The CSB Needs to Improve
Controls over Its Charge
Card Program and Comply
with Federal
Requirements
October 4, 2023 | Report No. 24-P-0001
1234 St>7fl
-------�
Report Contributors
Sabrina Berry
Clayton Sparrow
Gloria Taylor-Upshaw
Khadija Walker
Abbreviations
BFS Bureau of the Fiscal Service
CSB U.S. Chemical Safety and Hazard Investigation Board
EPA U.S. Environmental Protection Agency
FY Fiscal Year
OIG Office of Inspector General
OMB Office of Management and Budget
Pub. L. Public Law
Cover Image
Image of a government charge card with a banner that lists Appendix B of Office of Management and
Budget Circular No. A-123, Management's Responsibility for Enterprise Risk Management and Internal
Control. Appendix B details federal requirements for charge cards. (EPA OIG image)
Are you aware of fraud, waste, or abuse in a
CSB program?
EPA Inspector General Hotline
1200 Pennsylvania Avenue, NW (2431T)
Washington, D.C. 20460
(888) 546-8740
(202) 566-2599 (fax)
OIG.Hotline@epa.qov
Learn more about our OIG Hotline.
EPA Office of Inspector General
1200 Pennsylvania Avenue, NW (2410T)
Washington, D.C. 20460
(202) 566-2391
www.epaoiq.gov
Subscribe to our Email Updates.
Follow us on X (formerly Twitter) @EPAoiq.
Send us your Project Suggestions.
-------�
24-P-0001
October 4, 2023
At a Glance
The CSB Needs to Improve Controls over Its Charge Card Program
and Comply with Federal Requirements
Why We Did This Audit
To accomplish this objective:
The U.S. Environmental Protection
Agency Office of Inspector General
conducted this audit, pursuant to the
Government Charge Card Abuse
Prevention Act of 2012, to assess the
effectiveness of the U.S. Chemical
Safety and Hazard Investigation
Board's oversight of its fiscal year 2022
charge card program and the risk of
any illegal, improper, or erroneous
purchases and payments.
On August 27, 2019, the Office of
Management and Budget revised its
Circular A-123, Appendix B, to
consolidate governmentwide charge
card program management
requirements. Appendix B also
establishes standard minimum
requirements and best practices for
government charge card programs.
The Government Charge Card Abuse
Prevention Act of 2012 requires each
agency's OIG to conduct periodic
assessments of the agency charge
card program to identify and analyze
risks of illegal, improper, or erroneous
purchases and payments.
In fiscal year 2022, the CSB made
283 charge card transactions
amounting to more than $333,000.
To support this CSB mission-related
effort:
• Creating and maintaining an
engaged, high-performing
workforce.
Address inquiries to our public
affairs office at (202) 566-2391 or
OIG.PublicAffairs@epa.gov.
What We Found
While we determined that the CSB's risk for illegal, improper, or erroneous purchases and
payments is low, we identified deficiencies the CSB needs to address to ensure that it meets
the requirements outlined in Appendix B, "A Risk Management Framework for Government
Charge Card Programs," to Office of Management and Budget, orOMB, Circular A-123,
Management's Responsibility for Enterprise Risk Management and Internal Control.
In fiscal year 2022, the CSB did not (1) adequately address the required elements in its
charge card management plan and risk profile, (2) have guidance regarding charge
cardholders' use of third-party payment providers, (3) monitor whether charge card program
staff completed all required training and whether completions were timely, and (4) provide
charge card program staff its written guidance addressing charge card sales tax and all
necessary file documentation until FY 2023.
Also, in FY 2022, the CSB had an interagency agreement with the Department of the
Treasury's Bureau of the Fiscal Service, or BFS, to support its procurement and
financial-management services for charge cards. The CSB's charge card management plan
states that the CSB follows the BFS's guidance; however, the OMB requires agencies to
establish and monitor controls to provide assurance of proper charge card use. The CSB
inappropriately relied on the BFS for certain charge card program operations; as a result, it
missed training deadlines and did not meet requirements contained in OMB Circular A-123,
Appendix B. Further, written guidance that the CSB issued in FY 2023 for its charge card
program did not address the charge card management plan, risk profile, or other areas that
need improvement, which demonstrates the CSB's insufficient oversight. If the CSB does not
improve its efforts to meet Appendix B requirements, deficiencies in its operations and
noncompliance with program requirements could increase the CSB's risk for unauthorized
purchases and improper payments.
If the CSB does not improve its efforts to meet the charge card program
requirements, it could lead to deficiencies in the CSB's charge card
operations and continued noncompliance with program requirements.
Recommendations and Planned Agency Corrective Actions
We recommend that the CSB chairperson ensure that the CSB update its charge card
management plan and risk profile to include all the required elements; update its CSB
Government Purchase Card Guidance, dated October 2022, to include instructions for using
third-party payment providers and requirements for monitoring the completion of all required
charge card training courses; and require training on and compliance with its updated
guidance to ensure that the CSB complies with Appendix B to OMB Circular A-123.
