In 2016, the Georgia Department of Administrative Services (DOAS) encountered what then-DOAS Commissioner Sid Johnson characterized as a “crisis situation.” , That August, news broke that a senior official from the Georgia Bureau of Investigations (GBI) had used an agency credit card to make over $87,000 in personal purchases; at least some of the purchases were made via Amazon. A subsequent investigation revealed a breakdown of internal controls, inadequate management oversight, and a broader sense that something had gone seriously awry. “The GBI routinely conducts investigations of misuse of purchasing cards. In this case, it was one of its own employees,” said GBI Director Vernon Keenan. “I [was] totally mortified that this occurred.”
As distressing as the situation was, it provided DOAS—which is responsible for managing the state’s purchasing card program and its approximately $330 million in annual transactions—an opportunity to review and improve its policies and internal controls for state purchasing cards. The analysis revealed new problems, trends, and opportunities. These included that a large amount of money (approximately $18 million over two years) was being spent on Amazon; that there were other compliance issues, including agencies not making purchases off of statewide contracts; and that there were broader procedural inefficiencies. At the same time, DOAS believed that the state could seize an opportunity by beginning to make more purchases from local small businesses, a move that would support the Governor’s Small Business Initiative. “All of that,” Johnson explained, “came together at one time in reaction to this fraud case.”
Thus, in late 2016 and early 2017, DOAS implemented a series of reforms to correct deficiencies in and leverage opportunities surrounding the purchasing card system. The most immediate change was a significant decrease in the number of people with procurement cards. In addition, DOAS changed the design of its system by establishing a partnership with Amazon that integrated the company’s catalog into the state’s procurement system. This created an extra security layer because one needed a credential to log into the system, which meant that the state could more easily track who was making purchases. What’s more, the system—which went live in January 2017—provided DOAS an opportunity to create a series of nudges and capture data as part of an effort to enhance security further and help the state realize other efficiencies and enterprise-wide objectives.