Does your government have hidden fraud? Are there ways you can mend internal control weaknesses?

Here is a presentation concerning local government fraud. Though the slides address Georgia frauds, you’ll see practical fraud prevention steps you can take, regardless of your government’s location or size.

Trick or Treat? GASB 68: The Governmental Pension Standard

GASB 68 (Accounting and Financial Reporting for Pensions) has eaten GASB 27–RIP.

The magic date when the Great Pumpkin–the net pension liability–will rise out of the footnotes and land on the statement of net position is quickly approaching (year-ends of June 30, 2015). Instead of saying, “It’s the Great Pumpkin Charlie Brown!” we’ll be saying, “It’s the Great Debt Charlie Brown!” ARRG.

Courtesy of iStockphoto.com

Courtesy of iStockphoto.com

GASB 27 was a kind spook, allowing governments to bury pension liabilities in the notes. As long as public entities paid the “annually required contribution–ARC,” no liabilities were recognized on the statement of net position. But this is all changing. We have a new beast: the net pension liability–NPL, which will be recognized on the statement of net position. And, of course, as liabilities increase, equities (net positions) decrease. One saving grace: modified accrual accounting; governmental funds will not record the NPL, but the pension liability will appear on full accrual statements (i.e., government-wide statements and enterprise funds).

Under GASB 27, the ARC was treated as the funding amount. No longer. GASB 68 divorces funding from the pension expense.

So what is net pension liability?

It is the portion of the present value of projected benefit payments to be provided through the pension plan to current active and inactive employees that is attributed to those employees’ past periods of service, less the amount of the pension plan’s fiduciary net position.

In simple terms, it’s the computed debt less assets set aside for future payments.

What journal entry will be made to record the NPL?

Initial Entry to Record Pension Liability

AccountDr.Cr.
Net Position (Equity)XXXX
Net Pension LiabilityXXXX

Additionally, if the government previously recorded a net pension obligation (the result of the ARC not being paid), then this liability will also be removed (debited) as you record the NPL.

More Volatility

Governments will experience more volatility in their pension expenses since smoothing techniques are no longer used. Keep in mind that funding can (and I expect will be) fairly level. The pension expense is not intended to establish funding amounts. As a consequence, cash paid to fund the pension plan may remain fairly stable while the pension expense swings widely. Changes in the market value of pension plan investments will be felt more abruptly as they impact pension expense.

Changes Included in Current Pension Expense

Statement 68 requires that most changes in the net pension liability be included in pension expense in the period of the change. For example, changes in the total pension liability resulting from current-period service cost, interest on the total pension liability, and changes of benefit terms are required to be included in pension expense immediately. Projected earnings on the pension plan’s investments also are required to be included in the determination of pension expense immediately.

Changes Included in Current and Future Pension Expense

The effects of certain other changes in the net pension liability are required to be included in pension expense over the current and future periods. Changes in the net pension liability not included in pension expense are required to be reported as deferred outflows of resources or deferred inflows of resources related to pensions.

The effects on the total pension liability of (1) changes of economic and demographic assumptions or of other inputs and (2) differences between expected and actual experience are required to be included in pension expense in a systematic and rational manner over a closed period equal to the average of the expected remaining service lives of all employees that are provided with benefits through the pension plan (active employees and inactive employees), beginning with the current period.

The effect on the net pension liability of differences between the projected earnings on pension plan investments and actual experience with regard to those earnings is required to be included in pension expense in a systematic and rational manner over a closed period of five years, beginning with the current period.

Trick or Treat

When Charlie Brown would go Trick or Treating, he’d say, “I got a rock.” Governments, after knocking on the GASB 68 door, may feel the same way. Those entities that have not properly funded their pension plans will see sizable hits to their net position. Worse yet, a poorly funded plan is required to use a lower discount rate which increases the net pension liability.

If your government has debt covenants, it would be wise to consider the potential effects of these changes now.

Yellow Book: Preparation of Financial Statements – Threat to Independence?

An auditor's creation of a client's financial statements can impair independence

An auditor’s preparation of financial statements can create an independence impairment. The self-review threat has to be overcome.

