Embed Size (px)
Citation preview
Setting Controls for Setting Controls for Purchasing Card Purchasing Card
ProgramsPrograms
Marty NewmanMarty Newman
Tammy YanulevichTammy Yanulevich
University of MarylandUniversity of Maryland
2014 NAEP District II2014 NAEP District II
ControlsControlsCard AssignmentCard Assignment
Background ChecksBackground Checks
AgreementsAgreements
ApproversApprovers
LimitsLimits
RestrictionsRestrictions
TrainingTraining
ReviewsReviews
Separation of EmploymentSeparation of Employment
Upper Management SupportUpper Management Support
Card AssignmentCard Assignment
CardholdersCardholders
ApproversApprovers
Background ChecksBackground Checks
Check with Legal and HRCheck with Legal and HR
Contract Established?Contract Established?
Who Pays?Who Pays?
What is Expected Gain?What is Expected Gain?
Cardholder AgreementsCardholder AgreementsRequires SignaturesRequires Signatures– Department HeadDepartment Head– CardholderCardholder– ApproverApprover
Includes Responsibilities and Includes Responsibilities and ConsequencesConsequences
Form approved by Legal and HRForm approved by Legal and HR
Cover Memo with InstructionsCover Memo with Instructions
Password Protect Your FormsPassword Protect Your Forms
To: Prospective Purchasing Cardholders From: Marty Newman Assistant Director – Delegated Procurement Subject: Applying for Purchasing Cards Thank you for applying for a University of Maryland purchasing card. There are responsibilities and restrictions associated with becoming a UM cardholder. Prior to applying for a purchasing card, please review the responsibilities and restrictions located on the Internet at http://www.purchase.umd.edu/general/pcardresponsibilites.html and http://www.purchase.umd.edu/general/pcardrestrictions.html. Following is the University of Maryland’s Purchasing Cardholder Agreement form. Please complete all the required fields, sign it, and have it signed by your department head and assigned Reviewers (one of which must be your supervisor). Please provide your and your Reviewers’ UID, the unique nine-digit number assigned by the University to all students, employees, or affiliates where required (do not use social security numbers, UMID numbers, or Directory IDs). Feel free to contact us if you need assistance locating your UID. Mail the completed form to Delegated Procurement Team at the above address (originals only – no faxed or emailed copies), and we will process your agreement upon receipt. All cardholders are required to complete a purchasing card training session; purchasing card training is available through Blackboard, the University’s web based instruction tool. Once the card is received from the bank, we will give you access to online purchasing card training, and will contact you when access has been created. We will coordinate access to the Blackboard system for you (based on receipt and completion of the cardholder agreement). You may also submit a request for online training by sending an email request to [email protected]. We look forward to working with you. Should you have any questions or concerns regarding the purchasing card program, please contact the Delegated Procurement Team at 301-405-5834.
STATE OF MARYLAND CORPORATE PURCHASING CARD PROGRAM CARDHOLDER AGREEMENT I, , hereby request a Corporate Purchasing Card. As a cardholder, I agree to comply with the following terms and conditions related to the use of the card: 1. I understand that I am being delegated the authority to purchase supplies and services on behal f of the
University of Maryland, using the State of Maryland Corporate Purchasing Card. 2. I agree that this card will be used for approved purchases only and, further, that I will not charge any
personal purchases to this card. All purchases must be made in accordance with applicable laws and regulations, including, but not limited to, sponsored project terms and conditions, the UMCP Policy and Procedures for Delegated Purchasing Authority, Policy VIII-3.10 (B), revised 5/00, the State of Maryland Corporate Purchasing Card Program Policy and Procedures, the UM Purchasing Card User’s Guide, and the UM Purchasing Card Policies and Procedures. I understand that my failure to follow established procedures may result in disciplinary actions against me, including loss of leave time, suspension and/or termination of employment, fine, and/or criminal prosecution.
3. I agree to return the card immediately upon suspension and/or termination (including retirement) or upon reassignment to another UM Department or cost center. Also, I agree to return the card immediately upon request of my supervisor and that disciplinary actions referred to in paragraph 2 would also apply for failure to do so.
4. If the card is lost or stolen, I agree to immediately notify Bank of America and the Purchasing Card Program Administrator.
