ProcurementCard
Practice Aid
ProgramDescription
Auditors’ research that was conducted prior to this point in the audit, including interviews of key auditee staff, should allow the development of a program description that would likely be included in the audit report. Such a program description might say:
The[nameofresponsibleentity,statewide]isresponsiblefortheoveralladministrationoftheState’sProcurementCardProgram. In[year],theState’sProcurementCardProgrambeganasamethodtoimprovethestandardpurchasingprocessbystreamliningsmalldollarpurchases,expandingcontrols,andincreasingefficiency. Generally,Stateemployeesmayuseprocurementcardsfornoncontractpurchasesof[$x,xxx]orlessandforapprovedcontractpurchases.
Audit Objectives
A.Determine whether procurement-card issuance to employees and the corresponding limits on the procurement cards that are issued are appropriate based on credit industry suggested practices and fits within management’s risk appetite. Determine the reason the organization implemented the procurement card system and the benefits is expects to receive. Determine the procurement-card system is being utilized to the best extent possible to lower the potential risk of fraud.
B.Determine whether procurement-card users, supervisors, and administrators of departmental sub-entities (e.g., regions/offices/garages, a.k.a. business units) receive procurement-card training.
C.Determine whether purchases are only made by authorized procurement-card users.
D.Determine whether procurement-card users sign-off timely as responsible for purchases they made.
E.Determine whether supervisors and administrators of business units: 1) review purchases contained in the user’s procurement-card log to identify and prevent unallowable purchases, and 2) sign-off on allowable purchases in a timely fashion.
F.Determine whether users’ procurement-card log transactions (purchases and applicable credits) are reconciled to vendor’s transaction-detail reports.
G.Determine whether the accounting or coding of the procurement-card transactions are coded to a General Ledger code that ensures that the financial treatment of the purchase is correct.
H.Determine whether supporting documentation (e.g., invoices, receipts, etc.) is attached to each user’s procurement-card log and is maintained by the auditee’s business units in accordance with retention policies.
I. Determine, overall, whether the procurement card system of internal control is well designed.
Audit Scope
Define the scope of the audit, including the audit standards used to conduct the audit. Such a definition might state:
The scope of this audit is to examine the auditee’s procurement-card processing records and other records related to the auditee’s procurement card program during [state period of time and any other clarifications]. The audit is to be conducted in accordance with [name the audit standards, such as generally accepted government auditing standards (GAGAS) as found in Government Auditing Standards, 2011 Revision, (GAS, a.k.a. Yellow Book), which were the standards used for this audit plan].
Audit Program
OBJECTIVE A: Determine whether the procurement-card issuance to employees and the corresponding limits on the procurement-cards that are issued are appropriate based on credit industry suggested practices and fits within management’s risk appetite. Determine the reason the organization implemented the procurement card system and the benefits is expects to receive. Determine the procurement-card system is being utilized to the best extent possible to lower the potential risk of fraud.
Step 1
Ascertain from documentation and/or discussions with management as the reasons it implemented the procurement card system, and associated benefits, and ascertain management’s risk appetite for, and definitions of, errors, abuse, and fraud.
Step 2
Review the number of cards that are outstanding to ensure that the number of active cards is optimal for the organization, based on department or State policy or industry standards.
Step 3
Obtain a list of procurement-card users, supervisors, and administrators from the procurement-card vendor’s software application. Reconcile Step 2 to the resulting list of users.
Step 4
Develop an expectation of an appropriate ratio of users/supervisors/administrators and compare the actual ratios for each business unit to the expected ratio. Excessive actual ratios increase the risk of insufficient oversight. Exceedingly small ratios point opportunities for increased efficiencies.
Step 5
Using industry standards or department/State policy, determine the activity level beneath which card users should forego their procurement cards. Determine whether the business units have identified and, as appropriate, eliminated no-/low-usage cards. No-/low-usage cards contribute to unnecessary administrative costs, an unnecessary impact on the department’s credit limit, and risk that seldom-used cards might be misused.
Step 5
Review all available options in the Procurement-card system to ensure all options to lower the overall credit card outstanding limit are being taken. This could include implementing zero-credit card limits that have a limit assigned with incremental funds when purchases need to be made, or other similar options.