It was over two years ago that I posted the following information. I’m doing so again, just as a reminder and to provide some clarification.

There has been a great deal of discussion about maintaining independence when an external audit firm prepares the financial statements subject to the Yellow Book.

gao-yellow-book-199x300

Does the preparation of financial statements – considered a nonattest service – impair the external auditor’s independence?

In some cases, the answer is “yes”.

Let’s see how you can avoid this potential problem.

AICPA Practice Aid 

If you identify a significant threat to independence, then safeguards should be implemented to mitigate the threat; both the threat and the safeguards must be documented. (See examples below.)

The AICPA offers an editable 2011 Yellow Book Independence Documentation Practice Aid for $28 (for AICPA members);  the aid, which I recommend, can be purchased at: www.cpa2biz.com.

Yellow-Book-Practice-Aidt-300x198

The following examples were taken from that practice aid (I have bolded certain words):

Preparation of Financial Statement – Threats to Independence

Example 1 (Client has sufficient skill, knowledge or experience (SKE), no significant threat)

The auditor has been requested to prepare the financial statements for an audited entity for which the requirements for performing nonaudit services have been met under paragraphs 3.37 and 3.39 (client assumes responsibility) of the 2011 Yellow Book.  The auditor considered the following in evaluating whether a significant threat to independence existed:

The audited entity’s books and records are substantially complete and accurate.  Few, if any, correcting entries are expected to be proposed.

The individual designated by the audited entity who oversees the preparation of the financial statements possesses SKE sufficient to reperform the service, not just oversee the service.  The designated individual, in order to make better use of his or her time, has asked the auditor to prepare the financial statements. The designated individual will also review the draft financial statements using a comprehensive disclosure checklist.

This is the only nonaudit service that the auditor has been requested to perform.

Conclusion:  Based on the foregoing; the auditor reached the conclusion that preparation of the financial statements would not result in a significant threat to independence; therefore, it is not necessary to apply safeguards.

Example 2 (Client has sufficient SKE, but cannot reperform the preparation of the financial statements, significant threat)

The auditor has been requested to prepare the financial statements for an audited entity for which the requirements for performing nonaudit services have been met under paragraphs 3.37 and 3.39 (client assumes responsibility)  of the 2011 Yellow Book.  The auditor considered the following in evaluating whether a significant threat to independence existed:

The audited entity’s books and records are substantially complete and accurate.  Few, if any, correcting entries are expected to be proposed.

The individual designated by the audited entity who oversees the preparation of the financial statements possesses SKE sufficient to oversee the service but is not capable of reperformance.

This is the only nonaudit service that the auditor has been requested to perform.

Conclusion:  Based on the foregoing; the auditor reached the conclusion that preparation of the financial statements would result in a significant threat to independence; therefore, it would be necessary to apply safeguards.

aid-example

 Safeguards

When there is a significant threat, the audit firm must apply safeguards; here are some examples of such safeguards:

  1. Have someone not involved in planning or supervising the audit engagement review the financial statements before releasing the statements.
  2. Educate management on the nonaudit services performed by reviewing and explaining the basis for preparing the financial statements, so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the financial statements.
  3. Request that the audited entity complete a disclosure checklist as part of the overall review of the financial statements.
  4. Include the audit engagement as a required Engagement Quality Control Review under the audit firm’s system of quality control.

Not all of these safeguards need be applied, just the ones necessary to reduce the risk to an acceptable level.

Required Minimums

The audited entity must always accept responsibility for the financial statements and must approve them or else the general requirements under Interpretation No. 101-3 and paragraph 3.37 of the 2011 Yellow Book will not be met.

In all cases, management (or its designee) must possess sufficient skill, knowledge or experience; the designee may be a second CPA firm or professional but cannot be the audit firm.

Note as of November 19, 2017: The GAO is working on a revision of the Yellow Book. So, once the new Yellow Book is issued, you’ll need to follow that guidance. 

Fraud Prevention for Small Governments

Below I provide fraud prevention steps that you can take to protect your government

Many small governments suffer losses from theft since they lack a sufficient number of employees to segregate accounting duties. There are, however, steps you can take to protect your resources. In this post, I provide ideas for fraud prevention in small governments.

