CUSTOMER SERVICE ~ INTEGRITY ~ ACCOUNTABILITY
Operating efficiently and effectively
EPA Needs to Strengthen
Its Purchase Card Approval
Process
Report No. 21-P-0242
September 22, 2021
SmartPay3 United States of America
Supporting your msaon	lf misuse suspected, call (800) xxx-xxxx x ™ f

-------
Report Contributors: Catherine Allen
LaTanya Furdge
Gabriel Porras-Sanchez
Khadija Walker
Abbreviations:
EPA
U.S. Environmental Protection Agency
EPAAG
EPA Acquisition Guide
MCC
Merchant Category Code
OIG
Office of Inspector General
PCORS
Purchase Card Order Request System
Key Definitions:
Please see Appendix A for key definitions.
Cover Image:
Top: The EPA obtains purchase card services through the U.S. General
Services Administration. (General Services Administration image).
Bottom (left to right): Laboratory accessories, printers, and catering
services can all be purchased with a government purchase card.
(EPA, U.S. General Services Administration, and National Institute of
Health images).
Are you aware of fraud, waste, or abuse in an
EPA program?
EPA Inspector General Hotline
1200 Pennsylvania Avenue, NW (2431T)
Washington, D.C. 20460
(888) 546-8740
(202) 566-2599 (fax)
OIG Hotline@epa.gov
Learn more about our OIG Hotline.
EPA Office of Inspector General
1200 Pennsylvania Avenue, NW (2410T)
Washington, D.C. 20460
(202) 566-2391
www.epa.gov/oiq
Subscribe to our Email Updates
Follow us on Twitter @EPAoig
Send us your Project Suggestions

-------
Office of Inspector General
U.S. Environmental Protection Agency
At a Glance
21-P-0242
September 22, 2021
Why We Did This Audit
We conducted this audit to
determine whether the
U.S. Environmental Protection
Agency's internal controls over
its purchase card and
convenience check program are
adequate to prevent and detect
illegal, improper, and erroneous
purchases and payments.
The Government Purchase Card
Abuse Prevention Act of 2012
requires that inspectors general
conduct periodic assessments of
their agencies' purchase card
programs. In response to our
2018 audit (Report No. 18-P-
0232). the EPA implemented
new internal controls over its
purchase card and convenience
check program. However, during
our 2019 risk assessment
(Report No. 20-P-0006), we
found that the EPA's transition to
a new purchase card contract
adversely affected these newly
implemented internal controls,
and we determined that we
should conduct an audit in 2020.
This audit supports an EPA
mission-related effort:
•	Operating efficiently and
effectively.
This audit addresses a top EPA
management challenge:
•	Complying with key internal
control requirements (data
quality).
Address inquiries to our public
affairs office at (202) 566-2391 or
OIG WEBCOMMENTS@epa.gov.
List of OIG reports.
EPA Needs to Strengthen Its Purchase Card
Approval Process
What We Found
Since our 2018 audit and 2019 risk
assessment, the EPA has made several
improvements to its purchase card and
convenience check program to detect illegal,
improper, or erroneous purchases.
However, the Agency's internal controls are
still not adequate to prevent and detect
erroneous purchases.
The Agency needs to improve
oversight of its approximately
$25 million in annual purchase
card and convenience check
expenses to be better
stewards of taxpayer dollars.
The EPA Acquisition Guide and the Agency's purchase card standard operating
procedures establish policy and procedures for using purchase cards and
convenience checks. For example, the EPA Acquisition Guide states that the
approving official is responsible for determining whether transactions are
reasonable and necessary. Of the 25 purchase card and convenience check
transactions we analyzed, only two (8 percent) fully complied with the policies
and procedures we reviewed. Conversely, 23 transactions (92 percent) had at
least one instance of noncompliance. We found that cardholders made and
approving officials approved improper purchases and that the EPA's purchase
card team did not monitor purchases to ensure timely processing and approval,
as required by EPA procedures. We determined that $5,493.97 (5 percent) of
the $119,618.66 purchase card and convenience check expenses we reviewed
were unallowable.
These issues occurred for three reasons. First, cardholders and approving
officials lacked knowledge of relevant purchase card policies. Second,
cardholders and approving officials underutilized CitiManager's capabilities to
document and monitor purchases because they did not believe that the
system was user-friendly or that they received adequate training. Third, the
purchase card team did not use CitiManager's full capabilities to adequately
monitor purchases. As a result, the Agency continues to be at risk of making
improper or erroneous purchases, which may result in the misuse or waste of
taxpayer funds.
Recommendations and Planned Agency Corrective Actions
We recommend that the assistant administrator for Mission Support train
cardholders and approving officials on purchase card and convenience check
requirements; provide training on the use of CitiManager; require that staff use
CitiManagerto maintain approvals and documentation; and require the
purchase card team to use CitiManager's oversight capabilities.
The EPA agreed with our four recommendations and provided acceptable
corrective actions or alternative corrective action plans. All recommendations
are resolved with corrective actions pending.

-------
UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
WASHINGTON, D.C. 20460
THE INSPECTOR GENERAL
September 22, 2021
MEMORANDUM
SUBJECT: EPA Needs to Strengthen Its Purchase Card Program Approval Process
Report No. 21-P-0242
FROM: Sean W. O'Donnell
TO:
Lynnann Hitchens, Acting Principal Deputy Assistant Administrator
Office of Mission Support
This is our report on the subject audit conducted by the Office of Inspector General of the U.S. Environmental
Protection Agency. The project number for this audit was QA&E-FY20-0178. This report contains findings
that describe the problems the OIG has identified and the corrective action the OIG recommends. Final
determinations on matters in this report will be made by EPA managers in accordance with established
audit resolution procedures.
The Office of Mission Support is responsible for implementing the recommendations resulting from this
audit. The Office of Acquisition Solutions, within the Office of Mission Support, manages the planning,
awarding, and administering of contracts and procurement policy for the Agency.
In accordance with EPA Manual 2750, your office provided acceptable planned corrective actions and
estimated milestone dates in response to the OIG recommendations. All recommendations are resolved,
and no further response to this report is required. If you submit a response, however, it will be posted on
the OIG's website, along with our memorandum commenting on your response. Your response should be
provided as an Adobe PDF file that complies with the accessibility requirements of Section 508 of the
Rehabilitation Act of 1973, as amended. The final response should not contain data that you do not want
to be released to the public; if your response contains such data, you should identify the data for redaction
or removal along with corresponding justification.
We will post this report to our website at www.epa.gov/OIG.

