The URL can be used to link to this page

Home My WebLink About11/01/2017 - Report: P-Card Audit - City Council - Audit Committee Performance Audit of The Procurement Card Program November 2017 City Internal Auditor’s Office City of College Station File #: 17.01 Why We Did this Audit The Procurement Card Program has not received audit coverage since a follow-up in 2009 that examined the implementation of ten audit recommendations issued in 2008. Moreover, Fiscal Services has not received adequate audit coverage over the last few years due to the implementation of the City’s new Enterprise Resource Planning system – Tyler Munis. In fiscal year 2016, the City spent about $3,134,000 with about 540 active p-cards spread across all City departments. These purchases made up about 7 percent of non-personnel expenses for the year. What We Recommend 1. Restructure internal controls to better ensure that transactions are appropriately reviewed. 2. Adjust the current process to ensure the p-cards of terminated employees are closed as quickly as possible. 3. Investigate JP Morgan system controls that would prevent split purchases. 4. Prevent employees from exceeding highest approved single and monthly transaction limits. 5. Work with departments annually to reassign cardholders into appropriate spending categories in order to reduce monetary risk. What We Found In general, we found that the City’s Procurement Card Program was adequately mitigating risk and encouraging efficient and effective use of procurement cards. As a result, City employees are predominately using their cards to the achievement of the program’s objectives. Despite this positive assertion, we believe some controls could be strengthened in order to further reduce risk. We have summarized some of our key findings below: System Controls. The City’s current credit provider allows the City to set up automatic declines of purchases that: 1) meet certain fraud parameters, 2) are associated with certain merchant category codes, and 3) exceed certain single and monthly transaction limits. Additionally, the bank automatically cancels any City p- cards that were not used within 18 months. On the other hand, we found that employees were not restricted from approving their own purchases in the City’s current financial system. Furthermore, purchases could be allocated to funds that do not require any department review. If other compensating system and procedural controls were not present, we would classify this as a substantive risk to the achievement of the Procurement Card Program’s objectives. Program Procedures. Generally the City’s policies are effective and active, however, we found that the City’s current disciplinary procedures for p-card violations do not match City policy. Additionally, the City provides adequate training and resources for the p-card program and purchase approvals were generally timely. Nevertheless, we found that some p-card accounts were being closed an inappropriate amount of time (up to 201 days) after an employee left the City. Finally, we found, based on actual spending patterns, that employees are frequently given higher spending limits than necessary, however, the expansion of the department card program has significantly reduced the number of p-cards available to staff. Audit Executive Summary: Procurement Card Program Procurement Card Audit 1 Introduction The Office of the City Internal Auditor conducted this performance audit of the procurement card program pursuant to Article III Section 30 of the College Station City Charter, which outlines the City Internal Auditor’s primary duties. A performance audit is an objective, systematic examination of evidence to independently assess the performance of an organization, program, activity, or function. The purpose of a performance audit is to provide information to improve public accountability and facilitate decision-making. Performance audits encompass a wide variety of objectives, including those related to assessing program effectiveness and results; economy and efficiency; internal control; compliance with legal or other requirements; and objectives related to providing prospective analyses, guidance, or summary information. A performance audit of the procurement card (i.e. p-card) program was included in the fiscal year 2017 audit plan based on direction given by the Audit Committee. Audit Objectives This audit addresses the City’s response to risks presented by the procurement card program and answers the following questions:  Do City policies, procedures, and practices promote the efficient and effective use of procurement cards?  