Most government officials don’t realize that external audits are not designed to detect immaterial fraud (immaterial can be tens of thousands of dollars – sometimes even more). Such officials incorrectly believe that a clean opinion means no fraud is occurring in their locale – this is a mistake. External financial statement opinion audits are not designed to look for fraud at immaterial levels. Even if your government has an external audit, consider implementing fraud prevention procedures.

fraud prevention for small governments

In a typical small government accounting setting, the city of In Between (as in between two stop lights) (population 1,202) has a mayor and three council members. The city has one bookkeeper (we’ll call him Dale) who orders and receives all purchased items; he writes all checks, reconciles bank statements, and keys all transactions into the accounting system. Dale also receipts all collections and makes all deposits. Mayor Chester signs all checks (vendor and payroll). (In a long-standing tradition, the mayor also graces the city Christmas parade float as Santa Claus.) With so little segregation of duties, what can be done?

The smaller the government, the greater the need for fraud prevention – even if Santa Claus in involved. And yet, these are the governments that most often don’t have the resources–whether the money to pay for outside assistance or employees to segregate duties–to prevent fraud. Here are few ideas for even the smallest of governments.

Low-Cost Fraud Prevention

First, let’s look at low-cost fraud prevention options:

  • Have all bank statements mailed directly to Mayor Chester who will open and inspect the bank statement activity before providing the bank statements to Dale; alternatively, provide online access to Mayor Chester who reviews bank statement activity and signs a monthly memo documenting his review
  • Once or twice a year, have council members pick two months at random (e.g., May and September) and review key bank statement activity (e.g., the operating and payroll accounts)
  • Once or twice a year, have council members randomly select checks (e.g., ten vendor checks and ten payroll checks) and review supporting documentation (e.g., invoices and time sheets)
  • Once or twice a year, have the mayor and council review receipt collections and related documentation (e.g., for two days deposits); agree receipts to bank deposits and to the general ledger
  • Provide monthly budget to actual reports to mayor and council
  • Provide monthly overtime summaries to mayor and council
  • Do not allow Dale to sign checks
  • Require two signatures on checks above a certain level (e.g., $5,000); have two of the council members (in addition to the mayor) on the bank signature cards; supporting documentation (e.g., invoice) should be provided to check signers for review
  • Require Mayor Chester and Dale to authorize any wire transfers
  • Have Dale provide the mayor with monthly bank reconciliations; the mayor should document (e.g., initial the reconciliation) his review
  • Don’t provide Dale with a credit card
  • If Dale is provided a credit card, provide him with one card; use a low maximum credit limit (e.g., $1,000); Dale’s credit card statements should be provided to the mayor when he signs the related check for payment
  • Use a centralized receipting location (if possible); receipts should always be written upon collection of a payment

Higher Cost Fraud Fraud Prevention

Now let’s examine some higher cost options (that are probably more effective):

  • Have an outside CPA or Certified Fraud Examiner (CFE) perform the receipting and payment tests listed above
  • Have an outside CPA or CFE map your internal control system and make system-design recommendations
  • Have an outside CPA or CFE make surprise unannounced visits (e.g., two per year) to examine the receipting system, payroll, and the payment system; at the beginning of the year, tell Dale that the surprise visits will occur (details of what will be tested should not be communicated to Dale)
  • Install a security camera to record all of Dale’s collection and receipting activity
  • Purchase fidelity bond to cover elected officials and Dale

Keep in mind that you can limit the cost of the outside CPA; simply include contract limits for the project; the contract might read Surprise audit of vendor payments with cost limited to $1,500. Try to contract with a CPA or CFE with governmental experience. The surprise audits and the fidelity bond recommendations are, in my opinion, the most critical steps.

Some states like New York audit local governments for fraud; consequently, if your local government is frequently audited by a state agency, there may be less of a need to hire an outside CPA or CFE to perform fraud prevention procedures.

Additional Fraud Prevention Resources

Click here for a list of local government controls to consider.

For additional insights into preventing fraud in your government, get The Little Book of Local Government Fraud Prevention on Amazon.