Step 6
If a rebate is available, consider if the purchasing rules are too restrictive to maximize the rebate. Based on independently determined expectations, verify that the rebate received appears to be correct per the total purchasing reported.
Step 7
Clarify issues/facts/circumstances, such as the errors in the issuance of a card, or rebate calculation, which might arise in the above testing. Such clarifications might occur by reviewing relevant documentation and discussing observations with card users, supervisors, business unit administrators, and/or procurement-card financial analysts. Such clarifications will allow resultant audit findings to contain relevant perspectives.
Step 8
Consider whether underlying internal control design issues led to identified deficiencies.
OBJECTIVE B: Determine whether procurement-card users, supervisors, and administrators of departmental business units receive procurement-card training.
Step 1
From the list of Procurement-Card users obtained in step A.3, interview procurement-card program administrators, supervisors, and card users to obtain information such as, but not limited to: how long the interviewee-user has possessed the procurement card, the type of procurement card (forcriteria, such as card limit), the types of purchases generally made by the interviewee-user, the description of interviewee’s (user or supervisor) understanding of the review process, the amount of training and training materials received, and the names of the individuals who backup the interviewee-supervisor’s position when necessary. With this information, develop an awareness of the risks to the State if administrators, supervisors, and card users have not received training.
Step 2
Test, for a sample of card users and supervisors(based, if necessary, on any risks identified in Step 2), whether adequate training was received; determine if:
a.Card users attended and completed a training class on card use before issuance.
b.Supervisor and administrators completed training on reviewing procurement-card transactions.
c.Card users, supervisors, and administrators are provided refresher training and periodic updates.
d. For administrators, does the card issuer provide training on the system to ensure administrators understand the functionality of the system?
Step 3
Review sufficiency of the training classes. Determine whether the training classes are up-to-date and thorough.
Step 4
Clarify issues/facts/circumstances, such as the issuance of a card to someone who is untrained, which might arise in the above testing. Such clarifications might occur by reviewing relevant documentation and discussing observations with card users, supervisors, business unitadministrators, and/or procurement-card financial analysts. Such clarifications will allow resultant audit findings to contain relevant perspectives.
Step 5
Consider whether underlying internal control design issues led to identified deficiencies.
OBJECTIVE C: Determine whether purchases are made only by authorized procurement-card users.
Step 1
Obtain a list of procurement-card usersfrom Step A.3.
Step 2
Obtain a list of employees who left employment, with applicable termination/transfer dates, during the audit period. Crosscheck this list with a list of current card users (Step A.3) to identify any procurement cards not canceled timely upon an employee’s exit.
Step 3
Test, for a sample of card users, whether user-eligibility criteria were met, such as:
a.Management-approval signature exists on procurement-card request form.
b.Credit background check is on file.
c.Procurement-card agreement is signed by card user.
Step 4
Clarify issues/facts/circumstances, such as a missing signature, which might arise in the above testing. Such clarifications might occur by reviewing relevant documentation and discussing observations with card users, supervisors, business unit administrators, and/or procurement-card financial analysts. Such clarifications will allow resultant audit findings to contain relevant perspectives.
Step 5
Consider whether underlying internal control design issues led to identified deficiencies.
OBJECTIVE D: Determine whether procurement-card users sign-off timely as responsible for purchases they made.
Step 1
Select a test sample of procurement-card transactions from the applicable population that is consistent with the scope of your intended conclusions (e.g., department-wide, bureau-wide, office-wide).
Step 2
Test, for the Step D.1 sample,the vendor’s transaction-detail reports and users’ procurement-card logs for the following attributes:
a.Theuser’s procurement-card log issigned by authorized card user in a timely manner.
b.Invoices/receipts or other transaction documentation for each tested item includes evidence that the procurement-card user made the purchase.
Step 3
Clarify issues/facts/circumstances, such as a missing signature or a lack of supporting documentation, which might arise in the above testing. Such clarifications might occur by reviewing relevant documentation and discussing observations with card users, supervisors, business unit administrators, and/or procurement-card financial analysts. Such clarifications will allow resultant audit findings to contain relevant perspectives.