-------
EPA Needs to Strengthen
Its Purchase Card Program
Approval Process
21-P-0242
Table of C
Chapters
1	Introduction	1
Purpose	1
Background	1
Responsible Offices	3
Scope and Methodology	3
Prior Audits and Risk Assessments	5
2	EPA Needs to Improve Adherence to Its Purchase Card
and Convenience Check Approval Policy and Procedures	6
EPA Policy Identifies Approval Procedures for Approving Officials
and Purchase Cardholders	6
EPA Staff Did Not Adhere to Purchase Card Policy and Procedures	6
Purchase Card Team Also Identified Issues with Purchase Card
and Convenience Check Use	10
Control Weaknesses Hindered Purchase Card Policy Compliance	10
Insufficient Program Controls Increase Risk	12
Recommendations	12
Agency Response and OIG Assessment	13
Status of Recommendations	14
Appendixes
A Key Definitions	15
B Results for Each Transaction Tested	16
C Criteria Used to Develop Compliance Tests	17
D Agency Response to Draft Report	20
E Distribution	23

-------
Chapter 1
Introduction
Purpose
The Office of Inspector General of the U.S. Environmental Protection Agency initiated this audit of the
Agency's purchase card and convenience check program for fiscal year 2020 to determine whether the
EPA's internal controls over its purchase card and convenience check program were adequate to
prevent and detect illegal, improper, and erroneous purchases.
Top Management Challenge Addressed
This audit addresses the following top management challenge for the Agency, as identified in OIG Report
No. 20-N-0231. EPA's FYs 2020-2021 Top Management Challenges, issued July 21, 2020:
• Complying with key internal control requirements (data quality).
Background
Since the inception of its purchase card program in 1987, the Agency has used this payment method to
streamline the acquisition process. Purchase cards offer a low-cost, efficient way to obtain goods and
services directly from vendors with fully automated invoicing and payment processing. At the EPA,
program offices, regions, laboratories, and field offices regularly use purchase cards for small purchases.
The EPA obtains purchase card services through a task order under the U.S. General Services
Administration's SmartPay master contract. This contract requires the contractor bank to offer internal
control tools to help its customers identify unusual spending patterns and monitor transactions that
may be instances of misuse, fraud, waste, or abuse. For the EPA's purchase cards, the contractor bank is
Citibank, and the internal control tool offered by Citibank is CitiManager, which is designed to:
•	Prevent purchases beyond credit limits.
•	Provide online reports.
•	Block unallowable merchant category codes, or MCCs.
•	Deactivate and reactivate user accounts.
•	Provide training and clear guidance.
The following laws, regulations, and polices govern the EPA's purchase card and convenience check
program:
•	Government Charge Card Abuse Prevention Act of 2012. This Act requires that the inspector
general of each executive agency conduct both periodic risk assessments of the agency's
purchase card and convenience check program and periodic audits of the agency's purchase card
and convenience check transactions. The purpose of these assessments and audits is to identify
and analyze the risk of illegal, improper, or erroneous purchases and payments. The federal
purchase card and convenience check program is implemented by each federal agency with the
involvement of the General Services Administration and the Office of Management and Budget.
21-P-0242
1

-------
•	Office of Management and Budget's Circular A-123, Managements Responsibility for Internal
Control. This publication provides purchase card and convenience check guidance that the
General Services Administration and other federal agencies must follow. Specifically, Chapter 2,
"Internal Controls/' of Appendix B, "Risk Management Framework for Government Charge Card
Programs/' provides a framework that identifies the responsibilities of purchase card managers
in developing and implementing risk-management controls, policies, and practices that mitigate
the potential for purchase card and convenience check misuse.
•	Federal Acquisition Regulation 13.301(b). This regulation requires agencies to establish
procedures for the use and control of purchase cards.
•	EPA Acquisition Guide. The EPAAG sets many different acquisition policies, one of which is
related to simplified acquisitions, including the EPA's purchase card and convenience checks.
•	EPA Agency-Wide Purchase Card Standard Operating Procedures: CitiManager Purchase Card
Automation Process. This document establishes policies and procedures for the proper use of
purchase cards and convenience checks.
EPA's Purchase Card and Convenience Check Approval Process
The EPA's purchase card program allows employees to make purchases at or below the micropurchase
threshold—which generally is $10,000—for government use. A convenience check is an optional tool
available under the EPA's purchase card program for use when vendors do not accept the purchase card
and the product or service is not available from another vendor. The single purchase limit for
convenience checks is $2,500. Use of a purchase card expedites the acquisition process, streamlines
payment, and reduces the administrative costs associated with traditional paper-based purchase orders.
Numerous approval requirements and checkpoints exist to help verify that EPA personnel properly use
purchase cards and convenience checks. All purchases made by purchase card or convenience check
require prior approval from the proper officials, including a first-line supervisor, an approving official, and
a funds control officer. The approving official for a purchase is based upon the purchase being made. For
example, the following purchases would require prior approval from the specified approving official:
•	Information technology items require approval from the information management officer.
•	Conference facilities require approval from the facilities manager.
•	Items relating to health and safety require approval from the safety, health, and environmental
manager.
•	Training, regardless of cost or location, requires approval from the training officer.
•	Protective services and equipment require approval from the security manager.
•	Paid advertisements for personnel recruitment require approval from the human resources
official.
After a purchase is made, but before the EPA issues payment, the cardholder must validate that the
goods or services have been received; this process is known as third-party verification. The EPA's
Cincinnati Finance Center notifies the cardholder and approving official by email that a transaction is
awaiting payment, and the cardholder is to validate the transaction within ten days of receiving this
notification. The EPA will then pay the transaction via a process referred to as cost allocation, which
includes allocating charges to appropriate budget and program funds.
21-P-0242
2

-------
The EPA's purchase card team assists the cardholder and the approving official throughout the
transaction process. The purchase card team also conducts audits of purchase card and convenience
check transactions.
EPA's Purchase Card and Convenience Check Spending
During fiscal year 2020, the EPA spent $25.8 million on purchase card and convenience check purchases.
The purchases were generally for such items as training, laboratory expenses, and office supplies.
Responsible Offices
The EPA's purchase card team in the Office of Acquisition Solutions, within the Office of Mission
Support, implements and manages the Agency's purchase card and convenience check program.
However, the Office of Acquisition Solutions does not supervise the staff responsible for purchase card
or convenience check transactions. Each program office assigns a director or manager to oversee the
purchase cardholder.
The Office of Acquisition Solutions is also responsible for planning, awarding, and administering
contracts for the Agency, including:
•	Issuing and interpreting acquisition regulations.
•	Administering training for contracting and program acquisition personnel.
•	Providing advice and oversight to regional procurement offices.
•	Providing information technology improvements for acquisition.
Scope and Methodology
We conducted this performance audit from May 2020 through July 2021 in accordance with generally
accepted government auditing standards issued by the comptroller general of the United States. Those
standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to
provide a reasonable basis for our findings and conclusions based on our audit objective. We believe
that the evidence obtained provides a reasonable basis for our findings and conclusions based on our
audit objective.
We conducted our audit work within the Office of Acquisition Solutions. To answer our objective, we
reviewed relevant criteria and the EPA's internal policies and procedures for purchase cards and
convenience checks. We interviewed staff and managers in the Office of Acquisition Solutions to gain an
understanding of the Agency's purchase card and convenience check program, the relevant internal
controls, and new program information since the OIG's 2019 risk assessment of the program. We also
interviewed purchase cardholders and approving officials to gain an understanding of the purchase card
and convenience check transactions that do not comply with EPA policy and procedures.
From the 9,616 purchase card and convenience check transactions made in the second quarter of fiscal
year 2020, which totaled $6,828,928.27, we selected 25 (approximately 2 percent) to review. Table 1
lists these 25 transactions, which totaled $119,618.66. We selected transactions from purchase
categories that were identified as having noncompliant transactions in prior OIG audits.
21-P-0242
3

