The Little Book of Local Government Fraud Prevention

Whether your government is small or large, this book provides guidance in reducing theft

Do you desire to fight fraud in governments? Or maybe you are just curious about how fraudsters get away with their wily schemes. See my book The Little Book of Local Government Fraud Prevention. You can purchase it on Amazon as a paperback. Also, the ebook is available as a Kindle download.

Local Government Fraud Prevention

Fraud occurs in local governments in a multitude of ways, yet many cities, counties, school systems, authorities, and other public entities are ill-prepared to prevent or detect its occurrence. Why is this so? Some governments place too much reliance on annual audits as a cure-all, but clean audit opinions don’t mean that fraud is not occurring. And some governments fail to understand how vulnerable they are–until it’s too late.

Why is local government fraud so common? Many small governments don’t have a sufficient number of employees to segregate accounting duties. It is also these smaller governments that place too much trust in their accounting personnel. This combination of a lack of segregation of duties and too much trust in key employees often leads to significant losses from theft.

The Little Book of Local Government Fraud Prevention provides several real-life stories of fraud. The stories will inform you about how local government employees steal. Then I provide you with prevention techniques to assist you in mitigating fraud risks. In one story, for example, the book shows how a single municipal employee stole over $53 million dollars, all from a city of just 16,000 citizens.

If you audit governments, you will find this book helpful in pinpointing common areas where governmental fraud occurs. The book also includes fraud audit checklists and fraud detection procedures. Whether you are an internal or external auditor, you will find fresh ideas for prevention and detection.

The Little Book of Local Government Fraud Prevention will assist you if you are a:

1. Local government accounting employee
2. Local government elected official
3. Local government auditor
4. Local government attorney
5. Certified Public Accountant
6. Certified Fraud Examiner

Even if you don’t work with governments, you’ll find this book useful. I provide fraud prevention steps for transaction cycles such as billing and collections, payables and expenses, payroll, and capital assets.

Together we can bring down the risk of fraud and corruption in our local governments. Come join the team. We’ll all be better for it.

If you don’t desire to spend money on the book, here’s a free list of controls.

Thefts of Cash From Local Governments are Common

Local governments are perfect environments for thefts of cash

Thefts of cash from local governments are common, are they not? 

How many times have you seen a local newspaper article like the following?

Johnson County’s longtime court clerk admitted today to stealing $120,000 of court funds from 2015 through 2016. Becky Cook, 62, faces up to 10 years in federal prison after pleading guilty to federal tax evasion and theft.

Thefts of Cash from Local Governments

Usually, the causes of such cash thefts are (1) decentralized collection points and (2) a lack of accounting controls.

Thefts of Cash from Local Governments

1. Decentralized Collection Points

First, consider that governments commonly have several collection points.

Examples include:

  • Recreation department
  • Police department
  • Development authority
  • Water and sewer department
  • Airport authority
  • Landfill
  • Building and code enforcement
  • Courts

Many governments have over a dozen receipting locations. With cash flowing in so many places, it’s no wonder that thefts of cash are common. Each cash receipt area may have different accounting procedures – some with physical receipt books, some with computerized receipting, and some with no receipting system at all. 

A more centralized receipting system reduces the possibility of theft, but many governments may not be able to centralize the receipting function. Why? Here are three reasons:

  1. Elected officials, such as tax commissioners, often determine how monies are collected without input from the final receiving government (e.g., county commissioners or school). Consequently, each elected official may decide to use a different receipting system.
  2. Customer convenience (e.g., recreation centers and senior citizen centers) may drive the receipting location decision.
  3. Other locations, such as landfills, are purposely placed on the outer boundary of the government’s geographic area.

What’s the result? Widely differing receipting systems. Since these numerous receipting locations have varying controls, the risk of theft is higher. 

2. Lack of Accounting Controls

Second, consider that many governments lack sufficient accounting controls for cash.

It’s more likely cash will be stolen if cash collections are not receipted. If the transaction is recorded, then the receipt record must be altered, destroyed or hidden to cover up the theft. That’s why it’s critical to capture the transaction as early as possible. Doing so makes theft more difficult.