Step 4
Consider whether underlying internal control design issues led to identified deficiencies.
OBJECTIVE E: Determine whether supervisors and administrators of departmental business units:1) review purchases contained in the user’s procurement-card log to identify and prevent unallowable purchases, and 2) sign-off on allowable purchases in a timely fashion.
Step 1
Use the sample from Step D.1 to test users’ procurement-card logs for the following attributes:
a.Line-item descriptions in the user’s procurement-card log appear to be: a) related to business goods or services, and b) allowable by State and auditee purchasing policies.
b.The card user’s supervisor and the applicable administrator sign the user’s procurement-card log to signify their respective reviews and approvals.
Step 2
Clarify issues/facts/circumstances, such as insufficient transaction descriptions or missing signatures, which might arise in the above testing. Such clarifications might occur by reviewing relevant documentation and discussing observations with card users, supervisors, business unit administrators, and/or procurement-card financial analysts. Such clarifications will allow resultant audit findings to contain relevant perspectives.
Step 3
Consider whether underlying internal control design issues led to identified deficiencies.
OBJECTIVE F: Determine whether users’ procurement-card log transactions (purchases and applicable credits)are reconciled to each vendor’s transaction-detail reports.
Step 1
Use the sample from Step D.1 to test the vendor’s transaction-detail reports and users’ procurement-card logs to determine whether each transaction is contained in both reports.
Step 2
Verify that purchases to the same vendor on the same date or within a day or two do not represent a spilt purchase to make a purchase that should have required competitive bidding or paid in a different fashion.
Step 3
Acquire a listing of products that are under the department’s/State’s blanket purchasing contract. When reviewing the sample of purchases, ensure that that the purchases are not for products that compete with products that areunder a blanket purchasing contract.
Step 4
Clarify issues, such as a lack of documented transaction reconciliations, which might arise in the above testing. Such clarifications might occur by reviewing relevant documentation and discussing observations with card users, supervisors, business unit administrators, and/or procurement-card financial analysts.
Step 5
Consider whether underlying internal control design issues led to identified deficiencies.
Objective G: Determine whether the accounting or coding of the procurement-card transactions are coded to a General Ledger code that ensures that the financial treatment of the purchase is correct.
Step 1
Select a sample of purchases to ensure they are coded to general ledger codes that provide for proper treatment of the purchase.
Step 2
Clarify issues, such as accounting errors, which might arise in the above testing. Such clarifications might occur by reviewing relevant documentation and discussing observations with card users, supervisors, business unit administrators, and/or procurement-card financial analysts.
Step 3
Consider whether underlying internal control design issues led to identified deficiencies.
OBJECTIVE H: Determine whether supporting documentation (e.g., invoices, receipts, etc.) is attached to each user’s procurement-card log and is maintained by the auditee’s business unitsin accordance with retention policies.
Step 1
Use the sample from Step D.1 to test the users’ procurement-card logs to determine whether all invoices/receipts are attached for each transaction.
Step 2
Clarify issues/facts/circumstances, such as lack of supporting documentation, which might arise in the above testing. Such clarifications might occur by reviewing relevant documentation and discussing observations with card users, supervisors, business unit administrators, and/or procurement-card financial analysts. Such clarifications will allow resultant audit findings to contain relevant perspectives.
Step 3
Consider whether underlying internal control design issues led to identified deficiencies.
OBJECTIVE I: Determine, overall, whether the procurement card system of internal control is well designed.
Step 1
As objectives A through H were accomplished, ensure the performance of all applicable/significant walk-throughs of the various activities and control procedures involved in the procurement-card program.
Step 2
Consider the underlying internal control design issues that led to any deficiencies noted in Objectives A through H.
Step 3
Review the roles of the procurement-card users and other participants (e.g., supervisor and administrator) and assess the effectiveness of the planned and actual segregation of duties.
Step 4
Review whether the procurement-card agreement discussed in Step C.3.c sufficiently protects the interests of the Statefrom improper procurement-card use by the employee-user.
1