In the latest of a long string of audits involving numerous agencies, an inspector general’s report on the IRS has found that agency employees have misused government-issued charge cards including making purchases without necessary approval, splitting purchases in order to keep amounts under certain reporting thresholds, and making purchases from improper sources. Following is an excerpt from the report.
Results of Review
While some controls were working as intended, overall management controls were not effective to ensure the appropriate use of IRS purchase cards. We found violations of applicable laws and regulations that included purchases made without necessary approvals and verification of funding, purchases that were potentially split into two or more transactions to circumvent micro-purchase limits, and purchases made from improper sources. In addition, the IRS did not have a policy to provide guidance for establishing an appropriate span of control over the number of purchase cardholders assigned to approving officials. We found that many individual approving officials are responsible for more than the recommended number of seven cardholders.  Until management controls are effectively strengthened, implemented, and enforced, the IRS will continue to be at risk for noncompliance with applicable laws and regulations for purchase cards, and the IRS cannot ensure that improper and abusive purchases do not occur. In addition, if such purchases do occur, the IRS cannot ensure the transactions are promptly detected and that appropriate corrective action is taken.
Our audit showed that the CCS Branch conducts quarterly oversight reviews of training to ensure that cardholders and approving officials receive required training before a purchase card is issued and refresher training is provided every 2 years. Our control assessment found that this control was working properly and that training had generally been completed as required. The IRS has also developed and maintained a system of internal controls for the purchase card program that are consistent and in conformance with FAR, Treasury Directives, and Office of Management and Budget (OMB) recommendations; however, many of these controls do not prevent purchase cards from being used when proper procedures are not followed. Instead, the primary control is the review and approval of the approving officials to ensure that proper procedures were followed only after purchases are made. The CCS Branch also evaluates compliance with purchase card operating guidance to detect and deter noncompliance. The approving official reviews and CCS Branch oversight reviews were not always effective in identifying noncompliance with purchase card policies and in changing cardholder behaviors.
Controls to Ensure That Funding is Verified and Available Prior to Purchase Are not Effective
IRS guidance  clearly states that the use of the purchase card to make purchases not approved, funded, and authorized by or in conformance with applicable IRS purchase card guidelines is an inappropriate use of the purchase card. The guidance also states that purchase cards should not be used under any circumstance without the necessary approval and a prior confirmation of the availability of funds to pay for the purchase. The IRS’s method of requesting and certifying the availability of funds is through the WebRTS. Before a cardholder places an order, a requisition must be submitted and approved as being an appropriate purchase. Once approved, a funding official will determine whether funds are available to be committed (set aside to cover the cost) to support the requisition. In addition, before a cardholder makes a purchase, a WebRTS Purchase Card Log (hereafter referred to as an order log) must be set up with the required information and must reference the number of the approved and funded requisition. Specifically, it is the responsibility of the cardholders and approving officials to prevent violations of the Anti-Deficiency Act  by ensuring that funding commitments/obligations for purchases are properly recorded and available in agency procurement systems and order logs are completed before goods and services are ordered.
We reviewed a statistically valid sample of 78 purchases made during the period September 1, 2007, through March 31, 2009. In 30 (38.5 percent) of the 78 transactions reviewed, purchases totaling $9,504 were made without creating the order log to verify and ensure approved funding was available.
Further review of the 30 purchases showed that although sufficient funding was available to support each of the transactions, these purchases were not made in conformance with applicable IRS purchase card guidelines regarding funding approval and verification, placing the IRS at risk of incurring an Anti-Deficiency Act violation. For example:
In two instances, the requisition was not prepared, approved, or funded until after the purchase was made.
In 28 instances, the purchase cardholder placed the order prior to setting up the order log in the WebRTS. However, a requisition had been prepared, approved, and funded for these transactions prior to making the purchase. 
Figure 1 shows detailed results of our sample review.
Figure 1: Purchases Made Prior to Verification of
Approved and Available Funding by the IRS Business Unit
Organization Unit of Cardholder Purchases Made Prior to Funding Verification Total Purchases in Audit Sample Amount of Purchases Prior to Funding Verification Total Amount of Purchases in Audit Sample
Tax Exempt and Government Entities 0 1 $0.00 $229.08
National Taxpayer Advocate 1 2 49.88 110.23
Large and Mid-Size Business 1 2 171.55 251.65
Office of Appeals 1 2 502.08 624.58
National Headquarters 1 3 1,728.00 2,689.79
Chief Counsel 1 4 88.50 1,293.55
Modernization and Information Technology Services 2 6 399.29 1,677.85
Small Business/Self-Employed 3 13 800.49 4,891.58
Wage and Investment 4 13 2,871.08 7,387.55
Criminal Investigation 8 14 1,789.89 2,537.41
Agency-Wide Shared Services 8 18 1,103.51 6,964.44
Total 30 78 $9,504.27 $28,657.71
Source: Our analysis of a statistically valid sample of 78 purchases made during the period September 1, 2007, through March 31, 2009.
