GOVERNMENTWIDE COMMERCIAL PURCHASE CARD GPC PROGRAM POLICIES AND
- Slides: 101
GOVERNMENTWIDE COMMERCIAL PURCHASE CARD (GPC) PROGRAM POLICIES AND DIRECTIVES DENISE REICH AND SHEILA MCGLYNN OFFICE OF THE UNDER SECRETARY OF DEFENSE (OUSD) FOR ACQUISITION AND SUSTAINMENT (A&S) DEFENSE PRICING AND CONTRACTING (DPC) CONTRACTING EBUSINESS (CEB) AUGUST 2020
AGENDA 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Recognition Do. D Smart. Pay® 3 (SP 3) Resources SP 3 Integrated Solutions Team (IST) Governance Process Insights On Demand Data Mining Case Reviews GPC Training Updates: IOD Requirements, Training Completion Reporting and CLG 0010 (formerly CLG 001) Overhaul Do. D Guidebook for Establishing and Managing Governmentwide Commercial Purchase Card Programs Recently Executed GPC Policy Memos Micro‐Purchase Threshold (MPT) Do. D SP 3 GPC Policies, Procedures and Tools System Updates Back Up
RECOGNITION
RECOGNITION Air Force Amanda Marciniak Army Janice Brown DTRA Marshall Baca Aryn Mappes Leroy Griffiths Navy Alanna Martin Brenda Cavallaro Patti Lee-Smith Amy Novak Charlton Mason DCMA Pam Croll* Jennifer Garrison Gerald Weaver De. CA Brad Miller Joe Minnick Jean Etre DFAS Erica Copeland Kerry Morrell Roger Badeau Nikki Dotson Melody Small Sharon Wojcieszyn Steve Baldwin* Patricia Wilde Erin Kirkpatrick* Tim Edmonds Randall Grau* Jennifer Szego Ryne Hepfer Gussie Hendrix* DLA Guy Hunneyman* Kelly Carty* Lee Gunderson Lori Evans * Indicates GPC Program Champion
DOD SMARTPAY® 3 (SP 3) RESOURCES
DPC/CEB WEBSITE https: //www. acq. osd. mil/dpap/pdi/pc/index. html
GPC PROGRAM ONE‐PAGERS https: //www. acq. osd. mil/dpap/pdi/pc/training. html See back-up slides for a listing of all published and pending One-Pagers
SP 3 INTEGRATED SOLUTIONS TEAM (IST) GOVERNANCE PROCESS
IST PURPOSE, OBJECTIVES, AND VOTING MEMBERSHIP 1. ESTABLISHMENT/PURPOSE In accordance with Do. D's SP 3 Army/Air Force/Defense Agencies (A/AF/DA) and Navy GPC Tailored Task Orders, the SP 3 IST is a GPC Governance Board composed of representatives from DPC/Ce. B, Defense Components, and Contractor representatives who meet semi‐annually to discuss changes in the GPC industry and the GPC Program and additional topics addressed on the next slide. 2. AUTHORITY/OBJECTIVES The Director, Ce. B, authorized establishment of the IST prior to issuance of the SP 3 Do. D Request for Proposals as a mechanism for achieving the above purpose. 3. MEMBERSHIP/VOTING The IST includes the following Voting Members, who represent the DPC/Ce. B and Defense Components: • • • IST Chairperson (Director, Ce. B; 1 vote in case of tiebreaker; also has veto power) Co-Chairperson (if IST Chairperson is unavailable, 1 vote in case of tiebreaker; otherwise non‐voting) Department of the Army Lead (1 vote) Department of the Air Force Lead (1 vote) Department of the Navy Lead (1 vote) Defense Agency Lead (1 vote) 9
IST PROCESS AND PROGRESS • IST meetings are held approximately every 6 months unless more frequent meetings are required. Meetings held to date: – 9/18/2019 (comprehensive IST meeting) – 3/23/2020 (mini‐IST meeting to discuss several targeted business rule proposed updates) – 5/19/2020 (comprehensive IST meeting) • Approximately 30 days prior to each comprehensive IST meeting, the Bank team (U. S. Bank, the card‐ issuing bank; Mastercard, the card association; and Oversight Systems, the data mining (DM) vendor) submits an IST Report addressing: – DM business rules results, analysis, and updates – Merchant Category Code (MCC) updates – Blocked merchants – DM and Electronic Access System (EAS) application improvements – Implications on GPC policy and regulations, if any – Other topics as required* *Once results are available from the Semi-Annual Head of Activity Report review process and Case Validation Reviews, the IST will use these results to fully inform its decision making. Both topics are discussed at length in slides that follow.
IST PROCESS AND PROGRESS (CONT. ) • DPC provides input on each report, including data sets, recommendations, and decision points to be voted on by IST voting members. During each meeting: – Attendees discuss industry trends and enterprise application improvements, review and discuss data sets and related recommendations, and vote as required. – Votes are tabulated and recorded, and action items are generated and assigned for action. – Priorities are established. • DPC and the Bank Team meet regularly to follow up on implementation of IST decisions and action items.
EXAMPLES OF PAST IST RECOMMENDATIONS AND DECISIONS BATCHING OF TRANSACTIONS ERRANTLY POSTED ON THE WEEKEND: RECOMMENDATIONS AND DECISION In looking at the type of DM cases that were being flagged, the Bank Team data indicated transactions associated with certain merchants were being batched and posted on the weekend even when the purchases were made on weekdays. The IST voted to update the application so these batched transactions would be excluded from the applicable rule, thereby capturing improper use* while reducing false positives. The application has been updated accordingly. CONSTRUCTION MCCS: RECOMMENDATIONS AND DECISION The Bank Team recommended removal of certain MCCs and the addition of others to a list of construction MCCs, to more accurately reflect MCCs affected by Construction Wage Rate Requirements (formerly Davis. Bacon Act). The IST voted to update the DM application, and the update is underway. *The Department Of Defense Government Charge Card Guidebook For Establishing And Managing Purchase, Travel, And Fuel Card Programs (Do. D Charge Card Guidebook) defines “improper use” as card abuse, delinquencies, internal fraud, misuse, administrative discrepancies, or external fraud, otherwise known as “disciplinary categories. ” 12
FINAL GOVERNMENTWIDE COMMERCIAL PURCHASE CARD DISCIPLINARY CATEGORY DEFINITIONS GUIDANCE, MEMO DATED 1/27/20 To align with the rest of the Federal Government’s charge card programs and ensure continued accurate, complete reporting across the Department, the subject memo adopted the disciplinary category definitions in the Office of Management and Budget (OMB) Circular A‐ 123, Appendix B (while maintaining Do. D’s pre‐existing definition examples).