-------
Table 1: Transactions selected for review
Transaction
Transaction
date
Merchant or vendor*
Amount
1
3/11/20
Market to Market
$450.00
2
1/9/20
Personalization Mall
346.63
3
3/25/20
In Storage Engine Inc.
**62,721.36
4
2/6/20
Vivid Learning System
3,499.00
5
2/12/20
Gettysburg Museum
400.00
6
3/4//20
PayPal
5,000.00
7
3/6/20
PayPal
4,500.00
8
2/12/20
Office Depot
4,818.09
9
3/11/20
Thermo Fisher Scientific
2,568.64
10
3/11/20
Thermo Fisher Scientific
685.20
11
1/24/20
University of Maryland
4,390.00
12
1/13/20
Champion Awards
1,510.00
13
1/22/20
The Gym Doctors
438.63
14
1/10/20
UPS
136.16
15
1/14/20
Amazon
971.94
16
2/11/20
IT Financial Management Assoc.
5,210.00
17
1/7/20
Dive Right in Scuba Inc.
5,441.08
18
2/15/20
Apple
1,249.00
19
3/26/20
Staples
653.97
20
3/12/20
Deco Construction
644.00
21
3/18/20
ACS Advertising Sales
925.00
22
1/30/20
Leco Corporations
6,635.91
23
3/3/20
Walmart Supercenter
52.70
24
1/22/20
Colorado School
3,330.50
25
3/25/20
HpiFederal LLC
3,040.85
Total	$119,618.66
Source: OIG selection of purchase card and convenience check transactions made in the second
quarter of fiscal year 2020. (EPA OIG table)
•	Green shade denotes a convenience check transaction; all others are purchase card transactions.
** The purchase card limit for acquisition professional contracting officers is up to $250,000.
We developed and documented 30 compliance tests for these 25 transactions. Specifically, we tested
for adequate controls to determine the:
•	Risk of illegal, improper, or erroneous use of purchase cards and convenience checks.
•	Compliance of these 25 transactions with the EPAAG and the EPA Agency-Wide Purchase Card
Standard Operating Procedures.
However, because we selected the transactions to review, our results cannot be projected to the audit
universe of untested transactions.
We assessed the internal controls necessary to satisfy our audit objectives pursuant to the
U.S. Government Accountability Office's Standards for Internal Control in the Federal Government,
known as the Green Book.1 Any internal control deficiencies we found are discussed in this report.
Because our audit was limited to the internal control components and underlying principles deemed
1 As set forth in the Green Book, an entity designs, implements, and operates internal controls to achieve its objectives related
to operations, reporting, and compliance.
21-P-0242
4

-------
significant to our audit objectives, our audit may not have disclosed all internal control deficiencies that
existed at the time of the audit. We reviewed regulations, Office of Management and Budget guidance,
and EPA policies and procedures that pertain to purchases, purchase cards, and convenience checks to
determine the specific control activity requirements needed to ensure proper, efficient, and effective
management of the purchase card and convenience check program.
Prior Audits and Risk Assessments
From 2012 through 2019, the EPA OIG completed three risk assessments and two audits that focused on
purchase card and convenience check administration and management. The two audits identified
findings and resulted in recommendations that the EPA has said it implemented. Below are summaries
of our most recent work:
•	Our 2018 audit, as detailed in OIG Report No. 18-P-0232, EPA's Purchase Card and Convenience
Check Program Controls Are Not Effective for Preventing Improper Purchases, issued August 20,
2018, concluded that the cardholders, approving officials, purchase card team, and EPA program
officers were not providing the oversight needed to achieve compliance with internal controls.
In addition, the EPA's transition to the SmartPay purchase card contract adversely affected the
Agency's internal controls. We offered 11 recommendations for improvement, which the
Agency reported that it completed by May 2019.
•	Our 2019 risk assessment, as detailed in OIG Report No. 20-P-0006, EPA's Purchase Card and
Convenience Check Program Merits an Audit in Fiscal Year 2020, issued October 18, 2019,
followed up on the EPA's corrective actions in response to our 2018 audit. We determined that
CitiManager transition issues adversely affected some of the internal controls implemented by
the EPA in response to our 2018 audit. Specifically:
o Supporting documentation that the EPA uses to verify that transactions comply with
federal and Agency acquisition requirements was not uploaded to CitiManager until late
April 2019.
o Training on bank-generated reports that the EPA could use for oversight purposes, such
as delinquency, fraud analytics, and transaction reports, was not provided until
June 2019.
Consequently, although our risk assessment did not result in any recommendations, we
determined that we should conduct an audit of the EPA's purchase card and convenience check
program in 2020.
The Agency also conducts its own risk assessments of its programs. In a 2018 risk assessment of its
purchase card and convenience check program, which was required by the Improper Payments
Elimination and Recovery Act of 2010, the Agency determined that there was low risk of improper
payments in purchase card and convenience check transactions because every cardholder is assigned an
approving official, who must review all transactions made by the cardholders or check writers under his
or her purview. As we note above, however, both of the purchase card audits that the OIG completed
from 2012 through 2019 resulted in recommendations for improvement.
21-P-0242
5

-------
Chapter 2
EPA Needs to Improve Adherence to Its
Purchase Card and Convenience Check
Approval Policy and Procedures
We found that EPA staff did not adhere to all policies and procedures related to purchase card
approvals. Cardholders made and approving officials approved improper purchases, and the purchase
card team did not prevent unallowable and untimely purchases. Of the 25 transactions we analyzed for
this audit, only two (8 percent) fully complied with the EPAAG and the EPA Agency-Wide Purchase Card
Standard Operating Procedures. These instances of noncompliance occurred because cardholders and
approving officials lacked knowledge about relevant purchase card policies and underutilized
CitiManager's capabilities to document and monitor purchases. The purchase card team also did not use
CitiManager to adequately monitor purchases. As a result, the Agency continues to be at risk of making
illegal, improper, or erroneous purchases, which may result in the misuse or waste of taxpayer funds.
EPA Policy Identifies Approval Procedures for Approving Officials
and Purchase Cardholders
EPAAG Subsection 13.3.1, "Using the Government-wide Commercial Purchase Card," establishes policy
for using purchase cards at the EPA. The guidelines detail requirements for approvals, special approvals,
closer scrutiny, mandatory sources, and strategic sourcing. The EPAAG states that oversight of the EPA's
purchase card program is accomplished on two levels: individual and organizational. Oversight of
individual transactions is meant to ensure that cardholders use purchase cards appropriately and only
acquire authorized items. The EPAAG also states that the approving official is responsible for determining
whether transactions are reasonable and necessary. In terms of organizational oversight, the approving
officials preapprove all purchase card transactions and annually certify that, as the approving officials,
they performed all approving responsibilities in accordance with the applicable EPA policies.
The EPA Agency-Wide Purchase Card Standard Operating Procedures outlines the procedures that
cardholders and approving officials should adhere to when using the purchase card and documenting
transactions within CitiManager. These procedures state that a cardholder must submit supporting data
for approval before making purchases with blocked MCCs.
EPA Staff Did Not Adhere to Purchase Card Policy and Procedures
The EPA made several improvements to its purchase card program to detect illegal, improper, and
erroneous payments since our 2018 audit and our 2019 risk assessment. For example, the EPA reduced
the percentage of transactions for which cardholders did not obtain the required prior approvals or
verify funding availability. Despite these improvements, we found that cardholders and approving
officials did not adhere to the EPAAG and the EPA Agency-Wide Purchase Card Standard Operating
Procedures. We tested 25 transactions against 30 requirements from the EPAAG, EPA Agency-Wide
Purchase Card Standard Operating Procedures, and EPA E-Blasts. Only two (8 percent) were in full
compliance with these requirements. Conversely, there were 23 transactions (92 percent) with at least
one instance of noncompliance. These 23 noncompliant transactions totaled $56,761.14. Appendix B
21-P-0242
6

