For the two fiscal years ending September 30, 2011, the IRS made more than 273,000 micro-purchases totaling nearly $108 million using purchase cards and convenience checks. The IRS does not have the controls in place to provide assurance that improper purchases do not occur and appropriate corrective
action is taken. Enhanced internal controls would provide greater assurance that IRS resources are being used more effectively and efficiently. ...
While some controls are working as intended, the IRS purchase card program lacks consistent oversight to identify and address inappropriate use. TIGTA determined that the IRS does not have a policy in place to timely cancel
purchase cards prior to employee separation. Of the 387 cards associated with employees
who separated during our audit period, 98 percent were not closed prior to employee departure. TIGTA believes this could leave the IRS vulnerable to misuse. In addition, the IRS did not have sufficient guidance to define what qualifies as a split purchase for office supplies, which contributed to cardholders splitting purchases. Further, the controls the IRS currently has in place do not include a review specifically designed to detect personal use.
The majority of IRS cardholders appear to use their purchase cards properly. However, TIGTA identified some instances of inappropriate use that include improper decorative and give-away items for managers’ meetings and Combined Federal Campaign fundraising events. In addition, IRS representatives, who were entertaining foreign officials, used purchase cards to pay for multiple lunches, dinners, and related alcohol purchases. For example, one dinner had an approximate cost
of $140 per guest and another lunch cost $100 per guest. TIGTA did not find any Department of the Treasury or IRS criteria to assess the reasonableness of these charges, but TIGTA considers the costs related to this entertainment to be high. Finally, the Credit Card Services Branch did not report for consideration of potential disciplinary action all instances of inappropriate purchase card use that it identified.
We identified one purchase cardholder who made 38 transactions totaling $2,655 for what appeared to be personal purchases and provided potentially falsified (or fraudulent) receipts to justify the purchases made. Information that the vendor provided to the credit card company indicates that this cardholder purchased diet pills, romance novels, steaks, a smart phone, and baby-related items such as bottles, games, and clothing with her purchase card; however, the cardholder claims that the same transactions were for reference books and office supplies. The IRS does not currently perform an oversight review to evaluate merchant names or item descriptions for potentially inappropriate transactions; however, such a review could have identified the unnecessary items previously discussed as well as these purchases of potentially personal items. We referred this matter to TIGTA’s Office of Investigations for further review.
Further, we identified two purchase cardholders with charges on their purchase cards from merchants affiliated with online pornography. Each of these cardholders reported their card stolen or compromised, one on multiple occasions, and had the charge for pornography credited to the purchase card account. While we have not determined as part of this audit whether or not the employees actually purchased the pornography and falsely reported the cards stolen or compromised, we did discover that both of these former cardholders had multiple purchase card accounts during the time that they were cardholders, and one of these cardholders had a total of seven purchase card accounts, five of which were closed and reported by the employee as being lost, stolen, or counterfeit. Currently, the IRS does not track the number of purchase card account closures due to a lost, stolen, or compromised card, and it does not track whether a cardholder reported a stolen or compromised card to the credit card company (Citibank) and TIGTA’s Office of Investigations as required. Cardholders claiming numerous cards as lost or stolen, particularly those with potentially fraudulent charges incurred, is a red flag that should trigger further review by the IRS. In the case of both of the pornography charges, the cardholders did not inform TIGTA of the fraudulent purchases on their accounts as required. We referred the matter regarding the cardholder who is still employed by the IRS to TIGTA’s Office of Investigations for further review.