GSA SmartPay Conference Citi Support: Techniques for Establishing a Successful Audit Process David Ruda Product Manager / Director, Citi
11 th Annual GSA SmartPay Conference Phoenix, Arizona July 28 th - July 30 th, 2009
Techniques for Establishing a Successful Audit Process House Rules To ensure the best possible learning experience for participants, please adhere to the following house rules: Turn cell phones and pagers to vibrate Hold questions to end of session Must be scanned to receive CLP credits For each course Unanswered Questions Q-Cards & Ballot Boxes Answer to be emailed after the conference - within 45 days
Techniques for Establishing a Successful Audit Process Goals & Objectives This session is designed to enhance your knowledge of techniques that will assist you to more effectively and proactively manage your card program and prepare for an audit.
Agenda 1. 2. 3. Compliance 4. 5. Tools 6. Establishing an Audit Program Tips for Establishing Policies and Procedures Fraud, Waste and Misuse Indicators Summary
Basic Card Program Building Blocks 6 Steps to Remember Controls & Audit Reporting Back data integration, vendor spending review Have visibility into spending & audit triggers Reconciliation Have proper procedures in place Payment & Settlement Use automation & default accounting codes when possible Order Placement Match cardholder controls to your ordering guidelines Sourcing Transparency & knowing your contract terms & conditions
1. Establishing an Audit Program
1. Establishing an Audit Program Getting Started Why do you need an audit program? GAO s Mandate Strengthen internal controls Ability to detect fraud, waste and abuse Create your team Get your stakeholders involved Use technology when possible Mandate training Start before the card is used Implement peer reviews
1. Establishing an Audit Program Pre-planning is critical Project Plan Basics Setting objectives Establishing the scope What do you want to test? Not a fishing trip Creating a project charter Identifying business processes Sources of supply? Reconciliation? Identifying risks Identifying controls
1. Establishing an Audit Program Create Self Audit Control Questionnaire Identifies Where You Need Help Do cardholders, AO, A/OPCs understand the purpose, policies and procedures governing the use of cards? Have all cardholders received training on the use of their card prior to using? Do cardholders and approvers receive reminders when there are statements to review? Do cardholders and approvers know what the accounting cycle cut-off dates are, and the day of the month when transactions post? Do cardholders know who to contact if their card is lost, stolen or compromised?
1. Establishing an Audit Program Create Self Audit Control Questionnaire Identifies Where You Need Help (continued) Do cardholders know that splitting a purchase into more than on charge to stay under their approved transaction limit is prohibited? Are all original receipts or other supporting documentation retained per agency policy?
1. Establishing an Audit Program Start with the problem areas Purchase Cardholder reconciliation Approving Official review Split/Fragmented Payment Exceeded Cardholder Authority Training Program Travel Delinquencies Expense Report Submission Cash advances Declined authorizations Appropriate Travel Management Centers (TMC) Use of GSA City Pair Airfare Training Program
1. Establishing an Audit Program Main Components of an Audit Program THE TOP THREE! Ongoing Card Program Reviews Document Retention Audits Internal Periodic Audits
1. Establishing an Audit Program Ongoing Card Program Reviews Frequent card program reviews (e.g. weekly or monthly) should be conducted by the Program Administrator to identify any misuse Items to watch for: Split transactions (i.e. two or more transactions which show the following similarities: same date, same supplier, same cardholder, and same amounts) Unusual increase in the cardholder s average spend and/or highest spend amount Purchase amounts over transaction limits Purchase amounts within one percent to three percent below purchase limits Purchases with unauthorized suppliers
1. Establishing an Audit Program Document Retention Audits AOPCs should also conduct periodic audits to ensure compliance with the your documentation and retention policies. A documentation and retention audit specifically includes: Confirmation that all cardholders have completed the mandatory cardholder training Verification that all cardholders have a signed, upto-date Cardholder Agreement on file Analysis of all records to ensure that all card program or user profile changes are properly documented Review of card statements to ensure that cardholders are retaining purchase receipts with the statements
1. Establishing an Audit Program Internal Periodic Audits Internal audits should be performed periodically and include a review of card statements. Card statements should be audited for: Compliance with review, approval, and documentation/retention policies Frequency of exception requests (e.g. transaction limits and MCC blocks) Purchases with non-compliant suppliers and spend types
