The Office of Inspector General (OIG) conducted a risk assessment of the Equal Employment Opportunity Commission’s (EEOC) purchase card program to determine the frequency and scope of future audits. The results of the risk assessment show that the risk of illegal, improper, or erroneous use in the EEOC’s purchase card program is low. As a result, we will not include an audit of the EEOC’s purchase card program in the OIG’s 2016 annual audit plan. We will continue to work with management to resolve outstanding recommendations relating to the purchase card program.
A risk assessment should not be interpreted to mean that a lower risk program is free from illegal, improper, or erroneous use or internal control deficiencies or that a high risk program is more prone to having illegal, improper, or erroneous use. An audit of the program may identify issues not previously noted in the risk assessment. For instance, the overall risk level for the purchase card program may be assessed as low based on the size of the program or the design of internal controls; however an audit may find that controls are not working effectively or that illegal, improper, or erroneous transactions have occurred.
Background
The Government Charge Card Abuse Prevention Act of 2012 requires Inspectors General of executive agencies to conduct periodic assessments of audits of purchase card and travel card programs to identify and analyze the risks of illegal, improper, or erroneous purchases and payments. Additionally, the Office of Management and Budget (OMB) issued OMB Memorandum M-13-21, Implementation of the Government Charge Card Abuse Prevention Act of 2012, which requires that Inspectors General conduct annual risk assessments of agency purchase cards to analyze the risks of illegal, improper or erroneous purchases. The OCFO reported $7,383,669.97 in charge card activity for fiscal year 2015. The Acquisitions Division of the Office of the Chief Financial Officer manages the agency’s purchase card program under the policies and procedures included in the EEOC Commercial Purchase Charge Card Program Practical User’s Guide dated June 2013.
Objective, Scope, and Methodology
Our objective was to analyze the risks of illegal, improper, or erroneous purchases and payments associated with EEOC’s purchase card program. Our risk assessment was based upon the review of purchase card policies and procedures in effect and the results of prior audits of the purchase card program, and internal control testing performed during our annual financial statement audit. We used three risk categories in our risk assessment- financial, operational, and compliance as defined below:
- Financial: The risk that an event related to the purchase card could occur that has a significant financial effect on the agency’s budget process
- Operational: The risk that an event related to the purchase card could be negatively affected by inadequate, ineffective, or failed business processes, human capital, or technology and information management
- Compliance: The risk that an event related to the purchase card could hamper the program’s ability to comply with applicable laws, regulations, or internal policies and procedures related to the purchase card.
We assessed the impact and likelihood of risks by risk category considering the effect of internal controls, the results of prior audits and other relevant documentation. We assigned a level of low, medium, or high. We combined the impact and likelihood of each risk category to arrive at an overall risk level. Table -1 below summarizes our risk assessment results:
Table -1 Risk Assessment By Risk Category
Risk Category |
Impact |
Likelihood |
Overall Risk Level |
Financial |
LOW |
LOW |
LOW |
Operational |
LOW |
LOW |
LOW |
Compliance |
LOW |
MEDIUM |
LOW |
Conclusion
The results of our risk assessment show that the risk of illegal, improper, or erroneous use in the EEOC’s purchase card program is low. As a result, we will not include an audit of the purchase card program in the OIG’s 2016 annual audit plan.
This report is provided for informational purposes, and a response is not required. If you have any questions, please contact me or Willie Eggleston, Senior Auditor at X4372.
cc: Cynthia Pierre, Chief Operating Officer
Mona Papillon, Deputy Chief Operating Officer
Germaine Roseboro, Chief Financial Officer