-------
details the test results for each of the 25 transactions we reviewed. Appendix C provides more details on
the criteria we used to test for compliance.
Table 2 summarizes the instances of noncompliance we identified across the 25 transactions we
reviewed. The table includes only those 14 requirements tested with at least one instance of
noncompliance; the transactions were fully compliant with the other 16 requirements we tested. We
found that the transactions with the greatest noncompliance did not have the required documentation,
complete justifications, or timely cost allocations for purchases. In addition, the purchase card team did
not use CitiManager to block unallowable purchases. Finally, although all purchases were approved,
approving officials did not approve all purchases in a timely manner. While most of the 23 noncompliant
transactions would have been valid had the EPA's policies and procedures been properly followed, we
determined that $5,493.97 of the $56,761.14 purchase card and convenience check expenses we
reviewed would have been unallowable regardless.
Table 2: Noncompliance with policies and procedures by transactions reviewed
Criteria tested
Number of
Test
Source
Description of noncompliance identified
transactions
A
EPAAG § 13.3.1.16(d)(1)
Purchase not approved by approving official by
23rd of the month
6
B
EPAAG § 13.3.1.14(k)(3)
EPA Agency-Wide Purchase Card
Standard Operating Procedures, Step 3(B)
Supporting documents not uploaded to or
maintained in appropriate systems
17
C
EPAAG § 13.3.1.9(f)
Justification not provided for using commercial
sources
8
D
EPAAG § 13.3.1.14Q)(1)
Independent verification not provided confirming
that goods or services were received
4
E
EPA Agency-Wide Purchase Card
Standard Operating Procedures, Step 3(B)
Transaction not reviewed and validated by
cardholder within ten days of being posted
8
F
EPAAG § 13.3.1.12
Special purchases made without required prior
approval
4
G
EPA Agency-Wide Purchase Card
Standard Operating Procedures, page 8,
1st and 2nd bullet
System internal controls failed to block
transactions with unallowable MCCs and
transactions that exceeded convenience check
limits
12
H
EPAAG § 13.3.1.9(c)(1)
Third-party payment processing procedures not
followed
2
I
EPAAG § 13.3.1.15(a)
Funds availability not verified before purchase
was made
3
J
EPAAG § 13.3.1.14(f)
Sales taxes paid without justification
1
K
EPAAG § 13.3.1.9(d)
Prohibited transaction
1
L
EPAAG § 13.3.1.9(e)
Restricted transaction
1
M
EPAAG § 13.3.1.13
Lack of closer scrutiny
4
N
EPAAG § 13.3.1.14(b)(1)
Split purchase made
3
Source: OIG analysis of transactions we reviewed. (EPA OIG table)
Approving Officials Did Not Approve Purchases in Timely Manner
As shown in Row A of Table 2, six of the 25 transactions we reviewed had either missing or inadequate
evidence of timely approvals in the electronic purchase file. These six transactions totaled $3,453.61.
EPAAG Subsection 13.3.1.16(d)(1) states that approving officials shall review and approve cardholder
transactions no later than the 23rd of each month, which is the end of the billing cycle. Approving
21-P-0242
7

-------
officials told us that no reminder to approve the transactions is sent and that they sometimes miss the
due date.
Cardholders Did Not Maintain Required Documentation
As shown in Row B of Table 2, supporting documentation for 17 of the 25 transactions we reviewed was
not maintained in Agency systems or in CitiManager, as provided in EPAAG Subsection 13.3.1.14(k)(3)
and EPA Agency-Wide Purchase Card Standard Operating Procedures, Step 3B, as well as in EPA E-Blast
policy updates dated November 26, 2019; August 1, 2019; and March 4, 2020. These 17 transactions
totaled $45,923.60. In interviews with us, cardholders and approving officials described various reasons
for not using approved Agency systems or CitiManager for this task. They said that CitiManager is
difficult to use and navigate; that it is easier to maintain records outside the approved systems, either
electronically on their computers or in hard copy form; and that management gives them the option to
store files in various ways.
Cardholders and Approving Officials Did Not Verify that Transactions Were
Appropriate and Timely
As shown in Row C of Table 2, for eight of the 25 transactions we reviewed, the cardholder did not
justify the use of commercial vendors, as required by EPAAG Subsection 13.3.1.9(f), "Priorities for Use of
Mandatory Sources." These eight transactions totaled $15,538.25. If cardholders do not provide a
justification when using commercial sources, the Agency cannot determine whether valid purchases
were made. For example, for one transaction we reviewed, the cardholder's supervisor instructed the
cardholder to quickly purchase a printer, ink, and copy paper for a senior EPA official who was on
extended telework because of the coronavirus pandemic—that is, the SARS-CoV-2 virus and resultant
COVID-19 disease. The cardholder purchased the printer from a commercial vendor and had it delivered
to the official's home. Contrary to the EPAAG, however, the cardholder did not provide justification for
the purchase from a commercial vendor. In addition, the cardholder did not first confirm that there was
no printer availability in:
•	Agency inventory or excess inventory from other agencies.
•	Inventory from Federal Prison Industries Inc.
•	Inventory from the procurement list maintained by the Committee for Purchase from People
Who Are Blind or Severely Disabled.
•	Wholesale supply sources, including the General Services Administration.
•	Federal supply schedules, including EPA blanket purchase agreements and EPA strategic
sourcing initiatives.
As shown in Row M of Table 2, there was no evidence that the cardholder and approving official
conducted a closer scrutiny of four of the 25 transactions we reviewed to ensure that the transactions
were necessary and appropriate uses of funds, as required by EPAAG Subsection 13.3.1.13. These
four transactions totaled $11,460.00. For example, in one transaction we reviewed, a cardholder and
approving official ordered $450 of catered food for an EPA-sponsored program. The cardholder and
approving official considered the catered food to be light refreshments and, therefore, allowable. EPA
Order 1900.3, "Food at an EPA Conference, Workshop, Ceremony, Reception or Observance," defines
light refreshments as "coffee, tea, milk, juice ... pretzels, cookies, chips, or muffins;" however, the
approved transaction included food—such as chicken wings, chicken satay, and California rolls—and
portion sizes that were more typical of a full meal.
21-P-0242
8