Additional steps that will enhance your cash controls include the following:

  1. If possible, provide the government’s administrative office (e.g., county commissioners’ finance department) with electronic viewing rights for the decentralized receipting locations (e.g., landfill).
  2. Require the transfer of money on a daily basis; the government’s administrative office (e.g., county commissioners’ finance department) should provide a receipt to each transferring location (e.g., landfill).
  3. Limit the number of bank accounts.
  4. Deposit funds daily.
  5. Periodically perform surprise audits of outlying receipting areas.
  6. Use a centralized receipting location (and eliminate the decentralized cash collection points).
  7. Persons creating deposit slips and handling cash should not key those receipts into the accounting system.
  8. The person reconciling the bank statements should not also handle cash collections.
  9. Don’t allow the person billing customers to handle cash collections.

If segregation of duties is not possible (such as 7., 8. and 9. above), consider having a second person review the activity (either an employee of the government or maybe an outside consultant).

Final Thoughts About Fraud Prevention for Cash

When possible, use an experienced fraud prevention specialist to review your cash collection procedures. Can’t afford to? Think again. The average incidence of governmental fraud results in a loss of approximately $100,000.

Finally, make sure your government has sufficient fidelity bonding. If all else fails, you can recover your losses through insurance.

For more fraud prevention guidance, check out my book on Amazon; click the book below. Also, see my free slide deck titled Finding and Preventing Fraud in Local Governments. Additionally, here’s a post concerning how to audit cash.

 

Omission of MD&A from Governmental Financial Statements

Governments can exclude the MD&A from their financial statements

Can a government exclude the management, discussion, and analysis from its financial  statements? This article answers that question.

According to AU-C 730, the auditor’s report on the financial statements should include an other-matter paragraph that refers to the required supplementary information (RSI). In governmental financial statements, the management, discussion, and analysis (MD&A) is considered RSI. Though the MD&A is “required” supplementary information, governments can–strangely enough–exclude it from the financial statements.

omission of management, discussion and analysis

Picture from AdobeStock.com

Omitting the MD&A – Effect on an Audit Opinion

If the required supplementary information is omitted, the auditor should include an other-matter paragraph in the opinion such as the following:

Management has omitted the management, discussion, and analysis that accounting principles generally accepted in the United States of America require to be presented to supplement the basic financial statements. Such missing information, although not a part of the basic financial statements, is required by the Governmental Accounting Standards Board, who considers it to be an essential part of financial reporting for placing the basic financial statements in an appropriate operational, economic, or historical context. Our opinion on the basic financial statements is not affected by this missing information.

Notice the omission of the MD&A does not affect the opinion rendered (in other words, it does not result in a modified report).

RSI Audit Standard

AU-C 730 is the audit standard for required supplementary information. Click here for an overview of the supplementary information audit standards. The former supplementary information standards were SASs 118, 119 and 120; those standards are now–under the Clarity Standards–AU-C sections 720, 725, and 730.

Omitting the MD&A – Effect on a Compilation Report

In compilation reports, the language is as follows:

Management has omitted the management, discussion and analysis that accounting principles generally accepted in the United States of America require to be presented to supplement the basic financial statements. Such missing information, although not a part of the basic financial statements, is required by the Governmental Accounting Standards Board which considers it to be an essential part of financial reporting and for placing the basic financial statements in an appropriate operational, economic, or historical context. 

How to Make Your Business More Profitable by Funding Depreciation

Money in the bank for capital purchases

From time to time, I have clients ask me “What is funding depreciation?” And more importantly, they ask, “How can this technique make my organization more profitable and less stressful?”

Here’s a simple explanation.

Funded depreciation is the setting aside of cash in amounts equal to an organization’s annual depreciation. The purpose: to fund future purchases of capital assets with cash.

Funding Depreciation

Picture Courtesy of Canva

Funding Depreciation

Suppose you buy a $10,000 whiz-bang gizmo – a piece of equipment – that you expect to use for ten years, and at the end of the ten years you expect it to have no value. Your annual depreciation is $1,000.