STATEMENT OF COMPLIANCE I certify that I shall purchase supplies or services in accordance with applicable COMAR, State of Maryland, UM Procurement Policy and UM Corporate Purchasing Card policy and procedures. I certify that, to the best of my knowledge and belief, all of my statements are true, correct, complete, and made in good faith, and subject to applicable State of Maryland Code of Maryland Regulations, UM Procurement Policy and all other applicable laws and regulations; I further acknowledge and certify that I shall be personally responsible for any unauthorized Corporate Procurement Card purchase. I hereby authorize the State to deduct from my payroll check and from any other payments to me the amount of such unauthorized purchases made on the Corporate Purchasing Card issued to me. STATEMENT OF UNDERSTANDING I understand that, pending all approvals, I will be given access to information contained in University administrative and/or academic computer systems solely for the purpose of fulfilling my official job duties. I agree to keep all information in a manner that is appropriate to its content and to keep any personally identifiable information confidential, kept out of public view, and stored in a secure location/form whether it is in paper copy, contained in software, visible on screen displays, in computer readable, or any other form. I understand I am solely responsible for my use of this information, including its disclosure to others. I therefore agree not to re-disclose or provide access to this information except as authorized by my job duties and in compliance with federal and state laws and University policy. Neither curiosity nor personal relationships provide a basis for any breach of confidentiality. By signing the Account Reviewer Access form, I acknowledge I am the only authorized user of the assigned Purchasing Card account(s), and that I will take steps to maintain the security, confidentiality,
and integrity of any information accessed by me. These steps include protecting the confidentiality of my password to ensure others may not use it to access my account. I have read the University of Maryland Guidelines for the Acceptable Use of Computing Resources available at http://www.umd.edu/aug. I have had the opportunity to have my questions regarding these Guidelines, or my access to and use of the Information answered. I understand providing Information for unauthorized uses or otherwise violating University confidentiality policies relating to the information may result in disciplinary action, including my dismissal and prosecution under applicable federal or state laws. If I am a student employee, I understand that misuse also may result in a referral to the Student Judicial Board. By signing this form, I verify I have read and understood this form, and agree to comply with its contents.
Approved by:
Cardholder Signature/Date Department Head Name/Title (Print or Type)
Cardholder University ID Number (U ID) – Do not give Social Security Number
Department Head Signature/Date
Do not complete shaded area.
Department UM Fiscal Officer Signature
FRS Account Number UM Procurement Card Program Administrator
Approval Required for Grant or Contract Account □ No □ Yes
Office of Contract & Grant Accounting (OCGA) Signature
Please Print or Type – All information Must be completed or a delay in processing may occur.
UM Purchasing Cardholder Information
Cardholder Name (up to 24 characters) Address Line 1: Department Name (up to 36 characters)
Telephone Number (10 numbers) Address Line 2: Business Address (up to 36 characters)
E-mail Address City State Zip Code
Cardholder Controls
$ $
Single Transaction Limit (Choose $2,500 or $5,000)
Monthly Credit Limit (Recommended Limit is between $5,000-$15,000)
Reviewer Information
Reviewer(s) – Person(s) authorized to review and approve Purchasing Card Transaction Logs Reviewer(s): I certify that I will review the purchasing card transactions monthly to ensure that receipts for all transactions are filed, the Visa statements have been reconciled, all transactions have been accurately recorded, and are allowable, appropriate and authorized charges. I understand and will perform the duties of reviewer as detailed in the UM Purchasing Card User's Guide, available on the Department of Procurement and Supply’s website at www.purchase.umd.edu. I also understand that my failure to follow established procedures may result in disciplinary actions against me, including reimbursement of unauthorized purchases, loss of leave time, suspension and/or termination of employment, fine, and/or criminal prosecution. Reviewer(s) please review Statement of Understanding on page one and two for additional information before signing.