1. Establishing an Audit Program Internal Periodic Audits Finding the High Risk Population! Perform a random sample Start with 5 10 percent of active cardholders Include 50% of at risk cardholders At-risk cardholders typically meet one or more of the following criteria: Review high-dollar transactions Review high frequency of transactions within the billing cycle Look a prior history of non-compliance (e.g. spend with unauthorized suppliers or blocked MCCs)
2. Tips for Establishing Policies & Procedures
2. Tips for Establishing Policies & Procedures Policies Should Encourage Risk Management over Risk Avoidance Set specific policies to ensure proper controls are in place Create cross-functional team when establishing policies Involve auditors, IG representatives Publish procedures and widely distribute Develop agency-wide newsletters Use your intranet Incorporate policies into new cardholder training Use policies as the outline for training agenda
2. Tips for Establishing Policies & Procedures Communication is Key! Develop reminder messages for all cardholders and managers Use statement messages or broadcast e-mails Review policies and procedures annually Modify according to audit findings and feedback received during training sessions
2. Tips for Establishing Policies & Procedures Suggested Elements for Your Formal Guidelines Identify and clearly outline the following in your formal guidelines: Who should / should not have cards How to obtain, change and close an account Training requirements References to FARs Don t buy list Supply sources Reconciliation procedures Audit procedures and frequency Review actual fraud / misuse cases Applying authorization controls Use MCC blocks to assist with enforcement of don t buy list Limit spending withing MCCs Review transactions and modify as necessary
3. Compliance
3. Compliance Record keeping and document retention Measure compliance with records Determine appropriate storage centralized / decentralized Investigate electronic storage Review proper record keeping techniques during training using actual examples Maintain attendance sheets from each training session Ensure all cardholders sign an agreement
3. Compliance Program Audit Tool NEW! For SmartPay 2 Program Audit Tool: An audit, assessment and compliance assistance tool Electronic record of enforcement of policies Identifies Transaction of Interest that meet predefined business rules Allows AOs, APCs and auditors ability to identify misuse, abuse and perform monthly audit requirements Rules-based filters Dashboard summary view Report cards Integrated with Citibank Custom Reporting System (CCRS)
4. Fraud Waste and Misuse Indicators
4. Fraud Waste and Misuse Indicators Account Management Exceptions Account credit limit in excess of <X> Single transaction limit in excess of <X> Account cash limits over <X> Account cash limits over <X>% of total account credit limit New account not activated within 30 days of open date New account not used within <X> months of account open date # of cardholder accounts per hierarchy unit <X> # cardholder account per billing account <X> # of inactive accounts per billing account, inactive = no activity for Y months NSF payment NSF payment with history of other NSF Posted payment amount that is <X>% of cardholder credit limit (111% recommendation)
4. Fraud Waste and Misuse Indicators Transaction Exception Rules Posted Transactions (s) causing over cardholder credit limit status Merchant city = cardholder account city <X>% of transaction from same merchant over <Y> billing cycles More than <X> # of merchant credits per billing cycle Merchant name = last name of cardholder Transaction amount in excess of account Single Credit Limit Single transaction amount within <X>% of credit limit Transaction amount over $<X> Posted transaction on closed account Suspect Merchant Names <X> Split Ticket -- multiple trans from same merchant, same tran date
5. Tools
5. Tools Program Audit Tool PAT! New menu option: Integrated into existing CCRS tool Automated mechanism to locate transaction and accounts of interest - We can spot the bad guys
5. Tools Program Audit Tool The Stop Light! Summary Report (example) Quick Recap - Red = Found violations - Green = No violations Drill down capability when violations are found
5. Tools Program Management is Easy with the Right Tools Here are some ideas: Employ electronic audit methods Test all transactions each month Use Citibank electronic tools to identify transactions requiring more research Transactions by MCC Review declined transactions
5. Tools Program Management is Easy with the Right Tools Here are some ideas: Similar transactions each month GSA s Blueprint for Success GAO Web site: www.gao.gov Auditing and Investigating the Internal Controls of Government Purchase Card Programs (Publication no: GAO-03-678G) OMB: www.whitehouse.gov/omb Improving the management of the government chargecard program
Techniques for Establishing a Successful Audit Process Summary This session was designed to enhance your knowledge of techniques that will assist you to more effectively and proactively manage your card program and prepare for an audit.
