Acquisition Cards Program
Archived information is provided for reference, research or recordkeeping purposes. It is not subject à to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Best Practices Guide
Treasury Board Secretariat – Deputy Comptroller General Branch
Objective and Scope
The purpose of this guide is to provide information that will help federal departments administer and control the acquisition card program. The guide will assist responsibility centre managers, individuals doing purchases on their behalf, procurement managers and financial managers by providing them with control standards to achieve a higher and more consistent standard of control. This guide is complementary to the Acquisition Card Policy issued by Treasury Board and should be used along with the policy.
Acquisition cards were approved for use in government departments and agencies in late 1991. The cards were made available government-wide through contracts established with acquisition cards providers. Post implementation evaluations were carried out in 1993 and again in 1996. As a result, an updated policy and procedural guidelines were issued by the Treasury Board Secretariat in 1996. In 1997, new contracts were again issued following a formal competitive bidding process.
The acquisition card has been in the forefront of most procurement and payment process improvements in departments. As at October 1997, more than 23,000 cards were in use and the monthly purchasing volume exceeded $20 million. The increasing use of acquisition cards has had an impact on the traditional paper based control framework. As a result, there are concerns about increased risk of error or abuse that might go undetected.
In 1997, the Office of the Auditor General conducted a government-wide review of acquisition card usage. Although it concluded that no serious losses could be found at this time, the report stressed the need for better controls and better monitoring by departments.
In response to concerns over the potential risk, the Treasury Board Secretariat initiated a project to identify an appropriate control framework that would help further minimize the potential risks and thereby improve the comfort level of government managers without jeopardizing the benefits of increased card use.
Acquisition Card Control Framework
The Acquisition Card Program includes several processes and involves, even in departments where a limited number of cards are in use, a large number of individuals. A sound control framework should address all of the potential exposures to risk throughout each step of the process. The control framework is designed to create an environment of control where the confidence in any of the different processes will be increased by the presence of additional and complementary controls in all the other steps or processes involved.
The administration of the acquisition card program can be divided in six areas where controls should be in place which are:
- Overall Management of the Program
- Issuance and Control of Cards
- Using the card
- Information and Monitoring
- Accounting and Payment
- Ongoing review
The following is a set of recommended responsibilities and control guidelines designed to reduce exposure to risk for each of the areas involved in using acquisition cards.
- Overall Management of the Program
In many departments, the use of acquisition cards as a procurement and payment method has now reached the point where purchases of several million dollars are effected every month. Government-wide, over 75,000 transactions are now made every month. The acquisition card program deserves increasing recognition on the part of senior departmental officials for two reasons, 1) all the benefits and cost-efficiencies that the use of acquisition cards bring to departmental management, and 2) the risks which are introduced by the adoption of a new innovative payment method.
Departmental Senior Management
- A national departmental acquisition card co-ordinator is to be appointed to be responsible for the overall management of the program. The national co-ordinator would be responsible for liaising with the acquisition card issuers and for carrying out all the various tasks assigned to that person by the Acquisition Cards Policy issued by Treasury Board.
- Departmental senior management must ensure that the internal policies and procedures developed for the use of the cards are complete and accompanied with an appropriate training plan to ensure that all those involved in the use and processing of the acquisition cards are fully aware of their roles, responsibilities and obligations. Training should address both cardholders and managers needs and cover areas such as responsibilities and obligations, protection of the card, procurement activities with an acquisition card, the payment process, reconciliation and accounting requirements.
- Departmental senior management must ensure that the requirements of the Treasury Board policies, concerning acquisition cards, procurement and contracting processes, are fully respected.
- For larger departments, consideration should be given to the appointment of regional, functional or branch co-ordinators that would assist the national coordinator in the administration of the program and ensure its effectiveness. In such a case, the departmental co-ordinator would be responsible for ensuring that regional, functional or branch co-ordinators are provided with adequate information and training.
2. Issuance and renewal of cards
The issuance and renewal process is a key step in the acquisition cards' administration program because it brings together the departmental co-ordinator, the responsibility centre manager and the cardholder. It is at this stage that training and dissemination of information should take place to ensure adequate communication of policies, procedures, need for control, potential risks, and understanding of the role and responsibilities of the various people involved in this process, i.e., cardholder, manager, co-ordinator, etc.
Departmental Co-ordinator (DC)
- In large departments, the following guidelines are applicable to all levels of coordinators, national, regional, functional or branch.