-------
As shown in Row F of Table 2, the cardholder did not obtain advance approval before placing the order
for four of the 25 transactions we reviewed, as required by EPAAG Subsection 13.3.1.12. These
four transactions totaled $10,668.52 and included paid personnel recruiting services, which should have
been approved by the human resource official, and special equipment services, which should have been
approved by either the chief information officer or the safety, health, and environmental manager, as
applicable.
As shown in Row H of Table 2, two of the 25 transactions we reviewed used a third-party payment
processor, but no justification was provided in the electronic purchase files, as required by EPAAG
Subsection 13.3.1.9(c)(1). These two transactions totaled $9,500.00. The General Services Administration
considers online transactions made using third-party payment processors, such as PayPal, to be high-risk
transactions because they are not direct buyer-seller relationships. Involving a third-party payment
processor creates more opportunities for purchase errors. According to the cardholder for both
transactions, a third-party payment processor was used because it was the only option to deliver
payment to the vendor in a timely manner. However, a direct payment to the vendor is timelier than a
payment to a third-party payment processor. Also, these two transactions were split transactions of
$4,500 and $5,000, made two days apart for the same service because of the cardholder's erroneous
belief that the single-purchase limit was $5,000. EPAAG Subsection 13.3.1.14(b)(1) prohibits splitting
purchases into multiple transactions to circumvent the single-purchase limit of $10,000. This instance of
noncompliance is included in Row N of Table 2.
For another three transactions, as shown in Row I of Table 2, the cardholders did not verify the
availability of funds by obtaining approval from the funds control officer prior to making the purchases,
per EPAAG Subsection 13.3.1.15(a). These three transactions totaled $1,156.67. When cardholders
obligate funds without prior approval and do not use proper channels to request purchases, the Agency
is at risk of obligating funds in excess of amounts available to the Agency. When we asked the approving
official responsible for these transactions why those items were purchased and approved without
obtaining approval from the funds control officer, the approving official replied that the funds control
officer was out of the office on the day of the purchase.
Purchase Card Team Did Not Block Unallowable Purchases
As shown in Row G of Table 2, 12 of the 25 transactions we reviewed used MCCs that are not allowed
per EPA Agency-Wide Purchase Card Standard Operating Procedures. These 12 transactions totaled
$29,743.49. In addition, CitiManager did not flag the MCCs as unallowable, and the purchase card team
did not specifically monitor for unallowable MCCs. When we asked the cardholders who made these
12 purchases why they used unallowed merchants, they stated that they were not aware that these
merchants fell under the blocked MCCs.
The only one of the 25 transactions we reviewed that was paid by convenience check was for a training
facilitator in the amount of $3,330.50, which is over the convenience check limit of $2,500 specified in
EPAAG Subsection 13.3.1.14(j)(l). The cardholder told us that a convenience check was used instead of a
purchase card because of a firewall that prevented the original purchase. The approving official
approved the convenience check without questioning the amount, and CitiManager did not block the
payment, even though it was over the allowable convenience check limit. In addition, the purchase
cardholder did not verify receipt of goods and services. The cardholder's privileges were suspended but
were reinstated after the cardholder took supplemental training. This instance of noncompliance is
included in Row D of Table 2.
21-P-0242
9

-------
Purchase Card Team Also Identified Issues with Purchase Card and
Convenience Check Use
During our interviews with the purchase card team, we learned that the team conducts a 5-percent
monthly review of purchase card transactions, routinely provides E-Blast notifications to the purchase
card community, and uses various reports to monitor compliance with purchase card requirements.
These monthly reviews have identified the same issues that we observed during our audit, such as
cardholders not:
•	Providing supporting documentation.
•	Storing documents electronically.
•	Receiving third-party verifications.
•	Obtaining preapprovals.
•	Processing payments in a timely manner.
•	Providing justifications for using nonmandatory sources.
Control Weaknesses Hindered Purchase Card Policy Compliance
We identified three control weaknesses that contributed to the instances of noncompliance described in
the previous section:
•	Cardholders and approving officials lacked knowledge of relevant purchase card policies and
specific requirements regarding closer scrutiny of certain purchases, restricted transactions,
required resources, and prohibited transactions.
•	Cardholders and approving officials underutilized CitiManager's capabilities to document and
monitor purchases because they did not believe that the system is user-friendly or that they
received adequate training.
•	The purchase card team did not use CitiManager's full capabilities to adequately monitor
purchases to prevent unallowable transactions.
Cardholders and Approving Officials Lacked Knowledge of Requirements
Based on our interviews with cardholders and approving officials, we found that many of the
noncompliant purchases we identified were due to the infrequency of purchases and a lack of familiarity
with purchase card and convenience check requirements. One approving official said that a cardholder
may conduct infrequent transactions and cannot remember all the purchase requirements. Another
approving official felt that the training received was not adequate to allow a full understanding of the
acquisition professional's authority to make purchases above the single-transaction limits.
Cardholders and approving officials also stated that there was insufficient time allotted to follow proper
purchasing channels because they needed to purchase items quickly. One cardholder purchased
engraved plaques using a commercial vendor because the plaques needed to be purchased quickly for
an upcoming award ceremony. Another cardholder used a commercial vendor when buying a printer
because upper management needed the printer immediately to work from home. In both of these
instances, the cardholders did not evaluate the purchase request to ensure that the resulting
21-P-0242
10

-------
transaction would comply with federal and Agency acquisition rules. Neither complied with EPAAG
requirements to use mandatory sources or provide justifications for using commercial vendors.
In some instances, supervisors instructed cardholders to make purchases, which the cardholders made
and the approving officials approved, without raising questions. One cardholder purchased items from a
commercial vendor at the instruction of a direct-line supervisor; this purchase was also approved by the
approving official, contrary to EPAAG requirements that approving officials review and potentially
disapprove the cardholder's decision.
There appears to be few, if any, implemented consequences for cardholders and approving officials who
make erroneous purchases. One approving official explained that purchase card performance is not part
of annual performance reviews. However, the EPAAG states that cardholders and approving officials
may be personally liable for unapproved or improper purchases.
Cardholders and Approving Officials Underutilized CitiManager's Capabilities
We noted that cardholders and approving officials do not consistently or effectively use CitiManager.
For example, management in the Office of Mission Support and the Office of the Chief Financial Officer
does not require that purchase approvals be maintained in CitiManager. As a result, records are not
stored in a central location for Agency use. In addition, cardholders and approving officials do not access
CitiManager's built-in purchase card monitoring tools to assist with document approvals or to notify
cardholders and approving officials of purchases needing prompt payment. Most cardholders and
approving officials also do not use CitiManager to maintain purchase card records and approvals or to
run system reports.
Only one of the 23 cardholders and the associated approving officials for the transactions we reviewed
performed purchase card reviews in CitiManager. Most of the cardholders and approving officials we
interviewed found CitiManager difficult to use to adequately monitor transactions, process transactions,
and maintain records. These are examples of what some of the cardholders and approving officials said:
•	They attempted to obtain assistance by email or phone from CitiManager's help desk, but
Citibank did not adequately resolve problems. As a result, cardholders and approving officials
found other methods to maintain records, and records are not transparently available for
approving officials and the purchase card team to review.
•	The records they enter into CitiManager sometimes disappeared and could not be retrieved. As
a result, they did not trust the system.
•	They did not receive adequate training from the EPA's purchase card team, the General Services
Administration, or Citibank to effectively use CitiManager.
Purchase Card Team Did Not Use CitiManager's Full Capabilities
The purchase card team is responsible for monitoring the implementation, quality, and consistency of
the internal controls for the EPA's purchase card and convenience check program. However, the
purchase card team did not use CitiManager's full capabilities to implement the available internal
controls.
21-P-0242
11

