Quarterly Purchasing Card Administrators’ Meeting
Thursday, May 17, 2012 – 9:00-Noon
Winewood Office Center, Building 4
AGENDA
Introductions
Special Presentations
 Rachael Lieblick, DFS—Statewide Vendor File Discussion
Outstanding Items
 ITN Update
 Insurance for Non-state Rental Vehicles
New Items
 Third Party Payers
 Overrides—Process
 Rep Letter—Draft
 Decline Reports—Discussion
 PCard Website Update
 Waiver of Liability Reminder
 Emergency Real-time Changes Reminder
 Questions/Other Discussion
REMINDER
Next Meeting: August 15, 2012
Quarterly Purchasing Card Administrators’ Meeting
Minutes
Thursday, May 17, 2012 – 9:00-11:15
Winewood Office Center, Building 4
Facilitator: Marie Walker
Introductions
Special Presentations

Rachael Lieblick, DFS—Statewide Vendor File Discussion
o The Statewide Vendor File (SWVF) currently contains 280,000 vendors
with unique taxpayer IDs - 50,000 of those vendors have valid W-9s on
file.
o The SWVF Group recently submitted a sample of PCard vendors to the
IRS to determine if the vendors’ information matched. Only 25% of the
vendors were invalid with the IRS file – either the name or ID not on file.
o Within the next month, the SWVF Group plans to:
 send out surveys to users with access to the SWVF. The results
of the surveys will help the group shape policies and create
training documents.
 begin Vendor Add monitoring. Weekly e-mails will be sent to
users adding ―questionable‖ vendors, such as vendors marked
―Confidential‖ or given ―N‖ numbers.
o Majority of Vendor Adds are ―Confidential‖ and ―N‖ vendors.
o W-9s are not required for adding PCard vendors.
o DFS does not accept paper W-9s. Vendors must register W-9 online.
http://www.myfloridacfo.com/aadir/SubstituteFormW9.htm
o The registration is a two-step process. The vendor must first register with
DFS, then file the W-9.
o After the vendor registers a W-9, the process typically takes 24-48 hours
to finalize.
o Additional discussion:
 Since IRS has responsibility for 1099 reporting for PCard
transactions, why not get bank to transmit information to us?
Rachael (RL): Information may not be available with current
contract.
 Suggestion was made to not use Vendor ID in PCM. RL:
Suggestion has been elevated to management, but Vendor ID is
required for transparency purposes.
 Suggestion was made to create standardized ―N‖ numbers for
one-time vendors, such as taxi, small gas stations, etc.
 One agency asks cardholders to use large corporate gas stations
whenever possible. RL: Ask approvers to use the correct vendor
name, not necessarily the location of the purchase.
 Suggestion was made to create a task force to discuss policy
recommendations after the results of the surveys are received.
RL: DFS is anxious to get policies out quickly, not sure if time will
allow for task force meetings.
1|P age
o
The Statewide Vendor File Group is available to help find the correct
vendor ID. The contact information for the group is:
 (850) 413-5987
 statewidevendorfile@myfloridacfo.com
Outstanding Items
 ITN Update - DFS has been ―white-boarding‖ with DMS to help them understand
the current process. DMS has asked Christina Smith (Director, DFS’s Division of
Accounting and Auditing) to appoint people to serve on a work group to re-write the
Statement of Work.
 Insurance for Non-state Contract Rental Vehicles - There has been no resolution
to the issue, which is two-part:
o There is no authority to pay for insurance on non-state contract rental
vehicles.
o Division of Risk Management suggests paying for it.
Marie plans to discuss this issue with management at the monthly meeting in June.
New Items
 Third Party Payers – This is an amazingly complex issue. New technology allows
for card processing services to be attached to cell phones and is cheaper for small
businesses to use, so the number of competing services is increasing. (See
PowerPoint slides for examples of the new technology provided by third party
payers.) Some of the latest third party payers include:
o GoPayment
o Square.com (Shown in FLAIR as SQ*)
o Google Wallet
When determining how to deal with third party payers, the PCard program will need
to balance between transparency needs and the agencies’ need to do business.