MERCHANT CATEGORY CODES The following controls are established for the assignment of MCCs to Do. D GPC Cardholder (CH) accounts and Managing Accounts (MAs): 1. 2. 3. 4. DPC maintains a Do. D SP 3 GPC High‐Risk MCC List (includes both High Risk and Very High Risk MCCs). The list is reviewed, and updated if necessary, biannually through the IST governance process. Do. D Component Program Managers (CPMs) must ensure Component‐level guidance addresses procedures for both approving assignment of any MCC on the Do. D SP 3 GPC High‐Risk MCC List to a Do. D GPC CH account or MA and measuring compliance. A DM case is automatically generated for all transactions made from vendors on the Very High Risk MCC list. A DM case is automatically generated for all transactions made from vendors on the High Risk MCC list unless Tier 2 tailoring has added the applicable MCC to a given CH account or MA. The Do. D SP 3 GPC High‐Risk MCC List (FOUO – CAC Required) is available at https: //www. acq. osd. mil/dpap/pdi/pc/Smart. Pay 3_TI_and_PCET. html
PURCHASE CARD OVERSIGHT MODULE (PCOM) AND RELEVANCE TO FUTURE ISTS • Do. D SP 3 GPC Policies, Procedures and Tools – SP 3 Transition Memorandum #6, dated 4/18/19, established quarterly DM Case Validation Reviews (CVRs) as part of the electronic program management and control compliance tools mandated for use by Do. D SP 3 GPC Programs. • DPC entered into a contract to develop the PCOM enterprise tool to facilitate the conduct of DM CVRs on a quarterly basis. • Once PCOM is fully functional (deployment targeted for 3 rd quarter FY 2021), CVR reviewers will review a statistically valid sample of GPC DM cases previously adjudicated in Insights On Demand (IOD) to assess: – Whether accurate conclusions were made on the validity of the adjudicated GPC transactions, and – Compliance with applicable criteria. 15
PURCHASE CARD OVERSIGHT MODULE (PCOM) AND RELEVANCE TO FUTURE ISTS (CONT. ) • An equal number of CVR cases will be randomly assigned to each CVR reviewer on a quarterly basis. Each reviewer will: – Be granted access to the details of each adjudicated case assigned and all transaction supporting documentation, – Review all assigned CVR cases by completing a questionnaire that will result in a status of “Confirmed” or “Questioned” for each CVR case to assess whether accurate conclusions were made on the validity of the adjudicated GPC transactions and compliance with applicable criteria, and – Describe any lessons learned. • All CVR cases with a “Questioned” status will be work‐flowed to the cognizant CPM or designee for action, including a response documenting any corrective actions for each such transaction in IOD. • Once the CVR tool has been deployed and is in use, the IST will include a review and discussion of CVR findings and lessons learned to fully inform its decision making, adjusting the business rules as necessary if they are not producing expected results. 16
INSIGHTS ON DEMAND DATA MINING CASE REVIEWS
DOD SP 3 GPC THREE‐PRONGED OVERSIGHT REVIEW PROCESS Integrated Solutions Team 18
DM CASE MANAGEMENT FUNCTIONALITY • • • IOD’s DM capability implemented Department‐wide under SP 3 evaluates each transaction against a set of tiered business rules to identify high‐risk transactions. Use of these rules provides a standard to consistently measure trends across the Department. DM cases can be system-generated or manually generated: – The system generates a DM case whenever a business rule is broken. – GPC program officials are required to manually create cases for each finding and disciplinary category determination they independently identify (i. e. , not flagged by the system) during their review processes. Each case is then adjudicated to determine if the transaction is to be classified under one of the five disciplinary categories standardized across the Department in the memorandum Final Governmentwide Commercial Purchase Card Disciplinary Category Definitions Guidance, dated January 27, 2020. * For each case, IOD captures disciplinary category determinations and associated corrective actions taken/planned. There are 16 business rules in effect today, some of which are tailorable: – Tier 1 rules are mandatory rules applicable to all Do. D purchase cards. – Tier 2 rules are mandatory rules that can be tailored as necessary at the local level. Updates to the business rules are achieved through the IST governance process. *This memo also defines a sixth disciplinary category—delinquencies. Delinquencies are not captured as part of DM case dispositioning, as they occur at the MA level, and IOD’s case management functionality occurs at the transaction level. However, both the Agency/ Organization Program Coordinator (A/OPC) Monthly and Semi‐Annual Head of Activity (HA) Reports capture the number of Delinquent Accounts for the current and prior reporting periods.
TIER 2 BUSINESS RULES TAILORING • Tier 2 business rules are tailorable to the CH level to enable Components to better meet organizational needs. Such tailoring must be consistent with Do. D Charge Card Guidebook requirements. • CPMs have been submitting Tier 2 tailoring requests as needed using the “Updated Tier 2 Configuration Worksheet, ” located in Access Online’s Web‐based Training content, for about a year. Upon receipt, they are auto‐ingested into IOD. • To create an audit trail and provide appropriate oversight of these potentially high‐risk transactions, IOD generates cases associated with Tier 2 Tailoring and then autocloses each case as “Closed by System – Customized Tier 2 Business Rule. ” • To properly manage program risk for these potentially high‐risk transactions: – IOD automatically selects a random sample of 1% of these transactions and assigns them for adjudication (referred to as “ 1% Random Reopen”). – The 1% Random Reopen cases will be in the pool of cases to be reviewed as part of the CVR process. • The IST reviews Tier 2 tailoring data sets and trends and considers methodology changes based on its findings when necessary.
GPC TRAINING UPDATES: IOD REQUIREMENTS, TRAINING COMPLETION REPORTING, AND CLG 0010 (FORMERLY CLG 001) OVERHAUL Note: See Back‐Up slides for content on how to add IOD training and upload scanned certificates to PIEE/JAM profile.
COMPLETING IOD TRAINING • • IOD training is designed to help individuals learn how to navigate the IOD platform and leverage its features to review, research, and resolve cases, and conduct program oversight. Insights on Demand: For A/BOs – Case Management Course (Do. D GPC) and Insights on Demand: For A/OPCs and CPM – Case Management, Monthly Checklist and Oversight (Do. D GPC) (or similarly named IOD precursor training designed for Do. D Approving/Billing Officials (A/BOs), A/OPCs, and CPMs) are: – Mandatory for all Do. D A/BOs and A/OPCs – Highly recommended for Oversight A/OPCs (OA/OPCs) and CPMs • There are four training completion options: 1. 2. 3. 4. Attend an IOD training session at the General Services Administration (GSA) Training Forum. Attend an online IOD webinar. Watch recorded IOD training posted to Access Online Web‐Based Training. Attend in‐person training (reserved for groups of 20 or more). You can access a form to schedule in‐person training by logging into Access Online, clicking “Training, ” and clicking “Go to Insights on Demand Class Registration. ” • For any IOD access issues, contact iodgov@oversightsystems. com to obtain the necessary credentials. Separate GPC HA Oversight IOD training/primer is being developed.
SCHEDULE OF IOD COURSES AT THE 2020 GSA SMARTPAY VIRTUAL TRAINING FORUM Course August 4 August 5 August 6 Insights on Demand: For A/BOs – Case Management Course (Do. D GPC) 11: 00 – 12: 10 Insights on Demand: For A/OPCs and CPM – Case Management, Monthly Checklist and Oversight (Do. D GPC) 9: 30 – 10: 40 2: 00 – 3: 10 8: 00 – 9: 10 Insights on Demand: For A/OPC, OA/OPC and CPM – Monthly/Semi-Annual Cert and Reports (Do. D GPC) 12: 30 – 1: 40 9: 30 – 10: 40 3: 30 – 4: 40 Insights on Demand: For All Users – Advanced Navigation, Search, and Filtering (Do. D GPC) 3: 30 – 4: 40 12: 30 – 1: 40
TRAINING COMPLETION REPORTING IN PIEE / ELECTRONIC DATA ACCESS (EDA) • GPC users can run a training report (JAM GPC Training Report) for their organizations in PIEE/EDA. To access this report within EDA, add the “EDA Advanced Reporting” role, click on “Reports, ” and select “JAM Reports”: • See One‐Pager 30 P: 027, Access to GPC Reporting, for additional details on running these reports. Note: The JAM GPC Training and Nomination Status reports are being updated.
DAU FEED • In June of this year, DAU released a major update to CLG 001, Do. D Governmentwide Commercial Purchase Card Overview. The new release includes: – Content updates to aid in SP 3 program compliance—addressing new systems, roles and responsibilities, and oversight policies; – New cyber security content; and – Animations and refreshed format. • DAU’s nomenclature now refers to CLG 001 as “retired, ” but the course has simply been updated and • renumbered as CLG 0010 to align with a new DAU standard. Since CLG 001 is a mandatory GPC course for which JAM sends email reminders, Ce. B worked with DAU to ensure PIEE receives CLG 0010 course completions as if the user completed CLG 001. – In the event an individual’s training is not sent via the feed, they can always scan a copy of their training certificate and manually load it to their PIEE account (see 3 OP 010, Uploading Training Certificates to PIEE/JAM). • CLG 0010 is accessible at https: //icatalog. dau. edu/onlinecatalog/courses. aspx? crs_id=12372.
DOD GUIDEBOOK FOR ESTABLISHING AND MANAGING GOVERNMENTWIDE COMMERCIAL PURCHASE CARD PROGRAMS GPC‐UNIQUE VERSION OF DOD CHARGE CARD GUIDEBOOK
KEY UPDATES AND NEXT STEPS • Guidebook overhaul will address: – – – – – All DPC memos issued since 2018 OMB Circular A‐ 123 Appendix B rewrite Smart. Pay 3 Tailored Task Orders PIEE system requirements Contingency contracting updates Cyber security requirements Ordering Officers High‐priority backlog topics for adjudication Reorganized content flow for ease of use; redundancies eliminated • Guidebook will no longer support Travel, Fuel, and Fleet card programs • Formal coordination by Fall 2020 • Publication during Winter 2020/2021 Note: See Back‐up slides for an outline of this planned guidebook.