The CSB agreed with our four recommendations. For Recommendations 1 through 4 the
CSB provided us with supporting documentation to complete its corrective actions;
therefore, we consider the recommendations resolved and corrective actions complete.
List of OIG reports.
-------�
U.S. ENVIRONMENTAL PROTECTION AGENCY
OFFICE OF INSPECTOR GENERAL
October 4, 2023
Steve Owens
Chairperson
U.S. Chemical Safety and Hazard Investigation Board
1750 Pennsylvania Avenue NW, Suite 910
Washington, D.C. 20006
Dear Mr. Owens:
This is our report on the subject audit conducted by the U.S. Environmental Protection Agency Office of
Inspector General. The project number for this audit was QA-FY23-0040. This report contains findings
that describe the problems the OIG has identified and corrective actions the OIG recommends. Final
determinations on matters in this report will be made by CSB managers in accordance with established
audit resolution procedures.
The U.S. Chemical Safety and Hazard Investigation Board is responsible for the issues discussed in this
report.
Your Board provided acceptable planned corrective actions and estimated completion dates in response
to OIG recommendations. All recommendations are complete, and no final response to this report is
required. If you submit a response, however, it will be posted on the OIG's website, along with our
memorandum commenting on your response. Your response should be provided as an Adobe PDF file
that complies with the accessibility requirements of section 508 of the Rehabilitation Act of 1973, as
amended. The final response should not contain data that you do not want to be released to the public; if
your response contains such data, you should identify the data for redaction or removal along with
corresponding justification.
We will post this report to our website at www.epaoig.gov.
Sincerely,
Sean W. O'Donnell
To report potential fraud, waste, abuse, misconduct, or mismanagement, contact the OIG Hotline at (888) 546-8740 or OIG.Hotline@epa.gov.
-------�
Table of Contents
Purpose 1
Background 1
The Federal Requirements for Agency Charge Card Programs 1
The CSB Charge Card Program and Process 1
OMB Circular A-123, Appendix B, Outlines Charge Card Program Requirements 2
Responsible Offices 3
Scope and Methodology 4
Prior Reports 4
Results 5
The OIG Assessed the CSB's Risk for Unauthorized Purchases and Payments to Be Low 5
The CSB Needs to Improve Oversight of Its Charge Card Program 6
The CSB Needs to Improve Written Guidance for Key Program Operations 9
Conclusions 9
Recommendations 10
CSB Response and OIG Assessment 10
Status of Recommendations 12
A Agency Response to Draft Report 13
B Distribution 15
24-P-0001 i
-------�
Purpose
The U.S. Environmental Protection Agency Office of Inspector General initiated this audit to assess the
effectiveness of the U.S. Chemical Safety and Hazard Investigation Board's oversight of its fiscal
year 2022 charge card program and the risk of any illegal, improper, or erroneous purchases and
payments.
Background
The Federal Requirements for Agency Charge Card Programs
The Government Charge Card Abuse Prevention Act of 2012, Pub. L. 112-194, requires all executive
branch agencies to establish and maintain safeguards and internal controls to prevent waste, fraud, and
abuse of government charge cards and centrally billed accounts. The Act also requires each agency's OIG
to conduct periodic assessments of the agency's charge card program to identify and analyze risks of
illegal, improper, or erroneous purchases and payments in order to develop a plan for using such risk
assessments to determine the scope, frequency, and number of periodic audits of charge card or
convenience check transactions.
The CSB Charge Card Program and Process
For FY 2022, the CSB entered into an interagency agreement with the U.S. Department of the
Treasury's Bureau of the Fiscal Service, or BFS, for procurement and financial-management services.
These services included invoice processing and monthly reconciliations. The CSB worked with the BFS to
ensure that all transactions were legitimate and to confirm that all charge cardholders' transactions fully
complied with applicable federal laws and regulations. According to the interagency agreement, the BFS
also provided technical support and guidance to the CSB. However, the CSB was required to retain full
responsibility for the charge card program and the identification of any additional Board-specific internal
requirements related to the program.
In FY 2022, the CSB's charge card program staff included two program coordinators who served for
different parts of the calendar year. One of these coordinators had been with the CSB for less than one
year and was new to the CSB charge card program. The CSB coordinators' responsibilities include
establishing policies, procedures, and training requirements for the charge card program.
The CSB also had two charge card approving officials, one of whom had been with the CSB for more than
ten years and provided institutional knowledge to staff within the charge card program. The approving
officials' responsibilities include providing oversight to the charge cardholders, reviewing and approving
cardholder statements for authorized purchases, and ensuring purchase documentation is complete.