In this example, a $1,000 depreciation expense is recognized annually on your income statement (depreciation decreases net income) even though no cash outlay occurs. The balance sheet includes the cost of the whiz-bang gizmo, but at the end of ten years, the equipment has a $0 book value, being fully depreciated.

The smart manager will annually set aside $1,000 in a safe investment – such as a certificate of deposit or money market account – for the future replacement of the whiz-bang gizmo.

If the company does not annually invest the $1,000, it has a few options at the end of the ten-year period:

  • Borrow the full amount for the replacement cost
  • Seek outside funding (e.g., grants)
  • Use other funds from within the organization
  • Ask U2 to do a special benefits concert – just kidding

Obviously, if you borrow money to replace the equipment, you will have to pay interest – another cash outlay. Suppose the rate is 10%. Now the organization must pay out $1,100 each year. If the organization funds the depreciation (invests $1,000 annually), it earns interest. If the entity chooses not to fund depreciation, it will pay interest.

Businesses that fund depreciation are always making money from interest (granted not much these days) rather than paying for it.

Another advantage to funding depreciation: you know you will have the money to purchase the capital asset. You’re not concerned with whether a creditor will lend you the money for the acquisition. You’re financially stronger.

Why Doesn’t Every Entity Fund Depreciation?

So why doesn’t everyone fund depreciation?

  • Some don’t understand the concept
  • Some had rather spend the cash flows for the ten years (e.g., owners taking too much in distributions)
  • Some need the money just to run the organization
  • In governments, elected officials desire to keep tax rates low while they are in office
  • In growing businesses, the owners may need the money to fund the growth of the company
  • Most importantly, it may require two cash payments (more in a moment)

Concerning the last point, if the business had to borrow money to purchase the initial capital asset, then it must make the debt service payments (cash outlay 1). If the company also funds depreciation for that same asset (making investments equal to the annual depreciation), another cash flow occurs (cash outlay 2).

If the business can ever get into a position where it pays cash for new equipment, it will be better off. Then only one cash outlay (investment funding) occurs, and the company is making–not paying–interest.

What if the organization cannot–due to cash flow constraints–fund depreciation for all new equipment purchases? Consider doing so for just one or two pieces of equipment–over time, the entity may be able to move into a fully funded position.

Who Should Fund Depreciation?

So, who should fund depreciation?

Organizations with sufficient cash flow and discipline. It’s the smart thing to do.

Imagine a world with no debt, a world where you don’t have to wonder how you will pay for equipment. Dreaming? Maybe, but funded depreciation is worth your consideration.

25 Products I Use as an Accountant

Accounting Office

Picture from AdobeStock.com

Here’s a list of accounting products that I use as an accountant and auditor:

  1. Governmental Accounting, Auditing, and Financial Reporting GFOA Blue Book
  2. Evernote (as my digital cloud library)
  3. Sharefile (as my secure means to transfer information)
  4. Caseware (electronic trial balance and working papers)
  5. Excel
  6. Word
  7. Adobe Acrobat Pro DC (PDF maker)
  8. Apple iPhone
  9. Apple iPad
  10. Dell laptop
  11. Three extra monitors
  12. Standup desk
  13. Zoom (conferencing software)
  14. Checkpoint (Thomson Reuter’s electronic guides)
  15. CheckpointLearning (Thomson Reuter’s online CPE)
  16. WordPress (blogging software)
  17. LinkedIn (to participate in accounting groups)
  18. Fujitsu i500 scanner
  19. Keynote (an alternative to PowerPoint)
  20. Outlook (for email)
  21. Fantastical (iPad calendar app)
  22. Basecamp (cloud project management software)
  23. Livescribe 3 Smartpen
  24. 1Password (to store and retrieve passwords)
  25. Amazon Tap (for music)

I use all of the above products with the exception of the stand-up desk. The desk I use is from Levenger; it appears they’ve discontinued that model.

What products do you recommend for accountants?

Note: I do receive affiliate commissions on Amazon products.

