2-11. Span of Control

a. Span of control refers to the extent of oversight and review responsibilities placed on a single A/OPC, BO, or CH. An appropriate span of control must efficiently and effectively allow the A/OPC, BO, or CH to provide reasonable assurance they can effectively perform their responsibilities regardless of the number of accounts assigned. The assigned span of control must factor in the monitoring and oversight responsibilities to include the use of MasterCard’s Insights on Demand (IOD) data mining and review process. To ensure GPC program participants have sufficient time to complete required reviews, GPC programs will abide by established span-of-control limits. The following span-of-control internal controls have been established for the Army GPC Program:

1) The number of CH accounts (not individual cardholders) assigned to a primary BO will not exceed seven.

2) An individual may not be assigned more than three CH accounts.

3) An A/OPC will not be responsible for more than 250 GPC accounts (card accounts and MAs combined). This ratio will be reevaluated biennially.

4) Primary A/OPC vacancies must be filled in a timely manner to prevent excessively burdening Alternate A/OPCs over an extended time.

5) The CPM has authority to approve deviation from the ratios in 1) through 3) above on a case-by-case basis provided the organization establishes sufficient local oversight and compensating controls. Deviation approval is a CPM responsibility and cannot be delegated.

6) For the ratios in 1) through 3) above, compensating controls include, at a minimum, briefing the HA on the deviation(s) and any related ramifications, during all subsequent Semi-annual Head of Activity Review (SAHAR) briefing(s) in which the deviation(s) remain in place.

7) For the ratio in item 2) above, as the SAHAR does not report on the number of CH accounts assigned to an individual, other compensating controls would need to be in place for any deviation(s) the CPM approves. Any deviations must be reported to the HA through the SAHAR process and annotated in the Notes section of the SAHAR report.

8) When Army policy authorizes use of the GPC for more complex transactions (e.g., by Ordering Officials), the Army should institute more stringent span-of-control ratios as appropriate.

b. A/OPCs should use PIEE/JAM or the card-issuing bank’s EAS to provide appropriate management notification and reports on various spans of control. All Common Access Card (CAC)-enabled systems supporting or using GPC data should utilize functions to define and manage all hierarchies assigned within the system—not just the GPC organizational hierarchy.

c. An individual may not be assigned more than one CH account for each special designation in their appointment. Assignment of roles includes effective from/to dates. This includes personnel assignment to an A/OPC, BO, or CH, as well as the relationships of the BO to the A/OPC and the CH to the BO. Management oversight reports should be defined to report personnel, position, and relationship assignments.

d. The card-issuing bank’s EAS report on span of control based on user ID cannot be used as an irrefutable source to support span-of-control limits, since an individual may have more than one bank user ID. A/OPCs must track all roles an individual has been provisioned/assigned using their unique CAC public-key infrastructure or other unique identifier that may be implemented by the Under Secretary of Defense for Personnel and Readiness.

e. The Army standard for span of control for a Level 4 A/OPC is 250 BO and CH accounts per Level 4 A/OPC. This total includes both the BO and CH accounts added together. Span of control updates are deemed necessary due to changing program dynamics and increased oversight burdens placed on GPC oversight personnel over time. As the micro-purchase threshold has increased multiple times over the years, additional oversight has been required by GPC personnel as the average dollar value and the types and complexity of the GPC supplies and services being purchased has increased.

f. The total number of transactions, as well as the number of assigned card accounts, must be considered when determining an acceptable card account to BO ratio. When the number of accounts or workload complexity/administration assigned to a Level 4 A/OPC exceeds the Army standard, the SCO/CCO must ensure adequate resources are made available to allow the A/OPC to successfully perform their duties. When the span of control exceeds the Army standard and the CCO elects not to provide additional resources, the CCO must submit a waiver request in writing to the CPM for approval. The waiver request must include the rationale and justification upon which the CCO has based the determination that the existing span of control is adequate to ensure program administration and that surveillance can be performed at a satisfactory level given the existing or new compensatory controls put in place. The Level 3 A/OPC must retain a copy of this documentation.

g. The Level 4 A/OPC determines whether the BO to CH ratio is acceptable upon issuance of a GPC, during the A/OPC’s annual assessment of their GPC program, or as needed. There must be a reasonable expectation that the BO can complete a thorough review of all transactions and certify the invoice within five business days of its receipt. When the ratio for CH accounts to BO exceeds the Army standard, the BO should lower the number of card accounts or request a waiver to policy. The Level 4 A/OPC will document all cases where the CH to BO ratio exceeds the Army standard. The waiver to policy request must address the unique conditions that affect the process and show, with a high degree of certainty, that the BO can be expected to comply with the review and certification procedures. The request must include the number and location of assigned CHs, the total average number of transactions made by the CHs, the amount of time the BO can devote to the certification process, the history of delinquencies, and other appropriate factors. The waiver is approved at the following levels indicated below and maintained by the approver with copies furnished to the BO:

1) 8–10 card accounts. Routed through the Level 4 A/OPC to the CCO.

2) 11–19 card accounts. Routed through the A/OPCs (Level 4 and Level 3) to the SCO.

3) 20 or more card accounts. Routed through the A/OPCs (Level 4 and Level 3) to the Level 2.