CYBER SECURITY PROHIBITIONS AND PROHIBITED SOURCES Federal Acquisition Regulation (FAR) 4. 2101 Definitions As used in this subpart— Covered foreign country means The People’s Republic of China. Covered telecommunications equipment or services means– (1) Telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation, (or any subsidiary or affiliate of such entities); (2) For the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities); (3) Telecommunications or video surveillance services provided by such entities or using such equipment; or (4) Telecommunications or video surveillance equipment or services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of National Intelligence or the Director of the Federal Bureau of Investigation, reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country. … 28
CYBER SECURITY PROHIBITIONS AND PROHIBITED SOURCES (CONT. ) FAR 4. 2102 Prohibition (a) Prohibited equipment, systems, or services. On or after August 13, 2019, agencies are prohibited from procuring or obtaining, or extending or renewing a contract to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless an exception at paragraph (b) of this section applies or the covered telecommunications equipment or services are covered by a waiver described in 4. 2104. (b) Exceptions. This subpart does not prohibit agencies from procuring or contractors from providing(1) A service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements; or (2) Telecommunications equipment that cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles. (c) Contracting Officers. Contracting officers shall not procure or obtain, or extend or renew a contract ( e. g. , exercise an option) to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless an exception at paragraph (b) of this section applies or the covered telecommunications equipment or services are covered by a waiver described in 4. 2104. (d) Recording prohibitions in the System for Award Management (SAM). (1) Prohibitions on purchases of products or services produced or provided by entities identified in paragraphs (1) and (2) of the definition of “covered telecommunications equipment or services” (including known subsidiaries or affiliates) at 4. 2101 will be recorded in SAM (see 9. 404). (2) Prohibitions on purchases of products or services produced or provided by entities identified pursuant to paragraph (4) of the definition of “covered telecommunications equipment or services” (including known subsidiaries or 29
CYBER SECURITY PROHIBITIONS AND PROHIBITED SOURCES (CONT. ) FAR 13. 201 General …(i) Do not purchase any hardware, software, or services developed or provided by Kaspersky Lab that the Government will use on or after October 1, 2018. (See 4. 2002). (j) On or after August 13, 2019, do not procure or obtain, or extend or renew a contract to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless an exception applies or a waiver is granted. (See subpart 4. 21. ) 30
DPC ACTIONS PLANNED/TAKEN TO IMPLEMENT CYBER SECURITY REQUIREMENTS • Issued policy memos implementing video surveillance camera and commercial unmanned aerial system prohibitions; and ensured these memos, along with other pertinent cyber security memos and Do. DIG’s cyber audit, are accessible on the DPC website, including CAC‐enabled links for FOUO issuances: – OUSD(A&S), Implementation of Statutory Prohibitions on the Use or Procurement of Certain Telecommunications – – and Video Surveillance Services or Equipment, November 2, 2019 Do. DIG, Audit of the Do. D’s Management of the Cybersecurity Risks for Government Purchase Card Purchases of Commercial Off‐the‐Shelf Items, DODIG‐ 2019‐ 06, July 26, 2019 OUSD(A&S), FOUO memo dated March 1, 2019 OUSD(A&S), FOUO memo dated October 24, 2018, superseded by November 2, 2019, OUSD(A&S) memo above OUSD(A&S), Government‐wide Commercial Purchase Card Prohibited Purchases, August 15, 2018 • Planned/implemented GPC Guidebook updates: – In accordance with the August 15, 2018, memo above, added video surveillance cameras and commercial – unmanned aerial systems to the list of “Prohibited Purchases” in the Do. D Charge Card Guidebook. DPC to add a cyber security section in the forthcoming GPC‐unique Do. D Guidebook for Establishing and Managing Governmentwide Commercial Purchase Card Programs, incorporating the aforementioned FAR regulatory and statutory requirements and other cyber security content. • Continue to work with the Bank Team on actions planned/taken addressed on the next slide. 31
BANK TEAM ACTIONS PLANNED/TAKEN TO IMPLEMENT CYBER SECURITY REQUIREMENTS • U. S. Bank: – Is currently unable to block vendors by merchant name (only able to block by MCC). – Will present further analysis on viability of blocking merchants by name at a future IST meeting. • IOD creates a DM case for any transaction with the merchant name of: – Huawei Technologies Company, – ZTE Corporation, – Hytera Communications Corporation, – Hangzhou Hikvision Digital Technology Company, – Dahua Technology Company, or – Kaspersky Lab. • Any such DM cases are identified during each comprehensive IST meeting, for appropriate action to be taken by the cognizant CPM. 32
RECENTLY EXECUTED GPC POLICY MEMOS
DOD POLICIES AND PROCEDURES GOVERNING NON‐APPROPRIATED FUNDS (NAF) SMARTPAY® 3 GPC USE – SP 3 TRANSITION MEMO #11, DATED 4/1/2020 • All SP 3 GPC card programs, including those with NAF cards, shall comply with and follow the policies, practices, and regulations in the Do. D Charge Card Guidebook or successor Guidebook. • Do. D Charge Card Guidebook policies require that all NAF GPC SP 3 transactions comply with the same DM business rules as appropriated funds GPC SP 3 transactions, with multiple rules detecting noncompliance with the FAR and Defense Federal Acquisition Regulation Supplement (DFARS) from which NAF monies are otherwise exempt. • NAF GPC SP 3 transactions must comply with source selection, small business, and green procurement policies and procedures as required by the Do. D Charge Card Guidebook. • This memo established a new internal control applicable to all NAF GPC SP 3 programs to ensure NAF funded GPCs are properly segregated for oversight. – All NAF GPC CH accounts must be established under a separate MA (i. e. , commingling of appropriated and nonappropriated funded cards under a single MA is strictly prohibited). • The cognizant GPC CPM assumes the risk to the government for any cards not in compliance. This memo can be found at: https: //www. acq. osd. mil/dpap/policyvault/USA 001819 -19 -DPC. pdf 34
DOD SMARTPAY® 3 GPC GUIDANCE FOR THE CORONAVIRUS DISEASE 2019 COVID‐ 19), ( DATED 4/2/2020 Requires GPC CPMs to issue guidance: For transactions using SEPA 1. Directing CHs to include Head of Contracting Activity (HCA) determinations authorizing use of Special Emergency Procurement Authority (SEPA) with their transaction supporting data (e. g. , using Transaction Management – Attachments) For all COVID-19 2. Requiring CHs to enter the National Interest Action (NIA) Code “P 20 C” in the transactions Purchase Log as follows: a) Components that create manual Access Online orders must use the “Contingency Operations” field. b) Components that receive Access Online e. Orders that are editable must use the “Contingency Operations” field. c) Components that receive Access Online e. Orders that are not editable must use the “Transaction Comments” field. d) Components that do not use Access Online Order Management or Transaction Management capabilities must develop procedures that allow reporting of the data on a weekly basis. This memo can be found at: https: //www. acq. osd. mil/dpap/policyvault/USA 000700 -20 -DPC. pdf 35
DOD SMARTPAY® 3 GPC GUIDANCE FOR THE CORONAVIRUS DISEASE 2019 COVID‐ 19), ( DATED 4/2/2020 (CONT. ) Reiterated existing policy requirements: • Do designate officials to conduct follow-up reviews of transactions made in support of COVID‐ 19 emergency assistance activities as soon as practicable, but no later than 60 days, after any given transaction. These officials shall evaluate whether the transaction: a) Was consistent with guidance as specified in the memo as well as the Component’s policies and procedures and was otherwise reasonable and appropriate. b) Provided the maximum practicable opportunity for small business participation under the circumstances. c) Was appropriately documented by the CH. • Do not authorize a blanket increase of CH authority, but rather identify an appropriate number of CHs who will make these higher dollar value purchases Consider leveraging Contracting Office support or Program Management Review (PMR) team This memo can be found at: https: //www. acq. osd. mil/dpap/policyvault/USA 000700 -20 -DPC. pdf 36
MICRO‐PURCHASE THRESHOLD (MPT)
MPT POLICY MEMOS • GPC Guidance Related to Class Deviation 2018‐O 0018 dated August 31, 2018, memo dated September 21, 2018, provides GPC implementing guidance related to the $10, 000 MPT. MICRO-PURCHASE THRESHOLDS Construction subject to 40 U. S. C. chapter 31, subchapter IV, Wage Rate Requirements 1 (Construction) 2 Services subject to 41 U. S. C. chapter 67, Service Contract Labor Standards Threshold 3 Federal-wide Open Market Micro-Purchase 5 GPC Contingency (Inside U. S. ) 6 GPC Contingency (Outside U. S. ) $10, 000 or Greater $20, 000 $30, 000 CONVENIENCE CHECK THRESHOLDS 1 GPC Convenience Checks (Non-Contingency) 2 GPC Convenience Checks (Contingency) (Inside U. S. ) Threshold $5, 000 $10, 000 4 Federal-wide Higher Education Open Market Micro-Purchase 3 GPC Convenience Checks (Contingency) (Outside U. S. ) $2, 000 $2, 500 Inflationary adjustment anticipated October 1, 2020, FAR Case 2019 -013 Not Pertaining to MPT October 1, 2020: Limit for Government Agencies accepting intergovernmental GPC transactions will drop from $24, 999. 99 to $9, 999. $15, 000 CHs with single purchase limits exceeding $10, 000 (except when supporting contingency contracting) must be trained to follow Federal, Do. D, and Component procedures for purchasing or requesting waivers from Federal Prison Industries (FPI). See FAR Parts 8. 0 and 8. 6 and Do. D Charge Card Guidebook Appendix A, Section A. 1. 2. 2, GPC Purchasing Steps, paragraph g). See Recently Executed GPC Policy Back-Up slides for more detailed information.