Do City procurement card program controls adequately mitigate risk? Scope and Methodology We conducted this performance audit in accordance with generally accepted government auditing standards (with the exception of a peer review).1 Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. The following paragraphs further detail the audit procedures used to obtain this evidence: Interviews. To obtain general and background information of the City’s procurement card program, we interviewed the Program Coordinators and the Accounting Manager. Documentation. To identify criteria, we examined our previous audit work for this program and researched professional literature including: the Government Finance Officers Association’s best 1 Government auditing standards require audit organizations to undergo an external peer review every three years. We are scheduled to receive a peer review in fiscal year 2018. Procurement Card Audit 2 practices, ASI Government’s2 Acquisition Directions Advisory best practices, and the Internal Revenue Service’s (IRS) rules and regulations. We also reviewed City policies and procedures including: the City’s updated Procurement Card Policy as of February 2017; Tyler Munis3 training manuals for approvers and purchasing card transaction coding; a p-card process flow chart provided by the Accounting Division; and a sign-in/out sheet created by the Program Coordinators for department cards. Finally, we examined reports generated by JP Morgan for cardholders and transactions and Tyler Munis information on entry and approval personnel. Training Observation. We attended a procurement cardholder training on 10/13/16. Transaction Analysis. To test the City’s p-card internal control system, we used generalized auditing software to analyze all fiscal year 2016 transactions to determine:  The number of cards that made a high cost4 single transaction or exceeded their single transaction limit;  The number of cardholders that had high cost months or exceeded their monthly spending limit;  The number of unused cards during fiscal year 2016;  If any terminated or suspended employees had used their card;  If any transactions had been made from inappropriate Merchant Category Codes (MCC); and  If any potential split purchase had been made. We also randomly selected a statistical sample5 of 376 transactions that made up approximately $56,900 from fiscal year 2016 and reviewed the documentation and approval workflow of each in Tyler Munis to determine:  If there was adequate supervisory review by the department;  If both the department and accounting reviews were conducted in a timely manner;  If the documentation for each transaction was adequate;6 and  If there was a clear, sufficient business reason for each transaction. Finally, we identified all department card transactions from fiscal year 2017 and selected a judgement sample of 40 to determine:  Who the purchaser of each department card transaction was; and  If the purchaser had also approved the transaction. 2 Formerly Acquisition Solutions, Inc.; a federal government acquisition consultant. 3 Tyler Munis is an integrated ERP system currently used throughout the City that began implementation in 2015. 4 Where a high cost transaction or month is within 10 percent of the appropriate limit (i.e. single transaction or monthly limit). 5 This sample provides 95% confidence that the estimated mean is within ± 5 percent of the true mean. 6 Proof of purchase adequacy was based on IRS rules that require the following elements: 1) name of vendor, 2) transaction date, 3) a detailed descript of goods or services purchased, 4) amount paid, and 5) the form of payment. Procurement Card Audit 3 Background The City’s procurement card approval process currently utilizes JP Morgan Chase as a credit provider and Tyler Munis as the City’s financial system. Once purchases are made by cardholders, they are uploaded into JP Morgan’s system. Each day, these transactions are then imported into the City’s financial system by the Accounting Division. From here, entry personnel for each department or division review the purchases and allocate them to the correct account (e.g. office supplies, travel expenses, etc.) They then attach the appropriate documentation as provided by the cardholder. Purchases are then reviewed by the appropriate supervisor (based on fund, department, or division)7 and are either approved or rejected. If approved, purchases are reviewed once more by Accounting before being converted into journal entries. It is important to note that even if these procedures are not performed, are not completed in a timely manner, or if a transaction is inappropriate, the purchase has already been made and the City must pay the bank. This process is shown in more detail in Figure 1. Figure 1: P-Card Purchasing Cycle 7 In the Tyler Munis system these are defined by organization and object codes. Procurement Card Audit 4 In fiscal year 2016, the City spent $3,134,000 with procurement cards through about 17,500 transactions. Throughout this report, we estimated risk based on a statistical sample as described in the methodology section. Table 1 below summarizes p-card spending by department. The “Percentage of Expenses” column listed does not include personnel expenses for the calculation. Table 1: FY16 Procurement Cards by Department Department Num. of Transactions Transaction Total Percentage of Expenses Parks & Recreation 2,892 $0531,000 11% Electric8 2,304 $0523,000 5% Public Works 2,833 $0489,500 4% Water Services 2,070 $0357,000 6% Information Technology 1,118 $0329,000 15% Fire 1,481 $0269,000 7% Police 2,154 $0257,000 8% General Government 1,540 $0216,000 33% Fiscal Services 556 $0091,000 5% Planning & Development 579 $0071,500 16% Total: 17,527 $3,134,000 7% 8 Non-personnel expenses used to calculate this percentage do not include purchased power; the percentage including this power expense would equal less than 1%. Procurement Card Audit 5 Findings and Recommendations This