Mitigating Fraud, Waste and Misuse within the Procurement Function.

The Continuous Balancing Act.

Whether functioning in a not-for-profit or for-profit environment, the fraud, waste and misuse of funds is a serious threat to financial accountability. Procurement policies have become increasingly complex. Segregating responsibilities throughout the procurement process from procurement request to approval of payment for goods / services received to individual parties within the organization has become common practice to help mitigate inappropriate use of funds. Additionally, documentation for each step of the procurement process is often required and varies according to corporate or agency policy for auditing purposes. These stringent purchasing policies have lead to enormous administrative costs. On average a traditional purchase order-driven transaction, from sourcing to payment, costs an organization $93 over and above the cost of the good or service purchased1. This high cost of transaction often higher than the value of the product has increased demand for more efficient ways of conducting business. Enter the purchasing card (P-card), the Automated Clearing House (ACH), Electronic Funds Transfer (EFT), and other forms of e-procurement. The P-Card alone decreases the average cost of transaction more than 75 percent,1 making it one of the mostly widely adopted methods of corporate payment in the past decade. As procurement policies and payment methods continue to evolve; however, so does the sophistication of fraudsters. According to the 2009 Payments Fraud and Control Survey, payments fraud continues to rise. In fact, 73 percent of organizations surveyed experienced either attempted or actual payment fraud in 20092. These results illustrate the importance of thoughtful and thorough implementation of preventative policies and procedures, but without disregard to the importance of a streamlined and cost-efficient procurement program. As an early adopter of the P-card, the implementation and management of a card-based purchasing program within United States Government serves as an excellent case study for any organization seeking to implement their own card program. This paper will reference several published audits from the Government Accountability Office (GAO) and discuss the solutions utilized by various departments and agencies to help mitigate fraud, waste and misuse within the procurement function.

73% of organizations surveyed experienced attempted or actual payments fraud in 2009.2

Important Definitions3
Fraud The illegal act of obtaining something of value through deliberate misrepresentation. Waste A purchase resulting in unreasonable value to the taxpayer for the price of purchase, typically due to inappropriate action or inadequate oversight by those with access to or control over government resources. Abuse The selection of products or vendors through methods illustratin deficient or improper prudence.

1 Palmer, Richard and Mehendra Gupta. 2010 Purchasing Card Benchmark Survey Results. RPMG Research Corporation. Rpmgresearch.net. 2 2010 AFP Payment Fraud and Control Survey. Report of Survey Results. 3United States Department of Defense. Office of Inspector General. Fraud Indicators in Procurement and Other Defense Activities: Fraud, Waste, and Abuse Defined.

http://www.dodig.mil/inspections/apo/fraud/fraud_defined.html

The Emergence of P-card in Government Procurement.

The adoption of the purchase card by the US Government began in 1986 with a pilot program by the Department of Commerce. Mass adoption of the purchasing card program was stimulated by the National Performance Review in 1993, which recommended the use of purchasing cards for federal procurement activities for purchases under $2,500. By 2005, an estimated 25 million purchases at a value of $17 billion were made utilizing P-cards4, providing an annual savings of approximately $1.2 billion annually5. Rapid growth and successful implementation of a streamlined procurement process did not come without a few missteps, however. Since fraud is rarely committed by employees where adequate oversight has been implemented6, the development and / or modification of internal procedures can mitigate organizational risk. By studying weaknesses in card issuing and user training, purchase controls and authorizations, purchase review and approval, and monitoring identified through GAO audits of multiple agencies and the actions taken to correct such weaknesses, other corporate and government agencies can proactively avoid much of the cost associated with fraud, waste and misuse in purchasing programs.

Timeline
1980

1982

Executive order encourages more efficient small purchase procurement options.

1985
1986 Department of Commerce conducts a P-Card pilot program

1989

General Services Administration assigned to managements of purchase, travel and fleet card programs

1990
1993 1994 National Performance Review dubs the P-Card a promising initiativeprograms Federal Acquisition Streamlining Act

1995

1996

Federal Acquisition Reform Act

1999

Standards for Internal Control in the Federal Government

2000
4AGA Corporate Partner Advisory Research Group. The Federal Purchase Card: Use, Policy and Best Practice. AGA CPAG Research Series: Report No. 4. April 2006.