MPT FOR SERVICES SUBJECT TO SERVICE CONTRACT LABOR STANDARDS (SCLS) DFARS PGI 213. 201 and the Do. D Charge Card Guidebook include the following: (iii) Except as provided in paragraph (iv) of this section, the following tables illustrate the micro‐purchase threshold based on the physical location of the Government purchaser and, for services, the place of performance: (A) For supplies— (B) For services, including acquisitions of services subject to 41 U. S. C. chapter 67, Service Contract Labor Standards— (iv)(A) Government purchasers located inside the United States are prohibited from using the $30, 000 contingency micro‐purchase threshold, unless specifically authorized by statute. (B) The $2, 000 micro‐purchase threshold for acquisitions of construction subject to 40 U. S. C. chapter 31, subchapter IV, Wage Rate Requirements (Construction), remains unchanged in the event of a declared contingency operation; a cyber, nuclear, biological, chemical, or radiological attack; a request from the Secretary of State or the Administrator of the United States Agency for International Development to facilitate provision of international disaster assistance pursuant to 22 U. S. C. 2292 et seq. ; or an emergency or major disaster (42 U. S. C. 5122), regardless of the criteria described above. 39
DOD SP 3 GPC POLICIES, PROCEDURES, AND TOOLS
OVERVIEW: SP 3 GPC OVERSIGHT POLICIES, PROCEDURES, AND TOOLS MEMO #6 • Do. D SP 3 Government‐wide Commercial Purchase Card Policies, Procedures and Tools – SP 3 Transition Memo #6, dated April 18, 2019, specified updated policies, procedures, and electronic program management and control compliance tools mandated for use by all Do. D Components executing transactions under the Army, Air Force, and Defense Agencies; and Navy GPC SP 3 tailored task orders (TTOs). • Requires Components to: – Publish Component‐level guidance for transitioning to updated oversight procedures no later than November 30, 2019. • Guidance must require appropriate oversight to be performed as the Component phases out the requirement to conduct Annual MA Reviews and adopts the integrated three‐pronged, system‐enabled review cycle described in Memo #6. – Ensure full deployment and use of IOD’s oversight capabilities no later than 1 March 2020. That didn’t quite work out…
DOD SP 3 GPC THREE‐PRONGED OVERSIGHT REVIEW PROCESS Integrated Solutions Team 42
DOD SP 3 GPC THREE‐PRONGED OVERSIGHT REVIEW PROCESS (CONT. ) • DM Case Reviews – Enable documentation of any findings identified and corrective actions taken. • Monthly A/OPC Reviews – Conducted to promote and measure compliance with purchasing and management internal controls and provide reasonable assurance of the effectiveness of these controls to mitigate program risk. ‐ Can be completed only if all DM transactions for the period under review are closed. Semi-Annual HA Reviews – Conducted to ensure adherence to internal controls and facilitate senior management’s awareness of their GPC program’s health, and to help them promote the interdisciplinary communication necessary for successful GPC program operations. ‐ Can be completed only if all A/OPC Monthly Reviews for the period under review are completed/certified. Enables the Department to fulfill the 10 U. S. C. 2784 requirement to “use effective systems, techniques, and technologies to prevent or identify improper purchases. ” • • – – PCs O / A s and on on O B / A ti Both t take ac e. mus ery cas ev System‐Generated Cases Management‐Added Cases § May be opened at management’s discretion. § Must be opened for each finding and disciplinary category determination independently identified (i. e. , not flagged by IOD) during compliance reviews. Complete Findings and Disciplinary Category Determinations records are necessary to automate GPC reporting requirements and support GPC program management and oversight.
STANDARD REVIEW PERIOD ESTIMATED DATES Transaction Period Review Period 1 st Oversight A/OPC Review Complete – Can Suspend Purchasing 2 nd Oversight A/OPC Review Complete – Can Suspend Purchasing Cycle Start Date Cycle End Date A/OPC Runs Report A/OPC Review Complete – Can Suspend Purchasing CPM Review Complete – CPM Provides HA Shall Suspend Results to DPC Purchasing Monthly A/OPC Review 6 Feb 20 th Mar 19 th Mar 20 th Apr 18 th Apr 28 th May 13 th - Semi-Annual Report (1 st half FY) Sep 20 th Mar 19 th May 14 th Jun 13 th Jun 23 rd Jul 8 th Jul 15 th Monthly A/OPC Review 7 Mar 20 th Apr 19 th Apr 20 th May 19 th May 29 th Jun 8 th Jun 13 th - Monthly A/OPC Review 8 Apr 20 th May 19 th May 20 th Jun 18 th Jun 28 th Jul 13 th - Monthly A/OPC Review 9 May 20 th Jun 19 th Jun 20 th Jul 19 th Jul 29 th Aug 8 th Aug 13 th - Monthly A/OPC Review 10 Jun 20 th Jul 19 th Jul 20 th Aug 18 th Aug 28 th Sep 7 th Sep 12 th - Monthly A/OPC Review 11 Jul 20 th Aug 19 th Aug 20 th Sep 18 th Sep 28 th Oct 14 th - Monthly A/OPC Review 12 Aug 20 th Sep 19 th Sep 20 th Oct 19 th Oct 29 th Nov 8 th Nov 13 th - Semi-Annual Report (2 nd half FY) Mar 20 th Sep 19 th Nov 14 th Dec 24 th Jan 3 st Jan 8 th Jan 15 th This table shows standard dates estimated strictly on count of days. It does not address Memo #12 dates or weekends/holidays.
45
DAILY DM CASE REVIEW CYCLE DM Case Review Cycle Milestones Compliance Mechanism DM Cases Initiated Daily for Review • Throughout the Billing Cycle N/A A/BO DM Reviews Complete • Should complete reviews throughout the billing cycle (rather N/A than waiting until the end of the month) to promote timely resolution (e. g. , transaction dispute, Cardholder retraining). Should complete reviews within 5 days of the billing cycle end date. Must complete reviews within 30 calendar days of the billing cycle end date. Note: Any case the A/OPC refers back to the A/BO for additional review may require action through day 55. • • A/OPC Cases Closed • • Should complete reviews within 30 calendar days of the billing cycle end date. Note: Any case the OA/OPC refers back to the A/BO for additional review may require action through day 55. Must complete reviews within 55 calendar days of the billing cycle end date. Memo 12 clarifies that, on a case‐by‐case exception bases, CPMs are authorized to lift purchasing suspensions for mission‐critical purchases with open DM cases or incomplete reviews; this authority may not be delegated below the CPM. Review the transaction supporting documents from Access Online (Order Management – Order Receipt) A/OPCs may suspend MAs with open DM cases 30 days after billing cycle end date, or sooner if authorized by Component Policy. CPMs must suspend MAs with open cases 55 days after the billing cycle end date.
DM CASE AGING
MONTHLY A/OPC REVIEWS A/OPCs are required to conduct a Monthly A/OPC Review each billing cycle and document results in IOD. During each Monthly A/OPC Review, A/OPCs must: 1. Validate that all DM cases are closed. 2. Assess the key purchasing and management internal controls (e. g. , span of control, delinquencies, training) on the Monthly A/OPC Review Report in IOD. 3. Perform a summary assessment that includes 100 percent of all transactions not flagged by IOD to: (a) ensure awareness of purchasing activity within their hierarchy; and (b) identify purchasing and behavior patterns not otherwise identified by IOD (e. g. , patterns that span multiple CH accounts and/or MAs) or that may otherwise require A/OPC action. Access Online Transaction Detail reports are available for use in performing these reviews. Use the Comment section of the Monthly and Semi. Annual Review Reports to document and retain review findings. – At his/her discretion, the A/OPC may identify additional transactions for review using the IOD tool. – A/OPCs are required to ensure a DM case is created for each of their findings and disciplinary category determinations. Memo #12 mandates that HAs validate that any Tier 2 tailoring of the DM business rules implemented is appropriate.
RECORDING AND RETAINING REVIEW COMMENTS Copy and paste comments here. Capability also available for Semi-Annual HA Report.
MONTHLY A/OPC REVIEW CYCLE DATES Action A/OPC completes Monthly Review and A/OPC Monthly Checklist in IOD. Review Cycle Compliance Mechanism Milestones Cycle End Date + A/OPCs may suspend MAs with open DM cases 30 days after billing cycle end date. OA/OPC completes Monthly Review and certifies completion in IOD. Cycle End Date + OA/OPCs may suspend the appropriate account(s) at 30 40 days if DM cases and A/OPC Monthly Reviews are not complete. Higher‐tier OA/OPC completes Monthly Review and certifies completion in IOD (if more than one level). Cycle End Date + Higher‐tier OA/OPCs may suspend the appropriate 50 days account(s) at 40 days if DM cases and A/OPC Monthly Reviews are not complete. CPM completes review and certifies completion in IOD. Cycle End Date + CPMs suspend appropriate account(s) at 55 days if DM 55 days cases and A/OPC Monthly Reviews are not complete.