Yellow Book Independence Documentation is Important

Failure to document Yellow Book independence results in a nonconforming engagement (during peer review)

I just received the June 2016 AICPA Reviewer Alert (a monthly newsletter for peer reviewers). It provides the following Yellow Book independence documentation guidance:

Yellow Book contains specific requirements for documentation related to independence which may be in addition to the documentation that auditors have previously maintained. The 2011 Yellow Book Chapter 3 emphasizes that documentation is required for the evaluation of each of the elements of independence, which consists of:

  1. Management’s ability to oversee the nonaudit services, including whether management has skills, knowledge, and experience
  2. Significant threats that require the application of safeguards along with the safeguards applied
  3. Understanding established with the audited entity regarding the nonaudit services to be performed

Failure to document one or more of these elements is considered a departure from professional standards that causes the engagement to be deemed nonconforming. The reviewed firm and reviewer should be aware that verbal explanation and vague completion of a checklist does not provide for a thoughtful evaluation and documentation of management’s abilities related to each nonaudit service and will be unlikely sufficient to comply with the standards.

Yellow Book Independence

Yellow Book Independence Forms

All firms that perform Yellow Book engagements need to make sure their system of quality control provides guidance for documentation of the three items listed above. Consider using the AICPA’s 2011 Yellow Book Independence form. The electronically fill-able version is $28 for AICPA members and can be found here. The free PDF version can be found here.

For information about determining if your client’s skill, knowledge, and experience are sufficient, click here.

Findings from Peer Reviews of Governmental Engagements

Governmental audit problem areas

The AICPA has identified governmental engagements as a high-risk area. While governmental accounting is complex, the addition of Yellow Book and Single Audit standards (when applicable) make these engagements even more challenging.

I recall in the pre-GASB 34 days reviewing physical ledger sheets that contained all of the transactions for a local government. There were no Yellow Book or Single Audit requirements. Those idyllic days of simplicity are gone, and the complexity of governmental audits has increased a hundred-fold.

Governmental regulators have complained that CPAs are not performing these audits in conformity with professional standards. In addition, these regulators are saying that the present peer review process is not identifying non-conforming engagements.

Picture is courtesy of DollarPhotoClub.com

Picture is courtesy of DollarPhotoClub.com

AICPA’s Testing of Peer Review Process

In response to these concerns–and those related to other high-risk areas such as benefit plans–the AICPA performed enhanced oversights to gauge how well peer reviewers are performing.

Here are some of the key takeaways from the oversights performed on that initial sample of engagements:

  • Approximately 40 percent of the engagements selected as part of this pilot program were identified as non-conforming with the applicable professional standards by the industry experts.
  • The peer reviewers on these engagements had identified only around one out of ten as non-conforming.
  • Over the 2012 to 2014 peer review cycle, 8 percent of the must-select engagements reviewed were identified as non-conforming by their reviewers.

Peer review statistics related to governmental engagements reflect similar dynamics:

  • Significantly more GAGAS/single audit engagements were determined to be non-conforming by the oversighters and were not recognized as being non-conforming by the peer reviewers. There was an approximate 40 percent nonconforming rate for oversights of governmental engagements while none of these engagements were identified as nonconforming by the peer reviewers.

Governmental Engagement Deficiencies

The enhanced oversights identified the following governmental engagement deficiencies (many of these are related to Yellow Book and Single Audit):

  • Compliance requirements documented as applicable, but no testing performed for the compliance requirement
  • A lack of testing of internal controls over direct and material compliance requirements
  • A lack of documentation of management’s skills, knowledge, and experience to effectively oversee nonaudit services performed by the auditor
  • A lack of documentation or incomplete documentation related to the risk assessment of type A or type B programs
  • A lack of documentation supporting the assessment that compliance requirements were not applicable for the identified major programs
  • A lack of documentation showing the consideration of fraud risk regarding noncompliance for major programs
  • A lack of documentation of the internal control assessment over the preparation of the Schedule of Federal Awards (SEFA)
  • The Schedule of Findings and Questioned Costs missing required elements
  • Financial statements presented under GAAP instead of GASB
  • No materiality calculation on opinion units
  • A lack of documentation detailing the risk of management override of controls.
  • A lack of documentation to support the client’s designation as a low-risk auditee
  • Type A programs that were designated as low risk when they did not meet all of the requirements
  • An auditor’s report on internal control that did not include all required elements
  • The report on compliance with requirements applicable to each major program and internal controls over compliance that did not contain all of the required elements
  • A data collection form that did not properly summarize the auditor’s results
  • A calculation of amounts tested as major programs that was incorrect
  • The omission of a federal program from a cluster that should have been included when testing major programs