-------
We determined that CitiManager provides monitoring controls and can run various management
reports to increase oversight. For example, CitiManager can run reports to identify required approvals,
unallowable MCCs, potential split purchases, purchases requiring closer scrutiny, and transaction
overrides.
The purchase card team was not aware or did not take advantage of these capabilities. For example,
when we looked at the 9,616 purchases made in the second quarter of 2020, we found that half of those
purchases used unallowable MCCs, despite CitiManager's ability to identify and block purchases made
with unallowable MCCs.
Although the purchase card team reviews 5 percent of transactions on a monthly basis and found errors
similar to those identified in this report, the purchase card team did not take sufficient action to
improve or implement internal controls over the purchase card and convenience check program to
prevent further errors.
Insufficient Program Controls Increase Risk
The Government Charge Card Abuse Prevention Act of 2012 requires agencies that use purchase cards
and convenience checks to establish internal controls to identify improper purchases. Insufficient
implementation of key program controls, such as system monitoring and enforcement of employee
adherence to Agency laws, regulations, and policies, may increase the risk of illegal, improper, and
erroneous purchases. When control weaknesses, such as the ones found in this audit, are identified, the
Agency needs to improve program control implementation to reduce risk and to demonstrate better
stewardship and management of the approximately $25 million in taxpayer dollars that the EPA spends
annually on purchase card and convenience check transactions.
Recommendations
We recommend that the assistant administrator for Mission Support:
1.	Require annual training for all cardholders and approving officials on targeted purchase card and
convenience check requirements, based on findings in audits and reviews, including those
regarding closer scrutiny, restricted transactions, required resources, and prohibited
transactions.
2.	Provide CitiManager training and support to cardholders, approving officials, and the purchase
card team that will establish the expectation that they use and enable them to effectively use
CitiManager for the documentation, justification, and approval of purchases.
3.	Require cardholders and approving officials who have completed the training in
Recommendation 2 to maintain approvals and purchase documentation in CitiManager. Update
all relevant policies and procedures to reflect this requirement.
4.	Require the purchase card team to identify and use CitiManager management reports that will
help provide oversight of the program. Update all relevant policies and procedures to reflect this
requirement.
21-P-0242
12

-------
Agency Response and OIG Assessment
The Agency agreed with Recommendations 1 and 4. For Recommendation 1, we recommended that all
cardholders attend training. The EPA responded that it will provide targeted training. As long as this
targeted training is provided to all cardholders, we agree that the corrective action should be
acceptable. For Recommendation 4, we recommended that the purchase card team identify and use
CitiManager management reports that will help provide oversight of the program. The EPA responded
that it will enhance its knowledge of and expertise in CitiManager reporting capabilities. Provided that
this knowledge enhancement includes using CitiManager reports to help provide oversight, we agree
that the corrective action should be acceptable. We will further assess both corrective actions after their
expected completion date of January 31, 2022.
For Recommendation 2, the Agency proposed an alternative approach, stating that it would use the
Purchase Card Order Request System, or PCORS, instead of Citibank, to document, justify, and approve
purchase card transactions. The Agency plans to complete this corrective action by June 30, 2022, and
will provide us with updates on system deployment. The Agency's alternative approach meets the
intent of our recommendation to provide training and support to the staff to effectively use the
purchase card system. The OIG will review the updates in the next year for improvements.
For Recommendation 3, in alignment with the Agency's alternative approach for Recommendation 2 to
use PCORS instead of Citibank to process purchase card transactions, the Agency will require
cardholders and approving officials to also maintain approvals and purchase documentation in PCORS .
The Agency's alternative approach meets the intent of our recommendation to maintain approvals and
documentation. The Agency plans to complete the corrective action by June 30, 2022.
Therefore, we consider the four recommendations resolved with corrective actions pending. The
Agency's full response is in Appendix D.
21-P-0242
13

-------
Status of Recommendations
RECOMMENDATIONS
Potential
Planned	Monetary
Rec. Page	Completion	Benefits
No. No.	Subject	Status1 Action Official	Date	(In $000s)
1	12 Require annual training for all cardholders and approving officials R Assistant Administrator for 1/31/22	$5
on targeted purchase card and convenience check requirements,	Mission Support
based on findings in audits and reviews, including those
regarding closer scrutiny, restricted transactions, required
resources, and prohibited transactions.
2	12 Provide CitiManager training and support to cardholders,	R Assistant Administrator for 6/30/22
approving officials, and the purchase card team that will	Mission Support
establish the expectation that they use and enable them to
effectively use CitiManager for the documentation, justification,
and approval of purchases.
3	12 Require cardholders and approving officials who have completed R Assistant Administrator for 6/30/22
the training in Recommendation 2 to maintain approvals and	Mission Support
purchase documentation in CitiManager. Update all relevant
policies and procedures to reflect this requirement.
4	12 Require the purchase card team to identify and use CitiManager R Assistant Administrator for 1/31/22
management reports that will help provide oversight of the	Mission Support
program. Update all relevant policies and procedures to reflect
this requirement.
1 C = Corrective action completed.
R = Recommendation resolved with corrective action pending.
U = Recommendation unresolved with resolution efforts in progress.
21-P-0242
14

-------
Appendix A
Key Definitions
CitiManager: An online tool offered by Citibank that provides a processing interface for purchase
cardholders and approving officials, with user-managed customization and preferences.
Convenience Check: A payment tool intended only for authorized purposes where purchase cards are
not accepted, such as to pay merchants that do not accept purchase cards. Convenience checks have a
$2,500 single-transaction limit.
Purchase Card: A government charge card that provides a streamlined purchasing process, eliminates
the use of purchase orders in many cases, and reduces administrative costs. For EPA program office
cardholders, the standard single-transaction limit is $10,000. Acquisition professional contracting
officers may use the purchase card to place orders or make payments up to the simplified acquisition
threshold of $250,000.
Third-Party Verification: The validation that goods or services have been received after a purchase is
made but before the EPA issues payment.
21-P-0242
15

-------
Appendix B
Results for Each Transaction Tested
The transactions identified below align with those listed in Table 1 of this report. The criteria tested align
with those identified in Table 2 of this report. The rows highlighted in green indicate fully compliant
transactions. The row highlighted in orange identifies a convenience check transaction; all other
transactions were made with purchase cards.

