Are You Audit Ready? Effectively Using Credit Cards or P-Cards

by Tracy Posuniak, Staff Associate II

Posted on June 10, 2021

The use of credit cards and p-cards by Arizona school districts is a common purchasing method, and the Uniform System of Financial Records for Arizona School Districts provides guidelines regarding the various compliance requirements of their use and suggested procedures to help reduce fraud risk. Are you confident your district meets all the requirements? As the fiscal year 2021 audit season begins, your auditors will request to have discussions regarding District controls and review procedures over sample selections. Below we discuss the most commonly reported non-compliance areas related to credit and purchasing cards and how to ensure your auditor will select the oh-so-coveted “Yes” on your next USFR Compliance Questionnaire.

(Disclaimer: Compliance Questionnaire numbers and questions reference the FY20 USFR CQ)

CPC04 – The District issued and tracked possession of all District credit cards and trained employees who make credit card purchases or process transactions on the District’s policies and procedures.

Card tracking. The District should maintain a complete list/log of card users to track card possession.

A District-maintained list used to track all credit and purchasing cards held by the District, including the total number of cards issued, should be provided to the auditor. All cards should be held in a secure location to ensure possession of cards is adequately monitored. Cards issued in the District’s name should be tracked by a log that indicates the name of the employee that took possession of the card and the date the card was used, including the check-out and check-in dates. The District should require the employee be identified on the transaction receipt and/or supporting documentation by printing their name and purchase order number. Cards issued in an individual’s name should be used by that individual. If the card is used by someone other the individual listed on the card, the authorized employee using the card should be identified in a similar method as mentioned above. 

Employee training and card user agreements. Annual training and signed card user agreements are required and retained for all users that outline card use policies and procedures, including possible disciplinary actions for misuse.

Meeting agendas, PowerPoint slides, and training handouts are examples of documentation that can be provided to your auditor to demonstrate an annual training. As noted in USFR guidance, the extent and type of training provided to employees should be appropriate in relation to individual authority and responsibility (i.e. card issuers, approvers, and users) and the amount of the transaction authorization given to the card user.

Card User Agreements should identify the card user and acknowledge the receipt and understanding of District policies and procedures for card use. Districts often utilize ASBA Policy DGD-E, but a district-created form that meets USFR requirements is also acceptable. 

Additionally, your district might choose to include language that training was provided on the card user agreement itself; while this can serve as evidence required to document that employee training occurred, the District should update such acknowledgments annually to ensure compliance requirements are met.

Purchase limits. Cards are issued with defined dollar limits based on the card or transaction type.

While some cards have single transaction and monthly limits set by the issuing institution (bank credit card such as Chase) or vendor (retail specific cards such as Home Depot, Bashas’, or Chevron), the District should also establish limits for each card user. The District can provide to their auditor a listing by card that indicates the maximum single transaction amount and monthly purchasing limit.

CPC08 – The District’s card purchases were only for authorized District purposes, within the dollar limits authorized for the employee, and supported by valid receipts or transaction logs that clearly identify the employee making the purchase.

Transaction support. The District should ensure strong controls over review of supporting documentation are in place and operating effectively to quickly detect and address improper purchases.

The District can provide the auditor with a purchase requisition/order, invoice, and transaction receipt as applicable by District policy. Card user agreements provided should be signed and dated to support the user understanding of authorized card use. District maintained documentation should clearly indicate the purchase and specific purpose of the expenditure. Lastly, transaction logs and limits reviewed by the auditor in CPC04 will also be used to ensure compliance with this requirement.

CPC09 – The District paid credit card and p-card statements before the due date to avoid finance charges and late fees.

Payment Process. Based on credit card statements reviewed, determine if there are any finance charges or late fees being paid.

The District should perform monthly reconciliations of card receipts and pay the statement timely to avoid late fees and finance charges. Proper segregation of duties, tracking procedures, and supporting documentation discussed above in CPC04 and CPC08 can help ensure the District’s reconciliation process runs smoothly and that payment processing is completed timely and in full each billing cycle. Additionally, the District could utilize electronic access to statement detail which would allow the District to review transactions throughout the billing cycle rather than waiting for the monthly billing statement.

Finally, be sure to review all questions included in the ‘Credit card and purchasing cards (p-cards)’ section of the compliance questionnaire as well as section VI-G in the USFR for further guidance relating to compliance in preparation for your audits!

For a print-ready version of this article: Click here