audit focused on the procurement card program’s: 1) promotion of an ethical procurement card environment, 2) alignment with the City’s spending needs, 3) separation of duties and appropriateness of responsibilities, and 4) approach to monitoring and oversight. Generally, we found that the City was adequately mitigating risk in these four areas; however, we identified a few internal controls that could be improved. Encourage a Suitable Procurement Card Environment Criteria: A positive control environment is the foundation for all other standards as a climate and culture of discipline and structure influences the quality of internal control. This involves properly supporting the program with adequate resources for oversight and training, as well as making clear what behaviors are and are not acceptable. An agency should also develop written policies and procedures that outline appropriate controls and ensure the ongoing success of a purchasing card program including: 1) instructions, with written acknowledgment, on employee responsibility; 2) record keeping requirements for review and approval; 3) clear guidelines on appropriate use; and 4) ongoing training for cardholders and supervisors. Potential Risk: Based on our findings, the risk presented to the City in this area is sufficiently mitigated. Scope: Fiscal year 2016 transactions; active procurement card accounts as of 5/11/17. Observations: 1. City Policies. The City’s Procurement Card Policy includes sections detailing the appropriate use of p-cards, including examples of pertinent and prohibited purchases as well as how an employee should place an order with a vendor. It also lays out the potential consequences for misusing procurement cards. City policy requires original documentation to be kept on hand for two complete billing cycles once they have been scanned and uploaded into the City’s financial system. 2. Training Procedures. Program Administrators typically conduct cardholder training once a week. At this training, cardholder applicants are required to read the City’s Procurement Card Policy, then read and sign the p-card User Agreement Form. Next, staff reviews proper and improper card use, as well as the potential consequences for misuse. Currently, there is no ongoing training process for p-card approvers; however, a training manual is available to staff. Procurement Card Audit 6 3. Resources. As of 5/11/17, the City had 403 active procurement cards and 95 City employees in the procurement card approval hierarchy – five of which provide City-wide oversight. Additionally, the City has 57 employees dedicated to purchase entry. 4. Disciplinary Action. According to City Policy, if a cardholder is found to have violated policy, their card should be suspended for 30 days. If a cardholder is found to be in violation a second time, their p-card is to be permanently suspended. However, we found no evidence in the JP Morgan system of card suspension. According to City staff, instead Program Administrator’s notify the violator’s supervisor and request an explanation for the cardholder’s first violation. At this time, there have been no repeat offenders. Procurement Card Audit 7 Establish Spending Limits Commensurate with Needs Criteria: Cardholder spending limits should align with actual need on a single transaction and total monthly basis. Changes in spending limit should be requested in writing through a formalized procedure, and an annual review of the program should include an assessment of credit limit appropriateness. Potential Allowing many cardholders to have spending limits higher than necessary exposes the City Risk: to higher monetary risk. However, this risk for the City is moderate to low. Scope: Fiscal year 2016 transactions; active procurement card accounts as of 5/11/17. Observations: 1. City Policies. The City’s Procurement Card Policy identifies four spending levels that consist of both monthly and single transaction limits. These levels – along with the number of cards at each level9 – are shown in Table 2. This policy also specifies that a request for spending limit change must be submitted in writing via e-mail to a Program Administrator and have approval of the Finance Director or chosen delegate. Table 2: Procurement Cards Monthly Limit Single Transaction Num. of Cards $10,000 $2,999 145 $05,000 $1,500 117 $03,000 $1,000 90 $01,000 $0,500 34 2. Single Transaction Limits. In our review, we found 175 high cost transactions.10 However, while about 88 percent of transactions are under $500, about 90 percent of cardholders have their single transaction limit set higher than this. Moreover, we noted that about 43 percent of organizational units11 did not make any single high cost transaction. We also found that 218 transactions were declined based on the cardholder’s single transaction limit. There is also evidence that the single transaction limit can and has been temporarily raised for an individual purchase. However, according to the Purchasing Manual Chapter 7.04, “all purchases greater than $3,000 but $50,000 or less must . . . obtain three or more competitive quotes when feasible and practical.” We found two instances of a single purchase exceeding $3,000, for a total amount of about $8,000 – about $2,000 over the highest single transaction limit in total. 