Key Internal Controls Were Ineffective
Overall Results of Transaction-Based Internal Control Testing
From July 1, 2005, through June 30, 2006, GSA reported that federal agencies purchased over $17 billion of goods and services using government purchase cards.23 Our analysis of transaction data provided by the five banks found that micropurchases represented 97 percent of purchase card transactions and accounted for almost 57 percent of the dollars expended. Using purchase cards for acquisitions and payments over the micropurchase limit of $2,500 represented about 3 percent of purchase transactions and accounted for more than 44 percent of the dollars spent from July 1, 2005, through June 30, 2006.
Internal control weaknesses in agency purchase card programs exposed the federal government to fraudulent, improper, and abusive purchases and loss of assets. Our statistical testing of two key transaction-level controls over purchase card transactions over $50 from July 1, 2005, through June 30, 2006, found that both controls were ineffective. In aggregate, we estimated that 41 percent of purchase card transactions were not properly authorized or purchased goods or services were not properly received by an independent party (independent receipt and acceptance). We also estimated that 48 percent of purchases over the micropurchase threshold were either not properly authorized or independently received. Further, we found that agencies could not provide evidence that they had possession of, or could otherwise account for, 458 of 1,058 accountable and pilferable items.
According to Standards for Internal Control in the Federal Government, internal control activities help ensure that management’s directives are carried out. The control activities should be effective and efficient in accomplishing the agency’s control objectives and should occur at all levels and functions of an agency. The controls include a wide range of activities, such as approvals, authorizations, verifications, reconciliations, performance reviews, and the production of records and documentation.
For this audit, we tested those control activities that we considered to be key in creating a system that prevents and detects fraudulent, improper, and abusive purchase card activity. To this end, we tested whether (1) cardholders were properly authorized to make their purchases and (2)
23The $17 billion in GSA purchase card data also includes purchases by federal agencies outside the scope of our audit and purchase transactions less than $50.
GAO-08-333 Governmentwide Purchase Cards