Quarterly Purchasing Card Administrators’ Meeting Minutes Thursday, May 17, 2012 – 9:00-11:15

advertisement
Quarterly Purchasing Card Administrators’ Meeting
Minutes
Thursday, May 17, 2012 – 9:00-11:15
Winewood Office Center, Building 4
Facilitator: Marie Walker
Introductions
Special Presentations

Rachael Lieblick, DFS—Statewide Vendor File Discussion
o The Statewide Vendor File (SWVF) currently contains 280,000 vendors
with unique taxpayer IDs - 50,000 of those vendors have valid W-9s on
file.
o The SWVF Group recently submitted a sample of PCard vendors to the
IRS to determine if the vendors’ information matched. Only 25% of the
vendors were invalid with the IRS file – either the name or ID not on file.
o Within the next month, the SWVF Group plans to:
 send out surveys to users with access to the SWVF. The results
of the surveys will help the group shape policies and create
training documents.
 begin Vendor Add monitoring. Weekly e-mails will be sent to
users adding ―questionable‖ vendors, such as vendors marked
―Confidential‖ or given ―N‖ numbers.
o Majority of Vendor Adds are ―Confidential‖ and ―N‖ vendors.
o W-9s are not required for adding PCard vendors.
o DFS does not accept paper W-9s. Vendors must register W-9 online.
http://www.myfloridacfo.com/aadir/SubstituteFormW9.htm
o The registration is a two-step process. The vendor must first register with
DFS, then file the W-9.
o After the vendor registers a W-9, the process typically takes 24-48 hours
to finalize.
o Additional discussion:
 Since IRS has responsibility for 1099 reporting for PCard
transactions, why not get bank to transmit information to us?
Rachael (RL): Information may not be available with current
contract.
 Suggestion was made to not use Vendor ID in PCM. RL:
Suggestion has been elevated to management, but Vendor ID is
required for transparency purposes.
 Suggestion was made to create standardized ―N‖ numbers for
one-time vendors, such as taxi, small gas stations, etc.
 One agency asks cardholders to use large corporate gas stations
whenever possible. RL: Ask approvers to use the correct vendor
name, not necessarily the location of the purchase.
 Suggestion was made to create a task force to discuss policy
recommendations after the results of the surveys are received.
RL: DFS is anxious to get policies out quickly, not sure if time will
allow for task force meetings.
1|P age
o
The Statewide Vendor File Group is available to help find the correct
vendor ID. The contact information for the group is:
 (850) 413-5987
 statewidevendorfile@myfloridacfo.com
Outstanding Items
 ITN Update - DFS has been ―white-boarding‖ with DMS to help them understand
the current process. DMS has asked Christina Smith (Director, DFS’s Division of
Accounting and Auditing) to appoint people to serve on a work group to re-write the
Statement of Work.
 Insurance for Non-state Contract Rental Vehicles - There has been no resolution
to the issue, which is two-part:
o There is no authority to pay for insurance on non-state contract rental
vehicles.
o Division of Risk Management suggests paying for it.
Marie plans to discuss this issue with management at the monthly meeting in June.
New Items
 Third Party Payers – This is an amazingly complex issue. New technology allows
for card processing services to be attached to cell phones and is cheaper for small
businesses to use, so the number of competing services is increasing. (See
PowerPoint slides for examples of the new technology provided by third party
payers.) Some of the latest third party payers include:
o GoPayment
o Square.com (Shown in FLAIR as SQ*)
o Google Wallet
When determining how to deal with third party payers, the PCard program will need
to balance between transparency needs and the agencies’ need to do business.

Overrides Process - Overrides can be requested for excluded MCCs, but not for
credit limits. For MCC overrides, the Agency Administrators must email Marie or
Michelle the following:
 Cardholder Name
 Last 8 digits of card number
 Vendor
 Amount of transaction
 Reason for purchase
An email is necessary to provide file documentation of the override. The request
will be processed ASAP; however, if the override is time sensitive, call Marie or
Michelle after emailing the request. When the Statewide Office is fully staffed, the
email will be sent to the central email account; Administrators will be notified when
the process changes,
 Rep Letter (Draft) (See PowerPoint of the latest draft of the Rep Letter.) – DFS
plans to require the Rep Letter to be filed on a fiscal year cycle. Based on feedback,
2|P age
the letter will include two sections that will deal with the following optional program
components:
o Emergency cards – provide the agencies with the following options:
 The agency has emergency cards without cardholder names and
is willing to accept the risk associated with not having a cardholder
attached to a card.
 The agency has emergency cards with cardholder names and the
cards are properly secured.
 The agency does not have emergency cards.
o Travel agents – provide the agencies with the following options:
 The agency uses internal travel agents, which are addressed in
the agency’s PCard plan. The agency follows the procedures
included in the plan.
 The agency does not include internal travel agents in the PCard
plan and does not allow cardholders to charge travel for others.
The letter will also be revised to allow for an agency to use its own reconciliation
reports, as long as the reports have been reviewed by DFS.
 Decline Reports—A majority of the Administrators agreed the Decline Reports are
useful and asked if the reports could be distributed daily, instead of weekly. The
reports will be provided daily once the Statewide Office is fully staffed.
 PCard Website Update (See PowerPoint showing the latest enhancements of the
PCard website.) – The updated website was released the day of the meeting
(5/17/12). The website includes two new reports, Credit Limit vs. Charge Total
Comparison and Sales Receipt Information. The Sales Receipt Information report
includes level 3/line item detail of the transaction. The new reports do not require
OLOs to be entered, as they are governed by the user’s RACF ID.