Card Issuing and User Training.

In 2001 and 2002 the GAO conducted a number of audits of agency and military purchasing card programs, a number of which identified a significant portion of issued cards for which no transaction history could be found (i.e. the cards had never been used) or there was no documentation justifying the cardholders need for use of a purchasing card. In one such case, more the 1/3 of the employees at a facility were identified as cardholders while no documentation of justification existed7. As a result of these audits, several military agencies cut back the number of existing cardholders and implemented stricter card issuance policies. Over a six-year period, total federal cardholders dropped from 586,000 in 2000 to 357,000 in 20068. In theory, the goal of strict card-issuing policies requiring documentation of a justified need for access to funds is a preemptive measure to mitigate unnecessary exposure to risk. A study conducted in 2008 reviewing the stagnation of P-card use in the federal government calls to attention the opportunity-loss of withholding cards to viable purchasers. According to the study, the administrative cost savings that could have been achieved through additional cardholders and transactions during this time period was $5.4 billion. Additionally, the government could have earned approximately $26 million in rebate revenue if it had maintained the same percentage of the overall budget spend on P-cards as it had with nearly 600,000 cardholders in 20017. There key is to balance a low-cost, efficient vehicle for obtaining goods and services with the tools necessary to prevent fraud, waste and misuse of funds. Ensuring that only the most appropriate employees are issued card / account responsibility limits financial exposure. However, new payment methods such as e-cards, virtual cards and one-time use cards ensure that casual users have access to streamlined and convenient payment tools while agencies reap the benefit of administrative cost savings without overexposure to risk. The Inspection and Evaluation Committee recommends regular review of card activity should be conducted to determine if lack of card activity signifies a lack of need for the card6. If this is the case, alternative account options should be considered. Once justification for card issuance has been established, formal training on appropriate use of the account and purchasing procedures should be conducted and documented for each cardholder. Even though the p-card has simplified front-end procurement by allowing one person to order, pay for and receive products and services within a micro-purchase threshold, each agency is still responsible to ensure that funds are utilized appropriately and that budget submissions comply with The Office of Management and Budget (OMB) guidelines4. As a result, each agency is responsible for developing their specific policies and procedures and providing comprehensive training on these policies to cardholders and AOs and refresher training as necessary. Additionally, agency policies and purchasing procedures should be published publically and easily accessible to anyone responsible for compliance.

Strict account-issuing policies are adopted as a preemptive measure to mitigate risk exposure.

Alternative payment methods allow casual purchasers an efficient procurement method while limiting organizational risk exposure.

5Inspection and Evaluation Committee. A Practical Guide for Reviewing Government Purchase Card Programs. June 2002. 6Wells, Joseph T. Get Corporate Crooks on the Straight and Narrow. Association of Certified Fraud Examiners. September 2003. 7Inspection and Evaluation Committee. A Practical Guide for Reviewing Government Purchase Card Programs. June 2002. 8Palmer, Richard J., Mehendra Gupta and Rodney Dawson. U.S. Government Use of Commercial Card Technology: A Case for Change in Military Card Distribution Policy. Defense AR

Journal. Volume 17, Number 3, Issue 55, July 2010. http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA523651&Location=U2&doc=GetTRDoc.pdf

Purchase Controls and Purchase Authorization.