Name:
Name:
Phone Number: Phone Number:
Email: Email:
U ID Number: U ID Number:
Signature: Signature:
**If adding more than 2 additional Reviewers, please complete Account Reviewer Access form.
To Be Completed When Card is Picked Up From Procurement & Supply I have completed a Purchasing Card training session and have received my new UM Purchasing Card. Cardholder Signature (no designee)________________________________________ Date _______________
ApproversApprovers
SupervisorSupervisor
Business ManagerBusiness Manager
Detail OrientedDetail Oriented
Accepts ResponsibilitiesAccepts Responsibilities
Approver Form requires Signatures and Approver Form requires Signatures and cites Responsibilities and Consequencescites Responsibilities and Consequences
Documented Review CompletionDocumented Review Completion
Card LimitsCard Limits
Single Transaction Limit (tied to non-Single Transaction Limit (tied to non-compete limit)compete limit)
Monthly Credit Limit (reasonably assigned Monthly Credit Limit (reasonably assigned and reviewed)and reviewed)
Daily # of TransactionsDaily # of Transactions
Expiration Expiration
RestrictionsRestrictions
MCC MCC
PolicyPolicy
TrainingTraining
Mandatory Training with TestMandatory Training with Test
Reviewer TrainingReviewer Training
Refresher TrainingRefresher Training
ReviewsReviews
100%100%
Percentage of TransactionsPercentage of Transactions
On Site On Site
RemoteRemote
CyclicalCyclical
Separation of EmploymentSeparation of Employment
Immediate Cancellation of CardImmediate Cancellation of Card
ResponsibilityResponsibility
Suspend Cards for Extended AbsenceSuspend Cards for Extended Absence
Upper Management SupportUpper Management Support
Red FlagsRed Flags
Avoiding ReviewAvoiding Review
Late Record SubmittalLate Record Submittal
Lost/Missing ReceiptsLost/Missing Receipts
Accidental Personal TransactionsAccidental Personal Transactions
Cardholder Placed on ProbationCardholder Placed on Probation
What’s the Difference Between What’s the Difference Between Fraud, Misuse and Negligence?Fraud, Misuse and Negligence?
FraudFraud
A deception deliberately practiced in order to A deception deliberately practiced in order to secure unfair or unlawful personal gainsecure unfair or unlawful personal gain
Misuse Misuse
Restricted purchases - Restricted purchases - not for personal not for personal gaingain
Examples of misuse include:Examples of misuse include:– Purchasing gift cards or other cash Purchasing gift cards or other cash
equivalentsequivalents– Intentionally splitting a purchase to circumvent Intentionally splitting a purchase to circumvent
delegated authority (by one or more delegated authority (by one or more cardholders)cardholders)
– Sharing cardsSharing cards
Negligence Negligence
Sloppy recordkeeping - Sloppy recordkeeping - not for personal not for personal gaingain
Unsecured record retentionUnsecured record retention
Lack of receiptsLack of receipts
Unsigned documentsUnsigned documents
Missing statementsMissing statements
Lack of additionally required Lack of additionally required documentation documentation
Consequences of FraudConsequences of Fraud
RestitutionRestitution
Termination of EmploymentTermination of Employment
ImprisonmentImprisonment
Consequences of Misuse and Consequences of Misuse and NegligenceNegligence
Make the punishment fit the crimeMake the punishment fit the crime
Institute the “3 strikes, you’re out” ruleInstitute the “3 strikes, you’re out” rule
Suspend card until cardholder attends Suspend card until cardholder attends another traininganother training
Cancel the card (coordinate with Cancel the card (coordinate with department)department)
Deter Fraud, Misuse and Deter Fraud, Misuse and NegligenceNegligence
Ingredients in Pcard FraudIngredients in Pcard Fraud
OpportunityOpportunity
MotivationMotivation
RationalizationRationalization
Why Does Fraud Occur?Why Does Fraud Occur?
Premeditated, calculated act to defraud Premeditated, calculated act to defraud institutioninstitution
Crime of necessity (personal financial Crime of necessity (personal financial need)need)
Crime of passion (desperation)Crime of passion (desperation)
Incident of bad judgmentIncident of bad judgment
Inattentive ApproversInattentive Approvers
How Does Fraud Occur?How Does Fraud Occur?