Overrides Process - Overrides can be requested for excluded MCCs, but not for
credit limits. For MCC overrides, the Agency Administrators must email Marie or
Michelle the following:
 Cardholder Name
 Last 8 digits of card number
 Vendor
 Amount of transaction
 Reason for purchase
An email is necessary to provide file documentation of the override. The request
will be processed ASAP; however, if the override is time sensitive, call Marie or
Michelle after emailing the request. When the Statewide Office is fully staffed, the
email will be sent to the central email account; Administrators will be notified when
the process changes,
 Rep Letter (Draft) (See PowerPoint of the latest draft of the Rep Letter.) – DFS
plans to require the Rep Letter to be filed on a fiscal year cycle. Based on feedback,
2|P age
the letter will include two sections that will deal with the following optional program
components:
o Emergency cards – provide the agencies with the following options:
 The agency has emergency cards without cardholder names and
is willing to accept the risk associated with not having a cardholder
attached to a card.
 The agency has emergency cards with cardholder names and the
cards are properly secured.
 The agency does not have emergency cards.
o Travel agents – provide the agencies with the following options:
 The agency uses internal travel agents, which are addressed in
the agency’s PCard plan. The agency follows the procedures
included in the plan.
 The agency does not include internal travel agents in the PCard
plan and does not allow cardholders to charge travel for others.
The letter will also be revised to allow for an agency to use its own reconciliation
reports, as long as the reports have been reviewed by DFS.
 Decline Reports—A majority of the Administrators agreed the Decline Reports are
useful and asked if the reports could be distributed daily, instead of weekly. The
reports will be provided daily once the Statewide Office is fully staffed.
 PCard Website Update (See PowerPoint showing the latest enhancements of the
PCard website.) – The updated website was released the day of the meeting
(5/17/12). The website includes two new reports, Credit Limit vs. Charge Total
Comparison and Sales Receipt Information. The Sales Receipt Information report
includes level 3/line item detail of the transaction. The new reports do not require
OLOs to be entered, as they are governed by the user’s RACF ID.

Waiver of Liability Reminder – Agencies may be able to get credit from Visa for
fraudulent purchases made by employees. The agency must follow the process
with strict deadlines, including firing the employee. The Waiver of Liability
information is available on the PCard website. Administrators should be aware of
requirements.

Emergency Real-time Changes Reminder - Hurricane Season is coming! The
procedure and form for making real-time changes in a Governor Declared
Emergency are on the website. Administrators should plan ahead as much as
possible. If a hurricane is in the forecast, Administrators should make changes in
the module. Keep in mind that if phones are down, the Administrators may not be
able to get through to the bank to make real-time changes. Remember—an
emergency for a cardholder does not make it a true emergency.
3|P age
 Questions/Other Discussion
o Payment of Service Fees —There is no authority to pay for service fees,
such as those charged by utilities. Marie plans to discuss this topic with
management at the monthly meeting in June.
o Updating MCC Codes —There have been codes added to the bank’s list
through the years that have never been added to the PCard Module. The
Statewide Office will be reviewing to determine which MCCs are
allowable, restricted, and prohibited and will update the MCC file in
FLAIR. Once the review is complete, the updated list will be sent to the
Administrators and posted to the PCard website.
o Meeting Website—All meeting materials are posted on the PCard
Quarterly Meetings website
(http://www.myfloridacfo.com/aadir/PurchasingCard/PCardMeetings.htm)
for the convenience of the Administrators, including call-in information,
agenda, minutes, and handouts.
o Access Control—The PCard Administrator must not be the agency’s
access control custodian. For the agency and the Administrator’s
protection, the Administrator should not set up access and reset
passwords. It violates separation of duties control. If an auditor were to
perform and internal controls audit, having those two duties assigned to
the same person would result in an audit finding.
o Administrators’ Access and Activity – DFS has a report available to
management to determine employees’ access and activity. The
Statewide Office will determine if similar reports are available to agencies.
This may help agencies with the statement on the Rep Letter related to
monitoring the agency administrator. The Statewide Office may request
organizational charts from the agencies to help identify the Agency
Administrators’ supervisors. DOT suggested using a third party to monitor
Administrators’ activities. Discussion also included the possibility of a
workgroup to determine best practice for monitoring Administrators’
access and activity.
 Department of Revenue monitoring methodology has been
attached to these minutes as an example of what one agency is
doing.
o Online Travel Agencies (Expedia, Travelocity, etc.) – Angela Pereira
said DMS has received conflicting information regarding the use of online
travel agencies, due to the fees charged. Other agencies have had the
following issues with online vendors:
 Non-acceptance of tax-exemption number
 Advance payment for hotels
 Reservation cancellation
The Administrators were advised to keep the best interest of the state in
mind and use the most economical means for making travel
arrangements.
o Gas for Rental Vehicles – Diana Blue, DBPR, asked if fuel could be
purchased with the PCard when renting vehicles from any contract
vendor (not just Avis), such as Enterprise trucks. A new CFOM has been
4|P age
o
o
drafted to include fuel for all rental vehicles used for state business. The
Administrators will be notified once the CFOM is approved.