Increased Scrutiny

Expect increased peer review scrutiny of governmental engagements in peer reviews.

The CPA community must take these concerns seriously. If we don’t, we may end up with a complete change of the present peer review process. Without positive improvement, CPA firms could, one day, be reviewed by governmental regulators — think IRS audits. It is imperative that we self-regulate in an effective manner.

Red Flags of Governmental Fraud

Fraudsters unwittingly send signals--Do you know them?

Do you know the red flags of governmental fraud? Today I tell you what they are.

Fraud is detected by tips more than any other way–over 40% in the most recent Association of Certified Fraud Examiners’ survey. And many of those tips came from employees who knew the signs of fraud.

How can governments make employees aware of fraud signals? Education.

red flags of governmental fraud

Picture is courtesy of DollarPhotoClub.com

Would your employees recognize fraud if it were occurring? Some red flags are obvious. Others are not. Here are some sample governmental fraud red flags:

External Red Flags

  • Unexplained increases in the wealth of an accounting employee or elected official
  • Employee personal problems such as a divorce, substance abuse, financial difficulties, legal problems
  • Employee living beyond his or her means
  • Unusually close employee association with a vendor

Cash Receipts and Billing Red Flags

  • Taxpayer complaints concerning nonpayment notices (even though payment has been made)
  • A pattern of customer complaints in the utility billing and collection process
  • Substantial write-offs of receivables without support
  • Unexplained decreases in revenues
  • A pattern of missing receipt forms

Disbursements and Purchasing Red Flags

  • Altered or incomplete supporting documentation for disbursements
  • Purchasing party (e.g., department head) picking up processed vendor checks rather than accounts payable personnel mailing them
  • Unexplained increases in expenses
  • Excessive expenses when compared to the budget
  • Vendors without physical addresses

Payroll Red Flags

  • Employees with no or little payroll deductions
  • Excessive overtime expenses
  • Excessive payroll expenses when compared to the budget

Capital Assets Red Flags

  • Winning bid appears too high; all contractors submit consistently high bids
  • Qualified construction contractors not submitting bids
  • Reports of missing capital assets
  • A lack of accountability for capital assets

General Red Flags

  • A refusal by accounting personnel to take vacations
  • Unwillingness to share accounting duties
  • Employee irritability or defensiveness
  • Complaints about inadequate employee pay
  • A lack of transparency in accounting
  • Rumors of unethical conduct
  • A history of corruption in the government
  • Financial decisions made by one person with little or no accountability
  • Undocumented journal entries
  • Untimely bank reconciliations
  • Inexperienced or lax accounting personnel
  • Missing accounting records

Just because a red flag exists does not mean that fraud has occurred, but it’s still important to know the signs. Often where there’s smoke, there’s fire. Teaching employees the signals of fraud can save your government a great deal of money.

Single Audits under the Uniform Guidance

Recently I listened to the AICPA Governmental Audit Quality Center (GAQC) webcast titled: Uniform Guidance for Federal Awards: Auditor Planning Considerations for the New Single Audit Rules.

The presenters, Diane Edelstein, Mandy Nelson, and Mary Foelster, did a great job in providing helpful information. I made a few summary notes that are presented below; the notes are not intended to be comprehensive. The GAQC archived the presentation on their website.

Single Audit under the Uniform Guidance

Applicability of Uniform Guidance

Here’s a summary of when the new guidance is applicable.

