the federal government spent nearly $18 billion using purchase cards. While the purchase card program has achieved significant savings, a program of this magnitude needs to focus on both preventive and detective controls to prevent fraud, waste, and abuse. In its response, GSA also pointed out that the new SmartPay® 2 contract should provide better management tools to agencies. However, the changes GSA identified in SmartPay® 2 were mostly related to data mining for fraud, waste, and abuse after a potentially fraudulent or improper transaction had taken place, but did not address the issues we raised in this report. As our previous work indicated, while detection can help reduce fraud, waste, and abuse, preventive controls are a more effective and less costly means to minimize fraud, waste, and abuse. The recommendations we made, to which GSA took exception, were meant to improve these up-front controls.
GSA also took exception to our methodology, arguing that we improperly failed items as part of our control testing. GSA argued that some unauthorized purchases were still appropriate purchases. We believe that this argument is flawed. Standards for Internal Control in the Federal Government states that transactions should be authorized and executed only by persons acting within the scope of their authority. In other words, authorization is the principal means of assuring that only valid transactions are initiated or entered into and, consequently, without authorization, adequate assurance does not exist that the items purchased were for authorized purposes only. Our statistical sampling was designed to test authorization control, and the results we reported reflected items that did not pass this attribute. Such attribute testing is a widely accepted and statistically valid methodology for internal control evaluations. GSA also stated that our report did not adequately address the areas of personal responsibility and managerial oversight. We disagree. We recommended that OMB require agencies to hold cardholders financially responsible for improper and wasteful purchases, and OMB agreed to implement our recommendations; we believe that this would contribute to holding cardholders accountable to management for their actions. Further, our past reports on purchase card management have always focused on managerial oversight. However, it is not feasible within the scope of a governmentwide audit to test managerial oversight at every government agency. Consequently, we focused on providing GSA, the manager of the governmentwide purchase card program, with recommendations that could contribute to improving management oversight at the agencies.
Finally, GSA disagreed with our characterization that travelers who did not reduce the per diem claimed on their travel voucher when dinners
GAO-08-333 Governmentwide Purchase Cards