A 2002 audit of one federal department noted that 10 out of 14 offices studied disregarded the departments purchasing policy requiring that all purchases of items over $1,000 be requested and approved in writing by an executive officer prior to purchase9. That same year, two employees within another department made repeated micro-purchases, adding up to over $121,000 in computer equipment. The total purchase clearly exceeding the cardholders established purchase limits and was deemed a misuse of the purchasing cards8. Once purchasing policies are formalized, it is imperative to develop as many automated controls as possible to minimize human error or abuse of fund access. Huge strides have been made in the past decade to prevent inappropriate use of funds through backend technology. Utilization of Merchant Category Codes (MCCs) allows P-card issuers to limit the type of vendors with which a cardholder can conduct business. Likewise, agencies have created closed-loop merchant networks, which include vendors that have been selectively identified to accept the card or account. MCC blocking allows cardholders with a broad set of purchasing needs (i.e. from toothbrushes to televisions and utility purchases) to maintain access to a diversified vendor network, while the agency safeguards against purchases that clearly do not fall under the individuals domain (i.e. jewelry, fuel, motor vehicles). On the other end of the spectrum, an employee with a specific procurement function (i.e. aviation fuel) does not require access to a majority of merchants on the broad P-card network, yet the nature of this employees purchases would require a large credit limit on the account. In such a situation, a closed-loop network of aviation fuel vendors is created and a card that is exclusively accepted at this network of vendors is issued. Additional, user-level purchasing controls are available today, such as: Transaction volume or frequency limitations, Single transaction minimum or maximum values, Product code limitations, Purchase order (PO) requirements and even PO format requirements, Hierarchical structures, Reference number requirements such as unit number, department number, vehicle identification number (VIN) and more. Any combination of these situational or data requirements can ensure that an account is being utilized in an authorized manner without reverting back to long-form, expensive procurement processes. Monitoring tools and alerts, to be discussed later, provide an additional opportunity to identify and correct unauthorized activity. A 2008 audit of government wide purchasing card programs estimated that nearly 41% of the transactions sampled from 2005-2006 failed to show that the transaction was properly authorized and that an individual other than the cardholder signed for the item once the product was delivered. Since that time, at least one government agency has implemented an e-procurement platform in which users are classified in a hierarchical fashion and guided through the procurement process to ensure compliance with procurement policies. Zero instances of fraud have been identified on this system since its launch10. By identifying likely opportunities for fraud, waste and misuse of funds and instituting procedures and technology to prevent opportunity, agencies have further alleviated fraud, waste and misuse of funds.
9Calbom, Linda M. United States GAO. Testimony Before the Subcommittee on Oversight and Investigations, Committee on Energy and Commerce, House of Representatives.

Risk exposure can be limited by selectively eliminating merchant categories from a broad network or hand-picking merchants for a focused vendor network.

Additional information on the differences between open-loop and closed-loop purchasing networks is available in the white paper: Critical Mission Support Achieved Through Custom Procurement Solutions at multiservice.com\thoughtleadership.

Government Purchase Cards: Control Weaknesses Expose Agencies to Fraud and Abuse. May 1, 2002.

10A Better Procurement Process. Multi Service Corporation. March 2010. http://www.multiservice.com/knowledge-center/thought-leadership/request-article.html?downloadArticleID=367

Monitoring Tools and Alerts.

Backend technologies in new payment technologies can monitor the transaction database for pre-established conditions, indicating fraud, waste or misuse. A payment program for one government agency incorporates more than 250 unique invoice verification data points alone into its verification program. Over a 5-year period, the system identified more than 54,000 errors before transaction information was ever submitted for payment approval11. Agencies are also able to develop exception alerts and reports, which call attention to purchases that may or may not have been made for approved government use (i.e. home furnishings, toys, cosmetics), been purchased from designated government sources, or obtained at excessive cost. Alerts may be prompted when indicators of split procurements such as sequential invoice numbers, receipts issued within specific time periods of one another, and sequential PO numbers for similar items purchased are present. Exception alerts are then collapsed into regular reports for an aggregate overview. Online account access and on-demand, ad hoc reports enhance the monitoring experience. Property control systems have been implemented to track valuable government assets. Each agency is responsible for determining the dollar value that defines accountable property and sensitive items4. Once defined, the transfer of pertinent transaction data (i.e. product serial number, name and description of product, unit price, date of transaction, etc.) can be automated to populate in the agencys property control system, further streamlining administrative processes.

Additional information on invoice verifications is available in the white paper: Administrative Cost Savings through Invoice Verifications at multiservice.com\thoughtleadership.

Over a 5-year period, one agency procurement system identified more than 54,000 invoicing errors prior to submission for payment11.

11Multi Service Corporation (2010). Retrieved April, 2010.(Rack11D) Multi Service database.

Review and Approval.

