Fraud, it is not the topic of most conversations.  Many times, local governments are caught red handed and are surprised about allegations of fraud.  Is there any way to fight against fraud before any damage is done?  There is!  There is one principle that if you implement it will help you prevent fraud.  This one principle is one of 17 principles found in the Standards for Internal Control in the Federal Government aka “Green Book”.  To fight against fraud, you really need all 17 but this one principle will help you pinpoint potential fraud risks.  In my opinion, if you assess fraud and how it can be accomplished and proceed to “block” these fraud risks, you have won half the battle.   

Although these standards are for the federal government, the Unites States Government Accountability Office (GAO) encourages states and local governments to adopt this internal control structure.  The structure outlines 5 components and 17 principles to this internal control structure.  These 5 components include the following: 

  • Control environment   
    • Principles (5)
      • (1) Demonstrate commitments to integrity and ethical values
      • (2) exercise oversight responsibility
      • (3) Establish structure, responsibility, and authority
      • (4) Demonstrate commitment to competence
      • (5) Enforce accountability
  • Risk assessment
    • Principles (4)
      • (1) Define objectives and risk tolerance
      • (2) Identify, analyze, and respond to risk
      • (3) Assess fraud risk (our focus for this white paper)
      • Identify, analyze, and respond to change
  • Control activities (segregation of duties, financial processes)
    • Principles (3)
      • Design control activities
      • Design activities for the information system
      • Implement control activities
  • Information and Communication
    • Principles (3)
      • (1) Use quality information
      • (2) Communicate internally
      • (3) Communicate externally
  • Monitoring
    • Principles (2)
      • (1) Perform monitoring activities
      • (2) Evaluate issues and remediate deficiencies

If you would like to learn more about this internal control structure called the “Green Book, I wrote a white paper named “The Power of an Internal Control System”.  Our focus today will be on the principle “assess fraud risk” under the risk assessment component.   

Secondly, were there any new fixed asset purchases such as a new vehicle, tractors, or large equipment?  Did you finish any improvements to a piece of land such as a ‘baby land’ area for cemetery districts?  Did you sell any of your large equipment?  If the answer to any of these questions is “yes”, find the invoice(s) associated with these items and save them is a separate folder. 

FRAUD SCENARIO IDENTIFICATION

First and foremost, you will need to create a fraud risk assessment for each core business function.  Map out each core business function your local government has.  For example, you probably have revenues (cash receipts), expenses (cash disbursements), payroll, notes payable, and capital assets.   

After you documented your local government’s core business functions choose the primary fraud scenario for each function.  For our purposes, there are three scenarios that cover fraud.  These include either (1) Financial reporting, (2) Misappropriation of assets, or (3) Corruption.  Financial reporting speaks to the local government falsely reporting its financial statements.  Misappropriation of assets speaks to the theft of cash, equipment, etc.  Corruption is using one’s influence for personal gain.   

The next step is to further map or plan out the possible fraud scheme.  This time you will need to be more detailed and choose whether you think a particular asset will possibly be misappropriated or possibly there are violations of the law.  Some core business functions may have more risk than others.   

After you prepared these preliminary steps, finally map out the inherent fraud schemes.  An example of an inherent fraud schemes is the AP clerk opens a shell company and invoices the local government.  The check is then sent to an address (AP clerk’s principal residence) where s/he later cashed the check.  No services were rendered.   

The final step is to summarize what you have done by writing the “Fraud Scenario”.  If the risk assessment is still a little confusing up to this point, I will show you an example of a well written “Fraud Scenario” for Accounts Payable.  This example is taken from the book “Fraud Data Analytics Methodology” by Leonard W. Vona, CPA, CFE.   

Accounts payable function acting alone or in collusion with a direct report/causes a shell company to be set up on the vendor master file/processes a contract and approves a fake invoice for goods or services not received causing diversion of company funds”.   

Do you see how the scenario was documented and how it included the first primary fraud scenario (Misappropriation of assets), second fraud scenario misappropriation of cash, and the inherent fraud scenario AP clerk creates shell company to eventually receive a check in the mail for “services rendered”?  

If you follow this process for each business function, it will give you a list of potential “what ifs” scenarios to start your risk assessment.  My personal opinion is to rate each fraud scenario from 1 being the least likely to 10 showing the highest risk.  The next step or stage to assess fraud risk is to perform a benefit cost analysis.   

BENEFIT COST ANALYSIS

The benefit cost analysis is based upon your government’s risk tolerance.  If you believe there is a 75% change that fraud can be perpetrated without the government knowing for a good while and the fraud could be in upwards of hundreds of thousands of dollars, it makes sense to spend an extra $20K involving an internal audit process or an outside CPA firm to create processes for you to mitigate that fraud risk.  On the other hand, if you believe there is a 25% chance that fraud could occur without the government knowing and the fraud could cost upwards of only $5K then an internal audit function or hiring an outside CPA firm costing an extra $20K may not be a viable option.  Your District or Agency will need to choose which fraud risks should be mitigated and which risks are going to be left alone.  After your government has chosen which fraud risks it will mitigate or respond to the next step is to document how your government will response to reduce the risk or chance of fraud.   

FRAUD RISK RESPONSE

How will you respond to the risk or what action will your government take to reduce the likelihood of a fraud risk?  If you are part of a larger organization, money may not be an issue.  If you are part of a smaller organization or your organization’s revenues recently declined, you may want to explore fraud prevention without spending thousands of dollars.  Whether or not this is an issue always remember as part of the cost benefit analysis you will weigh the likelihood and the estimated cost of fraud.  A fraud prevention control should always cost you less than the cost of fraud. 

I suggest you implement three types of controls.  These three types are red flags, preventive, and detection.  We will explore a couple of examples for each.  We will then show example of ‘cost saving’ type antifraud controls for those governments that cannot afford the more costly processes.  Red flags are signs that there may be fraud.  Make sure your organization establishes a process to look into these red flags when they arise. 

PAYROLL RED FLAGS

  • Actual payroll balances are much greater than originally budgeted
  • Overtime is excessive
  • Employees with little to no deductions

CAPITAL ASSET RED FLAGS

  • Missing capital assets
  • Employees(s) inadequate accountability of capital assets
  • Qualified contractors not submitting bids or total cost is right below the threshold that mandates a bid

CASH RECEIPTS AND BILLING RED FLAGS

  • Customers complain concerning nonpayment notices even though they have proof of payment
  • Unusual amount of missing receipts
  • Unexplained decreases in revenues

PREVENTIVE ANTIFRAUD CONTROLS

You will need to choose antifraud controls specific to response to various fraud risks.  However, I list a few examples below.

  • Establish an employee assistance program
  • Establish payment limits and access to facilities and equipment
  • Establish an ethical tone at the top
  • Establish an anti-fraud policy and rigorously promote it throughout the organization
  • Segregate duties for each business process
  • Establish an internal audit process

DETECTION ANTIFRAUD CONTROLS

  • Job rotation or mandatory vacation periods in key finance and accounting control positions
  • Establish a whistleblower program (# 1 way to detect fraud according to fraud study done by ACFE)
  • Using data mining to prevent fraud such as checking to see if any employee addresses are vendor addresses.  This can be done with either software or simply with Microsoft excel. 
  • Hire an outside Firm or a CFE (certified fraud examiner) perform a receipts and disbursements test vouching accounting records to invoices/receipts, bank statements, etc. and tracing invoices/receipts bank statements to accounting records found in the accounting system

LOWER COST ANTIFRAUD CONTROLS

 

  • Give access to the bank statements online to a board member or members for review.  At the end of the month, have one of the board members sign-off her/his review.
  • Periodically have a board member randomly choose a check or checks and reconcile the checks to the invoice, bank statement, and accounting records
  • Do not allow the manager to sign checks and have the members of the board authorize the checks
  • Provide a monthly budget to actual report to the board members and investigate any very large fluctuations
  • Perform a periodic inventory of assets and compare the current inventory listing with the prior listing

CONCLUSION

Fraud normally is one of the last items on the agenda for most organizations. Unfortunately, far too many local governments have had to react to difficult situations without any protocols or processes to follow.  If you start with the risk assessment, in my opinion, you have won half the battle.  If you would like to learn more about this subject of fraud risk assessment, I suggest reviewing the ‘Managing the Business Risk of Fraud:  A Practical Guide’ sponsored by The Institute of Internal Auditors, AICPA, and ACFE.  Another source is to read the ‘Local Government Fraud Prevention’ book by Charles Hall, CPA, CFE, MAcc.  These two resources will give you an in-depth knowledge of how to protect your organization.  

David Farnsworth, CPA

P.S. We are on a mission to help local governments with fraud prevention and governmental finance. We exist to help eliminate abuse, wasteful spending, and fraud. Our goal is to help you run a transparent financially responsible District or Agency. When you’re ready, here are a few ways we can help right away:

  1. Sign-up to our monthly newsletter. We cover topics ranging from fraud prevention, financial reporting, government budgeting, etc.  https://dfarnsworthcpa.com/resource-library/
  2. Take our fraud risk assessment (link to assessment here) We’ll give you specific recommendations on how to improve your situation right away.
  3. Receive our free fraud prevention package (click here to schedule a meeting)
  4. Jump on a video conference call to get specific fraud prevention recommendations (click this link to schedule a meeting).
  5. Request a proposal to perform the financial audit. (Request for proposal link here).