In October 2008, the IRS initiated a monthly oversight review of purchase card transactions to determine whether or not order logs are created in a timely manner (referred to as Timely Creation Reviews). These reviews have also identified high instances of purchase cardholders’ noncompliance by making purchases without prior verification that funding was available. The percentage of noncompliance during this 5-month review period was relatively constant and did not show significant improvement as a result of these reviews. Figure 2 shows the noncompliance rates identified during the Timely Creation Reviews the IRS conducted during October 2008 through February 2009.
Figure 2: Results of IRS Timely Creation Reviews
Month of Review Noncompliance Rate
October 2008 27.2 percent
November 2008 27.8 percent
December 2008 30.2 percent
January 2009 27.5 percent
February 2009 20.8 percent
Source: Our analysis of the IRS’s Timely Creation Reviews performed during October 2008 through February 2009.
We compared the 30 purchase cardholders identified in our sample with the cardholders identified in these 5 Timely Creation Reviews. We found 21 (70 percent) of the 30 cardholders were also identified as noncompliant in 2 or more of the 5 reviews conducted by the IRS. Further, two purchase cardholders were noncompliant in all five reviews conducted by the IRS.
While the controls are intended to ensure that funding is available prior to purchase, the controls do not prevent the cardholder from using the purchase cards when the procedures are not followed. CCS Branch staff believes that purchases made without the verification of approved funding generally occurred because cardholders waited to set up and complete the order log until the purchase was received and accepted and the transaction was ready to be reconciled in the WebRTS.
The primary control to evaluate whether the cardholder followed procedures and verified that funding was available prior to purchase is the approving official’s review and approval of the order log in the WebRTS. However, these reviews occur after the purchase is made and are not effective because IRS guidance does not show the corrective action that the approving official should take in dealing with cardholders that do not follow the required process. Approving officials normally do not deny payment of goods and services once the transaction has been placed on the purchase card. Instead, they approve the transaction with a problem code to ensure the vendor is paid timely under the Prompt Payment Act.  If the purchase is determined to be inappropriate or unnecessary, it can be returned to the vendor for credit. These actions are reactive in nature and do not prevent the problem from occurring.
The CCS Branch’s Timely Creation Reviews are also a control for evaluating whether cardholders verified that funding was available prior to purchase. These oversight reviews were not effective in changing cardholders’ behavior because the CCS Branch does not: 1) notify either the approving official or the cardholder’s supervisor when it identifies noncompliance with funding verification requirements; 2) take or recommend any corrective actions (e.g., lowering card dollar limits, cancelling/suspending cards) against the cardholders; or 3) have supervisory authority over individual purchase cardholders within the IRS’s program offices to take any disciplinary actions (e.g., written reprimands or suspension/removal of cardholder). According to CCS Branch management, they did not take corrective actions because they do not want to unduly restrict the capability of the IRS’s business units to use the purchase card and realize the benefits of the card.
In other purchase card reviews, such as the Purchase Card Criteria Review,  a more proactive approach is taken by the CCS Branch in providing a warning and restricting purchase card use for repeat offenders. A similar proactive approach by the CCS Branch to implement corrective actions involving cardholders identified in the Timely Creation Reviews would provide a greater level of compliance with the purchase card funding verification procedures. When an inappropriate use of the purchase card is identified, the CCS Branch should notify Labor Relations. Inappropriate use of the purchase card is considered an employee conduct issue that could result in disciplinary action, and the Guide to Penalty Determinations  provides guidance for potential disciplinary actions for misuse of the purchase card. When purchase card transactions are funded prior to making a purchase, but the order log is not established until after purchase, the CCS Branch does not consider this situation as an inappropriate use of the purchase card. We believe that repeated noncompliance with the funding verification requirements, including establishing the order log prior to purchase, is an inappropriate use of the purchase card and should be referred to Labor Relations.
When cardholders are noncompliant with funding verification requirements, the IRS has an increased risk that it will be unable to appropriately prioritize the use of limited resources for purchases as program area budgets are expended. As a result, managements’ decision making ability for allocating a fixed budget across competing needs and making the best use of available funding sources is negated. In addition, associated appropriations may be overspent, which could result in violations of the Anti-Deficiency Act.
Continued noncompliance with purchase card procedures could also weaken the overall internal control system. According to the Government Accountability Office,  repeated nonadherence by agency personnel to established internal control policies and procedures (such as failure to set up an order log in the WebRTS prior to making a purchase) may not constitute a violation of law or regulation. However, if allowed to continue, this failure to follow proper procedures will contribute to erosion and weakening of the internal control system. Prompt administrative and disciplinary actions (e.g., informal admonishment; formal reprimand; additional required training; suspension of card privileges; cancellation of the cardholder’s account; and, for more serious incidences of noncompliance, termination of employment) can be effective in reducing persistent lack of adherence to policies and procedures by cardholders and other program personnel. When administrative corrective actions are taken and documented, program management, oversight personnel, and auditors will be able to identify repeat offenders and determine that appropriate steps are being taken to address potentially significant problems before they escalate.