SEMI‐ANNUAL HA REVIEWS • Semi‐Annual HA Reviews are an aggregation of the A/OPC’s six previous Monthly A/OPC Reviews. A/OPCs are required to: – Brief their review results to their own HA (apprising the HA of program strengths and any concerns within their – – organizations). Obtain the HA’s signature on the Semi‐Annual HA Review Report. Provide a scanned version of the signed report and other review documents to the OA/OPC above them. Certify they have completed their HA Semi‐Annual Reviews in IOD. Retain their final signed documents. Use the IOD messages tab for review and retention of scanned versions. • OA/OPCs (up to two tiers), if assigned, are required to: – Summarize the reports provided by the A/OPCs or O/AOPCs at the tier directly below them in the hierarchy. – Review the results with their HA. – Obtain their HA’s signature on their Semi‐Annual HA Review Report. – Provide a scanned version of the signed report and other consolidated review documents (if any / as required) to the OA/OPC or CPM at the next higher tier above them in the hierarchy. – Certify they have completed their HA Semi‐Annual Reviews in IOD. – Retain their final signed documents. CPMs Lead the process to ensure complete reviews are provided to DPC no later than January 15 and July 15 each year.
RETAINING AND SHARING SIGNED REPORTS 2. Select Semi-Annual Reporting Period. 3. Select Organization. 1. Select CPM Semi-Annual Review Under Semi-Annual Checklist. 4. Select Messages tab and click “Attach File. ” Select File, add optional “New Notes, ” and click “Save. ” Capability also available for Monthly A/OPC Review Report. Memo #12 mandates use of this capability to store reports if penand-ink changes have been made.
CONTINUE TO MAKE CONSISTENT PROGRESS ü Issue cards to ensure supply and service requirements are timely processed in accordance with applicable policies and regulations. ü Deploy Electronic Data Interchange (EDI) interfaces to: • • • Promote prompt and accurate invoice payments. Increase refunds earned and reduce Prompt Payment interest payed. Improve the timeliness and data integrity of financial transaction reporting in support of Financial Improvement and Audit Readiness (FIAR) goals. Ø Perform appropriate program oversight by focusing on thoughtful case closure and completion of the Monthly A/OPC and Semi‐Annual HA Review processes. • Leverage DM Case Reviews to enforce/measure compliance with requirement to use Access Online to: ‐ ‐ Share and retain scanned versions of transaction supporting data (Transaction Management – Attachments). Document receipt and acceptance (Order Management – Order Receipt).
CONTINUE TO MAKE CONSISTENT PROGRESS (CONT. ) Ø Transition from existing paper‐based to JAM Appointments to improve management control compliance and enable automatic access to valuable e. Business tools. • • • Implementation Approach Option: Issue all new appointments using only JAM; determine a reasonable number of remaining paper appointments to tackle each week. Triggers automated access to Supplier Performance Risk System (SPRS) and Fed. Mall. Capability to link JAM appointments to Access Online Accounts is currently being piloted. ‒ Look for additional information in the coming months. Ø Enable PIEE Single Sign On (SSO) to Access Online. ‐ Bank Customer Relationship Managers (CRMs) can provide support. Ø Adopt the standard Access Online Enterprise Purchase Log Requirements. ‐ Bank CRMs will contact the CPM if changes are required Components can enable SSO even if all JAM appointments have not been completed. Only users with active PIEE GPC roles* can use the PIEE / U. S. Bank SSO. GSA has directed two-factor authentication be implemented NLT Nov 2020. * PIEE GPC CH, A/BO, Certifying Officer, A/OPC, OA/OPC, and CPM roles become “active” after the JAM appointment is completed.
IST PRIORITIES 1. 2. 3. Phased development, testing, and deployment of remaining Monthly A/OPC and Semi‐Annual HA Reporting* process requirements. Leverage inherent capabilities of commercial DM tool or take other appropriate steps to decrease the false positive rate (e. g. , generate a stratified sample using risk‐based parameters to identify low‐risk DM cases for possible auto‐ closure). • Reducing the overall case reviews and the false positive rate promotes conduct of more thoughtful reviews. Develop, test, and deploy an IOD GPC DM Dashboard to provide GPC Leads consolidated information to manage the Do. D GPC SP 3 Three‐Pronged Oversight Review Process. * In addition to training counts, the following Report Line # values contain dashes while ongoing development and testing continues: # Description 4 Total Refunds Earned During the Reporting Period (Refunds are Earned Quarterly) || Percent of Total Dollar Value 6 Number of Disputed Transactions || Dollar Value of Disputed Transactions 7 Average Number of Days for CHs to Certify 8 Average Number of Days for Certifying Officer to Certify Invoice for Payment Post Billing Cycle End Date 9 Average Number of Days for Bank to Receive Payment Post Billing Cycle End 29 Number of Credit Card Accounts (excludes Convenience Check Accounts)* 32 Number of Purchase Card accounts with Single Purchase Limits over the Micro Purchase Threshold ($10, 000) 36 Number of Managing Accounts that do not have a Primary A/BO or Alternate A/BO assigned to the account 37 Large Volume of Business with One Merchant
OVERVIEW: SP 3 GPC OVERSIGHT AND REPORTING MEMO #12 Department of Defense Smart. Pay® 3 Government‐wide Commercial Purchase Card Oversight and Reporting – SP 3 Transition Memorandum #12, dated July 16, 2020: • Summarizes issues encountered (system and COVID‐ 19 related). • States reliable versions of the following SP 3 Oversight tools deployed by July 9, 2020: – Monthly A/OPC Checklist, Report and Certification (June 29) – Semi‐Annual HA Questionnaire, Report, and Certification (July 9) • Directs Do. D Component Senior Procurement Executives and Heads of Contracting Activities to ensure completion of the Monthly A/OPC and Semi‐Annual HA Review processes, including enforcement of mandatory purchasing suspension for accounts with open DM cases (including backlog and aged cases or incomplete Monthly A/OPC or Semi‐Annual HA Reviews) in accordance with the schedule on the next slide.
Transactional Period Review Initiated NLT Date Mandatory Purchasing Suspension Date Monthly A/OPC Review (April 2020 cycle) 3/20/2020 – 4/19/2020 7/10/2020 8/31/2020 Monthly A/OPC Review (May 2020 cycle) 4/20/2020 – 5/19/2020 7/10/2020 8/31/2020 Monthly A/OPC Review (June 2020 cycle) 5/20/2020 – 6/19/2020 7/10/2020 8/31/2020 Semi-Annual HA Review (1 st Half FY 20) 9/20/2019 – 3/19/2020 7/10/2020 8/31/2020 3/20/2020 – 9/19/2020 11/14/2020 1/8/2021 3/20/2019 – 9/19/2019 N/A 10/30/2020 11/30/2018 – 3/19/2019 N/A 12/30/2020 Review Name / Required Action Semi-Annual Head of Activity Review (2 nd Half FY 20) – Includes Closure of all DM Cases Case Closure for Transactions from 2 nd Half of FY 19 Case Closure for Transactions from 1 st Half of FY 19 [1 Timeframes Allows for Concurrent Processing OVERVIEW: SP 3 GPC OVERSIGHT AND REPORTING MEMO #12 –UPDATED DEPLOYMENT SCHEDULE specified in Memo #6 for authorized A/OPC and OA/OPC account purchasing suspensions are superseded by the above dates. They remain in effect for all subsequent review cycles. Component and Local procedures can authorize earlier purchasing suspension dates.