In FY 2022, the CSB had six charge cardholders who were authorized to manage charge card purchases
to support the CSB's mission. The CSB's charge cardholders are responsible for ensuring the correct
receipt of goods or services purchased. The CSB also requires cardholders to contact the vendor to
24-P-0001
1
-------�
correct any discrepancies. A written delegation memorandum from the CSB chairperson or the
chairperson's delegate provides authority to each cardholder to negotiate and execute charge card
purchases to support the CSB's mission.
The CSB's charge card process involves the requestor submitting a purchase request to the supervisor or
charge cardholder for approval. The cardholder then submits the request to the managing director or
the delegated approver for funding approval before executing the purchase with the chosen vendor. The
charge cardholder must obtain any pertinent vendor information and consolidate all supporting
documentation into an electronic file. At the end of each month, the charge cardholder forwards the
documentation to the program coordinator for review before submitting it to the approving official for
final review and approval. The approving official confirms that each charge card transaction has the
proper supporting documentation for processing. The approving official will request any needed
additional supporting documentation from the charge cardholder. To conclude the process, the
approving official reviews, approves, and certifies the charge card statement for the purchases through
the charge card bank's website for processing.
In FY 2023, the CSB issued the CSB Government Purchase Card Guidance, dated October 2022, to
establish instructions for requestors, cardholders, and charge card managers. While the CSB's guidance
includes requirements for its charge card program and cardholder, it does not address some of the
deficiencies identified in this report.
OMB Circular A-123, Appendix B, Outlines Charge Card Program Requirements
OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control,
Appendix B, "A Risk Management Framework for Government Charge Card Programs," states that each
agency must develop policies that are consistent with Appendix B requirements. Maintaining a charge
card management plan is important because the establishment of written, formal policies and
procedures is critical to ensure that agencies follow a system of internal controls and to minimize the
potential for fraud, misuse, and delinquency. Table 1 details the elements that are required for inclusion
in an agency's charge card management plan per Appendix B to OMB Circular A-123.
Table 1: The ten required elements listed in Chapter 3 of Appendix B to OMB Circular A-123 for an
agency's charge card management plan
Number Required element
1 "Identification of key management officials and their responsibilities for each business line (purchase,
travel, fleet, integrated, etc.);"
2 "Establishment of a process for written appointment of purchase and integrated (purchase business
line) card holders per FAR [Federal Acquisition Regulation]-1,603-3(b). Written appointment for other
business lines should be included if required by agency policy;"
3 "Implementation of a process to ensure the credit worthiness of new charge card applicants consistent
with Chapter 6 - Credit Worthiness for Individually Billed Accounts (IBA)s of this Guidance;"
4 "Description of agency training requirements (consistent with and/or in addition to the training
requirements of this Guidance);"
5 "Management controls, policies, and practices for ensuring appropriate charge card and convenience
check use and oversight of fraud, misuse, and delinquency;"
24-P-0001
2
-------�
1 Number
I Required element I
6
"Establishment of appropriate authorization controls;"
7
"Acknowledgement of agency policies and practices developed to ensure appropriate consideration by
cardholders of category management, Acquisition Gateway, and strategic sourcing arrangements
consistent with Chapter 8 - Category Management & Strategic Sourcing of this Guidance;"
8
"Explanation of how available reports and data are used for monitoring delinquency, misuse,
performance metrics, spend analysis, and other relevant transactions and program management
issues;"
9
"Documentation and record retention requirements consistent with NARA [National Archives and
Records Administration] and Agency specific policies; and"
10 "Policies for the closure or transfer of charge cards and maintenance of other documentation when
employees terminate employment, and if applicable, when an employee moves to a different
organization."
Source: OMB Circular A-123, Appendix B. (EPA OIG table)
OMB Circular A-123 states that agencies must maintain a risk profile to provide an analysis of the risks
that an agency faces in achieving it strategic objectives. OMB Circular A-123 also states that, while
agencies have discretion on the appropriate content and format, their risk profiles should include
seven components: identification of objectives, identification of risk, inherent risk assessment, current
risk response, residual risk assessment, proposed risk response, and proposed action category.
Appendix B to OMB Circular A-123 states that each agency is responsible for implementing management
practices that identify, assess, respond to, and report on risks. The requirements also state that agencies
must annually develop a risk profile that they coordinate with their annual strategic reviews. Appendix B
provides an example of a charge card risk profile for agencies to follow.
For third-party payments, Appendix B states that each agency must develop and issue guidance
regarding the use of third-party payment providers. An agency's guidance must include criteria to
determine when the agency authorizes transactions using third-party payment providers and what
cardholder documentation is required to demonstrate that other vendors or payment options were
considered for the transactions.
Appendix B states that each agency must provide training on charge card management that is consistent
with the requirements of Chapter 4, "Training," of the appendix. Proper training is vital to the integrity
of a charge card program. Training is required so that charge card managers and cardholders understand
their roles and responsibilities for the effective implementation of the charge card programs. Training
also ensures that charge card managers and cardholders are aware of relevant changes to charge card
program management requirements.