Value of
Criteria tested
Instances of

transaction
A
B
c
D
E
F
G
H I
J
K
L
M
N
noncompliance
1
$450.00
X



X

X

X



X

5
2
346.63


X



X







2
3
62,721.36














0
4
3,499.00

X




X







2
5
400.00
X
X


X









3
6
5,000.00

X





X




X
X
4
7
4,500.00

X





X




X
X
4
8
4,818.09

X
X

X

X




X


5
9
2,568.64

X
X



X







3
10
685.20

X
X



X







3
11
4,390.00

X

X










2
12
1,510.00






X





X

2
13
436.63

X












1
14
136.16














0
15
971.94
X
X
X


X








4
16
5,210.00

X


X

X







3
17
5,441.08

X
X


X
X







4
18
1,249.00






X







1
19
653.97
X
X
X
X
X



X

X



7
20
644.00




X









1
21
925.00
X
X


X
X
X







5
22
6,635.91




X








X
2
23
52.70
X
X
X
X




X
X




6
24
3,330.50

X

X

X








3
25
$3,040.85

X




X







2
Instances of
noncompliance
6
17
8
4
8
4
12
2
3
1
1
1
4
3
74
Source: OIG analysis of transactions we reviewed. (EPA OIG table)
21-P-0242
16

-------
Appendix C
Criteria Used to Develop Compliance Tests
The 14 compliance tests identified in Table 2 are based on the EPA Agency-Wide Purchase Card Standard
Operating Procedures: CitiManager Purchase Card Automation Process and EPAAG Section 13.3.1,
"Using the Government-wide Commercial Purchase Card/' which establish policy and procedures for
using government purchase cards at the EPA. The EPAAG details requirements for approvals, special
approvals, closer scrutiny, mandatory sources, and strategic sourcing. Specific EPAAG subsections used
for this audit are listed below; note that titles of subsections are included only where appropriate:
•	EPAAG Subsection 13.3.1.6(e)(2)(iv). Validating all purchase cardholder transactions by reviewing
and approving the purchase cardholder's transactions pursuant to the requirements specified in the
Agency purchase card standard operating procedure and Subsection 13.3.1.13(k) no later than the
23rd of each month, which is the end of each monthly billing cycle.
•	EPAAG Subsection 13.3.1.9(c)(1). To best protect the interests of the Agency, third-party payment
processors or mechanisms may only be used when no other vendor can supply the product or
service or meet the delivery, quantity, or quality requirements and the vendor will accept payment
only through the third-party payment processor or mechanism.
•	EPAAG Subsection 13.3.1.9(d), "Prohibited Transactions." All Agency purchase cardholders are
prohibited from using the purchase card for the following:
(a)	Any order that is not a necessary expense of appropriated funds for official government
business.
(b)	Travel-related expenses, such as per diem, lodging, and transportation.
(c)	Gasoline, oil, or similar items for government-owned or -leased boats or vehicles. (Personnel
should use the official EPA fleet management cards.)
(d)	Cash advances.
(e)	Long-term rental or lease of land and buildings.
(f)	Individual employee memberships in professional organizations, associations, and so on.
(g)	Gift cards and gift certificates, in any denomination. Any purchase cardholder or approving
official that violates this prohibition shall have his or her purchase card or approving official account
suspended or permanently revoked, based upon the decision of the Office of Acquisition Solutions
director or the EPA's National Program Card Program Manager.
(h)	Printing or photocopying services, except for the initial publication of articles written by EPA
employees printed in privately published journals, textbooks, and encyclopedias, which includes
page charges, open-access fees, and reprints.
21-P-0242
17

-------
•	EPAAG Subsection 13.3.1.9(e), "Restricted Transactions." The following transactions are prohibited
for program office purchase cardholders; however, they may be ordered by acquisition professional
purchase cardholders, consistent with applicable law and regulation:
(a)	Any order that requires a statement of work or specifications.
(b)	Any order in which Agency or federal acquisition regulations require, or it is advantageous to the
government to include, contract clauses (for example, construction over $2,000 or a potential for
conflicts of interest.)
(c)	Any order requiring the cardholder to accept a vendor's terms or sign a vendor's agreement or
contract.
(d)	Construction, alteration, or repair of public buildings.
(e)	Expert services or consultants, as a statement of work is required.
(f)	Personal services because they create an employer/employee relationship in which the EPA
supervises contractor employees. Such services must be authorized by statute.
(g)	Leasing of aircraft, boats, or motor vehicles, including buses and limousines.
(h)	Institutional memberships in associations. Also see EPA Order 1800.2, Participation in
Professional Societies and Associations.
(I) Communication services, such as connection and use of cellphones, internet, or email.
(j) Any order requiring advance payment before receipt of the item, except subscriptions to
publications for the auditory and visual use of the Agency, registration fees, and training.
(k) Automatic recurring charges in which the vendor will continue to bill unless the purchase
cardholder takes action to prevent the charges, such as monthly charges for a cable television.
(I) Gym memberships.
(m) Health and wellness memberships and employee welfare memberships.
•	EPAAG Subsection 13.3.1.9(f), "Priorities for Use of Mandatory Sources." Federal Acquisition
Regulation, Part 8.002, "Priorities for Use of Mandatory Sources," lists priorities for use of
mandatory sources. In addition, although not mandatory, the Agency has a required source for
office supplies. Purchase cardholders shall satisfy requirements for supplies and services from or
through mandatory government sources before using a commercial vendor.
•	EPAAG Subsection 13.3.1.12. Before placing an order, the cardholder shall obtain approval from the
appropriate individual as identified, such as the information management officer; safety, health, and
environmental manager; and human resource or printing officials.
•	EPAAG Subsection 13.3.1.13(a). Purchase cardholders and approving officials are advised to use
caution when placing orders for clothing, entertainment, novelty items, nonmonetary awards, light
21-P-0242
18