OVERVIEW: SP 3 GPC OVERSIGHT AND REPORTING MEMO #12 –UPDATED APPOINTMENT COMPLETION DATES • Do. D GPC Program participants are required to register for a PIEE account and request the GPC role(s) appropriate for their program function(s). • Electronic GPC Delegation of Authority and/or Appointment Letters must be granted for GPC Program participants in JAM as follows: Upd at Mem ed in o #1 2 9/7/2018 JAM Appointment Completion Date 11/26/2018 9/7/2018 7/31/2020 9/7/2018 8/31/2020 GPC Certifying Officers (DD Form 577) 12/14/2018 9/30/2020 A/BOs 1/25/2019 10/30/2020 GPC CHs (Includes Convenience Check Account Holders) 6/23/2019 12/31/2020 Role Name CPMs OA/OPCs (Individuals responsible for overseeing the work of other A/OPCs) A/OPCs (Individuals responsible for directly overseeing A/BO MAs and CH accounts) JAM Release Date For more information, see JAM GPC Role Descriptions: https: //www. acq. osd. mil/dpap/pdi/pc/Smart. Pay 3_TI_and_PCET. html
OVERVIEW: DEPLOYMENT OF CARDHOLDER APPOINTMENT CAPABILITY MEMO #10 Deployment of PIEE JAM GPC Cardholder Appointment Capability – SP 3 Transition Memo #10, dated June 28, 2019, announced deployment of PIEE JAM CH appointment capability; extended JAM GPC appointment completion dates; and required Components that authorize issuance of GPC CH Special Designation Authority Types other than Micro-Purchase Cardholder, Micro-Purchase Convenience Check Holder, and Micro-Purchase Contingency Contracting Cardholder to: 1. 2. 3. Ensure Component-level policies and procedures adequately address such use, Specify additional mandatory training requirements for utilizing the alternate special designation authority that are commensurate with the authority to be delegated, and Mandate additional controls and oversight procedures to mitigate the risks associated with each special designation authority. Note: Current Do. D GPC policy and training are not sufficient for delegations other than Micro‐Purchase Cardholder, Micro‐Purchase Convenience Check Holder, and Micro‐Purchase Contingency Contracting Cardholder. Pay particular attention to the GPC Delegation of Authority and Appointment Letters that are equivalent to appointment on SF-1402, Certificate of Appointment (i. e. , Contracting Officer Warrant). More information is available at https: //www. acq. osd. mil/dpap/pdi/pc/docs/Smart. Pay 3/Ref%20 B%20 -%20 JAM%20 GPC%20 Role%20 Descriptions%204 -1520. docx
OVERVIEW: SP 3 GPC OVERSIGHT AND REPORTING MEMO #12 ATTACHMENT SUMMARY Memo #12 includes four attachments: 1. Checklist for use by GPC Leads* to track Components’ mandated SP 3 oversight procedures progress – Summarizes high‐level oversight policy requirements. – Provides role‐based list of actions required to complete Oversight reviews. – Extends mandatory completion dates for JAM appointments. 2. Specification of policy exceptions a CPM may implement if system and/or COVID‐ 19 issues impacted full deployment 3. Semi‐Annual HA Review Table that Components executing a manual Semi‐Annual HA Review process must complete – Equivalent to the IOD Semi‐Annual HA Questionnaire 4. Description of the information DPC will maintain to comply with reporting requirements in OMB Circular A‐ 123, Appendix B. * GPC Leads include A/OPCs, OA/OPCs, CPMs, and other individuals responsible for operational oversight and management of Component GPC programs.
SP 3 TRANSITION MEMO #12 –ATTACHMENT 2 SUMMARY OF ALLOWABLE EXCEPTIONS Monthly A/OPC Review Allowable Exceptions • CPMs may authorize: ⁻ GPC Leads to use IOD to concurrently initiate and complete their Monthly A/OPC Review Checklists and run the A/OPC Monthly Review Reports for the April, May, and June 2020 cycles for simultaneous review up the GPC hierarchy to the CPM no later than August 31, 2020. ⁻ Program Leads to make manual corrections when completing the Monthly A/OPC Review process when errors and omissions are identified on the report. Monthly A/OPC Review System Validations Closure of all DM cases for transactions made during the period under review. Semi-Annual HA Review System Enforced Validations Closure of all DM cases for transactions made during the period under review. Completion of the 6 Monthly A/OPC Reviews up through the GPC hierarchy to the CPM for the billing cycles included in the semi-annual cycle.
SP 3 TRANSITION MEMO #12 –ATTACHMENT 2 SUMMARY OF ALLOWABLE EXCEPTIONS Semi-Annual HA Review Allowable Exceptions CPMs may authorize: • GPC Leads to concurrently conduct their Semi‐Annual HA Review Process for the 1 st half of FY 2020 and the Monthly A/OPC Review processes for the April, May, and June 2020 cycles for simultaneous review up the GPC hierarchy to the CPM no later than August 31, 2020. • GPC Leads to forego the requirements to brief Semi‐Annual HA Review results and obtain the signature of their HA on the Semi‐Annual HA Report for the 1 st half of FY 2020 only. • Conduct of a CPM‐managed Manual Review Process to document the results of the Semi‐Annual HA Review for the 1 st half of FY 2020 only. – The requirement for A/OPCs to manually sign the Semi‐Annual HA Review Report may be waived as long as a policy mandate is issued requiring all A/OPCs to: (a) run their Semi‐Annual HA Review for the 1 st half of FY 20, (b) validate the accuracy of the data, and report any errors and control noncompliances identified on the Report to the OA/OPC directly above them in the hierarchy, and (c) run the Findings and Determinations Reports for the 1 st half of FY 20 and all of FY 19 to ensure all identified findings and determinations have been reported and appropriate actions was taken. • GPC Leads to make manual corrections when completing the Semi‐Annual HA Review Process when errors and omissions are identified on the report.
SP 3 TRANSITION MEMO #12 –ATTACHMENT 1 CHECKLIST Publish Component/Local guidance for transitioning to the Memo #6 oversight procedures. • HAs must validate that their GPC Leads documented any interim oversight procedures used during the transition from the SP 2 Annual Managing Account Review oversight process (SP 2 ended November 30, 2018) to full deployment of the SP 3 three-pronged oversight approach described in Memo #6 (now required to be fully implemented as shown below). These procedures will serve as the baseline against which the Component’s compliance should be measured during any review or audit performed that includes the transition period. • GPC Leads at each level should be able to: 1. Describe if, and for how long, SP 2 procedures were retained (e. g. , continued to perform Annual Monthly Agency (MA) reviews); or 2. Affirm when the Memo #6 procedures were fully adopted; and/or 3. Detail the compensating processes used to address any IOD limitations encountered.
SP 3 TRANSITION MEMO #12 –ATTACHMENT 1 CHECKLIST Document any additional policies/mechanisms used to ensure GPC program compliance with acquisition regulations. • HA must validate the Component has documented the role of Program Management Review (PMR) / Navy’s Procurement Performance Management Assessment Program (PPMAP) team in ensuring: ‐ GPC program compliance with acquisition regulations (e. g. , through periodic detailed transaction file reviews); and ‐ GPC program oversight is being conducted in accordance with applicable policy. • HA must validate the Component has documented how critical GPC internal controls are included in the Component’s overall Internal Control Review Process.
SYSTEM UPDATES
GPC PROGRAM AND PIEE Wide Area Workflow (WAWF) Supplier Performance Risk System (SPRS) All CHs, A/BOs, A/OPCs, OA/OPCs, Certifying Officers, and CPMs automatically granted the SPRS Acquisition Professional Role upon JAM Appointment An Acceptor Role request is automatically initiated when CHs are appointed. Separate Supervisor and GAM approval are required for activation. SPRS is a procurement risk analysis tool for the areas of price, item, and supplier risk. DFARS requires use of Wide Area Workflow (WAWF) to document acceptance when the GPC is used as the contract payment method. By the end of CY 2020, acceptance in WAWF will flow directly to the CH’s Access Online Purchase Log. Fed. Mall All CHs are automatically granted the Shopper Role when appointed as a CH. After CH must manually add Card Account information to Fed. Mall account to get the Buyer Role. An e. Commerce ordering system for DLA managed National Stock Number (NSN) and commercial off-the-shelf (COTS) items and GSA assets. It supports veteran-owned businesses, small businesses, and Ability One companies that sell environmentally friendly products. Access Online and IOD In addition to Common Access Card (CAC) SSO security enhancements, linking JAM appointments to accounts in Access Online promotes compliance with delegations of procurement authority. Defense Acquisition University Course completion data flows to GPC users’ PIEE profiles. Defense Enrollment Eligibility Reporting System (DEERS) In August 2020, employee separation notice will result in JAM appointment termination.