Responsible Offices
The Clean Air Act Amendments of 1990 established the CSB, which became operational in 1998. The CSB
is an independent federal agency charged with investigating industrial chemical incidents and hazards.
The CSB has its headquarters in Washington, D.C.; however, the CSB also has employees working
throughout the continental United States.
24-P-0001
3
-------�
In its Performance and Accountability Report, as of September 30, 2022, the CSB noted it had a
professional staff of only 29, with vacancies in several staff positions. The CSB's vision is a nation safe
from chemical disasters, and its mission is to drive chemical safety change through independent
investigations to protect people and the environment.
According to EPAOIG Report No. 23-F-001. Contractor-Produced Report: U.S. Chemical Safety and
Hazard Investigation Board Fiscal Years 2022 and 2021 Financial Statement Audit, for FY 2022, the CSB's
appropriation was $13.4 million. The CSB made 283 charge card transactions amounting to over
$333,000. The CSB's Office of Financial Operations had two staff members and a director who reported
to the acting director of Administration. The Administration Office manages the charge card program
and is also responsible for human resources and information technology within the CSB.
Scope and Methodology
We conducted this performance audit from November 2022 to August 2023 in accordance with
generally accepted government auditing standards. Those standards require that we plan and perform
the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and
conclusions based on our audit objective. We believe that the evidence obtained provides a reasonable
basis for our findings and conclusions based on our audit objective.
We assessed the internal controls necessary to satisfy our audit objective. In particular, we assessed the
internal control components—as outlined in the U.S. Government Accountability Office's Standards for
Internal Control in the Federal Government—significant to our audit objective. Any internal control
deficiencies we found are discussed in this report. Because our audit was limited to the internal control
components deemed significant to our audit objective, it may not have disclosed all internal control
deficiencies that may have existed at the time of the audit.
We performed a risk assessment by establishing criteria for risks, such as program size and unauthorized
purchases. We performed the risk assessment to help the OIG determine the scope, frequency, and
number of periodic audits of charge card or convenience check transactions to be conducted in the
future. We rated the criteria for both risk and compliance based on our analysis of charge card program
operations and internal controls. For FY 2022, the CSB did not conduct any transactions using
convenience checks in its charge card program. To answer our audit objective, we reviewed relevant
federal laws, regulations, and policies applicable to the management of government charge card
programs, as well as the CSB's internal policies and procedures. We also interviewed key management
officials and staff within the charge card program, tested a sample of five transactions, and reviewed
documentation related to these transactions.
Prior Reports
In FY 2018, we conducted a risk assessment of the CSB's charge card program. We issued EPA OIG Report
No. 18-P-0218, CSB Purchase Card Program at Low Risk for Unauthorized Purchases. We assessed the
24-P-0001
4
-------�
CSB's charge card program as low risk for unauthorized purchases. We made no recommendations in
the report.
In FY 2019, we conducted a risk assessment of the CSB's charge card program. We issued EPA OIG
Report No. 19-P-0245, Chemical Safety Board Purchase Card Program at Low Risk for Unauthorized
Purchases During Fiscal Year 2018. We assessed the CSB's charge card program as low risk for
unauthorized purchases. We made no recommendations in the report.
Results
We performed an audit, in conjunction with a risk assessment, to identify and analyze the risk of illegal,
improper, or erroneous purchases and payments by the CSB charge cardholders. We assessed the
CSB's risk of illegal, improper, or erroneous purchases and payments to be low. However, the
CSB's charge card program needs improvements to ensure that it meets the requirements of Appendix B
to OMB Circular A-123. Specifically, in FY 2022, the CSB did not (1) adequately address required
elements in its charge card management plan and risk profile, (2) provide guidance regarding charge
cardholders' use of third-party payment providers, (3) monitor whether charge card program staff
completed all required training and whether completions were timely, and (4) provide charge card
program staff its written guidance addressing charge card sales tax and all necessary file documentation
until FY 2023.
Even though the CSB processed charge card transactions in FY 2022, it relied on the interagency
agreement with the BFS to manage various aspects of its charge card program. Additionally, the CSB
used verbal communication and institutional knowledge to manage many of its charge card program
operations. While the CSB's FY 2022 interagency agreement with the BFS was for procurement and
financial-management activities related to accounting, the CSB was responsible for following the
requirements of Appendix B to OMB Circular A-123. Because the CSB is ultimately responsible for
oversight of its charge card program, its program staff should support the CSB's institutional knowledge
with official written guidance. If the CSB does not improve its efforts to meet the charge card program
requirements outlined in Appendix B to OMB Circular A-123, deficiencies in its operations and
noncompliance with the charge card program's requirements could increase the CSB's risk for
unauthorized purchases and improper payments.