The above picture is courtesy of iStockphoto.com.

Steal Like a Boss

How do fraudsters think and act?

Can you steal like a boss? White collar crime takes special skills and thoughts. Do you have what it takes? Here’s my tongue-in-cheek look at how I would steal.

Steal Like a Boss

Picture Courtesy of iStockphoto.com

To steal, I need to:

  1. Be Believable
  2. Have a Cause
  3. Calm My Conscience
  4. Develop My Plan
  5. Execute My Plan
  6. If Caught, Settle Out of Court

1. Be Believable

I must be seen as trustworthy. The more age, experience, and education I have, the better. The longer I work for the organization, the more I will be trusted.

And while I’m at it, I’ll do what I can to move to positions of higher authority which will provide me with greater opportunities. Being the boss will enable me to steal like a boss.

If possible, I will gain the ability to authorize or initiate purchases. Kickbacks (paid to those who authorize payments) are difficult to detect, even by professional fraud examiners, and the dollars can be significant. Like stealing candy from a baby.

2. Have a Cause

Any financial pressure will do–a gambling or drug habit, an affair, medical bills, or maybe I just want to appear more successful than I am. If I don’t have a need, I will create one. I am my own cause.

My unshareable need (cause) must not be known by others lest they suspect my need for cash.

3. Calm My Conscience

I hate when that little voice starts talking: “Charles, you can’t do this. Your grandmother would be so ashamed.” It takes skill and fortitude, but I must calm my conscience. All the more reason to have a cause (see point 2.). The more noble I can make my cause, the better. Something like, “I’ve earned this. The company should realize my greatness and provide me with appropriate compensation. I have three kids in college, and they need this. You know I really want to be good provider for my family.” I may need to start stealing borrowing or compensating myself in small amounts and then build up. This will make it easier for my conscience to adjust.

I need to think correctly. When that little voice speaks, I will reword those thoughts. I know I am right.

4. Develop My Plan

I will pay attention to control weaknesses.

Our auditors have told us for years that we lack appropriate segregation of duties. Opportunity awaits.

If I am going to steal be compensated appropriately, I need to make it worth my while. Be bold. Think big. I have noticed that one of our key vendors has been very kind to me, a free week-long trip to Vegas for the last three years. And a key contract renewal is coming up. I think cash would be better this year. Besides, I know the CFO received an even sweeter trip than I did last year. And bribes gifts don’t hurt anyone; the vendor pays for them (though I have noticed the vendor’s pricing seems to be increasing…actually, exploding).

5. Execute My Plan

Take Compensate myself in a steady under-the-radar kind of way. Most folks get greedy. I must be diligent to work in a measured way, not taking receiving more than would be noticed. Greed is my enemy, the element that lands good guys like me in the newspapers.

Also, I think I can consistently steal borrow money from the receipts cycle since I am in charge of daily deposits and all related accounting duties. This might cost me my vacation though. I need to be on the job to continue to hide perform my duties. But if the funds taken compensation is enough, I can forgo the Vegas trip.

6. If I Get Caught, Settle Out of Court

If I am discovered someone notices that I have borrowed funds, then I may have to beg for forgiveness and promise to pay it back. And, of course, I need to make sure the company understands my concern for its reputation; news like this does not coalesce well with the company’s mission statement: Honesty and Compassion for Those We Serve.

I don’t need a criminal record, especially if I need to steal borrow funds from my next employer.

More Fraud Information

You’ll find more information about fraud prevention in my book: The Little Book of Local Government Fraud Prevention.

Corporate Account Takeover

Thieves gain access to company bank accounts and make fraudulent transfers of cash

Some thieves gain control of company bank accounts using a corporate account takeover scheme. And with that control they steal money. Below you’ll see how this type of theft occurs.

On March 17, 2010, cyber thieves hacked into the computers of Choice Escrow and stole the login ID and password to their online banking account. With that information, the thieves were able to submit a $440,000 wire transfer from Choice Escrow’s bank account to an account in Cyprus.

