Audit Reports

Background

The U.S. Postal Service Office of Inspector General (OIG) uses data analytics, including predictive risk models and tripwires, to identify financial anomalies. Tripwires are analytic tools that look at specific behaviors and patterns that are strong indicators of improper activity. The Voyager credit card tripwire identified purchases that exceeded the tank capacity of long life vehicles (LLV) at the Germantown Post Office in Germantown, TN. These types of purchases are considered suspicious and could indicate ineffective internal controls.

Every Postal Service-owned vehicle is assigned a Voyager card and every driver receives a personal identification number (PIN). Drivers use the card to pay for fuel, oil, and routine vehicle maintenance. Site managers are responsible for verifying Voyager card transactions and all supporting documentation.

The objectives of this audit were to review the validity of transactions exceeding the LLV tank capacity and assess the internal controls over Voyager card transactions at the Germantown Post Office.

What the OIG Found

The Voyager credit card tripwire identified 41 transactions made from November 2015 through January 2016 where the amount of fuel purchased exceeded the LLV tank capacity. We verified 12 transactions exceeded the LLV tank’s capacity by at least 1 gallon. The total value of the excess fuel was $85. This occurred because the designee performing the monthly reconciliations only verified the dollar value of the purchases against the receipts and not gallons purchased. We referred these transactions to the OIG’s Office of Investigations (OI) for further review.

In addition, we determined internal controls over Voyager card transactions need improvement. Specifically:

• The designee did not properly conduct required monthly reconciliations. The designee did not:

1. Verify original receipts for 29 maintenance and towing service transactions, valued at $19,622. The receipts were maintained offsite at the vehicle maintenance facility (VMF), and the site manager relied on the VMF manager to tell her whether the receipts for the transactions existed. We obtained copies of the receipts from the VMF and verified the validity of the transactions.
2. Require drivers to complete the mandatory missing receipt forms for 135 of 931 (about 15 percent) transactions valued at $2,413. We referred these transactions to the OI for further review.
3. Maintain copies of the exception reports used to validate transactions.

• The site manager did not immediately deactivate four cards reported lost or stolen. We did not identify unauthorized charges on these cards from the time the cards were reported lost or stolen the week of April 25, 2016 until the time of our site visit on May 9, 2016.

• Although all transactions below were legitimate, the site manager did not properly assign and manage Voyager card PINs.

1. We identified charges valued at $1,348 incurred by a car wash vendor improperly assigned a Voyager PIN.
2. Ten fuel purchases valued at $214 were incurred by LLV drivers using the same car wash vendor PIN.

• The site manager did not fully implement Voyager’s fraud prevention controls to prevent transactions from exceeding the daily limit. We identified 14 unauthorized transactions valued at $7,848 that exceeded the PIN’s $300 daily limit. The Postal Service received credit for 13 of the unauthorized transactions from U.S. Bank. The remaining transaction was a legitimate purchase for vehicle repairs valued at $344. However, instead of using a vehicle maintenance card, an employee used the Voyager card to make the purchase.

When internal controls are not in place and functioning, Voyager cards may be misused to make unauthorized purchases. Additionally, if the Postal Service does not maximize the preventative controls, charges can be approved above the limit, resulting in improper disbursements.

As a result of this audit, U.S. Bank deactivated the car wash PIN and all lost or stolen cards.

What the OIG Recommended

We recommended management establish controls to ensure standard operating procedures are consistently followed so Voyager card transactions are properly reconciled and lost or stolen cards are terminated.

Also, we recommended management reiterate the policy for the security and management of PINs and fully implement fraud prevention controls to prevent transactions from exceeding the daily limit.