The OIG Assessed the CSB's Risk for Unauthorized Purchases and Payments to
Be Low
Pursuant to the Government Charge Card Abuse Prevention Act of 2012 requirement that the inspector
general of each executive agency conduct periodic risk assessments of agency charge card or
convenience check programs, we performed a risk assessment and determined that the CSB's risk for
illegal, improper, or erroneous purchases and payments under its charge card program was low. The
purpose of the risk assessment was to identify and analyze the risk of illegal, improper, or erroneous
purchases and payments. The assessment will also help the OIG to determine the scope, frequency, and
number of periodic audits of charge card or convenience check transactions to be conducted in the
24-P-0001
5
-------�
future. For our risk assessment, we considered the risk factors listed in Table 2. We scored each factor
with a risk rating of high, medium, or low.
Table 2: Summary of risk assessment results for the CSB charge card program
Program size: Percentage of agency's budgetary resources Low
Unauthorized and erroneous purchases Low
Noncompliance with charge card requirements Medium
Training certificate issues Medium
Improper delegation of authority Low
Incomplete or insufficient charge card management plan and risk profile Medium
Summary risk assessment (average) Low*
Source: OIG analysis of risk assessment factors. (EPA OIG table)
* We did not identify any unauthorized purchases in our sample testing, which supports our conclusion
that the CSB is at low risk of illegal, improper, or erroneous purchases and payments.
We identified deficiencies related to the CSB's oversight of the charge card program, which we discuss in
this report. We did not identify any unauthorized purchases in our sample testing, which supports our
conclusion that the CSB's risk of illegal, improper, or erroneous purchases and payments is low. Our
determination that the CSB's charge card program is at low risk for any illegal, improper, or erroneous
purchases and payments should not be interpreted to mean that the program is free from such
purchases and payments or that the risk will remain unchanged.
Based on the deficiencies we identified in this audit and our low-risk determination and in accordance
with the Government Charge Card Abuse Prevention Act of 2012, the OIG will continue to conduct
periodic assessments as required. We will also, within the next three years as priorities allow, perform
analyses or audits of the CSB's charge card program.
The CSB Needs to Improve Oversight of Its Charge Card Program
The CSB's charge card program needs improvements to align with the requirements of Appendix B to
OMB Circular A-123. Specifically, we found that in FY 2022 the CSB did not (1) adequately address all
required elements in its charge card management plan and risk profile (2) have guidance regarding
charge cardholders' use of third-party payment providers, and (3) monitor whether charge card program
staff completed all required training and whether completions were timely. Further, the CSB did not
provide adequate written guidance addressing sales tax and file documentation until FY 2023.
The CSB Did Not Adequately Address All Required Elements in Its Charge Card
Management Plan and Risk Profile
The CSB's charge card management plan and risk profile were not consistent with the requirements of
Appendix B to OMB Circular A-123 for FY 2022. The CSB program officials did not adhere to the
requirements of Appendix B and instead relied on staff's institutional knowledge. The CSB inadequately
addressed the ten management plan elements in Appendix B. For example, the CSB's management plan
24-P-0001
6
-------�
did not include all key management officials related to the program, the CSB's written process for
appointment of charge cardholders, or a full description of training requirements. In addition, two
program coordinators within the program were not aware that the CSB had a charge card management
plan. The CSB needs to update its charge card management plan to be consistent with Appendix B
requirements and inform the CSB charge card program staff about the plan.
The CSB's risk profile for its charge card program did not address three of the seven components
required by OMB Circular A-123. The CSB's risk profile included a general discussion of risks but it lacked
the required components in OMB Circular A-123. We found that content related to components, such as
residual risk, proposed risk response, and proposed action category, was missing from the CSB's profile,
and no discussion was included to demonstrate that the CSB considered these components.
OMB Circular A-123 allows for agencies to choose their risk profiles' content and format; however, all
risk profiles should include the seven required components. If the CSB does not update its charge card
risk profile to include all seven of the components in OMB Circular A-123, the CSB may not be aware of
the risks it faces in achieving its charge card program objectives.
The CSB Did Not Have Guidance Regarding Cardholders' Use of Third-Party
Payment Providers
The CSB lacks written guidance that addresses the use of charge cards with third-party payment
providers. As a result, a cardholder used a personal email account to create and use a third-party
payment provider account for CSB purchases. The CSB charge card staff members we interviewed stated
that they relied on BFS guidance on how to handle third-party payment providers. Without charge card
program written guidance or increased controls for third-party payment providers, the CSB's charge
card program is susceptible to improper payments. Appendix B states that each agency must develop
and issue guidance that provides the criteria for when the agency authorizes the use of a third-party
payment provider for a transaction and details the relevant cardholder documentation that is required
to demonstrate that the charge cardholder considered other vendors or payment options for the
transaction. Charge card managers must educate cardholders on agency-specific policies relating to the
use and risks of using third-party payment providers. If the CSB does not update its FY 2023 guidance to
include instructions for and controls over the use of third-party payment providers for authorized
transactions, the CSB could increase its risk for improper charges.
