All bank and Government systems used in support of GPC accounts will include the following internal controls:

1) Systems access security,

2) Systems administration integrity,

3) Data exchange security, and

4) Functional responsibility controls.

a. Systems Access Security. Appropriate safeguards will be in place to control access to systems. All DoD systems will utilize CAC login for user authentication. Electronic systems used to support the DoD GPC Program must limit access to various functions to only individuals with appropriate authority. DoD GPC personnel are required to use the PIEE SSO capability to log into the card-issuing bank’s EAS, unless granted a waiver by DPCAP.

b. Systems Administration Integrity. Changes to existing interfaces, or creation of new interfaces, must be approved by DPCAP in advance of planning and implementation. DFARS 204.73 provides information on basic requirements that all DoD system contractors must meet. All DoD systems that support the GPC will be documented in accordance with the requirements of DoDI 5000.75 (for internal DoD systems) and DFARS 204.73 for contractor systems.

c. Data Exchange Security. Transmission of all electronic account data will be processed through secure lines of communication. DPCAP requires that any interface used to send files via file transfer must utilize GEX. DPCAP-approved interfaces that leverage an application program interface to make system-to-system calls are exempt from utilizing GEX as an intermediary. “EDI” refers to the automated process for receiving electronic transactions, obligations, invoice, receiving, and other records from a card-issuing bank via GEX to the accounting, ERP, DFAS, or other system. To ensure funding confirmation and reconciliation information integrity, original transactions/invoices will be maintained and cannot be altered. Cardholders will not be able to alter their statements of account once they approve them unless a BO returns a statement to a CH for corrections. Billing officials and Certifying Officers will not be able to alter billing statements (invoices) once they are certified.

d. Invoice Integrity. An electronic certification process will be used to ensure that the official (i.e., original, unaltered) electronic invoice is traceable from the card-issuing bank through the certification and entitlement processes and retained in a government record. The BO will ensure any corrections or additions to the original invoice (e.g., reallocations to different funding lines) are proper and the payment totals have not changed. Altering a voucher that is already certified invalidates the original certification. Known or suspected fraudulent transactions not initiated by the authorized CH will be reported as external fraud directly to the card-issuing bank. When external fraud is properly reported to the bank, the current card account must be closed and a new account issued. The BO and A/OPC must be notified immediately, and the CH will comply with the bank’s external fraud reporting procedures.

e. Functional Responsibility Controls. Systems must be able to segregate role-based capabilities and limit access to these functions to individuals with appropriate authority. The systems must be able to identify who made any data/file content changes in the end-to-end GPC process. Management oversight reports will be available to report on individual personnel roles and responsibilities.

a. PIEE is the primary enterprise procure-to-pay (P2P) application for DoD and its supporting agencies. PIEE is a procurement portfolio capability that uses a Common Access Card (CAC) enabled single-sign-on capability to grant access to system modules (e.g., Electronic Document Access and Joint Appointment Module (JAM)) hosted both internal and external to that environment. Army mandates 100% use of PIEE single-sign-on.

b. A/OPCs nominate cardholders and billing officials and track nominations and workflows within PIEE. GPC one-pagers are an excellent resource on how to perform actions within PIEE modules.

c. Government Administrator Managers (GAMs) must activate roles in PIEE as part of the GPC appointment process. See section 2-8.b. for additional GAM duties.

a. JAM is the PIEE module used to initiate, review, approve, store, and terminate required delegations of procurement authority and/or appointments. JAM GPC appointments result in issuance of GPC Delegation and/or Appointment letters and DD Form 577 Appointment/Termination Record (commonly referred to as a Certifying Officer Appointment). Personnel delegated the proper authority role identified in Table 3-1 can terminate the following appointments in PIEE and JAM.