Corporate account takeover

Courtesy of istockphoto.com

When Choice Escrow and the bank were unable to resolve their differences, Choice Escrow filed suit. The back-and-forth legal battle lasted until March 18, 2013 when a court ruled the loss was the responsibility of Choice Escrow. A major determining factor in the decision was Choice Escrow’s refusal of the dual control security mechanism offered by Bancorpsouth Bank. According to Article 4A of the Uniform Commercial Code, if an institution offers a reasonable security procedure to a commercial customer and that customer turns down that security procedure, then the customer is liable in the event of a loss.

Bancorpsouth Bank offered dual control to Choice Escrow twice. Not only did the bank offer this security feature to Choice Escrow, but Bancorpsouth also documented the customer’s refusal to use the security feature. The documentation of the customer’s refusal of the security features was a determining factor in this case. From a bank’s perspective, this case underscores the importance of a written agreement with commercial online banking customers and, more importantly, the importance of documenting the security procedures offered to those customers. From a user’s perspective, the case highlights the need to use the security procedures offered.

Corporate Account Takeover

Corporate account takeover is a term which has become more prevalent over recent years. Generally speaking, corporate account takeover occurs when an unauthorized person or entity gains access or control over another entity’s finances or bank accounts. This usually results in the theft of money in the form of fraudulent wire transfers or ACH transactions.

These fraud schemes first began to be noticed in 2005 but have since become much more widespread and frequent. Recent statistics have revealed that the fraudsters carrying out these schemes are actually becoming less successful in getting money out of a bank account. This reduction is due to both increased efforts on the part of the financial institutions, as well as better education of the customer to help them avoid becoming a target.

Usually, the financial institutions themselves are not the targets of the attack but rather the corporate customers of the institution. Using malware, social engineering and various other methods, the fraudster obtains information about the customer’s online banking credentials. Once the online banking credentials have been obtained, a request for wire or ACH transfers is placed by the thief. Any business may be targeted for these types of attacks, but those at risk mostly are small businesses, governments, and nonprofits who have limited resources to protect against such threats.

This Post Contributed by John McLeod

This post was contributed by John McLeod, one my firm associates who audits financial institutions and specializes in technology issues. John is a CPA and is CISA certified. He often speaks to banking groups about technology and internal controls. You can reach him at jmcleod@mmmcpa.com.

Click here to see my recent post about wire fraud prevention.

Yellow Book CPE Requirements – A Summary

What are the requirements for Yellow Book continuing professional education (CPE)?

Below we will address (1) who is subject to the Yellow Book CPE requirements and (2) what CPE classes satisfy those requirements.

Yellow Book CPEOverview

First realize there are two rules:

  1. The 80-hour rule (every two years)
  2. The 24-hour rule (every two years)

Then you must answer:

  1. Who is subject to each rule?
  2. What classes qualify for each rule?

The 24 Hour Rule – Who is Subject?

The answer: each auditor performing work on a Yellow Book audit; if as an auditor you work on the engagement, you are subject to this rule. If your audit report contains a Yellow Book report (usually located just after the notes to the financial statements), then that engagement is subject to generally accepted government auditing standards (GAGAS).

The 80-Hour Rule – Who is Subject?

The answer: Auditors who are involved in any amount of:

1. Planning,
2. Directing, or
3. Reporting on GAGAS assignments
and
4. Those auditors who are not involved in those activities but charge 20 percent or more of their time annually to GAGAS assignments.

I interpret 1., 2. and 3. as mainly partners, managers, and in-charges. 4. relates to staff who support the audit.

So a staff person that does not meet the criteria in 4., but still works on a Yellow Book engagement must still satisfy the 24-hour rule (but not the 80-hour rule).

What Classes Qualify?

The Yellow Book states, “Determining what subjects are appropriate for individual auditors to satisfy both the 80-hour and the 24-hour requirements is a matter of professional judgment to be exercised by auditors in consultation with appropriate officials in their audit organizations.”

First we see that there is judgment in what qualifies (no bright yellow lines). But there are differences in the 80-hour rule and the 24-hour rule; otherwise, there would be only one category.