Navigating the GSA SmartPay Conference Reminders Thank you for attending! Visit the Citibank Welcome Center North Building, Outside Room 124A National Industries for the Blind will have a display of products Conference Slide Show come see yourself shine! Visit the Citibank One-on-One Mini Sessions! North Room 131 The GSA Survey Tell us your thoughts
Terms & Disclosures IRS Circular 230 Disclosure: Citigroup Inc. and its affiliates do not provide tax or legal advice. Any discussion of tax matters in these materials (i) is not intended or written to be used, and cannot be used or relied upon, by you for the purpose of avoiding any tax penalties and (ii) may have been written in connection with the "promotion or marketing" of any transaction contemplated hereby ("Transaction"). Accordingly, you should seek advice based on your particular circumstances from an independent tax advisor. Any terms set forth herein are intended for discussion purposes only and are subject to the final terms as set forth in separate definitive written agreements. This presentation is not a commitment to lend, syndicate a financing, underwrite or purchase securities, or commit capital nor does it obligate us to enter into such a commitment. Nor are we acting in any other capacity as a fiduciary to you. By accepting this presentation, subject to applicable law or regulation, you agree to keep confidential the existence of and proposed terms for any Transaction. Tuesday, July 28, 2009 Prior to entering into any Transaction, you should determine, without reliance upon us or our affiliates, the economic risks and merits (and independently determine that you are able to assume these risks) as well as the legal, tax and accounting characterizations and consequences of any such Transaction. In this regard, by accepting this presentation, you acknowledge that (a) we are not in the business of providing (and you are not relying on us for) legal, tax or accounting advice, (b) there may be legal, tax or accounting risks associated with any Transaction, (c) you should receive (and rely on) separate and qualified legal, tax and accounting advice and (d) you should apprise senior management in your organization as to such legal, tax and accounting advice (and any risks associated with any Transaction) and our disclaimer as to these matters. By acceptance of these materials, you and we hereby agree that from the commencement of discussions with respect to any Transaction, and notwithstanding any other provision in this presentation, we hereby confirm that no participant in any Transaction shall be limited from disclosing the U.S. tax treatment or U.S. tax structure of such Transaction. We are required to obtain, verify and record certain information that identifies each entity that enters into a formal business relationship with us. We will ask for your complete name, street address, and taxpayer ID number. We may also request corporate formation documents, or other forms of identification, to verify information provided. Any prices or levels contained herein are preliminary and indicative only and do not represent bids or offers. These indications are provided solely for your information and consideration, are subject to change at any time without notice and are not intended as a solicitation with respect to the purchase or sale of any instrument. The information contained in this presentation may include results of analyses from a quantitative model which represent potential future events that may or may not be realized, and is not a complete analysis of every material fact representing any product. Any estimates included herein constitute our judgment as of the date hereof represent potential future events that may or may not be realized, and is not a complete analysis of every material fact representing any product. Any estimates included herein constitute our judgment as of the date hereof and are subject to change without any notice. We and/or our affiliates may make a market in these instruments for our customers and for our own account. Accordingly, we may have a position in any such instrument at any time. Although this material may contain publicly available information about Citi corporate bond research, fixed income strategy or economic and market analysis, Citi policy (i) prohibits employees from offering, directly or indirectly, a favorable or negative research opinion or offering to change an opinion as consideration or inducement for the receipt of business or for compensation and (ii) prohibits analysts from being compensated for specific recommendations or views contained in research reports. So as to reduce the potential for conflicts of interest, as well as to reduce any appearance of conflicts of interest, Citi has enacted policies and procedures designed to limit communications between its investment banking and research personnel to specifically prescribed circumstances. 2009 Citibank, N.A. All rights reserved. Citi, Citi Arc Design, CitiDirect, Citimanager, Citibank Custom Reporting System, Citibank Electronic Reporting System, are trademarks and service marks of Citigroup Inc. or its affiliates and are used and registered throughout the world. In January 2007, Citi released a Climate Change Position Statement, the first US financial institution to do so. As a sustainability leader in the financial sector, Citi has taken concrete steps to address this important issue of climate change by: (a) targeting $50 billion over 10 years to address global climate change: includes significant increases in investment and financing of alternative energy, clean technology, and other carbon-emission reduction activities; (b) committing to reduce GHG emissions of all Citi owned and leased properties around the world by 10% by 2011; (c) purchasing more than 52,000 MWh of green (carbon neutral) power for our operations in 2006; (d) creating Sustainable Development Investments (SDI) that makes private equity investments in renewable energy and clean technologies; (e) providing lending and investing services to clients for renewable energy development and projects; (f) producing equity research related to climate issues that helps to inform investors on risks and opportunities associated with the issue; and (g) engaging with a broad range of stakeholders on the issue of climate change to help advance understanding and solutions. Citi works with its clients in greenhouse gas intensive industries to evaluate emerging risks from climate change and, where appropriate, to mitigate those risks.
2009 Citibank, N.A. All rights reserved. Citi, Citi and Arc Design and CitiDirect are trademarks and service marks of Citigroup Inc., used and registered throughout the world.