If you have further questions, reach out to the Do. D GPC Shared Mailbox at dodpcpo@sterlingheritage. com with the subject “Training. Forum 2020. ”
QUESTIONS? http: //www. acq. osd. mil/dpap/pdi/pc/index. html
BACK UP
BACK UP: DOD SP 3 RESOURCES
GPC PROGRAM ONE‐PAGERS 3 OP 001 3 OP 002 3 OP 003 3 OP 004 3 OP 005 3 OP 006 3 OP 007 3 OP 008 Understanding Cardholder Special Designations Understanding the New Micro‐Purchase Thresholds OA/OPC and A/OPC Registration, Role Request, and Appointment CPM Registration, Role Request, and Appointment DAA Registration and Role Request Reactivating Inactive and Archived PIEE Accounts/Roles When do I need multiple roles or appointments? How to Enter Additional Details to Appointment Letters 3 OP 011 Certifying Officer Registration, Role Request, and Appointment 3 OP 012 Registration for the DD 577 View‐Only Role 3 OP 013 3 OP 014 Understanding Army / Air Force / Defense Agencies Refunds under Smart. Pay 3 A/BO Nomination, Registration, and Appointment 3 OP 015 Who is the Head of Activity? 3 OP 016 What is the Semi‐Annual HA Review? 3 OP 017 PIEE JAM Statuses (Pending) 3 OP 018 What Do. DAAC Should I Enter? 3 OP 009 AA Registration and Role Request 3 OP 019 3 OP 010 Uploading Training Certificates to PIEE/JAM 3 OP 020 Understanding How Do. DAACs Are Used in PIEE/JAM CH Nomination, Registration, and Appointment
GPC PROGRAM ONE‐PAGERS (CONT. ) 3 OP 021 SP 3 Do. D Data Mining Process (IOD 101) 3 OP 031 RM Registration and Role Request 3 OP 022 Selecting the Appropriate Delegation in JAM 3 OP 032 Record Retention in Access Online and IOD (Pending) 3 OP 033 What is SPRS? (Pending) 3 OP 023 3 OP 024 What do SPRS Supplier Risk Scores mean? (Pending) Access Online and IOD ‐ Validating Your Access 3 OP 025 Do. D Case Assignment in IOD 3 OP 026 Terminating Appointments in JAM 3 OP 027 Access to GPC Reporting 3 OP 028 A/BO & Certifying Officer Combo Appointments 3 OP 029 Auditor Access (Pending) 3 OP 030 Single Sign On (Pending)
BACK UP: GPC TRAINING UPDATES: IOD REQUIREMENTS AND TRAINING COMPLETION REPORTING
ADDING IOD TRAINING COURSE AND UPLOADING SCANNED CERTIFICATE TO PIEE/JAM PROFILE • If you don’t have a PIEE account yet: When establishing an account, the system will take you to the Training page as part of your GPC role registration process. • If you have a PIEE account but have not completed your JAM role/appointment: The system will prompt you to upload your CLG 001 / CLG 0010 or CLG 006 certificates when the appointment is initiated. At this time, you could select the applicable IOD class and upload your IOD certificate as well. • If you have a PIEE account and a JAM role/appointment: Log into PIEE, go to “My Account, ” select “My Training” under your Profile, select the applicable IOD class, and upload your certificate. 74
ADDING IOD TRAINING COURSE AND UPLOADING SCANNED CERTIFICATE TO PIEE/JAM PROFILE (CONT. ) • Select the “Add Training” followed by “Add GPC Training. ” • Select the appropriate class title under the “Add Training” window. Step 1: Select Appropriate Class Title 75
ADDING IOD TRAINING COURSE AND UPLOADING SCANNED CERTIFICATE TO PIEE/JAM PROFILE (CONT. ) • Upload the scanned IOD training certificate to your PIEE profile. • Fill in the remainder of the fields, including adding 1 hour for the number of hours and Oversight as the provider. Step 2: Add Your Training Certificate Step 3: Fill in additional fields; specify “ 1” for “Hours” and “Oversight” for Provider
ADDING IOD TRAINING COURSE AND UPLOADING SCANNED CERTIFICATE TO PIEE/JAM PROFILE (CONT. ) • Once the addition/upload is accomplished, your PIEE “My Training” profile will look like this:
BACK UP: DOD GUIDEBOOK FOR ESTABLISHING AND MANAGING GOVERNMENTWIDE COMMERCIAL PURCHASE CARD PROGRAMS GPC‐UNIQUE VERSION OF DOD CHARGE CARD GUIDEBOOK
NEW OUTLINE • • • Chapter 1: Purpose, Authority, and Issuance Chapter 2: Establishing a Program Chapter 3: Personnel Chapter 4: GPC Uses Chapter 5: Pre‐Purchase Considerations – Authority, Funding, and Approval Requirements Chapter 6: Pre‐Purchase Considerations – Sourcing, Regulatory Requirements, and Determinations Chapter 7: Pre‐Purchase Considerations – Purchasing, Shipment, and Delivery Chapter 8: Documenting and Receiving a Purchase Chapter 9: Paying for a Purchase Chapter 10: Handling Disputes, Credits, and Refunds Chapter 11: Program Management Chapter 12: Systems
NEW OUTLINE (CONT. ) • • • Appendix A: Using the GPC for Contingency Operations, Defense against or Recovery from Cyber, Nuclear, Biological, Chemical or Radiological Attack, International Disaster Assistance, an Emergency or Major Disaster, or Peacekeeping Operations Appendix B: Shipments Outside the Continental United States Appendix C: Internal Management Controls Appendix D: Comptroller References Appendix E: Definitions and Abbreviations Appendix F: For Official Use Only (CAC‐enabled electronic chapter)
BACK UP: GPC OVERSIGHT
ACCESS ONLINE – CARDHOLDER REQUIREMENTS Cardholders must use Access Online to: • Create their Purchase Log (Order Management). – Do. D standard Access Online Purchase Log format mandated – Supports data transmission to IOD and WAWF. • Document receipt and acceptance (Order Management – Order Receipt). – Improves property accountability and increases auditability. • Retain their transaction supporting documentation (Transaction Management – Attachments). – Ensures A/BO, A/OPC, OA/OPC, and CPM access for use in completing reviews. – Negates the need for storage of hardcopy documents. – Loading documents with a marking of “For Official Use Only” or higher to Access Online is prohibited. • Approve GPC Statements of Account (Order Management). Access Online Enterprise Purchase Log Requirements (FOUO – CAC Required) are available at https: //www. acq. osd. mil/dpap/pdi/pc/Smart. Pay 3_TI_and_PCET. html
ACCESS ONLINE – A/OPC REQUIREMENTS A/OPCs must use Access Online to: • Issue and maintain GPC accounts. – JAM appointment data will be provided to Access Online via system interface (planned for 2 nd quarter FY 2020). A/OPCs will login to Access Online and link issued JAM appointments to the appropriate CH account or MA. Purchasing limits authorized in JAM appointments will serve as the ceiling for Access Online authorizations. – The A/OPC will enter other purchasing limitations, such as MCCs, directly into Access Online. • Manage their programs. – Perform transaction reviews (e. g. , review transaction supporting data).
IOD REPORT MANAGEMENT – SEMI‐ANNUAL HA REVIEW REPORT 2. Select Report. 3. Select Report Parameters with optional User Notes. 1. Select Management Reports.
IOD REPORT MANAGEMENT – MONTHLY A/OPC REVIEW REPORT 2. Select Report. 1. Select Management Reports. 3. Select Report Parameters with optional User Notes.
IOD REPORT MANAGEMENT – ATTACHING THE SIGNED SEMI‐ANNUAL REVIEW REPORT 2. Select Semi-Annual Reporting Period. 3. Select Organization. 1. Select CPM Semi-Annual Review under Semi-Annual Checklist. 4. Select Messages tab and click on “Attach File. ” Select File, add optional “New Notes, ” and click “Save. ”
BACK UP: MPT AND RECENTLY EXECUTED GPC POLICY MEMOS
CONTINGENCY CONTRACTING MPTS Category Inside U. S. Outside U. S. Acquisitions of supplies or services that, as determined by the Head of the Agency, are to be used to: Construction subject to 40 U. S. C. chapter 31, subchapter IV, Wage Rate Requirements (Construction) (41 U. S. C. 1903) $2, 000 • Support a Contingency Operation • Facilitate defense against or recovery from the following types of attacks: ‐ Cyber ‐ Nuclear ‐ Biological ‐ Chemical Card: $20, 000 ‐ Radiological Check: $10, 000 • Support a request from the Secretary of State or the Administrator of the U. S. Agency for International Development (USAID) to facilitate provision of international disaster assistance pursuant to 22 U. S. C. 2292 et seq. • Support a response to : ‐ Emergency ‐ Major disaster Support for Humanitarian or Peacekeeping Operation (10 U. S. C. 2302) Card: $30, 000 Check: $15, 000 Not Addressed
SIMPLIFIED ACQUISITION THRESHOLDS (SATS) Category Inside U. S. General Do. D SAT Outside U. S. $250, 000 Acquisitions of supplies or services that, as determined by the Head of the Agency, are to be used to: • Support a Contingency Operation • Facilitate defense against or recovery from the following types of attacks: ‐ Cyber ‐ Nuclear ‐ Biological ‐ Chemical ‐ Radiological • Support a request from the Secretary of State or the Administrator of USAID to facilitate provision of international disaster assistance pursuant to 22 U. S. C. 2292 et seq. • Support a Response to: ‐ Emergency ‐ Major disaster $750, 000 $1, 500, 000 Support a Humanitarian or Peacekeeping Operation (10 U. S. C. 2302) N/A $500, 000
HOW DOES THE SAT IMPACT THE GPC PROGRAM? • Contingency Contracting Officers may “use the GPC” up to: − $750 K Inside the U. S. − $1. 5 M Outside the U. S. • DFARS 213. 301(3) A contracting officer supporting a contingency operation as defined in 10 U. S. C. 101(a)(13) or a humanitarian or peacekeeping operation as defined in 10 U. S. C. 2302(8) may also use the Governmentwide commercial purchase card to make a purchase that exceeds the micro-purchase threshold but does not exceed the simplified acquisition threshold, if— (i) The supplies or services being purchased are immediately available; (ii) One delivery and one payment will be made; and (iii) The requirements of paragraphs (2)(i) and (ii) of this section are met.
