Risk Assessment of Food and Drug Administration's Purchase Card Program
Why OIG Did This Audit
The Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act), P.L. No. 112-194, requires OIGs to conduct annual risk assessments of agency purchase card programs. OIGs must report to the heads of their agencies on the results of their analyses by January 31 of each year.
We used the risk areas of the Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) Enterprise Risk Management-Integrated Framework and the Office of Management and Budget (OMB) Compliance Standards to assess the Food and Drug Administration's (FDA's) ability to manage internal controls and risk in its purchase card program.
Our objective was to analyze the risk of illegal, improper, or erroneous purchases in the FDA purchase card program and to determine whether FDA has designed and implemented controls and strategies to mitigate these potential risks.
How OIG Did This Audit
We interviewed FDA management, performed purchase transactions testing, reviewed documents, and evaluated FDA's responses to an OIG questionnaire. Based on this review, we used the COSO framework and the OMB Compliance Standards to identify 6 risk areas and 56 sub-risk areas.
What OIG Found
FDA generally designed and implemented controls and strategies to mitigate the potential risks of illegal, improper, or erroneous purchases in its purchase card program. Within the 6 risk areas related to FDA's purchase card program, we identified 56 sub-risk areas and assessed 50 as low risk and 6 as moderate risk. Overall, we assessed the FDA purchase card program as low risk.
What OIG Recommends and FDA Comments
This report contains no recommendations.
Filed under: Food and Drug Administration