Waiver of Liability Reminder – Agencies may be able to get credit from Visa for
fraudulent purchases made by employees. The agency must follow the process
with strict deadlines, including firing the employee. The Waiver of Liability
information is available on the PCard website. Administrators should be aware of
requirements.

Emergency Real-time Changes Reminder - Hurricane Season is coming! The
procedure and form for making real-time changes in a Governor Declared
Emergency are on the website. Administrators should plan ahead as much as
possible. If a hurricane is in the forecast, Administrators should make changes in
the module. Keep in mind that if phones are down, the Administrators may not be
able to get through to the bank to make real-time changes. Remember—an
emergency for a cardholder does not make it a true emergency.
3|P age
 Questions/Other Discussion
o Payment of Service Fees —There is no authority to pay for service fees,
such as those charged by utilities. Marie plans to discuss this topic with
management at the monthly meeting in June.
o Updating MCC Codes —There have been codes added to the bank’s list
through the years that have never been added to the PCard Module. The
Statewide Office will be reviewing to determine which MCCs are
allowable, restricted, and prohibited and will update the MCC file in
FLAIR. Once the review is complete, the updated list will be sent to the
Administrators and posted to the PCard website.
o Meeting Website—All meeting materials are posted on the PCard
Quarterly Meetings website
(http://www.myfloridacfo.com/aadir/PurchasingCard/PCardMeetings.htm)
for the convenience of the Administrators, including call-in information,
agenda, minutes, and handouts.
o Access Control—The PCard Administrator must not be the agency’s
access control custodian. For the agency and the Administrator’s
protection, the Administrator should not set up access and reset
passwords. It violates separation of duties control. If an auditor were to
perform and internal controls audit, having those two duties assigned to
the same person would result in an audit finding.
o Administrators’ Access and Activity – DFS has a report available to
management to determine employees’ access and activity. The
Statewide Office will determine if similar reports are available to agencies.
This may help agencies with the statement on the Rep Letter related to
monitoring the agency administrator. The Statewide Office may request
organizational charts from the agencies to help identify the Agency
Administrators’ supervisors. DOT suggested using a third party to monitor
Administrators’ activities. Discussion also included the possibility of a
workgroup to determine best practice for monitoring Administrators’
access and activity.
 Department of Revenue monitoring methodology has been
attached to these minutes as an example of what one agency is
doing.
o Online Travel Agencies (Expedia, Travelocity, etc.) – Angela Pereira
said DMS has received conflicting information regarding the use of online
travel agencies, due to the fees charged. Other agencies have had the
following issues with online vendors:
 Non-acceptance of tax-exemption number
 Advance payment for hotels
 Reservation cancellation
The Administrators were advised to keep the best interest of the state in
mind and use the most economical means for making travel
arrangements.
o Gas for Rental Vehicles – Diana Blue, DBPR, asked if fuel could be
purchased with the PCard when renting vehicles from any contract
vendor (not just Avis), such as Enterprise trucks. A new CFOM has been
4|P age
o
o
drafted to include fuel for all rental vehicles used for state business. The
Administrators will be notified once the CFOM is approved.
Copying PCards at Hotels for DOR Requirements – Department of
Revenue requires that hotels make a copy of the PCard and keep it on
file to support the tax exemption. DOR has been unwilling to reconsider
this requirement in the past. Marie plans to discuss this issue with
management at the monthly meeting in June.
DMS’s Tax-Exempt Number – Cardholders have been questioned about
DMS’s tax-exempt number being on the cards for other agencies. During
the negotiations for the new contract, the Statewide Office will determine
if each agency’s tax exempt number can be imprinted on the PCards for
that agency. Angela Pereira, DMS Administrator, receives tax-exempt
verification requests from vendors daily.
REMINDER
Next Meeting: August 15, 2012
5|P age
Review of PCard Administrator’s Work
By Robert Notman, DOR Agency Purchasing Card Administrator
Several years ago in a meeting with Crystal Read and Mark Merry, I was asked, “Who in your agency is
watching or reviewing what you do?” “Who is ensuring you are not creating cards for personal gain,
etc.?” I must admit that I was taken aback by this. It never occurred to me to think like a criminal.
But I wasn’t offended, only surprised. This was the first time that I recall ever having been asked
something like this by DFS.
Promptly upon returning from this meeting, I proposed to my supervisor that we have a report
created in MRE that lists all of the new cardholders and then have someone run those names in a
query against a PeopleFirst employees list. If there were any anomalies, I would be tasked to explain
them or justify what happened.
Initially, I created the MRE report to get the idea going. It was then handed over to a different section
not controlled by the Purchasing Card Administrator. When the report ran, it was originally sent to
my staff person to run the matches. A copy was also sent to an outside party so that the result could
be compared to ensure that I wasn’t influencing the results through my staff member.
Later we were able to move the function totally outside of my control.
How has this worked? Every month an outside staff member receives the two reports (one from MRE
and one from PeopleFirst) and does a data match. I can recall only one instance when there wasn’t a
match. In this particular case, an employee had requested a card and, by the time it was issued, he
had resigned. So based on the initial reports, it looked like we had issued a card to a non-employee.
The report looks at the cardholders created by all of the DOR PCard Administrators. At some point we
should also consider including looking at all new persons added to FLAIR to ensure they are in fact
employees. Right now we focus on cardholders as we believe this is where the greatest risk could be.
All agencies should consider having something like this in place. It protects both the PCard
Administrator and the agency.
6|P age
Download