A 2002 GAO audit reviewing 5 months of cardholder statements at one government department identified that 1 out of 3 statements had not been approved by the appropriate official. The unapproved statements totaled $1.8 million. Even after a new approval process was implemented, the GAO noted that officials were not ensuring that each statement was supported by adequate documentation8. Another agency had instituted a broad policy allowing the AO to presume that any transactions made were appropriate / authorized unless the AO was notified to the contrary by the cardholder8. Similarly, a 2010 audit of an additional agency noted that more than 75% of obligations allowed one official to act in two or more functions throughout the procurement function: request, authorization of purchase, recording the obligation of funds, verifying arrival of goods, and approving payment12. In most of the above cases, it was found that AOs were overburdened by an excessive number of cardholder statements, leading to oversights within or a complete abandonment of appropriate approval policies. Because the AOs review is the most essential management element in the purchase card control system, the GAO recommends a ratio of 5-7 cardholders to one approving official within a high-frequency transaction program8. For low-frequency, high-value transaction programs, a transaction-by-transaction approval process may be the best measure against inappropriate use of funds. One procurement agency implemented a fully-prompted e-procurement platform which prompts the approving official via email to review and approve transaction details prior to invoice submission to payables. This same system compiles supporting documentation for each transaction within the system, recording the competitive bidding process, sole-source justifications, purchase logs, object-class codes, invoices, MSDSs, etc. in an auditable trail for the AOs review.

The GAO recommends a ratio of 5-7 cardholders to one approving official within a high-frequency transaction program.

12Ragland, Susan. US GAO. Testimony Before the Committee on Veteran Affairs, House of Representatives, Department of Veteran Affairs: Longstanding Weaknesses in Miscellaneous Obligations and Financial Reporting Controls. July 2010.

Conclusion.
The goal of a card-based or account-based procurement program is to streamline the purchase-to-pay process for all parties involved, minimizing the costly administrative expense associated with paper-based transactions. However, it is important to ensure that convenient purchasing capabilities do not lead to unnecessary fraud, waste and misuse of purchasing privileges. Step by step, here are six methods to optimize the benefits of a streamlined purchasing process while minimizing risk exposure. 1. Evaluate departmental, agency and individual purchasing requirements to determine appropriate accountholders, accepting locations, credit line requirements and determine appropriate risk exposure. 2. Ensure that policies are established, shared and easily referenced by any accountholder or AO. 3. Ensure that accountable officials are knowledgeable of procurement policies and trained on how to perform their responsibilities. 4. Determine and implement appropriate automations and front-end purchase authorization features to minimize opportunity for fraud, waste and misuse. 5. Establish criteria to help identify account misuse and implement automated alerts and / or reports to notify the appropriate official when such instances occur. 6. Establish minimum account review and auditing expectations and ensure an appropriate ratio of accounts to accountable officials. The United States government was on the forefront of purchasing card adoption in the late 1980s. The dedication put into minimizing administrative costs within the procurement function does not lessen the mission to eliminate fraud, waste and misuse of taxpayer dollars. The Standards for Internal Control in the Federal Government by the General Accountability Office (GAO) provide guidance to federal agencies regarding program, financial and compliance operations to help prevent fraud, waste and abuse13. Any government agency or corporate entity in the process of implementing an account-based purchasing program or seeking to minimize fraud, waste and misuse within their existing procurement process would be well-advised to utilize the U.S. government as a case study. Visually, you can think of each step in the process as a filter, siphoning out inappropriate spending. See Systematic Procurement Optimization Chart.

13United States General Accounting Office. Standards for Internal Control in the Federal Government. November 1999. GAO/AIMD-00-21.3.1.

Systematic Procurement Optimization

Refine purchasing policies.

Assess Purchasing Function and Limit Risk Exposure.

Establish Merchant Network Establish Purchasing Group Establish Group / Individual Credit Lines Establish and Publish Purchasing Policies

Pre-Purchase / Real-Time Controls.

Conduct ongoing training of accountholders. Identify / Train accountable officials to ensure program oversight.

Immediate Post-purchase Oversight.

Establish exception criteria Implement exception alerts and regular reports. Conduct monthly statement reviews by accountable officials. Quarterly invoice auditing Disciplinary action. Transaction data mining.
Determine administrative and procurement cost savings. Identify opportunities for expansion and / or improvement.

Long-term Refinement.

INNOVATION WHERE IT MATTERS.

8650 College Boulevard Overland Park, KS 66210 +1-913-451-2400 marketing@multiservice.com multiservice.com