Table 3-1: Roles and Termination Capability

b. JAM is an application within PIEE that is mandated by DoD for use by GPC program participants. The Army is not required to issue or retain paper copies of appointments issued using JAM. The DPCAP Joint Appointment Module (JAM) GPC Role Descriptions Guide provides tables that identify GPC JAM roles and special designation authority types.

c. JAM is mandated as the enterprise tool for appointing and delegating authority to GPC personnel. JAM is the PIEE module used to initiate, review, approve, store, and terminate required delegations of procurement authority and/or appointments. Electronic delegation of authority and/or appointment letters must be granted for GPC program participants as indicated in the JAM GPC Role Descriptions , which also identifies CH delegation limits associated with each SD. Program participant nomination, registration, and appointment processes are described in the GPC Program One-Pagers .

d. Tracking Training in JAM. PIEE includes capabilities to track and report training course completion, issue automatic training reminders for recurring requirements, and systemically promote compliance with requirements to complete training prior to appointment issuance. To promote compliance with training requirements, JAM system validations prohibit appointment of individuals who, if required for their roles, have not completed CLG 0010 and CLG 006. A system interface has been deployed to automatically record completion of all required and recommended DAU courses. When tracking training in JAM, GPC Program PIEE users are not required to manually load electronic copies of training certificates for courses that automatically were recorded via the DAU/PIEE system interface (i.e., DAU is listed as the “Source”). Data is displayed in the JAM application and available through EDA Advance Reporting with DAU listed as “DAU,” as the source is directly from the system of record. Because DAU is the primary source for validating course completion, when training completion is recorded via the DAU interface, the trainee is not required to provide a copy (electronic or paper) to GPC program management, thereby reducing paperwork, improving auditability, and ensuring proper record retention. PIEE additionally includes the capability for GPC program participants to manually record completion of non-DAU training and provide/maintain an electronic copy of training certificates, which are then available to program managers and auditors as necessary. DoD GPC One-Pagers 3OP010 - Uploading Training Certificates to PIEE/JAM and 3OP038 - Tracking Training in PIEE, provide details on these capabilities.

U.S. Bank AXOL is the Army GPC servicing bank’s electronic access system (EAS) in which GPC account maintenance, transaction management, and order management take place. AXOL gives program administrators the security, functionality, reliability, and convenience they need to manage and report on all their GPC programs with a single tool. Cardholders and billing officials can track orders and transactions daily as purchases post transaction data in AXOL and upload supporting documentation to ensure timely approval and certification of monthly statements. Appointed CHs, BOs, and A/OPCs must sign in from the PIEE homepage to access the servicing bank’s EAS.

IOD is the SmartPay®3 data mining (DM) tool used to adjudicate transaction cases and perform oversight functions. This tool has replaced the PCOLS Data Mining and the Program Audit Tool. IOD provides the capabilities to identify unusual spending patterns, monitor transactions for potential misuse, fraud, waste, and abuse, and flag these cases for review. Billing officials and A/OPCs must use this tool to review and adjudicate system-generated cases, initiate cases, and meet all baseline data mining requirements. IOD is an artificial intelligence DM platform that automatically analyzes DoD’s GPC data to identify high-risk transactions. IOD facilitates transaction reviews and enables documentation of any findings identified and corrective actions taken.

GEX is the DoD enterprise capability that provides secure messaging, mediation, and routing services along with system monitoring, data audit trails, and performance scalability across diverse communities of interest. Routing and transformation methods range from simple file transfers to web services communications; they are secure, reliable, and dynamic, reducing the cost and schedule to enable systems to be interoperable. GEX delivers mass volumes of EDI transactions with guaranteed delivery and end-to-end accountability, mitigating integration risk.

TSYS is a federally registered service mark of Total System Services LLC. TSYS is a provider of seamless, secure, and innovative solutions to card issuers. TSYS provides payment, processing, merchant, and related payment services to financial and nonfinancial institutions.

ERP systems are large commercial-off-the-shelf platforms that are designed to contain the primary components of the business operations of an agency. Implementing ERP systems allows agencies to manage business functions as an integrated solution.

a. Army procedures must ensure compliance with FPDS reporting requirements of FAR 4.6, DFARS 204.6 , and DFARS PGI 204.606. Open-market micro-purchases made with the GPC and valued less than the MPT will not be reported to FPDS. See FAR 4.606(c) for a list of additional actions that are not to be reported.

b. Contract Payments. Any contract or order where the GPC is used solely as the method of payment will be reported to FPDS individually regardless of dollar value.

