification of equipment, property, supplies, or services shall be performed for all purchase card transactions. Independent verification of receipt or third-party verification may be performed by an Agency employee other than the purchase cardholder, approving official, or funds control officer of the transaction; contractors; or grantees. • EPAAG Subsection 13.3.1.14(j)(l). Convenience checks are limited to a maximum single-purchase amount of $2,500 for all account holders regardless of limits that may be established on the cardholder purchase card account. Convenience checks may be used only when a vendor does not accept the purchase card and the product or service is not available from another vendor. • EPAAG Subsection 13.3.1.14(k)(3). Other supporting documentation—such as receipts; order confirmations; vendor invoices, if provided; necessary expense justifications (see Subsection 13.3.1.12); or documentation of any problems, disputes, or unusual circumstances surrounding an order—shall be kept in the purchase card file and uploaded to CitiManager. • EPAAG Subsection 13.3.1.15(a), "Purchase Card Funding and the [Funds Control Officer] (FCO)." Before placing orders, the purchase cardholder must coordinate with the cardholder's funds control officer to ensure that funds are available. • EPAAG Subsection 13.3.1.15(c), "Cost Allocation (Payment)." Purchase cardholders are responsible for cost allocating their purchases. All purchase cardholders shall use the Agency's intranet cost- allocation system to cost allocate (pay) for their purchases. In accordance with the EPA Agency-Wide Purchase Card Standard Operating Procedures: CitiManager Purchase Card Automation Process, cardholders must submit all supporting documentation to the Management Support Branch for review and override to prevent MCCs considered high risk and nonapplicable for routine Agency transactions. The EPA Agency-Wide Purchase Card Standard Operating Procedures also outlines the responsibilities of the purchase cardholder and the approving official regarding the purchase card and convenience check program, including identifying purchases with blocked MCCs. We also reviewed E-Blasts, as well as updates on the use of the PCORS and the CitiManager System, dated November 26, 2019; August 1, 2019; and March 4, 2020. 21-P-0242 19 ------- Appendix D Agency Response to Draft Report UNITED STATES ENVIRONMENTAL PROTECTION AGENCY WASHINGTON, D C. 20460 August 30. 2021 OFFICE OF MISSION SUPPORT MEMORANDUM SUBJECT: FROM: TO: Thank you for the opportunity to respond to the subject audit report. The following summarizes the agency's overall position, along with our position on each of the report recommendations. We have provided high-level intended corrective actions for each recommendation with completion dates AGENCY'S OVERALL POSITION The Office of Mission Support, Office of Acquisition Solutions (OMS/OAS) concurs with Recommendations #1 and #4 as outlined in the Office of Inspector General's draft report. OMS/OAS does not fully agree with Recommendations #2 and #3 and has provided explanations with proposed alternative approaches with corrective actions to address both recommendations. QMS RESPONSE TO REPORT RECOMMENDATION Response to Draft Report entitled, "EPA Needs to Strengthen Its Purchase Card Approval Process," Project No. OA&E-FY20-0178 dated, August 5,2021 Witchonc Digitally signed by nilOl I CI lo, Hitchens, Lynnann Lynnann Hitchens, Acting Principal Deputy Assistant Administration nan n Kliadija Walker, Director Business Operations Audit Directorate Office of Inspector General 21-P-0242 20 ------- Agreements No. Recommendation High-Level Intended Corrective Actions Estimated Completion 1 Require annual training for all cardholders and approving officials on targeted purchase card and convenience check requirements, based on findings in audits and reviews, including those regarding closer scrutiny; restricted transactions; required resources; and prohibited transactions. OAS will conduct targeted training sessions that focus on corrective actions related to internal/external audit findings regarding restricted transactions, required resources, and prohibited transactions. Targeted cardholder training sessions will be conducted, at a minimum, on an annual basis. January 31, 2022 4 Require the purchase card team to identify and use CitiManager management reports that will help provide oversight of the program. Update all relevant policies and procedures to reflect this requirement. The OAS Purchase Card Team will enhance its knowledge and expertise in CitiManager reporting capabilities and make better use of those reporting capabilities in performing purchase card transaction management and oversight. OAS will update all relevant policies and procedures to reflect this requirement. January 31, 2022 Disagreements No. Recommendation Agency Explanation/Response Proposed Alternative 2 Provide CitiManager training and support to cardholders, approving officials, and the purchase card team that will establish the expectation that they use and enable them to effectively use CitiManager for the documentation, justification, approval, and cost allocation of purchases. The Agency has decided that the Purchase Card Order Request System (PCORS) will be the purchase card system that will be used to document, justify, and approve purchase card transactions. Due to system development issues, PCORS has not been fully deployed Agency-wide. Until deployment is complete, the Agency will use both PCORS and CitiManager. Agency cardholders and approvers are still in the process of being fully trained on how to maintain documentation, justifications, and approvals in both systems, and additional PCORS training sessions have been scheduled for 2021. Once PCORS deployment is complete, it will be the single system for this purpose for the Agency. Please note that cost allocation occurs in the Agency's financial system. Beginning in CY 2022, OAS will provide periodic status updates to the OIG regarding the full deployment of PCORS. Planned Completion Date: June 30, 2022 3 Require cardholders and approving officials who have completed the training in Recommendation 2 to maintain approvals and purchase In accordance with the Agency's decision as described under Recommendation #2, upon full deployment of PCORS, OMS/OAS will update all relevant policies and procedures to Beginning in CY 2022, OAS will provide periodic 21-P-0242 21 ------- No. Recommendation Agency Explanation/Response Proposed Alternative documentation in CitiManager. reflect the requirement to document, justify, status updates Update all relevant policies and and approve purchase card transactions in to the OIG procedures to reflect this this system. regarding the requirement. full deployment of PCORS. Planned Completion Date: June 31, 2022 If you have any questions regarding this response, please contact Mitch Hauser, Audit Follow-up Coordinator, of the Office of Resources and Business Operations, (202) 564-7636 or hauser.mitchell@epa.gov. Cc: Catherine Allen LaTanya Furdge Gabriel Porras-Sanchez Kimberly Patrick Pamela Legare Celia Vaughn Dan Coogan Jan Jablonski Marilyn Armstrong Mitchell Hauser Andrew LeBlanc Jose Kercado 21-P-0242 22 ------- Appendix E Distribution The Administrator Deputy Administrator Chief of Staff, Office of the Administrator Deputy Chief of Staff, Office of the Administrator Agency Follow-Up Official (the CFO) Assistant Administrator for Mission Support Agency Follow-Up Coordinator General Counsel Associate Administrator for Congressional and Intergovernmental Relations Associate Administrator for Public Affairs Principal Deputy Assistant Administrator for Mission Support Associate Deputy Assistant Administrator for Mission Support Deputy Assistant Administrator for Administration and Resources Management, Office of Mission Support Director, Office of Continuous Improvement, Office of the Chief Financial Officer Director, Office of Acquisition Solutions, Office of Mission Support Director, Office of Resources and Business Operations, Office of Mission Support Deputy Director, Office of Acquisition Solutions, Office of Mission Support Audit Follow-Up Coordinator, Office of the Administrator Audit Follow-Up Coordinator, Office of Mission Support Audit Liaison, Office of Acquisition Solutions, Office of Mission Support 21-P-0242 23 ------- |