Copying PCards at Hotels for DOR Requirements – Department of
Revenue requires that hotels make a copy of the PCard and keep it on
file to support the tax exemption. DOR has been unwilling to reconsider
this requirement in the past. Marie plans to discuss this issue with
management at the monthly meeting in June.
DMS’s Tax-Exempt Number – Cardholders have been questioned about
DMS’s tax-exempt number being on the cards for other agencies. During
the negotiations for the new contract, the Statewide Office will determine
if each agency’s tax exempt number can be imprinted on the PCards for
that agency. Angela Pereira, DMS Administrator, receives tax-exempt
verification requests from vendors daily.
REMINDER
Next Meeting: August 15, 2012
5|P age
Review of PCard Administrator’s Work
By Robert Notman, DOR Agency Purchasing Card Administrator
Several years ago in a meeting with Crystal Read and Mark Merry, I was asked, “Who in your agency is
watching or reviewing what you do?” “Who is ensuring you are not creating cards for personal gain,
etc.?” I must admit that I was taken aback by this. It never occurred to me to think like a criminal.
But I wasn’t offended, only surprised. This was the first time that I recall ever having been asked
something like this by DFS.
Promptly upon returning from this meeting, I proposed to my supervisor that we have a report
created in MRE that lists all of the new cardholders and then have someone run those names in a
query against a PeopleFirst employees list. If there were any anomalies, I would be tasked to explain
them or justify what happened.
Initially, I created the MRE report to get the idea going. It was then handed over to a different section
not controlled by the Purchasing Card Administrator. When the report ran, it was originally sent to
my staff person to run the matches. A copy was also sent to an outside party so that the result could
be compared to ensure that I wasn’t influencing the results through my staff member.
Later we were able to move the function totally outside of my control.
How has this worked? Every month an outside staff member receives the two reports (one from MRE
and one from PeopleFirst) and does a data match. I can recall only one instance when there wasn’t a
match. In this particular case, an employee had requested a card and, by the time it was issued, he
had resigned. So based on the initial reports, it looked like we had issued a card to a non-employee.
The report looks at the cardholders created by all of the DOR PCard Administrators. At some point we
should also consider including looking at all new persons added to FLAIR to ensure they are in fact
employees. Right now we focus on cardholders as we believe this is where the greatest risk could be.
All agencies should consider having something like this in place. It protects both the PCard
Administrator and the agency.
6|P age
June XX, 2012
Chief Financial Officer
State of Florida
Florida Department of Financial Services
200 East Gaines Street
Tallahassee, Florida 32399-0354
Dear CFO Atwater:
We are providing this letter to you in connection with our agency’s Purchasing Card Program.
We make the following representations to you based on our best knowledge and belief.
We have established and are maintaining a system of effective internal controls to prevent and
detect waste, fraud, and abuse within our Purchasing Card Program. These internal controls
include the following measures:
We have established effective internal controls related to our agency’s Purchasing Card
Program to provide reasonable assurance that we are managing the program in
compliance with laws and regulations.
We have procedures that ensure that all employee cardholders are trained on the proper
uses of the Purchasing Cards prior to card issuance. The employee cardholders
acknowledge their training, responsibilities, and understanding by signing cardholder
agreements with maintained by the Agency Purchasing Card Administrator.
We have procedures to ensure that all employee accounts for cardholders who leave the
agency or are no longer eligible for a Purchasing Card, for any reason, are timely
promptly deactivated from through the FLAIR Purchasing Card Module.
We have proper segregation of duties between cardholders, approvers, and the monthly
reconcilers. Our Agency Purchasing Card Administrator has not been assigned any
conflicting duties, such as FLAIR Access Control Custodian.
We have procedures to ensure all employee cardholders’ transactions are properly
approved by supervisors or managers who have direct knowledge that the transactions are
in compliance with law and are valid obligations of the State.
We have procedures to ensure all transactions are documented by employee cardholder
signed and dated receipts or the equivalent. These records and other supporting
documentation are kept on file in the agency to validate purchases.
We have procedures to ensure all FLAIR Purchasing Card Module reports of employee
cardholder activity are reconciled against receipts and any other purchasing documents at
Comment [MW1]: Robert
Notman has requested addition of:
“or other DFS-approved”
least monthly. This reconciliation is completed within10 days after the close of the
business period.
We have appropriate security in place to protect Purchasing Card Program information,
such as account numbers and expiration dates.