3. Monthly Transaction Limits. We found that 248 cardholders during fiscal year 2016 did not have a monthly credit limit according to the JP Morgan system – however all currently active cards have a set monthly credit limit. Additionally, we found 11 active cards whose monthly limit does 9 This number is based on the single transaction limit of each card. 10 Where a high cost transaction is within 10 percent of the appropriate limit (i.e. single transaction or monthly limit). 11 The City of College Station has 10 departments comprised of 61 organizational units as defined in this report. Procurement Card Audit 8 not match their single transaction level based on Table 2. Two of these eleven cards had a higher monthly level than the corresponding level stated in the Purchasing Manual – including one monthly limit of $15,000. Furthermore, we did not find any evidence that a transaction was declined based on exceeding the cardholder’s monthly limit. We also found 4 instances where a cardholder exceeded the maximum monthly transaction limit as stated in the Purchasing Manual (section 6.03), totaling to about $42,000 (about $2,000 over). This being said, only 11 cardholders spent over $9,000 in a month during fiscal year 2016. 4. Unused Procurement Cards. Almost 60 percent of the City’s organizational units had at least one unused procurement card during fiscal year 2016, resulting in 89 unused cards. According to City staff, JP Morgan automatically cancels all procurement cards that have not been used for 18 months. Procurement Card Audit 9 Ensure Separation of Duties and Appropriate Responsibility Criteria: Agencies should establish an effective approval process through which cardholder applicants must be reviewed and approved prior to issuance. This process should promote and maintain adequate oversite as the agency’s needs grow and evolve. Moreover, approving officials should be selected to ensure sufficient independence and rank to adequately assess purchases. The responsibilities of cardholders, reviewing officials, and agency program coordinators should not overlap. All individuals involved in the procurement card process should be held accountable for timely and adequate participation (i.e. submittal, entry, review and approval). Potential Allowing employees to approve their own transactions increases the risk of fraud and Risk: misappropriation of City funds. While purchase entry employees are different than approvers, they are not generally of sufficient rank to question a purchaser approving their own transactions. Implementing department cards – while significantly reducing the number of procurement cards – may hinder supervisory review on both the department and Accounting level as it obscures employee responsibility for purchases. Additionally, department cards do not necessarily limit employee access to City funds. Scope: Statistical sample of fiscal year 2016 transactions; judgment sample of department card transactions from 10/1/16 through 5/11/17. Observations: 1. City Policies. Full- and part-time employees whose responsibilities includes routine purchases of business-related goods and services are eligible to receive a procurement card upon supervisor recommendation. Temporary employees are not eligible for p-cards. Recommended employees are required to fill out an application that is approved by the department director, who indicates the appropriate spending level. The Program Administrator then verifies that the employee works for the City through the payroll system and issues the new card. 2. Approval Accountability. City procedures require that by each Friday, the transactions of the previous week are correctly input with adequate documentation (e.g. itemized receipts, expense reports, etc.), and the review is completed.12 At the beginning of each week, the Accounting Division emails all City employees a list of unconverted transactions in an attempt to speed this approval and conversion process along. However, it is often difficult to tell who in this process is at fault for an untimely approval without examining the work flow for each transaction. On average, departments complete their review of purchases nine days after the transaction occurs (range: 2 to 35 days), and Accounting converts these transactions one day after department review (range: 0 to 19 days). 12 At months end, all transactions must be reviewed and approved within five business days of the following month. Procurement Card Audit 10 3. Approval Adequacy. The review for a particular purchase is determined by the account code assigned by entry personnel. There is currently no overlap between purchase approval and entry personnel. Approximately 72 percent (± 5 percent) of total fiscal year 2016 p-card transactions have adequate supervisor review, and thus are low risk. The p-card transactions that are at the highest risk were 15 instances in our sample where the purchaser approved their own transaction and 21 instances of transactions with no supervisory review. Transactions where the purchaser could not be easily determined (i.e. department cards) or the approver was of a lower or equal rank to the purchaser were considered medium risk. Table 3 summarizes the findings of our statistical sample of fiscal year 2016 p-card transactions. Table 3: Approval Findings Summary Risk Level Count Amount High 36 $7,311.06 Medium 70 $6,887.46 Low 270 $42,657.88 Total: 376 $56,856.40 This being said, we found physical evidence of supervisory and Accounting review on the attached documentation of many transactions (i.e. transactions were rejected for approval, supervisor signatures on receipts, etc.). 