The CSB Did Not Monitor Whether Charge Card Program Training Was Completed and
Was Timely
The CSB did not adequately monitor whether staff received the appropriate training or whether training
was completed in a timely manner as required. For example, one charge card approving official had not
taken refresher training within the three-year requirement. The CSB relied on the BFS to remind it of
needed training instead of tracking its training needs. In one case, the BFS sent a reminder about the
required refresher training after it was due. In another example, key management officials had not
taken required data analytics training. While the BFS sent reminders for refresher training and the CSB
24-P-0001
7
-------�
asked staff about the status of training, these efforts were not sufficient to ensure that staff completed
the required training in a timely manner. Appendix B states that program participants must take
refresher training in accordance with agency policy but, at a minimum, every three years. In addition,
Appendix B outlines specific training requirements for each type of charge card program and charge card
role. For example, the role of agency organization program coordinator has minimum training
requirements that include cardholder and approving official responsibilities; procedures for identifying
and reporting fraud, misuse, and delinquency; control and oversight tools and techniques; and data
analytics tools, techniques, and reports. By not monitoring its training, the CSB risks charge card
program staff not being aware of the CSB's requirements for completing the required charge card
training.
The CSB Did Not Have Documentation to Adequately Address Sales Tax and File
Documentation Deficiencies Until FY 2023
The CSB developed in early FY 2023, written guidance, the CSB Government Purchase Card Guidance,
hereafter referred to as the CSB Guidance, which includes instructions for addressing sales tax charges
on cardholder purchases. This CSB Guidance was not in place for the FY 2022 purchases that we
reviewed for this audit. OMB Circular A-123, Appendix B, states that centrally billed account charge
cards are directly billed to the federal government and are exempt from sales tax in every state. For its
FY 2022 transactions, the CSB reported more than $800 in sales tax improper payments that it could not
recover. Charge cardholders have access to sales tax exemption forms that they can provide to vendors
during the initial research and negotiation of purchases. However, not all vendors honor the sales tax
exemption for the federal government. The CSB issued the CSB Guidance to establish instructions for
requestors, cardholders, and charge card managers. The CSB Guidance requires charge cardholders to
ensure that vendors do not include any taxes in the cardholders' purchases.
The CSB did not always maintain complete file documentation in support of its charge card transactions.
For example, the CSB's charge cardholders did not always include proof of service provided or goods
received in their supporting documentation for the charge card transactions that we reviewed.
Appendix B to OMB Circular A-123 states that agency policy should require cardholder "self-generated
purchases" to have independent receipt and acceptance by an employee other than the charge
cardholder. If, in extenuating circumstances, this is not possible, the charge cardholder should document
the reason that the receipt and acceptance were not included in the charge card file. The CSB Guidance
requires charge cardholders to save any proof of the receipt for service or items.
The CSB Guidance addressed some of our FY 2022 findings, including sales tax and file documentation
requirements. As a result, we are not making any recommendations related to these findings. However,
the CSB Guidance does not address all the deficiencies discussed in this report, such as the CSB's charge
card management plan, risk profile, use of third-party payment providers, and monitoring of training for
charge cardholders.
24-P-0001
8
-------�
The CSB Needs to Improve Written Guidance for Key Program Operations
The CSB needs to improve its written guidance, the CSB Guidance, to address updates made to its charge
card management plan and risk profile. It also needs to provide guidance for third-party payment
providers and requirements for monitoring required training. The deficiencies related to these
recommendations occurred because the CSB primarily relied on its interagency agreement with the BFS,
institutional knowledge, and verbal communication to manage various aspects of its program
operations. For example, the CSB charge card staff members we interviewed stated that they relied on
BFS email notifications for training reminders and guidance on how to handle third-party payment
providers. In addition, deficiencies in the CSB's charge card management plan and risk profile occurred
because program officials did not adhere to the requirements of Appendix B and instead relied on staffs
institutional knowledge. The CSB also used verbal communication and institutional knowledge to convey
what actions cardholders were to take when negotiating and executing charge card purchases. Charge
card program coordinators told us that they consulted the approving official who possessed the
knowledge that they sought when they needed to know what steps to take regarding various aspects of
the charge card program. The Agency organization program coordinators added that the CSB verbally
communicated institutional knowledge related to the charge card program and processes. One charge
cardholder told us that the cardholder would ask program leads when the cardholder had questions
about what to do. OMB Circular A-123, Appendix B, requires agencies to establish and monitor controls
that provide annual assurance of proper charge card use. The two CSB program coordinators within the
charge card program stated they were not aware of this guidance.