MPT FOR SERVICES SUBJECT TO SCLS • DPC confirmed with the Deputy, Defense Acquisition Regulations System (DARS): ⁻ Related text on FAR, DFARS, and Procedures, Guidance, and Information (PGI) is current and should be followed unless there is a revision. ⁻ All text went through the rulemaking process in which all federal agencies had an opportunity to comment. ⁻ As in many other parts of the regulations, there are different times that agencies raise a concern and then can request a case to revisit. • Therefore, this guidance stands despite: ⁻ GSA Emergency Card Use FAQ dated April 12, 2020, states “the MPTs for services and construction remain at the lower thresholds: ― $2, 500 for services subject to SCLS and ― $2, 000 for construction. ” ⁻ Virtual Acquisition Office™ inquiry response dated March 23, 2020, provided by Army. 91
CONTINGENCY THRESHOLDS Please note that on these slides the “contingency” thresholds apply to procurements of property or services by an executive agency that the agency determines are in support of contingency operations, to facilitate the defense against or recovery from cyber, nuclear, biological, chemical, or radiological attack against the United States, to support a request from Secretary of State or the Administrator, to support USAID for the provision of international disaster relief assistance pursuant to the Foreign Assistance Act of 1961, or to support an emergency or major disaster defined under the Robert T. Disaster Relief and Emergency Assistance Act (42 U. S. C. 5122). Support for Humanitarian or Peacekeeping Operation (10 U. S. C. 2302) is addressed in the law (see 10 U. S. C. § 2561 ‐ U. S. Code ‐ Unannotated Title 10. Armed Forces § 2561. Humanitarian assistance). 92
GPC PROHIBITED PURCHASES MEMOS • GPC Prohibited Purchases memo dated August 15, 2018 added Video Surveillance Cameras and Commercial Unmanned Aerial Systems to the prohibited purchase list. • GPC Prohibited Purchases memo dated March 1, 2019 (FOUO / CAC required) provides additional information on GPC prohibitions.
BACK UP: SYSTEM UPDATES
SPRS GPC CAPABILITIES • SPRS is Do. D’s single authorized application to retrieve suppliers’ performance information. • SPRS retrieves price, item, quality, delivery, and supplier performance data from multiple Government reporting applications to develop Risk Scores. • CHs appointment in JAM now also have SSO access to SPRS. • Summary SPRS ratings are displayed in Fed. Mall. CHs who previously have directly accessed SPRS from PIEE can click on a link to view the SPRS Supplier detailed report. • DPC policy memo that will require CHs to check SPRS prior to purchase has been in a holding pattern awaiting updates to DFARS and Do. D Instruction 5200. 44. 95
PENDING MEMO: GPC REQUIREMENTS ASSOCIATED WITH DFARS SUBPART 209. 1 MANDATE TO USE SPRS ASSESSMENTS (DATE TBD) Will affirm Do. D’s commitment to protecting taxpayer and Federal Government financial and security interests; ensuring GPC transactions are not awarded to suspended, debarred, or otherwise restricted vendors; and complying with the intent of issuances such as National Defense Authorization Acts that prohibit purchasing from specified foreign vendors. • Will direct Component Senior Procurement Executives to issue Component‐level GPC guidance mandating use of SPRS when making micro‐purchases. • Will grant Component Senior Procurement Executives the authority to exempt certain types of micro‐ purchases (e. g. , Ability. One) from the requirement to check SPRS or tailor the frequency of the required review based on specified purchasing conditions, such as: – Purchasing in large retail and/or local stores – Shopping at. com sites – Equitably distributing micro‐purchases among qualified suppliers (FAR 13. 203) – Purchasing from foreign vendors – Purchasing information technology supplies and services (e. g. , network‐connected items, printers, cameras, • computers, phones, thermostats) All access to SPRS is now exclusively through Do. D PIEE.
FEDMALL • • Designed to be user friendly, Fed. Mall, is an easy‐to‐navigate platform where users can hover displayed products for additional information. Along with NSN items, Fed. Mall also sells COTS items supporting veteran‐ owned businesses, small businesses, and Ability One companies that sell environmentally friendly products. Buyers now have access to tens of millions of individual items from Defense Logistics Agency managed items, GSA assets, and COTS items. Fed. Mall is an e. Commerce ordering system for Do. D, Federal, State, and authorized Local Agencies to search for and acquire products from government reserves and commercial sources. Buyers have access to over 29 million individual items of supply, including centrally managed Do. D and GSA assets as well as COTS products. Fed. Mall has approximately 92, 000 registered users, 732 commercial suppliers, and 53. 3 million commercial items, and processes millions of orders annually. Fed. Mall strives to be the web‐based single point of entry for customers to find acquire off‐the‐shelf, finished goods and services from Government and commercial sources. A relatively new part of Fed. Mall is the Market. Place. Fed. Mall Market. Place allows suppliers to upload catalogs for supplies quickly and easily. The original phase of Market. Place in 2017 focused on office supplies but now allows a greater variety of supplies (more North American Industry Classification System (NAICS) codes). For Market. Place, suppliers use a streamlined application process; when approved, they can post items on Market. Place for GPC Cardholders to buy at or below the MPT. Do. D customers will now be able to access commercial products at a convenient Government website. All access to Fed. Mall will be exclusively through Do. D PIEE in Fall 2020.
FEDMALL GPC CAPABILITIES • Development is underway for Fed. Mall SSO through PIEE. • CHs’ PIEE account data will be leveraged to streamline Fed. Mall registration. • Fed. Mall purchasers (i. e. , GPC Cardholders) can rate vendors (Star Rating) based on their experience. These ratings are displayed for use by other Fed. Mall users. They are also sent to SPRS and used in the calculation of SPRS ratings. • Federal Procurement Data System (FPDS) reporting is completed for Fed. Mall purchases. 98
WAWF GPC CAPABILITIES • Release 4. 1 (June 2009): Added ability to have vendors create and government users accept GPC Receiving Reports in WAWF against contracts paid with a GPC. Fulfills requirements of DFARS Clause 252. 232‐ 7003, which states “…(d) The Contractor may submit a payment request and receiving report using methods other than WAWF only when—… (4) The Governmentwide commercial purchase card is used as the method of payment, in which case submission of only the receiving report in WAWF is required. ” • Release 4. 2 (March 2010): Added ability for the government to submit and accept a receiving report in WAWF for GPC open‐market micro‐purchases. The Cardholder creates the WAWF Micro‐purchase receiving report and another individual with an acceptor role performs acceptance. This helps facilitate asset accountability and provides a third‐party review of the incoming shipments. • Release 6. 1 (August 2019): WAWF GPC receiving report used for contract pay was updated to capture data necessary to keep WAWF and Access Online in sync. The interface, which is still in testing, will result in population of “acceptance” in the Access Online Purchase Log when acceptance is performed in WAWF. This two‐way interface will also enable CHs to document acceptance in Access Online rather than WAWF if they choose to do so. – Components must consider separation of function/duties concerns. 99
JAM DEPLOYMENT REVIEW The following items are being developed: • ECP 1280 – 2020 JAM Improvements (Planned for deployment in August 2020) ‒ ‒ Add Procurement Do. D Activity Address Code (Do. DAAC) to GPC JAM appointments. This data is necessary for Fed. Mall to complete FPDS reporting. Automatic termination of GPC JAM appointments when the Defense Enrollment Eligibility Reporting System (DEERS) notifies PIEE of employee separation from government service. Creates a User Training and History page. Adds footer to JAM GPC appointments clarifying formal record of appointment is in PIEE, not a printed letter.
JAM DEPLOYMENT REVIEW (CONT. ) The following ECPs were deployed into production: • ECP 1248 – JAM Enhancements (Deployed January 2020) ‒ The initial deployment of JAM provided the basic capabilities required to perform the appointment of CPMs, OA/OPCs, Certifying Officers, A/BOs, and CHs. There are numerous user community requests to improve usability and efficiency as the tool is deployed. ‒ This ECP provided a variety of unique and separate updates to the JAM activity code base. These changes are not inherently interdependent and as such constitute a variety of changes that may stand alone. • ECP 1244 – JAM Enhanced View (Deployed November 2019) ‒ GPC JAM has been updated to provide the CPM, OA/OPC, and A/OPC with additional access for nominations and appointments they did not initiate or for which they do not appear as the direct OA/OPC or AOPC. The to view and take action the same as the user who initiated the appointment/nomination is also part of the solution. ‒ Access is driven by the OA/OPC or A/OPC having the same role location as the role of the OA/OPC or A/OPC who nominated the nominee/appointee or initiated the appointment or is identified as the direct OA/OPC or AOPC on the appointment. ‒ This applies to pending and current appointments, and nominations. ‒ As a result, anyone from the same office can pick up work on behalf of the user who took first action, making the process less user specific and more of a shared work concept.