4. Department Cards. At the beginning of fiscal year 2017, the City expanded the use of department cards (d-cards) in the procurement card program (the Police and Fire departments had previously employed d-cards). These cards are to be used by several individuals within a department or division and safeguarded by a single “custodian.” These custodians are charged with keeping the cards safe from theft and misuse and ensuring accountability among users. City Policy states that d-card users should utilize a sign-in/out sheet to maintain employee accountability. We calculated that the implementation of this program decreased the total number of City procurement cards by about 25 percent. Of a judgement sample of 40 department card transactions in fiscal year 2017, we noted that the actual purchaser could not be identified 6 times (15 percent). Of the transactions where we could determine the purchaser (85 percent), the approver was adequate. Procurement Card Audit 11 Develop a Multi-Faceted Approach to Monitoring and Oversight Criteria: Agencies should have several levels of review and oversight in place including: 1) primary, supervisory review and 2) agency-wide reporting. These levels help identify questionable transactions, split purchases, improper cardholder limits, and fraudulent activity. Proper oversight should also include periodic audits for card activity and retention of purchase documentation and a regular review of spending per vendor and merchant category codes. Moreover, agencies should be aware – and take advantage – of automatic procurement card controls provided by the program’s service provider. These controls may include automatic purchase denial based on Merchant Category Codes and credit limit, as well as other reporting tools. Potential Reviewed transactions indicate that inadequate documentation and questionable purchases Risk: present a low risk to the City, and automatic controls are generally adequate to effectively mitigate risk. However, allowing procurement cards to remain open for a significant period of time after an employee is terminated increases the chance a non-business related purchase will be made. Scope: Fiscal year 2016 transactions; statistical sample of fiscal year 2016 transactions. Observations: 1. Reporting. JP Morgan has several premade reports that can be utilized by the City for oversight and monitoring purposes. 2. Number of Transaction Limits. According to City staff, there are no limits set on the number of daily or monthly transactions a cardholder can make. However, we found three instances of a purchase being denied due to an account exceeding its daily transaction count. Given this, we were unable to determine whether this control was in use, however, other controls may more effectively limit risk exposure such as the single and monthly transaction limits. 3. Automatic Fraud Protection. After reviewing JP Morgan’s records, we noted that the bank had alerted the City for potential fraud 186 times during fiscal year 2016. When JP Morgan suspects fraud they attempt to contact the cardholder to verify the purchase. If they cannot be reached the card is immediately suspended. JP Morgan also notifies a Program Administrator by e-mail if they have difficulties contacting the cardholder. The City also began switching to procurement cards with security chips in February 2017 with cards provided to employees by June 2017. 4. Automatically Denied Transactions. During fiscal year 2016, 792 transactions were denied instantly based on conditions set by JP Morgan for a total of about $646,000. The majority were declined because of user error (i.e. the wrong expiration date entered, the incorrect address used, the wrong CVV/CVC card number, etc.), however, we also found evidence that JP Morgan Chase declines purchases due to its fraud protection strategy. 5. Terminated or Suspended Employee Purchases. Once an employee leaves the City their p-card should be deactivated. We found that on average, it takes about 26 days to close an account Procurement Card Audit 12 after an employee is terminated with a range of 0 to 201 days. No employees were found to have made purchases after termination or while suspended in fiscal year 2016. 