Services paid for, but not received (usually Services paid for, but not received (usually involves two individuals)involves two individuals)
Personal purchases made, and removed Personal purchases made, and removed from institution’s property or shipped to from institution’s property or shipped to another locationanother location
Personal purchases made in combination Personal purchases made in combination with authorized goods/serviceswith authorized goods/services
Program weaknessesProgram weaknesses
Program WeaknessesProgram Weaknesses
Program has too many cardholdersProgram has too many cardholdersReviewers responsible for too many Reviewers responsible for too many cardholderscardholdersInsufficient trainingInsufficient trainingFaltering Reviewer (very dangerous as Faltering Reviewer (very dangerous as this is the first line of defense)this is the first line of defense)Lack of/or insufficient program oversightLack of/or insufficient program oversightWe must have proper mechanisms We must have proper mechanisms installed to detect and halt fraud installed to detect and halt fraud
You Found Fraud/Abuse, You Found Fraud/Abuse, Now What?Now What?
Create a Plan of Action and get it Create a Plan of Action and get it approved approved
Plan of Action ComponentsPlan of Action Components
Confirm fraud occurredConfirm fraud occurred
Review each transaction with Review each transaction with cardholder’s supervisorcardholder’s supervisor
Prepare detailed list of suspected Prepare detailed list of suspected transactionstransactions
InvestigateInvestigate
Plan of Action ComponentsPlan of Action Components
Create Log of EventsCreate Log of Events– Date when made aware of questionable or Date when made aware of questionable or
suspected transactions with detailssuspected transactions with details– Investigation techniques and discoveriesInvestigation techniques and discoveries– Record facts only – no dialogueRecord facts only – no dialogue– Copy of signed cardholder agreement and Copy of signed cardholder agreement and
training sign-in sheettraining sign-in sheet– Review transactions as far back as when card Review transactions as far back as when card
was initially issuedwas initially issued– Update log regularlyUpdate log regularly
Plan of Action ComponentsPlan of Action Components
Inform your supervisor/department headInform your supervisor/department head
Contact Institution’s Legal OfficeContact Institution’s Legal Office
Contact Institution’s Human Resources Contact Institution’s Human Resources Office or Office of ProvostOffice or Office of Provost
Get cardholder’s department head on Get cardholder’s department head on boardboard
Contact issuing bank to report potential Contact issuing bank to report potential cardholder fraudcardholder fraud
Plan of Action ComponentsPlan of Action ComponentsCardholder’s department head confronts Cardholder’s department head confronts cardholder (personnel action)cardholder (personnel action)
Cancel cardCancel card
Obtain duplicate receipts if needed Obtain duplicate receipts if needed (vendor will contact cardholder) (vendor will contact cardholder)
Know your deadlines (filing of fraud Know your deadlines (filing of fraud insurance, HR deadlines)insurance, HR deadlines)
Based on the situation, discuss restitution Based on the situation, discuss restitution and employment termination of cardholderand employment termination of cardholder
Plan of Action ComponentsPlan of Action Components
Identify which control failedIdentify which control failed
Implement changes to programImplement changes to program
Announce to campusAnnounce to campus
Sharing Some Lessons Sharing Some Lessons LearnedLearned
Lessons LearnedLessons Learned
Instruct Approvers to conduct an exit review Instruct Approvers to conduct an exit review of departing cardholder’s transactionsof departing cardholder’s transactionsEnsure sensitive equipment (computers, Ensure sensitive equipment (computers, digital cameras, etc.) are tagged in inventorydigital cameras, etc.) are tagged in inventoryDocument attendance at training sessionsDocument attendance at training sessionsKnow that California vendors uphold privacy Know that California vendors uphold privacy act; they require legal action to obtain act; they require legal action to obtain receiptsreceiptsCell phone vendors similar to California Cell phone vendors similar to California vendorsvendors
Lessons LearnedLessons LearnedWatch for altered receiptsWatch for altered receipts
Receive notification that the reviews have Receive notification that the reviews have been completedbeen completed
Obtain a copy of the Liability Waiver in Obtain a copy of the Liability Waiver in advance; know requirements and time advance; know requirements and time constraintsconstraints
Inform all cardholders and reviewers of Inform all cardholders and reviewers of what, when and why fraud occurredwhat, when and why fraud occurred
Trust everyone – audit anywayTrust everyone – audit anyway
Questions and AnswersQuestions and Answers
