AUDIT SCOPE AND METHODOLOGY
Our objective was to determine whether the DEA's management controls over the use of third party payments included adequate safeguards against waste, unauthorized use, and theft.
We conducted the audit in accordance with Government Auditing Standards and included such tests of the program records as were necessary. Our audit focused on operations for FY 1995 through the third quarter of FY 1996. We conducted work at DEA Headquarters, at field offices in Atlanta, Chicago, Detroit, Ft. Worth, Houston, Los Angeles, Miami, New York City, and San Diego, and at the training academy in Quantico, VA. We selected field offices that issued a large dollar volume of third party payments in FY 1995.
To assess the adequacy of management controls over the use of third party payment and compliance with the Federal Managers' Financial Integrity Act of 1982 and DEA policy, we: (1) interviewed DEA Headquarters' staff to identify policies and procedures governing the use of third party payments, (2) reviewed and identified controls in the DEA Manual and JMD Handbook, (3) reviewed the daily and monthly reconciliations of issued checks to checks paid by the bank, and (4) reviewed the FY 1995 compliance reviews of the third party payment sites.
To determine the effectiveness of management controls, we developed a test based upon the controls identified in the DEA Manual and JMD Handbook. Both establish required controls regarding: (1) responsibilities of the employees involved in the system; (2) authorized uses of third party payments; (3) separation of specific duties; (4) security over computer access and check stock; (5) reviewing, approving, and supporting purchases paid with third party payments; (6) filing of payment documentation; and (7) reconciliation of the payment system and bank records. We worked with DEA managers to determine which controls were critical, meaning the controls were needed to ensure that payments made with third party checks were valid. To evaluate these controls, we used a statistical sampling methodology to select a sample of checks that would be a true representation of the population.
The population consisted of all third party payments issued during the period October 1, 1994 through September 30, 1995. We tested the reliability of data from the FMIS by comparing it to source documents. Based on these tests, we concluded the data was sufficiently reliable to meet the audit's objectives.
We sampled 100 third party payments valued at $45,022 from a population of 69,336 valued at $30,159,429. Based on our testing, we are 95 percent confident that the error rate for four of eight controls tested was at or less than 5 percent. The four controls were: (1) expense limits; (2) matching document information; (3) review of check; and (4) draft disbursing office signature, payee and check amounts. We considered a 5 percent error rate acceptable because the cost of preventing all errors would exceed the benefit obtained. We reported the results for the test of the remaining controls: (1) supporting documents, (2) authorized expenses, (3) approvals, and (4) stamping voucher packages "PAID."
To determine if third party payments were supported, we reviewed the completeness of voucher packages. The supporting documents included required forms, invoices/receipts, copy of the check, receiving report or statement of goods and services received, and memo justifying expense. Each type of payment required a separate form, either a: (1) Claim for Reimbursement for Expenditures on Official Business (SF-1164); (2) Motor Vehicle Repair Request/Authorization (DEA-349a); (3) On-The-Spot Awards; (4) Training (SF-182); (5) Requisition for Equipment, Supplies, and Services (DEA-19); (6) Order for Supplies and Services (OF-347); (7) Travel Authorization (DOJ-501); and (8) Travel Voucher (SF-1012). In addition, invoices, receipts, and the yellow copy of the check should accompany each payment. A receiving report or statement acknowledging receipt of goods or services or a memo justifying the expense should accompany all payment other than advances.
To determine if the third party payments were authorized, we reviewed required supporting documents to identify the type of expense paid. The DEA Manual and JMD Handbook restricts the type of expenses that can be reimbursed with third party payments to imprest-fund type expenses, travel reimbursements, small purchases, and investigative expenses.
To determine if the third party payments were approved, we reviewed the required supporting documents for approval signatures. The DEA required approving signatures to ensure that purchases made by third party payment were allowable. Required signatures included those of the: (1) supervisor on a SF-1164, On-The-Spot Awards form, SF-182, and an SF-1012; (2) Contracting Officer on a DEA-349a, DEA-19, and an OF-347; (3) Training Officer on an SF-182; (4) office head on a DOJ-501; and (5) voucher auditor on an SF-1012.
To determine if the third party payments were marked as paid, we reviewed the voucher packages for the required statement. The DEA Manual and the JMD Handbook required the voucher packages be marked "PAID."
To assess the adequacy of management controls over the use of third party payments at DEA field offices, we: (1) interviewed DEA staff to identify any supplemental policies and procedures for the use of third party payments, (2) observed security practices to ensure required controls were functioning properly, (3) tested transactions to ensure purchases were processed and documented properly, and (4) verified the existence of a judgmental sample of vendors.