There were other weaknesses in their system for the use of the Royal Bank of Scotland business MasterCard account discovered in an internal audit report, which will be reported to the Tayside Joint Police Board audit sub-committee on Friday.

The report, by chief internal auditor Janine Wilson, makes recommendations for procedures for using cards to be tightened up.

The force’s corporate credit card account has six cards issued to Chief Constable John Vine, the deputy chief constable, the assistant chief constable, the procurement officer, a chief superintendent and the contracts manager.

The cards are used at the discretion of the cardholder and are mainly used for the payment of travel, accommodation and hospitality costs. The procurement officer sometimes uses one for buying consumables and books.

The audit found that, in practice, the procurement officer received requests for purchases from other departments, via email or by telephone, and placed the order without confirming whether the person making the request was authorised to do so.

The procurement officer was comfortable that an authorised officer had been involved in the process, but the internal auditor considered that “there is a potential risk that the procurement officer may place an order that has not been appropriately authorised.”

The audit also found that cardholders didn’t always retain documentation — Internet order confirmations, invoices and goods received notes — in support of their credit card transactions.

Statements of account should be signed by the cardholder to certify that the transactions were genuine and the goods and services have been received. Statements were not always certified, although the situation improved after September 2005 when a new system was introduced.

The auditor concluded, however, that “there is a potential risk that the board may be paying for goods and services that are not genuine, have not been procured and have not been received.”

With VAT, the internal auditor found instances where the VAT element of an invoice could be reclaimed, but had not been. This was when invoices had been received by the finance department after the transactions had been processed.

There had also been instances where VAT had not been reclaimed because the supplier had not provided a VAT receipt. The internal auditor said the board was not complying with current legislation by not maximising the reclamation of VAT.

It was recommended that finance procedures should be updated and staff reminded that input tax on hospitality expenditure cannot be reclaimed.

Retrospective claims should be submitted to HM Revenue and Customs for invoices received after transactions have been processed. In addition, where a supplier doesn’t provide a VAT receipt, the finance department should contact the supplier to request one.

Colin McMahon, interim treasurer of the Joint Police Board, said the audit concluded that reasonable assurance can be taken that the systems and procedures in place for the corporate credit card are adequate.

A number of areas for improvement were identified, however, and a follow-up of this area will be undertaken in due course.

Tayside Police Deputy Chief Constable Willie Bald said, “Tayside Police’s corporate credit card account is used for the travel, accommodation and hospitality expenses incurred by all employees on police business.

“Not surprisingly the principal user of the corporate credit account is the procurement officer, whose responsibilities include booking the travel and accommodation arrangements for Tayside Police staff during the course of their duty. This accounted for almost £69,000 (84%) of the overall expenditure between April and November.

“Whilst the auditor identified a potential risk with regard to the retention of documentation, there was no suggestion, implied or otherwise, that the account was being used inappropriately. The administration ‘loophole’ that was highlighted has been addressed to ensure the risk does not become an actuality.

“The audit also identified where VAT was being claimed incorrectly and where it was not being claimed and should have been. We are grateful to the auditor for highlighting these misinterpretations and have taken their advice accordingly.”