-------
refreshments, conference support, gym memberships, health and wellness memberships, and
employee welfare memberships. These purchases require closer scrutiny to ensure that they are
necessary expenses for the appropriated funds being used.
•	EPAAG Subsection 13.3.1.14(b)(1), "Plan and Consolidate Your Requirements to Avoid Splitting
Orders." Purchase cardholders shall not split requirements to circumvent single purchase limits or to
avoid any required approvals.
•	EPAAG Subsection 13.3.1.14(f), "Tax Exempt Status." Purchase cardholders shall remind vendors
that orders are for the U.S. government and are tax exempt. If a vendor insists on charging tax, the
purchase cardholder should not place the order unless there is no alternative.
•	EPAAG Subsection 13.3.1.14(h)(1). Independent verification of receipt or third-party verification of
equipment, property, supplies, or services shall be performed for all purchase card transactions.
Independent verification of receipt or third-party verification may be performed by an Agency
employee other than the purchase cardholder, approving official, or funds control officer of the
transaction; contractors; or grantees.
•	EPAAG Subsection 13.3.1.14(j)(l). Convenience checks are limited to a maximum single-purchase
amount of $2,500 for all account holders regardless of limits that may be established on the
cardholder purchase card account. Convenience checks may be used only when a vendor does not
accept the purchase card and the product or service is not available from another vendor.
•	EPAAG Subsection 13.3.1.14(k)(3). Other supporting documentation—such as receipts; order
confirmations; vendor invoices, if provided; necessary expense justifications (see
Subsection 13.3.1.12); or documentation of any problems, disputes, or unusual circumstances
surrounding an order—shall be kept in the purchase card file and uploaded to CitiManager.
•	EPAAG Subsection 13.3.1.15(a), "Purchase Card Funding and the [Funds Control Officer] (FCO)."
Before placing orders, the purchase cardholder must coordinate with the cardholder's funds control
officer to ensure that funds are available.
•	EPAAG Subsection 13.3.1.15(c), "Cost Allocation (Payment)." Purchase cardholders are responsible
for cost allocating their purchases. All purchase cardholders shall use the Agency's intranet cost-
allocation system to cost allocate (pay) for their purchases.
In accordance with the EPA Agency-Wide Purchase Card Standard Operating Procedures: CitiManager
Purchase Card Automation Process, cardholders must submit all supporting documentation to the
Management Support Branch for review and override to prevent MCCs considered high risk and
nonapplicable for routine Agency transactions. The EPA Agency-Wide Purchase Card Standard Operating
Procedures also outlines the responsibilities of the purchase cardholder and the approving official
regarding the purchase card and convenience check program, including identifying purchases with
blocked MCCs.
We also reviewed E-Blasts, as well as updates on the use of the PCORS and the CitiManager System,
dated November 26, 2019; August 1, 2019; and March 4, 2020.
21-P-0242
19

-------
Appendix D
Agency Response to Draft Report
UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
WASHINGTON, D C. 20460
August 30. 2021
OFFICE OF MISSION SUPPORT
MEMORANDUM
SUBJECT:
FROM:
TO:
Thank you for the opportunity to respond to the subject audit report. The following summarizes the
agency's overall position, along with our position on each of the report recommendations. We have
provided high-level intended corrective actions for each recommendation with completion dates
AGENCY'S OVERALL POSITION
The Office of Mission Support, Office of Acquisition Solutions (OMS/OAS) concurs with
Recommendations #1 and #4 as outlined in the Office of Inspector General's draft report. OMS/OAS
does not fully agree with Recommendations #2 and #3 and has provided explanations with proposed
alternative approaches with corrective actions to address both recommendations.
QMS RESPONSE TO REPORT RECOMMENDATION
Response to Draft Report entitled, "EPA Needs to Strengthen Its Purchase Card
Approval Process," Project No. OA&E-FY20-0178 dated, August 5,2021
Witchonc	Digitally signed by
nilOl I CI lo,	Hitchens, Lynnann
Lynnann Hitchens, Acting Principal Deputy Assistant Administration nan n
Kliadija Walker, Director
Business Operations Audit Directorate
Office of Inspector General
21-P-0242
20

-------
Agreements
No.
Recommendation
High-Level Intended Corrective Actions
Estimated
Completion
1
Require annual training for all
cardholders and approving officials
on targeted purchase card and
convenience check requirements,
based on findings in audits and
reviews, including those regarding
closer scrutiny; restricted
transactions; required resources;
and prohibited transactions.
OAS will conduct targeted training sessions
that focus on corrective actions related to
internal/external audit findings regarding
restricted transactions, required resources,
and prohibited transactions. Targeted
cardholder training sessions will be
conducted, at a minimum, on an annual
basis.
January 31,
2022
4
Require the purchase card team to
identify and use CitiManager
management reports that will help
provide oversight of the program.
Update all relevant policies and
procedures to reflect this
requirement.
The OAS Purchase Card Team will enhance its
knowledge and expertise in CitiManager
reporting capabilities and make better use of
those reporting capabilities in performing
purchase card transaction management and
oversight. OAS will update all relevant
policies and procedures to reflect this
requirement.
January 31,
2022
Disagreements
No.
Recommendation
Agency Explanation/Response
Proposed
Alternative
2
Provide CitiManager training and
support to cardholders, approving
officials, and the purchase card
team that will establish the
expectation that they use and
enable them to effectively use
CitiManager for the
documentation, justification,
approval, and cost allocation of
purchases.
The Agency has decided that the Purchase
Card Order Request System (PCORS) will
be the purchase card system that will be
used to document, justify, and approve
purchase card transactions. Due to system
development issues, PCORS has not been
fully deployed Agency-wide. Until
deployment is complete, the Agency will
use both PCORS and CitiManager. Agency
cardholders and approvers are still in the
process of being fully trained on how to
maintain documentation, justifications, and
approvals in both systems, and additional
PCORS training sessions have been
scheduled for 2021. Once PCORS
deployment is complete, it will be the
single system for this purpose for the
Agency. Please note that cost allocation
occurs in the Agency's financial system.
Beginning in
CY 2022,
OAS will
provide
periodic status
updates to the
OIG regarding
the full
deployment of
PCORS.
Planned
Completion
Date: June 30,
2022
3
Require cardholders and approving
officials who have completed the
training in Recommendation 2 to
maintain approvals and purchase
In accordance with the Agency's decision as
described under Recommendation #2, upon
full deployment of PCORS, OMS/OAS will
update all relevant policies and procedures to
Beginning in
CY 2022, OAS
will provide
periodic
21-P-0242
21

-------
No.
Recommendation
Agency Explanation/Response
Proposed
Alternative

documentation in CitiManager.
reflect the requirement to document, justify,
status updates

Update all relevant policies and
and approve purchase card transactions in
to the OIG

procedures to reflect this
this system.
regarding the

requirement.

full



deployment



of PCORS.



Planned



Completion



Date: June 31,



2022
If you have any questions regarding this response, please contact Mitch Hauser, Audit Follow-up
Coordinator, of the Office of Resources and Business Operations, (202) 564-7636 or
hauser.mitchell@epa.gov.
Cc: Catherine Allen
LaTanya Furdge
Gabriel Porras-Sanchez
Kimberly Patrick
Pamela Legare
Celia Vaughn
Dan Coogan
Jan Jablonski
Marilyn Armstrong
Mitchell Hauser
Andrew LeBlanc
Jose Kercado
21-P-0242
22

-------
Appendix E
Distribution
The Administrator
Deputy Administrator
Chief of Staff, Office of the Administrator
Deputy Chief of Staff, Office of the Administrator
Agency Follow-Up Official (the CFO)
Assistant Administrator for Mission Support
Agency Follow-Up Coordinator
General Counsel
Associate Administrator for Congressional and Intergovernmental Relations
Associate Administrator for Public Affairs
Principal Deputy Assistant Administrator for Mission Support
Associate Deputy Assistant Administrator for Mission Support
Deputy Assistant Administrator for Administration and Resources Management, Office of
Mission Support
Director, Office of Continuous Improvement, Office of the Chief Financial Officer
Director, Office of Acquisition Solutions, Office of Mission Support
Director, Office of Resources and Business Operations, Office of Mission Support
Deputy Director, Office of Acquisition Solutions, Office of Mission Support
Audit Follow-Up Coordinator, Office of the Administrator
Audit Follow-Up Coordinator, Office of Mission Support
Audit Liaison, Office of Acquisition Solutions, Office of Mission Support
21-P-0242
23

-------