Conclusions
If the CSB does not improve its efforts to meet the charge card program requirements, deficiencies in
the CSB's charge card operations and noncompliance with charge card program requirements could
increase the CSB's risk for unauthorized purchases and improper payments. The GAO's Standards for
Internal Control in the Federal Government states that management is responsible for designing the
policies and procedures that fit an entity's circumstances and making them an integral part of the
entity's operations. Without improvements in its charge card program, the CSB is at risk of having
ineffective controls that could adversely affect its charge card program and potentially result in fraud,
waste, and abuse of charge cards.
Although we assessed the CSB's risk of unauthorized purchases as low, the CSB should improve its
oversight and management of the charge card program by strengthening controls related to formal
guidance and monitoring and fully complying with federal requirements. In FY 2023, the CSB issued
internal guidance, the CSB Guidance, for its charge card program. The CSB Guidance addressed our
findings relating to vendors charging sales taxes and cardholders providing file documentation for proof
of purchase; however, the CSB needs to update the CSB Guidance to address the use of third-party
payment providers and the monitoring of staff training. In addition, the CSB needs to update both its
charge card management plan and risk profile to meet the requirements of Appendix B to OMB Circular
A-123.
24-P-0001
9
-------�
While the CSB has demonstrated its attention to improvement by issuing the CSB Guidance for its charge
card program, it should take additional measures to address gaps in operations and adherence to
applicable requirements. By implementing controls related to our findings, the CSB can further reduce
the risk of adverse effects on the program and fraud and misuse of charge cards.
Recommendations
We recommend that the chairperson of the Chemical Safety and Hazard Investigation Board:
1. Update the CSB's charge card management plan to include the required elements listed in Office
of Management and Budget Circular A-123, Management's Responsibility for Enterprise Risk
Management and Internal Control, Appendix B, "A Risk Management Framework for
Government Charge Card Programs/' dated August 27, 2019. At a minimum, the charge card
management plan should include narratives for each element, be clear and fully explained, and
be available to all charge cardholders and program officials.
2. Update the CSB's risk profile to include all required components listed in Office of Management
and Budget Circular A-123 as the circular relates to the charge card program.
3. Update the CSB Government Purchase Card Guidance, dated October 2022, to include:
a. Instructions for and controls over charge cardholders' use of third-party payment
providers for authorized transactions.
b. Requirements for monitoring the completion of all required charge card training courses
in accordance with the schedule in Appendix B to Office of Management and Budget
Circular A-123.
c. References to revisions of the charge card management plan and risk profile as detailed
in Recommendations 1 and 2.
4. Require training of and compliance with the updated CSB Government Purchase Card Guidance
to help ensure that the CSB is compliant with Appendix B to Office of Management and Budget
Circular A-123.
CSB Response and OIG Assessment
The CSB agreed with our recommendations and stated that it has taken steps to develop several internal
controls that address the CSB's compliance with its charge card program. Appendix A includes the CSB's
complete response to our draft report. In a separate email, the CSB provided its Purchase Card
Correction Action Plan, completed July 31, 2023; updated charge card management plan and risk profile;
training certificates; and charge card training presentation.
24-P-0001
10
-------�
For Recommendation 1, the CSB updated its charge card management plan to include all required
elements of Appendix B to Office of Management and Budget Circular A-123. For Recommendation 2,
the CSB updated its risk profile for its charge card program to include components for compliance with
the OMB Circular A-123. We believe that these corrective actions meet the intent of our
recommendations. Therefore, we consider Recommendations 1 and 2 complete.
For Recommendation 3, the CSB provided a copy of its updated CSB Government Purchase Card
Guidance, for FY 2023, to demonstrate that it had made the changes noted in our recommendation to
address third-party payment providers, monitoring of training, and references to its charge card
management plan and risk profile. We believe that the planned corrective actions meet the intent of our
recommendation. Therefore, we consider this recommendation complete.
For Recommendation 4, the CSB provided documentation of holding a training session on its purchase
card program on July 6, 2023. The CSB provided us with training certificates and a PowerPoint
presentation. The training documentation addressed the updated CSB guidance as requested in our
recommendation. We believe that the planned corrective actions meet the intent of our
recommendation. Therefore, we consider this recommendation complete.
24-P-0001
11
-------�
Status of Recommendations
Rec.
No.
Page
No.
Recommendation
Status*
Action Official
Planned
Completion
Date
1
10
Update the CSB's charge card management plan to include the
required elements listed in Office of Management and Budget
Circular A-123, Management's Responsibility for Enterprise Risk
Management and Internal Control, Appendix B, "A Risk
Management Framework for Government Charge Card
Programs," dated August 27, 2019. At a minimum, the charge
card management plan should include narratives for each
element, be clear and fully explained, and be available to all
charge cardholders and program officials.
C
Chairperson,
Chemical Safety and
Hazard Investigation Board
7/31/23
2
10
Update the CSB's risk profile to include all required components
listed in Office of Management and Budget Circular A-123,
Management's Responsibility for Enterprise Risk Management
and Internal Control, dated July 15, 2016, as it relates to the
charge card program.