- The departmental co-ordinator must take the necessary steps to ensure that cardholders are properly informed and trained in the use of acquisition cards before received their cards. This can be partially achieved by using the information packages made available by the card issuers but it is essential that department specific information be provided to each cardholder.
- Both the responsibility centre manager (RCM) and the applicant must sign the card application (including renewal application). When appropriate, the DC may wish to confirm the delegated financial authorities of the RCM and the employee status of the applicant.
- Before remitting the card to the employee, the DC must ensure that:
- the cardholder is an employee and is under direct or indirect budget authority.
- the card limits are within the RCM's authority.
- the card limits and restrictions are in accordance with Treasury Board policy.
- the cardholder acknowledgement form is signed by the cardholder and the RCM before the card is given to the applicant.
- the applicant has been duly instructed to sign the card.
- The DC must implement secure processing and archiving procedures to ensure the protection of the information received from the employee/applicant and the RCM.
- The DC must also implement secure procedures when communicating with the card issuing company. Cards received from the card issuing company must be protected, i.e., kept under lock, until given to the cardholder. Upon receipt of the card from the card issuing company, the DC must verify the card specifications against the original request.
- When an application for renewal is received from a cardholder, the DC must verify the current card usage and discuss with the cardholder and the RCM any appropriate change in either the limits or the need for the card itself.
- The DC should ensure that expired card are destroyed.
Responsibility Centre Manager (RCM)
- The RCM is responsible for determining the requirement for an acquisition card and to decide who in the organization requires it.
- The RCM must establish the credit limit and restrictions for each card. The credit limit should be in line with the financial and procurement authorities delegated to the RCM. The following are limitations that could be imposed on an acquisition card:
- Maximum outstanding credit limit
- Maximum monthly charges
- Per transaction limit
- Excluded «item» codes or «merchant category» codes
- Geographic restrictions
- Upon receipt of the card and «employee acknowledgement form» from the departmental co-ordinator, the RCM should review with the employee the conditions on the employee acknowledgement form, have the employee sign both the form and the card and then return the employee acknowledgement form to the DC.
- The RCM should ensure that the card is returned to the DC upon change in status of the cardholder such as transfer, change in duties (no longer required) or termination.
- Each employee should insist on receiving proper training and documentation before accepting the responsibility of using an acquisition card. The cardholder is responsible for reviewing available information packages on using an acquisition card and for seeking clarification when necessary.
- Each employee must complete and sign the card application and, before receiving the card, must carefully read the terms and conditions under which the card should be used and sign the acknowledgement form.
- When a cardholder receives a renewal card from the card issuing company, the cardholder must advise the RCM and the departmental co-ordinator.
3. Using the Card
This section discusses the responsibilities regarding the payment aspects of card usage but does not cover the procurement aspects (these will be addressed in a later version of the Guide). It should be noted however that Treasury Board policies and regulations on procurement and contracting must be adhered to at all times. The following controls should support regular and ongoing use of cards:
Responsibility Centre Manager
- Prior to signing the statement under section 34 of the FAA, the RCM must review the validity of charges that appear on the monthly statement that identifies all purchases that have been charged to his or her responsibility centre.
- Any questionable purchases must be followed-up with the cardholder.
- The RCM is responsible for ensuring that the cardholders maintain adequate documentation and that disputed items are resolved in a timely manner and credits received accordingly.
- The RCM should assess periodically the need for the card and the appropriateness of the existing limits and restrictions. When an acquisition card is no longer required because of changing operating requirements, changing responsibilities of cardholder or the departure of the cardholder, the RCM must take appropriate action to cancel the card through the card co-ordinator.
- The RCM is responsible for ensuring that
- Purchases of training and/or items meeting the requirements for recording in inventory are recorded in accordance with departmental policy.
- Cards are not used for those items restricted by Treasury Board policy including:
- Travel related expenses
- Vehicle operating and maintenance expense
- Cash advances
- Personal expenses
- Purchases from other government departments
- All Treasury Board and departmental contracting regulations, policies and procedures are followed.
- All purchases are supported with documentation as required by the account verification process.
- The cardholder must take appropriate measure to protect the acquisition card. For example, the card number should not be written down or made accessible to others; the card must be maintained in a secured location with controlled access when not in use; purchases must not be made using the Internet quoting the acquisition card number (until such time as a secure method is found – Treasury Board is currently conducting a pilot project on this issue).
- In the case of the loss of a card, and notwithstanding the reason, the cardholder must inform immediately the card issuing company by using the toll free telephone number provided by the company. The departmental co-ordinator or regional co-ordinator must also be advised as soon as possible.
