A system of internal control may be implemented in many different ways. Because political subdivisions vary in purpose, size and complexity,
no single method of internal control is universally applicable. However, the five internal control components should be present and functioning in all political
Questions have been accumulated for all five internal control components. This document includes questions pertaining to various
noncompliance issues regarding the use of credit cards. These questions can be used to aid in designing a proper system of internal control over the use
of credit cards that will allow deficiencies in procedures over credit cards to be prevented or detected and corrected. It is not necessary to address all
questions in this document. These are only suggestions and ultimately it is up to the unit on how they implement it. The internal control system as a whole
has to be designed and implemented appropriately in order to allow deficiencies over credit card procedures to be prevented or detected and corrected.
Control Environment
The questions in this section are divided by questions that pertain to the governing board and management.
Risk Assessment
1) Does management identify, analyze, and respond to risks related to credit card procedures?
a. What areas have been identified regarding credit card procedures that may be exposed to risk?
b. How has management analyzed and responded to identified risks? For example, management may accept the risk and take no
action, choose to eliminate certain processes to avoid the risk and/or institute proper internal controls.
Governing Board: YES NO
1) Does the governing board oversee the unit’s internal control system regarding credit cards?
2) Did the governing body authorize credit card use through an approved credit card policy? If yes, was the credit card policy
approved in the minutes?
3) Did the credit card policy include the following?
a. Internal control procedures over credit card purchases.
b. Outline the authority and responsibility for credit card purchases within the governmental unit.
c. Issuance and use must be handled by an official or employee designated by the governing board.
d. Limit the number of credit cards and users to a minimum if possible.
e. Set account limits with credit card companies and vendors.
f. Deactivate the ability to make cash advances.
g. The purpose for which the credit card may be used. (travel, online purchasing, emergency/small purchases, automatic
h. Types of purchases that are prohibited or restricted. (personal expenses, purchases above a threshold amount, etc.)
i. The card must be returned to the custody of the responsible person after credit card purchases are made.
j. The designated official or employee must maintain an accounting system or log which would include names of individuals
requesting usage of the cards, their position, estimated amounts to be charged, fund and account numbers to be charged, date
the card is issued and returned. The log should be reviewed by the appropriate level of management.
k. Credit cards must not be used to bypass the accounting system.
l. Purchase orders are issued to provide the fiscal officer with the means to encumber and track appropriations to provide timely
and accurate accounting information and monitoring of the accounting system.
m. Payments cannot be made on the basis of a statement or a credit card slip only. Supporting documents such as paid bills and
receipts must be available.
n. Any interest or penalty incurred due to late filing or furnishing of documentation by an officer or employee may be the personal
obligation of the responsible officer or employee.
1) What procedures did management put in place for the handling of credit cards?
a. Does management assign responsibility, and delegate authority to oversee credit card use and ensure that the credit card
policy is being followed?
Control Activities
Information and Communication
2) What happens when the credit card policy is not followed? What consequences will be enforced?
a. Who is responsible for late charges?
b. Who is responsible when sufficient documentation of purchases is not provided?
c. If personal expenses are incurred using the credit card, how is repayment obtained from the employee?
3) What procedures are in place when employees with access to credit cards leave employment or credit cards are lost or stolen?
4) What procedures are in place to ensure credit card purchases are allowable and properly reflected in the accounting records?
1) Is there a system of checks and balances (segregation of duties) to ensure the proper handling of credit cards and proper reporting
of credit card transactions?
a. Are responsibilities for approving credit card claims segregated from those preparing credit card claims?
b. Are responsibilities for writing the checks segregated from those approving credit card claims?
2) Does a designated official or employee compare credit card purchases to an approved credit card policy?
3) Are vendors noted on the credit card statement for authorized vendors only?
1) Are procedures established to ensure that proper communication and documentation exists for internal communications between
offices, departments, management and the governing board regarding the credit card procedures?
a. How does the unit internally communicate information to employees regarding credit card procedures, including responsibilities
for internal control? Are records maintained to document this communication?
b. Are procedures established to ensure that the communication requirements are being followed and necessary information is
being communicated properly?
1) Are internal control procedures over the handling of credit cards evaluated and adjusted on a regular basis? For example,
personnel changes, newly elected officials, etc.
a. What follow-up action is taken for identified problems or weaknesses in internal controls over the handling of credit cards?
2) Does a confidential reporting system exist so that individuals may report suspected fraud and abuse of the unit’s policies?