The 80-Hour Rule – Classes that Qualify

The 80-hour rule is broad (encompassing any CPE that enhances the auditor’s professional proficiency); so, for example, CPE classes about writing skills or using Excel would qualify. (Taxation CPE usually does not qualify unless the class addresses audit-related issues. For example, a 1040 tax class does not qualify.)

For those subject to the 80 hour rule, at least 20 hours of CPE should be taken in each year of the two-year period; a total of 80 hours is to be taken in the two-year period.

The 24-Hour Rule – Classes that Qualify

Each auditor performing work under GAGAS should complete, every 2 years, at least 24 hours of CPE that directly relates to government auditing, the government environment, or the specific or unique environment in which the audited entity operates.

The 24-hour rule is specific to:
(1) Government auditing,
(2) The government environment or
(3) To the specific or unique environment in which the audited entity operates.

Government Auditing

Classes directly related to standards used in governmental auditing qualify; since GAGAS incorporates the AICPA statements on auditing standards (SASs) for field work and reporting, then audit classes that include a study of the SASs as they relate to the audit of your governmental entity would qualify. The same is true of pronouncements issued by the FASB. Single Audit classes also obviously qualify.

Government Environment

CPE dealing with Governmental Accounting Standards (GASB pronouncements) will qualify for the 24-hour rule since the class focuses on accounting standards in the government environment.

If you audit a county or a city, then most any CPE dealing with GASB pronouncements or governmental issues (e.g., sales taxes) will satisfy the 24-hour rule; also classes dealing with compliance with laws and regulations qualify.

Classes addressing economic conditions, fiscal trends, and pressures facing the governmental entity qualify.

Specific or Unique Environment in Which the Audited Entity Operates

Suppose you audit electric membership corporations (EMCs) subject to the Yellow Book; a CPE class about electrical supply grids qualifies. Or if you audit banks subject to Yellow Book requirements (e.g., FHA loans), then a CPE class dealing with lending qualifies. These classes address issues in the unique environment in which the audited entity operates.

Two-Year Cycle

An audit organization can adopt a standard 2-year period for all of its auditors to simplify administration of the CPE requirements.

Carryover Credit

Auditors are not allowed to carry over hours taken in excess of the 24-hour or 80-hour rule to the next reporting period.

Proration of Hours for New-Hires (or Those Newly Assigned to a Yellow Book Audit)

You will prorate the hourly requirements based on the remaining 6-month intervals in your two-year reporting period. For example, you hire someone on May 1, 2013 and your two-year cycle ends December 31, 2013. There is only one remaining 6-month period. If you are subject to the 24 hour rule, then you will multiply 25% (one six-month period divided by the four six-month periods in the two-year cycle) times 24 to compute the hours required: 6 hours.

GAO Guidance

Click here for the April 2005 GAO publication: Government Auditing Standards, Guidance on GAGAS Requirements for Continuing Professional Education.

Local Government Internal Controls – A List

These internal controls lessen fraud in your counties, cities, schools, and authorities

Do you need a list of local government internal controls?

Here’s a list of fraud prevention controls that I recommend to local governments – many of which are pertinent to nonprofits and small businesses as well. While not a comprehensive list, I thought I would share it. You will find this same checklist in my Amazon fraud prevention book which provides much more Fraud Prevention ideas.

local government internal controls

Fraud Prevention for Governments

General Internal Controls

  1. Have bank statements mailed directly to someone outside of accounting; recipient should peruse bank statement activity before providing it to accounting
  2. Perform surprise audits (use outside CPA if possible)
  3. Elected officials and management should review monthly budget to actual reports (and other pertinent financial reports)
  4. Map internal control processes by transaction cycle (preferably done by a seasoned CPA); once complete, provide map to all employees involved in the cycle; when control weaknesses exist, institute additional controls (see 11. below)
  5. Use a whistleblower program (preferably use an outside whistleblower company)
  6. Reconcile bank statements monthly (have a second person review and initial the reconciliation)
  7. Purchase fidelity bond coverage (based on risk exposure)
  8. Periodically request from the government’s bank a list of all bank accounts in the name of the government or with the government’s federal tax I.D. number; compare list to bank accounts set up in the general ledger
  9. Secure computer access physically (e.g., locked doors) and electronically (e.g., passwords)
  10. Do not allow the electronic transmission (e.g., email) of sensitive data (e.g., social security numbers) without the use of protected transmission technology (e.g. Sharefile); create policy and train staff
  11. Where possible, segregate who (1) authorizes transactions, (2) records transactions, (3) reconciles records, and (4) has custody of assets; when segregation of duties is not possible, require documented second-person review and/or surprise audits