- The cardholder must also remember to inform the departmental co-ordinator of changes in business address or telephone number and to return the card to the co-ordinator upon change in duties or expiry of the card.
- The cardholder makes only official government purchases at the request of individuals with delegation. While doing so, he or she observes all Treasury Board and departmental contracting regulations, policies and procedures seeking advice and/or clarification as required prior to ordering.
- When making purchases, the cardholder must make every effort to ensure that no provincial sales tax is charged to the government. It may be necessary to quote the exemption number for the particular province.
- Prior to making a purchase, the cardholder should ensure that he or she is authorized to make such a purchase and must retain proof of purchase (receipt or customer copy of charge slip) when available and record name of requester.
- Whether maintained electronically or manually, the cardholder should keep a detailed log of all purchases, indicating the purchase date, a control number, a description of items purchased or services provided, the name of the supplier, the price, the shipping cost if applicable, the amount of GST or HST, and the name of requester. The cardholder should also record the receipt date of the goods or services and the appropriate financial coding.
- If departmental policy dictates that purchases with acquisition cards are subject to commitments and decommitments (particularly in departments where purchases of million of dollars are made every month), the cardholder must process the required transactions in the departmental financial system.
- Upon receipt of the monthly statement, the cardholder should reconcile to the purchase log and records and indicate accordingly. If the cardholder is not the person receiving the goods or services, he or she should verify that these have been received.
- Upon reconciling the statement and the purchase, the cardholder attaches proof of purchase, the purchase log and other supporting documentation to the monthly statement and forwards it to manager for signature under Section 34 of the FAA.
- During the reconciliation, should there be discrepancies in the information provided on the statement (i.e., difference in the amount charged and the amount on the sales slip, purchases not effected by cardholder, purchases posted twice, interest charged on a disputed item, etc.) the cardholder should immediately contact the card supplier to report a disputed item and resolve the issue as soon as possible.
- When, upon receipt of goods or services (and particularly when the purchase was effected over the phone) there is a discrepancy between what was ordered and what is being received (i.e., wrong or inappropriate items, lesser quality, missing elements, inclusion of provincial sales tax, partial shipment, etc.) the cardholder should contact immediately the supplier to resolve the issue. The card issuing company should not be involved in resolving this kind of issue.
4. Information and Monitoring
Information on transactions is received by departmental coordinators from the card issuing companies on a regular basis. Starting with the new contracts in January 1998, and once the transition is completed, departmental coordinators will have access to electronic card information on a frequent basis (i.e., daily, weekly and monthly). In departments where electronic processing is not yet implemented, hard copy reports and invoices are available.
The analysis and monitoring of the data are fundamental parts of the control framework. Given that electronic data can be used and analyzed much more easily that paper reports, departments should take immediate action to implement electronic processing of card information. To that end, both National Bank MasterCard and Citibank Visa will be providing software during the implementation phase.
- The DC should take action to promote and implement the desktop reporting tools available from card issuers. The DC should discuss implementation with departmental informatic and security officials to ensure that acquisition card data will be protected as required.
- The transaction database resulting from acquisition card purchases should be maintained on a regular basis (daily, weekly) as required.
- The DC should provide functional managers (procurement / finance) with information as required. (In larger departments functional managers could receive a copy of software and maintain their own database as required).
- The DC should ensure that monitoring is carried out on a regular basis to ensure that:
- Cards not used for 90 consecutive days have not been misplaced or stolen and that the cardholder and the manager are asked to confirm their continuing requirement.
- Renewals are made in advance of due date and in light of spending patterns.
- Cases of misuse or abuse of the acquisition cards are identified in a timely manner. For example, DC should look for unusual spending patterns, accounts where interest charges must be paid on a regular basis, expenses in sensitive categories (e.g., florists, health club, etc.), cards that are under utilized ( i.e., way below credit limit), cards that are consistently close to their credit limit, etc.
- The DC should create the reports necessary to review transactions on a regular basis for possible contravention of policy or regulation and follow-up as required.
5. Accounting and Payment
One key advantage of using acquisition cards is that all transaction detail is captured electronically by the card issuer. Departments should implement and use the electronic interfaces with the card issuing companies. This would allow consolidated billing and payment while allowing electronic distribution of information throughout the department. The payment of the card issuer is considered low risk and, therefore, one consolidated payment should be made to each card supplier within the time frame required to maximize the discounts offered by the card issuing companies. Verification should be carried out on a post-payment basis.