6. MCCs. Current MCC parameters are effective. JP Morgan allows the City to classify some Merchant Category Codes13 (MCC) as inappropriate and will automatically decline any purchases made at these businesses. Only one purchase was made from a MCC that was not reasonably related to City business for $1.09. There were 128 transactions for $28,000 declined based on their MCC. 7. Adequate Documentation. Approximately 91 percent (± 5 percent) of total fiscal year 2016 p- card transactions have adequate supporting documentation based on IRS rules, and thus present a low risk to the City. Moreover, we found that many departments used effective secondary support documentation such as complete, detailed, and signed Travel Expense Reports, detailed and signed Non-Taxable Meal Forms, and descriptive P-Card Receipt Reports that were signed by the purchaser and their supervisor. Table 4 presents a summary of the exceptions found during our review of a statistical sample of the fiscal year 2016 transactions. Transactions without documentation were considered high risk if they also had inadequate approval, while transactions with adequate approval but inadequate documentation were considered medium risk. Table 4: Potential Documentation Exceptions Risk Level Count Amount High 7 $4,117.89 Medium 25 $5,205.37 Low 344 $47,533.14 Total: 376 $56,856.40 8. Questionable Purchases. Approximately 96 percent (± 5 percent) of total fiscal year 2016 p-card transactions were made for an identifiable business reason. Table 5 presents a summary of the exceptions found during our review of a statistical sample of fiscal year 2016 p-card transactions. Transactions of questionable purpose were considered high risk if they also had inadequate approval, and those with adequate approval but questionable purpose were considered medium risk. Table 5: Questionable Purchase Findings Risk Level Count Amount High 10 $311.11 Medium 4 $517.06 Low 362 $56,028.23 Total: 376 $56,856.40 13 Merchant category codes are four-digit numbers that a credit card issuer uses to categorize the transactions consumers complete using that card. Procurement Card Audit 13 9. Potential Split Purchases. We identified 3 instances of split transactions in fiscal year 2016 totaling less than $1,000 above the cardholders’ limits. As a result we expanded our scope to include transactions between 04/13/2015 and 05/11/2017 and found an additional five instances where a cardholder split a purchase to avoid their single transaction limit. Procurement Card Audit 14 Recommendations In general, we found that the procurement card program has adequate controls to mitigate risk. As we can see from Table 6 in Appendix A (following page), the percentage of exceptions is generally low and does not reflect a material risk to the City of College Station. This being said, we have identified a few control areas that could be improved to further mitigate risk. These are listed from most to least significant below. 1. Restructure internal controls to better ensure that transactions are appropriately reviewed. Specifically, we found that employees were not restricted from approving their own purchases in the Munis system. Moreover, purchases coded to some funds do not require primary supervisory approval. The current financial system should be adjusted to correct these control vulnerabilities, and further documentation should be kept to clarify purchase responsibility for department cards. 2. Adjust the current process to ensure the procurement cards of terminated employees are closed as quickly as possible. On average, it takes about 26 days to close a terminated employee’s p-card account. However, we found five instances where it took over two months to close an employee’s p-card account, which leaves the City open to misuse of funds. Fiscal Services should work with Human Resources and City departments to develop a process to be notified about terminated employees as early as possible. 3. Investigate JP Morgan system controls that would prevent split purchases. We found evidence of 3 split purchases in FY16. While these cardholders were adequately disciplined, this disciplinary process did not follow written policy. 4. Prevent employees from exceeding highest approved single and monthly transaction limits. According to the City’s Purchasing Manual, cardholders should not spend more than $3,000 on any one transaction and should spend no more than $10,000 in one month. However, we found evidence that cardholder limits had been occasionally changed – temporarily and permanently – to bypass these stated limits. 5. Work with departments annually to reassign cardholders into appropriate spending categories in order to reduce monetary risk. Only about 1% of fiscal year 2016 transactions were high cost. Allowing employees to have spending limits higher than needed increases the City’s monetary risk exposure. Appendix A: Summary by Department A summary of our findings and exceptions broken out by department can be seen in Table 6. It is important to note that the statistical transaction sample indicates that the actual percentage of transactions for each department in each category is ± 5 percent of the stated percentage. Table 6: FY16 Summary by Department Department All Transactions Transaction Sample Num. of Cards Num. of Trans. Total Amount Split Purchases14 Num. of Trans. Approval Timeliness (Days) High Risk Approvals Questionable Purchases Inadequate Documentation Parks & Rec 54 2,892 $0531,000 2 65 7.0 31% 12% 11% Electric 75 2,304 $0523,000 2 52 8.3 6% 4% 13% Public Works 79 2,833 $0489,500 2 62 8.5 5% 3% 5% Water Services 70 2,070 $0357,000 0 43 7.8 0% 0% 9% IT 27 1,118 $0329,000 0 19 6.7 16% 5% 0% Fire 63 1,481 $0269,000 1 34 9.2 0% 0% 12% Police 65 2,154 $0257,000 1 53 11.1 7% 2% 8% General Gov. 51 1,540 $0216,000 0 33 9.1 9% 0% 9% Fiscal Services 28 556 $0091,000 0 10 11.9 0% 0% 10% Plan. & Dev. 34 579 $0071,500 0 5 8.6 0% 0% 20% Total: 544 17,527 $3,134,000 8 376 8.8 7% 3% 10% 14 This column includes all split purchases identified between 04/13/2015 and 05/11/2017.