Type of EntityEffective Date
Federal AgenciesMust implement policies and procedures by issuing regulations to be effective December 26, 2014 (accomplished with the issuance of the Joint Interim Final Rule)
Non-federal EntitiesImplement the new administrative requirements and cost principles for all new Federal awards made after December 26, 2014, and to additional funding related to existing awards ("increments") made after that date
AuditorsAudit requirements are effective for fiscal years beginning on or after December 26, 2014 (early implementation not permitted)

The New COSO Framework

See what changed in the new COSO Framework

Rita Crundwell, the former comptroller for Dixon, Illinois, stole over $53 million from a city of 16,000 people with an annual budget of $6 to $8 million. In the early 1990s, she opened a secret bank account in the name of the city and began transferring funds (disguised as payments to the Illinois DOT). The monies (in the secret account) were used by Rita to fund one of the nicest quarter horse ranches in the world.

The theft was simple. The damage was massive.

COSO Framework

Picture courtesy of DollarPhoto.com

Losses from fraud and other risks can happen to any organization that lacks sufficient internal controls. Therefore, it’s imperative that your business, government, or nonprofit create a sound working internal control system.

Why COSO?

Prior to 1992 (the year COSO’s internal control framework came into existence), internal control guidance was sparse. Accountants knew that controls were needed, but many had no model to follow.

COSO to the Rescue

The Committee of Sponsoring Organizations (COSO), consisting of five organizations, such as the AICPA, came together to develop an internal control framework that accountants could use in any organization. Those standards have served well over the last twenty years, but with many changes in technology (e.g., cloud computing), the uptick in laws and regulations (e.g., Sarbanes Oxley), the increase in outsourcing (e.g., payroll), and the higher incidence of fraud, it became apparent that the framework needed amendments. So the COSO did just that, releasing the updated framework in May 2013; the effective date of the guidance is December 15, 2014.

The Hip Bone Connected to the Leg Bone

COSO added greater definition and guidance in regard to the five internal control components created back in 1992:

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring

As the 1992 framework states, these five components should be holistically integrated to create a healthy and safe control environment for business, nonprofits, and other organizations.

And what does this integration look like?

Every entity needs ethical leadership (the control environment). Those leaders identify key risk areas, usually in terms of likelihood and dollar impact. Once the risk areas are known, controls are designed and implemented (control activities) to ensure the creation of financial information (information and communication). Lastly, the organization monitors the system to ensure that it all works as planned (monitoring).

Most auditors (and those who design internal controls) usually emphasize the control activities component. The reason? Audit opinions relate to financial statements and deficiencies in control activities often allow misstatements to occur. The result? The reporting of significant deficiencies and material weaknesses. As auditors issue control deficiency letters, they tend to focus on control activities, though those communications can and should address deficiencies in the other four internal control components.

What changed in the new COSO framework?

Key changes in the 2013 framework include:

  • The addition of 17 principles (each related to one of the five control components listed above)
  • The addition of points of focus (each applicable to one of the 17 principles)
  • An increased focus on fraud
  • An increased focus on governance
  • An increased focus on information technology
  • An increased focus on compliance with laws and regulations

Why should I care about these changes?

Think of the COSO framework as the fountainhead of all that is good in internal control land. And once COSO speaks, other important bodies (e.g., the AICPA Auditing Standards Board) listen and absorb what is published. Remember SAS 109, Understanding the Entity and Its Control Environment, issued in 2006? Guess where the five control components (control environment, risk assessment, control activities, information and communication, and monitoring) came from? Don’t be surprised if you see the 17 new COSO principles–and possibly the points of interest–embedded in future audit standards.

In any event, the new COSO guidance is a great place for any business or organization to develop a control system that identifies and mitigates risks.

Then disasters–like the one in Dixon, Illinois–can be avoided.

Deeper Dive

If you are interested in more information about the new COSO guidance, consider purchasing the book Executive’s Guide to COSO Internal Controls by Robert Moeller. Mr. Moeller provides a nice summary of the framework along with implementation steps.

You can buy the COSO Framework here.