Transactions effected by acquisition cards must be subject to the account verification process, whether verification is done on statistical or on a 100% basis. Normal risk factors should be used, however, it is recommended that additional rigor be given to transactions resulting from purchases by new cardholders and to responsibility centres where problems are detected on a continuous basis.
Commitments for each transaction may or may not be made at time of purchase for acquisition card purchases and should be recorded in accordance with departmental policy. Most departments have a commitment threshold that would exclude many of these purchases. The same is applicable to items that will be inventoried.
Acquisition cards reduce errors in the application of charges to a specific account. Using acquisition card numbers to assign costs to a specific budget or account is less error-prone than manually assigned account numbers from purchase orders.
- In departments where a consolidated electronic invoice is received from the card issuer, Financial Services should verify the invoice and pay in accordance with the payment option chosen by the department.
- Financial Services should distribute detailed invoice information to each cardholder and obtain Section 34 certification from the appropriate manager. The process should ensure that outstanding items and disputes are monitored for timeliness and completeness.
- Financial Services will also ensure that once detailed financial coding is received, departmental accounts are updated and responsibility centre budgets charged appropriately.
- In departments where no consolidated billing is received, Financial Services will issue one or multiple payments to the card issuer based on the information received from the cardholders and where Section 34 account verification has been properly carried out.
- Financial services must ensure that all transactions resulting from acquisition card purchases are recorded properly and that records for inventory and other items as defined by departmental policy are completed.
6. Considerations for ongoing review and internal audit
Another integral component of control is the normal ongoing review that should be carried out from time to time by the departmental internal audit/review function. These reviews are carried out to assess controls that are in place for the use of acquisition cards and to ensure compliance with Treasury Board and departmental policy. Initially, due to the significance of change brought about with the implementation of acquisition cards, a post implementation audit should be carried out within the first year. As a minimum, the following controls should be reviewed in carrying out these reviews:
a) Physical control of cards
- Is there an up-to-date record of all cards showing identification and location of custodian?
- Is there a formal procedure in place to ensure that cards are returned when the cardholder vacates the position, notwithstanding the reason?
- Is there ongoing monitoring to identify non activity of a card for more than 90 days and subsequent follow-up to confirm physical presence of the card.
- Is there a procedure in place to report, record and replace lost or stolen cards? Have instances been reported promptly?
- Is there a verification process that ensures applicants are eligible departmental employees?
- Are proper delegations in place prior to issuing cards?
- Are cardholders given clear instructions on how to activate their card and instructed to sign the card before issuing?
- Does the cardholder keep the card in a secure location with controlled access?
b) On using cards
- Are the managers and cardholders aware of the applicable policies and procedures for using acquisition cards?
- Has the cardholder read, understood and signed an «Acknowledgement Form» clearly highlighting the requirements and the cardholder responsibilities?
- Are the credit limits and other restrictions reasonable in relation to how the card is being used?
- Is there a proper procedure in place for management to review the validity of charges on each statement and necessary follow-up?
- Can payment records provide:
- Who requested the goods or services.
- Who purchased goods or services.
- Confirm receipt of goods or services.
- Signature under S.34 of the FAA.
- Are formal records kept for «disputed items» including clearance history?
- Are taxes on acquisition card purchases being recorded properly?
- Is foreign exchange being applied in accordance with the agreement with card issuers?
- Are the card coordinators and account verification officers carrying out adequate monitoring?
- Is the acquisition card purchase log reconciled to the monthly statement?
- Are restrictions as set by Treasury Board Policy on using these cards being followed:
- No personal use.
- No cash advances.
- No travel related expenses.
- No vehicle and maintenance expenses.
- No purchases from other government departments.
- Are items being included in inventory or training records as required?
- Have Financial Services implemented appropriate systems and procedures to ensure that the department benefits as much as possible from the rebates offered by the card issuers for early payment?
Next version – Topics to be addressed
- Segregation of duties – what control measures should be implemented when the cardholder is the person responsible to either receive the goods and/or approve under section 34 of the FAA.
- Telephone purchases.
- What actions should be taken when cases of fraud, abuse or misuse of the acquisition card are discovered?
- What are the best practices with respect to inventory accounting?
- Advice on the type of purchases, limits calculations and other restrictions.
- Special situations – travel, vehicle, hospitality, etc.
- Best Practices - Account verification. Centralized payment, regional operations and centralized payments, audit trail, etc.
- Guide for internal auditors.
- Acquisition cards and delegated financial authorities.
- Best Practices – Procurement and most relevant contracting issues.
- Date modified: