Local Government Internal Controls – A List

These internal controls lessen fraud in your counties, cities, schools, and authorities

Do you need a list of local government internal controls?

Here’s a list of fraud prevention controls that I recommend to local governments – many of which are pertinent to nonprofits and small businesses as well. While not a comprehensive list, I thought I would share it. You will find this same checklist in my Amazon fraud prevention book which provides much more Fraud Prevention ideas.

local government internal controls

Fraud Prevention for Governments

General Internal Controls

  1. Have bank statements mailed directly to someone outside of accounting; recipient should peruse bank statement activity before providing it to accounting
  2. Perform surprise audits (use outside CPA if possible)
  3. Elected officials and management should review monthly budget to actual reports (and other pertinent financial reports)
  4. Map internal control processes by transaction cycle (preferably done by a seasoned CPA); once complete, provide map to all employees involved in the cycle; when control weaknesses exist, institute additional controls (see 11. below)
  5. Use a whistleblower program (preferably use an outside whistleblower company)
  6. Reconcile bank statements monthly (have a second person review and initial the reconciliation)
  7. Purchase fidelity bond coverage (based on risk exposure)
  8. Periodically request from the government’s bank a list of all bank accounts in the name of the government or with the government’s federal tax I.D. number; compare list to bank accounts set up in the general ledger
  9. Secure computer access physically (e.g., locked doors) and electronically (e.g., passwords)
  10. Do not allow the electronic transmission (e.g., email) of sensitive data (e.g., social security numbers) without the use of protected transmission technology (e.g. Sharefile); create policy and train staff
  11. Where possible, segregate who (1) authorizes transactions, (2) records transactions, (3) reconciles records, and (4) has custody of assets; when segregation of duties is not possible, require documented second-person review and/or surprise audits

Transaction Level Controls

Cash Receipts and Billing Controls

  1. Use a centralized receipting location (when possible)
  2. Assign each cash drawer to a separate person; require daily reconciliation to receipts; require second person review
  3. Deposit cash timely (preferably daily); require composition of cash and checks to be listed on each deposit ticket (to help prevent check-for-cash substitution)
  4. Immediately issue a receipt for each payment received; a duplicate of the receipt or electronic record of the receipt is to be retained by the government
  5. Supervisor should review receipting-personnel adjustments made to accounts receivable
  6. Do not allow the cashing of personal checks (e.g., from cash drawers)

Cash Payments and Purchasing Controls

  1. Guard all check stock (as though it were cash)
  2. Do not allow hand-drawn checks; only issue checks through the computerized system; if hand-drawn checks are issued, have a second person create and post the related journal entry
  3. Do not allow the signing of blank checks
  4. Limit check signing authorization to as few people as possible
  5. Require two employees to effectuate each wire transfer
  6. Persons who authorize wire transfers should not make related accounting entries
  7. Require a documented bidding process for larger purchases (and sealed bids for significant purchases or contracts); specify procedures for evaluating and awarding contracts.
  8. Limit the number of credit cards and the amount that can be charged on each card
  9. Allow only one person to use an individual credit card; require receipts for all purchases
  10. Require a street address and social security or tax I.D. numbers for each vendor added to accounts payable vendor list (P.O. box numbers without a street address should not be accepted)
  11. Signed vendor checks should not be returned to those who authorized the payment; mail checks directly to vendors
  12. Compare payroll addresses with vendor addresses for potential fictitious vendors (usually done with electronic audit tools such as IDEA or ACL)

Payroll Controls

  1. Provide a departmental overtime budget/expense report to governing body or relevant committee
  2. Use direct deposit for payroll checks
  3. Payroll rates keyed into the payroll system must be supported by proper authorization in the employee personnel file
  4. Immediately remove terminated employees from the payroll system
  5. Use biometric time clocks to eliminate buddy-punching
  6. Check for duplicate direct-deposit bank account numbers
  7. Overtime should be authorized in writing by department head or designee (before payment is made)

Your Recommendations

What additional controls do you recommend? Please share in a comment.

Photo is courtesy of iStockphoto.com.

What To Do When Fraud is Discovered?

Where do you turn after discovering fraud?

You need to know what to do when fraud is discovered. Today, I discuss steps to take when theft is detected.


Courtesy of iStockphoto.com

What To Do When Fraud is Discovered

When fraud is suspected at your governmental entity, two gnawing questions arise:

  1. Is fraud really occurring?
  2. If yes, how much money was taken?

And possibly a third  – Am I going to be fired? (It’s normal to feel some fear. The thermometer goes up when fraud is suspected.)

It’s at this point that two more questions arise:

  1. Who should I hire to answer the two questions above?
  2. How much will it cost for this service?

You can pick up the phone and call those who are in the know about fraud audits – possibly another government or an audit firm – or you can issue a request for proposal (RFP). Many governments do the later (though I’m not sure it’s the best option). If you can find a reputable, fair audit company, hire them. (Ask for at least two references.) If not, then here’s some information about issuing fraud-related RFPs.

RFPs for Fraud Services

First let me say that governments may need outside assistance in preparing an RFP for fraud-related services. It’s not every day that fraud is encountered; consequently, when fraud occurs, governments often struggle with writing the RFP. Copying your financial statement audit RFP will probably not work; fraud audits and financial statement audits are two completely different types of services. Additionally you may not desire to seek out the lowest bid (yes, you read that correctly). There’s one thing worse than fraud: it’s handling the effects of fraud incorrectly. Let me suggest a method that I believe will minimize costs while providing you with quality audit services.

Governments may want to break down the engagement into two phases:

  1. Predication
  2. Audit

What is predication? It is the early part of the investigation where the auditor determines whether there is enough evidence to merit the second phase of the investigation: audit. The auditor is simply sniffing around in the suspected areas to see if more work should be performed.

Once the auditor has performed the predication phase, the government can decide, based on the evidence uncovered thus far and the estimated price of the audit phase, whether it desires to proceed. This method allows the government to minimize costs; rather than asking for a full-blown investigation up front, you take steps. I have seen some investigations end with the predication phase – there simply was not enough evidence to proceed.

The government should ask for a maximum price (or range of pricing) for the predication phase. Also the government may desire to request a schedule of hourly rates; those same rates may be used in the second phase of the investigation.

The government should normally use the same firm to perform the two phases of the investigation. So basically the firm that wins the predication bid will be the auditor for the full project. If the government elects to proceed with the audit phase of the project, the government should request that the audit firm invoice by hours worked, staff level, and hourly rates. (This creates some transparency in the billing process.)

Summary of Work Flow and Billing

In summary, I am recommending that you:

  1. Bid the predication phase and allow the audit firm to provide you with a maximum price or range estimate (e.g., $8,000 to $10,000).
  2. Select the audit firm.
  3. Allow the firm to perform the predication phase and provide a report.
  4. Make a decision about whether to continue the investigation.
  5. Allow the audit firm to perform the audit phase (if needed).
  6. Receive a final audit report.

I recommend that the audit phase be billed at hourly rates. Why? Because fraud engagements tend to be amorphous. The auditor may dig and find additional issues that could not be discovered in the predication phase. Think of this like an archeologist excavating a house; rather than just a house, he may find a village – though we hope not. As a trade-off to receiving a full bid price, the audit firm can provide detailed invoices that reflect the hours worked, staff level, and hourly rates.

GASB 61 – Financial Reporting Entity

GASB 61 amends GASB 14 and provides guidance about governmental component units

I well remember how confused I was when GASB 14 came out – even though Harold Monk did his best to enlighten me. Since then, I don’t know how many entities I’ve looked at, trying to determine whether they were component units. I do know I have become well acquainted with the flowchart in GASB 14; strangely enough, we have become friends (yes, I know it’s weird having a flowchart for a friend, but such is my life). We now have an updated flowchart in GASB 61 – a new friend I guess.