We have procedures to ensure all emergency Purchasing Cards are maintained by the
agency and are safeguarded to prevent unauthorized access and use.
We have procedures to ensure the Purchasing Card Administrator is effectively
monitoring our agency’s Purchasing Card Program by maintaining accurate FLAIR
Purchasing Card Module administrative records and verifying that transactions are timely
processed within the ten calendar days of receipt in the Purchasing Card Module.
We have procedures to ensure the Purchasing Card Administrator function is periodically
reviewed by our agency’s management to ensure that all employee cardholder
information within the FLAIR Purchasing Card Module is properly authorized and
documented.
We have periodic audits/reviews by the agency’s Office of Inspector General to
determine if established internal controls are functional and effective.
Sincerely,
Comment [MW2]: Marianne
Hinchee commented that the Paid
Charges report is not available
until the 8th of the month.
Therefore, completion by the 10th
is not reasonable.
Comment [MW3]: Marianne
Hinchee commented that her
agency does not utilize emergency
cards.
PCard Web Site
New and Improved Look
PCard Main Screen
Top Links
• About PCard
– About explains some of the history of pcard
– Website explains the use of the website
– Access explains what is needed to access reports
• PCard Resources
– Lists any links to memos or other documents related to
pcard
• Additional Links
– Contains links to MRE, IW Dictionary and other documents
that may be necessary for use with the website.
• Administrator Use Only
– Access to the content only available to PCard Admins
• Comments/Suggestions
– Use this to get messages to the Statewide PCard
staff. If you have problems or need assistance you
should contact the DFS Helpdesk at (850) 4133190.
• Any items with a lock means that a RACF id
and password is required.
PCard Admin Screen
Report Input Screen
Purchasing Card Report Descriptions
Charge Reports
Agency Voucher Report: Lists the payments by SWDN and agency voucher
number. Fields displayed on the report are SWDN, agency document number,
cardholder, merchant, invoice number, distribution line number, charge date,
add date and amount. Drill down on SWDN to get warrant information.
Paid Charges: Lists all of the paid charges for a selected period. An additional
parameter will provide paid charges with dispute codes only. Fields displayed are group,
cardholder name, Person Id, invoice number, charge amount, merchant, charge date,
distribution line number, transaction amount, transaction date, add date, ORG code,
charge age (in days), dispute code and dispute description. Drill down on invoice
number to see warrant information.
Reconciliation Report: Lists all of the P-Card transactions for a selected period. Fields
displayed are group code, group description, cardholder name, charge amount,
merchant, charge date, add date, transaction amount, approval status, charge rejection
code and charge rejection description.
Sales Receipt Information: Provides detail information from sales receipts of charges.
Two input options are available to query data: Invoice number and charge dates.
Optional parameters include vendor name, group code, person id and cardholder last
name. Drilldown on invoice number for distribution line information.
Unpaid Charges (Aging): Lists all of the unpaid charges. Optional parameters include
multiple age ranges for viewing unpaid charges (>= 8 days, >= 10 days, >=20 days, etc.)
and viewing disputed unpaid charges only. Fields displayed are OLO, group, cardholder
name, merchant, invoice number, charge amount, charge date, add date, approval
status, change date, age (in days), charge rejection code, charge rejection description.
Cardholder Reports
Active Cardholders: Lists all of the active cardholders for the selected agency. Fields
displayed are group code, group name, card sequence number, person id, last name,
first name, middle initial, count of the active cardholders for the group and the agency.
Drill down on person id for the SIC Set information for the cardholder. Drill down on
Date Updated: May 15, 2012
Page 1
group code to get all cardholders for the group and then drill down on cardholder name
for the SIC set information.
Active Cards with No Charge Activity: Provides a listing of only those active cardholders
with no charge activity based on the period of non-activity selected below and current
date (ex: never used, no activity within 3 months, no activity within 6 months, etc).
Report also provides card issue date and number of days since card was issued.
Administrative Reports
Card Limit – Charge Total Comparison: Provides a comparison of credit limit, charge
total, and percentage of card limit by cardholder. Options for the Comparison type are
monthly and daily. An ‘Over Card Limit’ option will only display cardholders who have
exceeded their card limit.
Miscellaneous Reports
Vendor Address Information: Lists vendor (merchant) information for a given
invoice number. Fields displayed are invoice number, group code, person id,
cardholder name, MCC, charge amount, merchant (vendor), merchant city,
merchant state, merchant zip, merchant country.
Date Updated: May 15, 2012
Page 2