Transaction Level Controls

Cash Receipts and Billing Controls

  1. Use a centralized receipting location (when possible)
  2. Assign each cash drawer to a separate person; require daily reconciliation to receipts; require second person review
  3. Deposit cash timely (preferably daily); require composition of cash and checks to be listed on each deposit ticket (to help prevent check-for-cash substitution)
  4. Immediately issue a receipt for each payment received; a duplicate of the receipt or electronic record of the receipt is to be retained by the government
  5. Supervisor should review receipting-personnel adjustments made to accounts receivable
  6. Do not allow the cashing of personal checks (e.g., from cash drawers)

Cash Payments and Purchasing Controls

  1. Guard all check stock (as though it were cash)
  2. Do not allow hand-drawn checks; only issue checks through the computerized system; if hand-drawn checks are issued, have a second person create and post the related journal entry
  3. Do not allow the signing of blank checks
  4. Limit check signing authorization to as few people as possible
  5. Require two employees to effectuate each wire transfer
  6. Persons who authorize wire transfers should not make related accounting entries
  7. Require a documented bidding process for larger purchases (and sealed bids for significant purchases or contracts); specify procedures for evaluating and awarding contracts.
  8. Limit the number of credit cards and the amount that can be charged on each card
  9. Allow only one person to use an individual credit card; require receipts for all purchases
  10. Require a street address and social security or tax I.D. numbers for each vendor added to accounts payable vendor list (P.O. box numbers without a street address should not be accepted)
  11. Signed vendor checks should not be returned to those who authorized the payment; mail checks directly to vendors
  12. Compare payroll addresses with vendor addresses for potential fictitious vendors (usually done with electronic audit tools such as IDEA or ACL)

Payroll Controls

  1. Provide a departmental overtime budget/expense report to governing body or relevant committee
  2. Use direct deposit for payroll checks
  3. Payroll rates keyed into the payroll system must be supported by proper authorization in the employee personnel file
  4. Immediately remove terminated employees from the payroll system
  5. Use biometric time clocks to eliminate buddy-punching
  6. Check for duplicate direct-deposit bank account numbers
  7. Overtime should be authorized in writing by department head or designee (before payment is made)

Your Recommendations

What additional controls do you recommend? Please share in a comment.

Photo is courtesy of iStockphoto.com.

GASB 61 – Financial Reporting Entity

GASB 61 amends GASB 14 and provides guidance about governmental component units

I well remember how confused I was when GASB 14 came out – even though Harold Monk did his best to enlighten me. Since then, I don’t know how many entities I’ve looked at, trying to determine whether they were component units. I do know I have become well acquainted with the flowchart in GASB 14; strangely enough, we have become friends (yes, I know it’s weird having a flowchart for a friend, but such is my life). We now have an updated flowchart in GASB 61 – a new friend I guess.

GASB 61

GASB reconsidered GASB 14 and created GASB 61, Financial Reporting Entity: Omnibus – an Amendment to GASB Statements No. 14 and No. 34. The effective date is for periods beginning after June 15, 2012. 

Let’s take a look at GASB 61. First, we will consider whether an entity should be included as a component unit, and then we will look at whether the entity should be blended or discretely presented.

1. Evaluating Inclusion of Potential Component Units

First ask, “does the primary government appoint a voting majority of the potential component unit’s board?”

If yes, you will include the component unit if the primary government:

  1. has the ability to impose its will upon the potential component unit or
  2. has a potential financial benefit or burden related to the potential component unit (PCU)

If no, consider whether the potential component unit meets the fiscal dependency and financial benefit/burden criteria. If yes, then include the component unit. If no, ask whether it would be misleading to exclude the potential component unit; if it would be misleading, then you will include the PCU (normally discretely presented).