GASB reconsidered GASB 14 and created GASB 61, Financial Reporting Entity: Omnibus – an Amendment to GASB Statements No. 14 and No. 34. The effective date is for periods beginning after June 15, 2012. 

Let’s take a look at GASB 61. First, we will consider whether an entity should be included as a component unit, and then we will look at whether the entity should be blended or discretely presented.

1. Evaluating Inclusion of Potential Component Units

First ask, “does the primary government appoint a voting majority of the potential component unit’s board?”

If yes, you will include the component unit if the primary government:

  1. has the ability to impose its will upon the potential component unit or
  2. has a potential financial benefit or burden related to the potential component unit (PCU)

If no, consider whether the potential component unit meets the fiscal dependency and financial benefit/burden criteria. If yes, then include the component unit. If no, ask whether it would be misleading to exclude the potential component unit; if it would be misleading, then you will include the PCU (normally discretely presented).

2. Blended or Discretely Presented Decision

Blend the component unit if any of the following three criteria is true:

1. If the component unit’s governing body is substantively the same (basically having the same board members) as the governing body of the primary government, then you will blend the component unit into the primary government provided:

    • there is a financial benefit or burden relationship, or
    • the primary government has operational responsibility for the component unit.

Operational responsibility is defined as managing “the activities in the essentially the same manner in which it manages its own programs, departments, or agencies.”

(Notice the primary government’s legal control of the component unit does not affect the blending decision.)

2. Another consideration – commonly known as the exclusive benefit criterion –  is whether the component unit’s goods or services are entirely or almost entirely provided to the government itself (this does not include providing services to the government’s citizenry or customers). If the answer is yes, then the component unit will be blended.

university foundation, for example, is usually designed to (and often does) exclusively benefit the university (the primary government) and would, therefore, be blended.

A university hospital, by contrast, will be presented discretely (in the university’s financial statements) since the hospital is primarily providing benefits to patients rather than the government. (This is true even if the articles of incorporation for the hospital state that the entity is designed for the exclusive benefit of the university.)

3. GASB 61 includes one new blending criteria: if the primary government will repay entirely or almost entirely (with resources of the primary government) a component unit’s total debt outstanding (including leases), the component unit will be blended. The standard does allow for discrete presentation if the primary government’s resources are the second source of debt repayment or if resources received from the primary government are among other sources of repayment available.

If the component unit does not meet any of the three blending criteria, then it will be presented discretely.

Consolidating Not-for-Profit Entities

The rules for consolidating nonprofit entities

How would you respond to the question, “how do I know when a not-for-profit entity should consolidate a related not-for-profit entity?”

Here’s a brief overview.

Key Consolidation Issue

The main key in determining whether a not-for-profit should consolidate another entity is control.

FASB defines control as the direct or indirect ability to determine the direction of management and policies through ownership, contract, or otherwise.

Consolidation Decision

The FASB Codification addresses not-for-profit (NFP) consolidations as follows:

  • Consolidation is required for 1. through 3. below.
  • Consolidation is permitted but not required for 4. below.
  • Consolidation is not permitted for 5. below.

Controlling Financial Interest

1. 958-810-25-2 – The reporting entity is the sole corporate member of the related NFP
2. 958-810-25-2 – The reporting entity has a controlling financial interest through direct or indirect ownership of a majority voting interest in the other NFP

Control Combined with an Economic Interest

3. 958-810-25-3 – The reporting entity controls another NFP through a majority voting interest in its board and has an economic interest in that other entity (e.g., reporting entity appoints 3 of the 5 voting members of the related NFP)
4. 958-810-25-4 – The reporting entity controls an NFP through a form other than majority ownership, sole corporate membership, or majority voting interest in the board of the other entity and has an economic interest in that other entity (control may be established by contract or an affiliation agreement)


5. 958-810-25-5 – If the reporting entity does not have both control of and an economic interest in the related NFP, then consolidation is not permitted.

Note – There are additional rules for consolidating for-profit entities into NFP financial statements.