C
Chairperson,
Chemical Safety and
Hazard Investigation Board
7/31/23
3
10
Update the CSB Government Purchase Card Guidance, dated
October 2022, to include:
a. Instructions for and controls over charge cardholders' use of
third-party payment providers for authorized transactions.
b. Requirements for monitoring the completion of all required
charge card training courses in accordance with the
schedule in Appendix B to Office of Management and
Budget Circular A-123.
c. References to revisions of the charge card management
plan and risk profile as detailed in Recommendations 1
and 2.
c
Chairperson,
Chemical Safety and
Hazard Investigation Board
9/25/23
4
10
Require training of and compliance with the updated CSB
Government Purchase Card Guidance, to help ensure that the
CSB is compliant with Appendix B to Office of Management and
Budget Circular A-123.
c
Chairperson, Chemical
Safety and Hazard
Investigation Board
9/25/23
* C = Corrective action completed.
R = Recommendation resolved with corrective action pending.
U = Recommendation unresolved with resolution efforts in progress.
24-P-0001
12
-------�
Appendix A
Agency Response to Draft Report
U.S. Chemical Safety and
Hazard Investigation Board
Steve Owens
Chairperson
Sylvia E. Johnson, Ph.D. Board Member
Catherine J.K. Sandoval
Board Member
August 28, 2023
Gloria Taylor-Upshaw Office of Audit
Office of Inspector General
U.S. Environmental Protection Agency
Washington, DC 20004
Dear Ms. Taylor-Upshaw:
Thank you for providing the Chemical Safety and Hazard Investigation Board (CSB) with the
Environmental Protection Agency Office of Inspector General (OIG) draft report entitled, The CSB
Needs to Improve controls over Its Charge Card Program and Comply with Federal Requirements
(Project No. OA-FY23- 0040), which addresses the effectiveness of the CSB's oversight of its fiscal year
2022 charge card program and the risk of any illegal, improper, or erroneous purchases and payments.
The CSB appreciates the opportunity to provide a response.
Although the OIG has determined that the CSB is at low risk of illegal, improper, or erroneous
purchases and payments, the OIG's report recommends that the CSB "update its charge card
management plan and risk profile to include all the required elements; update its Government
Purchase Card Guidance, dated October 2022, to include instructions for using third-party payment
providers and requirements for monitoring the completion of all required charge card training
courses; and require training on compliance with its updated guidance to ensure that the CSB
complies with Appendix B to OMB Circular A-123."
The CSB agrees with the OIG's recommendation and already has been taking the steps recommended
in the OIG's report. The CSB has developed several internal controls to ensure that the agency is in full
compliance with the charge card program.
In July 2023 the CSB updated the agency's charge card management plan to include the required
elements listed in the Office of Management and Budget Circular A-123, Appendix B, "A Risk
Management Framework for Government Charge Card Programs," dated August 27, 2019.
1750 Pennsylvania Avenue NW, Suite 910 | Washington, DC 20006
Phone: (202) 261-7600 | Fax: (202) 261-7650
www.csb.gov
24-P-0001
13
-------�
Additionally, in June 2023 the CSB updated its risk profile to include all required components listed in
OMB's Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal
Control, issued July 15, 2016, in relation to the charge card program.
Moreover, in July, the CSB updated the agency's internal Government Purchase Card Guidance, dated
October 2022, and the agency provided training to all employees who are Government Purchase Card
(GPC) holders, to ensure that the CSB is following the refreshed CSB Government Purchase Card
Guidance, instead of relying on institutional knowledge, and ensure that the CSB is compliant with
Appendix B to Office of Management and Budget Circular A-123.
Finally, the CSB's Office of Financial Operations will conduct annual refresher training for employees
who are GPC holders.
Sincerely,
Steve Owens
Chairperson
24-P-0001
14
-------�
Distribution
Chairperson, CSB
Senior Advisor and General Counsel, CSB
Board Members, CSB
EPAOIG Liaison, CSB
Director of Administration/Board Affairs, CSB
Information Technology Director/Chief Information Officer, CSB
24-P-0001
-------�
Whistleblower Protection
U.S. Environmental Protection Agency
The whistleblower protection coordinator's role
is to educate Agency employees about
prohibitions on retaliation and employees' rights
and remedies in cases of reprisal. For more
information, please visit the whistleblower
protection coordinator's webpage.
Contact us:
Congressional Inquiries: OIG.CongressionalAffairsffiepa.gov
Media Inquiries: OIG.PublicAffairs(5)epa.gov
EPA OIG Hotline: OIG.Hotline@epa.gov
¦jrg Web: epaoig.gov
Follow us:
^ X (formerly Twitter): (5)epaoig
Linkedln: llinkedin.com/company/epa-oig
YouTube: ~outube.com/epaoig
-------� |