c. Open Market. Open-market actions (i.e., order not under a federal contract or agreement) purchased and paid for using the GPC will not be reported to FPDS, except in accordance with FAR 4.606(a)(2). As a reminder, the GPC may only be used for open market actions when the value of the action is under or equal to the micro-purchase threshold as defined in FAR 2.101.

d. Contract Orders. Contracting offices will ensure all orders made by Contract Ordering Official CHs are reported to FPDS, regardless of value, no less frequently than monthly as required in DFARS PGI 204.606. For order actions under federally awarded contracts (e.g., schedules, governmentwide acquisition contracts, indefinite delivery contracts), blanket purchase agreements, and basic ordering agreements:

1) Report all actions purchased and paid for using the GPC to FPDS.

2) Report all actions valued $25,000 or more individually; express reporting processes will not be used.

3) Report the actions valued less than $25,000 in the following descending order of preference:

i. Individually, not using express reporting procedures.

ii. Using express reporting procedures that compile all actions monthly under the identified existing contract/agreement (such as a specific schedule) and vendor.

iii. Using express reporting procedures that compile all actions monthly without specifically identifying the existing contract/agreement and vendor. Only use this alternative when the first two choices are determined to be overly burdensome by the HCA. When used, identify the vendor using the generic Unique Entity ID (UEI) number for either domestic or foreign GPC consolidated reporting. See GPC one-pager, Unique Entity Identifiers for GPC Reporting to FPDS.

e. Contracting offices are not required to separately report to FPDS orders placed on FedMall.

f. FAR 4.606(a)(2) states the GSA Office of Charge Card Management will provide the GPC data at a minimum annually, and GSA will incorporate that data into FPDS for reports. This does not result in duplicative FPDS reporting of GPC transactions, as GSA has confirmed it reports only high-level data (i.e., total numbers of transactions and dollars) outside the FPDS database. FPDS-NG access, training, and instruction manuals are available on FPDS.gov.

a. WAWF is an application in the PIEE eBusiness Suite used by contractors to invoice and by Government officials to accept and certify for goods and services. Contractors must submit contract invoices electronically, mandated by Public Law: Section 1008 of the NDAA of FY 2001. DFARS Clause 252.232-7003 (DFARS 232.7004) requires electronic invoicing and electronic supporting documentation. WAWF allows vendors to submit and track invoices and allows the Army to receive and accept those invoices over the Web, enabling the Army to process those invoices in a real-time, paperless environment. See paragraph 15-6 for more information.

b. GPC Use of WAWF. When the GPC is used as the method of payment on a contract, the contractor must create a receiving report in WAWF. The Government acceptor must then accept the receiving report in WAWF.

c. WAWF users must register in PIEE and request the corresponding role. The contractor will request the “Vendor” role, and the Government acceptor will request the “Acceptor” role. Refer to the "Registration" link on the PIEE home page and the Help button for details on registering in WAWF. For more information, contact DFAS Customer Service: 1-800-756-4571. See PIEE web-based training for more information on the WAWF module.

a. The ODASA(P)'s interactive Knowledge Management portal, Procurement.army.mil (PAM), serves as an official Army-wide source for acquisition policy, templates, learning tools, and certified training. PAM provides Army contracting procedures and updates to critical programs and systems, including instant access to Army GPC policies, standard business processes and operating procedures. PAM's GPC page is https://armyeitaas.sharepoint-mil.us/sites/ASA-ALT-PAM-ProcProc/SitePages/GPC.aspx.

b. A/OPCs, CHs, and BOs should use the PAM portal to access current GPC documents, samples, and processes as described throughout this AFARS Appendix EE. Available documents on PAM include, but are not limited to, the following:

1) AFARS Appendix EE

2) Army Ordering Officer Guide

3) Army Purchase Request and Approval (PR&A) Sample Template

4) Procurement Management Review (PMR) Process

5) GPC PMR Toolkit memo, slides, and information

6) Ammunition Process and Waiver Request

7) Refund Process

8) Level 4 A/OPC Annual Management Assessment

9) Army Master GPC training slides

10) Section 889 Representation form

11) Army SAHAR Instructions

12) Lodging in Kind (LIK) / Subsistence in Kind (SIK) SOP