2. Blended or Discretely Presented Decision

Blend the component unit if any of the following three criteria is true:

1. If the component unit’s governing body is substantively the same (basically having the same board members) as the governing body of the primary government, then you will blend the component unit into the primary government provided:

    • there is a financial benefit or burden relationship, or
    • the primary government has operational responsibility for the component unit.

Operational responsibility is defined as managing “the activities in the essentially the same manner in which it manages its own programs, departments, or agencies.”

(Notice the primary government’s legal control of the component unit does not affect the blending decision.)

2. Another consideration – commonly known as the exclusive benefit criterion –  is whether the component unit’s goods or services are entirely or almost entirely provided to the government itself (this does not include providing services to the government’s citizenry or customers). If the answer is yes, then the component unit will be blended.

university foundation, for example, is usually designed to (and often does) exclusively benefit the university (the primary government) and would, therefore, be blended.

A university hospital, by contrast, will be presented discretely (in the university’s financial statements) since the hospital is primarily providing benefits to patients rather than the government. (This is true even if the articles of incorporation for the hospital state that the entity is designed for the exclusive benefit of the university.)

3. GASB 61 includes one new blending criteria: if the primary government will repay entirely or almost entirely (with resources of the primary government) a component unit’s total debt outstanding (including leases), the component unit will be blended. The standard does allow for discrete presentation if the primary government’s resources are the second source of debt repayment or if resources received from the primary government are among other sources of repayment available.

If the component unit does not meet any of the three blending criteria, then it will be presented discretely.

OCBOA Governmental Financial Statements

Over 33% of governments issue OCBOA financial statements

The AICPA recently provided a webcast titled: The New AICPA OCBOA Publications: What They Are and How They Apply to Governments and Not-for-Profits Using Cash, Modified Cash, and Regulatory Frameworks.

I was surprised to see the number of governments that present financial statements in accordance with an other comprehensive basis of accounting (OCBOA). The webcast did not provide an exact percentage of governments using OCBOA, but it looks like you can easily conclude that over 33% of governments use OCBOA. 

OCBOA Financial statements

Why Issue OCBOA Financial Statements?

As I said in my prior OCBOA post, the short answer is: Cost. If you’ve created GAAP basis governmental financial statements, you know how complicated these statements are. OCBOA statements—whether cash basis, modified cash basis or tax basis—are simpler to create. 

Many governments require GAAP basis statements so make sure, before making any changes, that OCBOA statements are permissible in your locale.

Modified Cash Basis of Accounting

The modified cash basis is the pure cash basis with modifications having substantial support. (A pure cash basis of accounting would reflect only cash inflows and outflows with beginning and ending cash.)

A common modification to the cash basis is the capitalization of assets purchased and recognition of depreciation over estimated useful lives. Though using the modified cash basis, impaired capital assets may also be written down. In addition, the related long-term debt would normally also be recorded. 

Another common modification is the deferral of revenue recognition for governments receiving cash that will be used in future periods; the deferral would be shown as a liability.

OCBOA Presentation Issues

GAAP basis governmental financial statements reflect government-wide and fund-level presentations. OCBOA statements will normally include the same type of presentation – government-wide and fund-level statements – though you are using different recognition criteria. A general rule for OCBOA statements is: follow GAAP guidelines where you can; this includes disclosures (though the notes are amended in accordance with the framework used).

While not required for OCBOA statements, you may include supplementary information.

Required supplementary information (RSI) is not required under the modified cash basis, but can be provided; if provided, the information is not considered RSI but supplementary information or additional information. RSI can only be “required” by GAAP.

While certain disclosures are not required in OCBOA statements (e.g., fair value of investments or the funded status of a defined benefit plan), such information can be provided in the notes. 

Use of the AICPA Financial Reporting Framework for Small- and Medium-Sized Entities 

Governments should not use the AICPA small- and medium-sized entity framework.

Updated AICPA Guidance

If you are issuing governmental OCBOA statements, I strongly recommend that you purchase the AICPA’s updated book: Applying OCBOA in State and Local Governmental Financial Statements. Mike Crawford and Mike Glynn have done a fine job in preparing this publication.