Category Archives for "Local Governments"

Jul 17

Government Auditing Standards 2018 Revision (Hot Off the Press)

By Charles Hall | Auditing , Local Governments

Government Auditing Standards 2018 Revision

The Government Accountability Office just issued the new Yellow Book titled Government Auditing Standards 2018 Revision.

Government Auditing Standards 2018 Revision

Get Your Free Copy

An electronic version of the 2018 Yellow Book can be accessed on GAO’s Yellow Book web page at http://www.gao.gov/yellowbook.

Major Changes

The introduction to the new Yellow Book summarizes the significant changes as follows:

This revision contains major changes from, and supersedes, the 2011 revision. These changes, summarized below, reinforce the principles of transparency and accountability and strengthen the framework for high quality government audits.

  • All chapters are presented in a revised format that differentiates requirements and application guidance related to those requirements.
  • Supplemental guidance from the appendix of the 2011 revision is either removed or incorporated into the individual chapters.
  • The independence standard is expanded to state that preparing financial statements from a client-provided trial balance or underlying accounting records generally creates significant threats to auditors’ independence, and auditors should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level or decline to perform the service.
  • The peer review standard is modified to require that audit organizations comply with their respective affiliated organization’s peer review requirements and GAGAS peer review requirements. Additional requirements are provided for audit organizations not affiliated with recognized organizations.
  • The standards include a definition for waste.
  • The performance audit standards are updated with specific considerations for when internal control is significant to the audit objectives.

Effective with the implementation dates for the 2018 revision of Government Auditing Standards, GAO is also retiring Government Auditing Standards: Guidance on GAGAS Requirements for Continuing Professional Education (GAO-05-568G, April 2005) and Government Auditing Standards: Guidance for Understanding the New Peer Review Ratings (D06602, January 2014).

Effective Dates

The 2018 revision of Government Auditing Standards is effective for financial audits, attestation engagements, and reviews of financial statements for periods ending on or after June 30, 2020, and for performance audits beginning on or after July 1, 2019.

Early implementation is not permitted.

The 2018 revision of Government Auditing Standards supersedes the 2011 revision (GAO-12-331G, December 2011), the 2005 Government Auditing Standards: Guidance on GAGAS Requirements for Continuing Professional Education (GAO-05-568G, April 2005), and the 2014 Government Auditing Standards: Guidance for Understanding the New Peer Review Ratings (D06602, January 2014). 

corporate account takeover
May 02

Corporate Account Takeover (the Importance of Using Bank Security Procedures)

By Charles Hall | Accounting and Auditing , Fraud , Local Governments

Some thieves gain control of company bank accounts using a corporate account takeover scheme. And with that control, they steal money. Below you’ll see how this type of theft occurs.

On March 17, 2010, cyber thieves hacked into the computers of Choice Escrow and stole the login ID and password to their online banking account. With that information, the thieves were able to submit a $440,000 wire transfer from Choice Escrow’s bank account to an account in Cyprus.

Corporate account takeover

Courtesy of istockphoto.com

When Choice Escrow and the bank were unable to resolve their differences, Choice Escrow filed suit. The back-and-forth legal battle lasted until March 18, 2013, when a court ruled the loss was the responsibility of Choice Escrow. A major determining factor in the decision was Choice Escrow’s refusal of the dual control security mechanism offered by Bancorpsouth Bank. According to Article 4A of the Uniform Commercial Code, if an institution offers a reasonable security procedure to a commercial customer and that customer turns down that security procedure, then the customer is liable in the event of a loss.

Bancorpsouth Bank offered dual control to Choice Escrow twice. Not only did the bank offer this security feature to Choice Escrow, but Bancorpsouth also documented the customer’s refusal to use the security feature. The documentation of the customer’s refusal of the security features was a determining factor in this case. From a bank’s perspective, this case underscores the importance of a written agreement with commercial online banking customers and, more importantly, the importance of documenting the security procedures offered to those customers. From a user’s perspective, the case highlights the need to use the security procedures offered.

Corporate Account Takeover

Corporate account takeover is a term which has become more prevalent over recent years. Generally speaking, corporate account takeover occurs when an unauthorized person or entity gains access or control over another entity’s finances or bank accounts. This usually results in the theft of money in the form of fraudulent wire transfers or ACH transactions.

These fraud schemes first began to be noticed in 2005 but have since become much more widespread and frequent. Recent statistics have revealed that the fraudsters carrying out these schemes are actually becoming less successful in getting money out of a bank account. This reduction is due to both increased efforts on the part of the financial institutions, as well as better education of the customer to help them avoid becoming a target.

Usually, the financial institutions themselves are not the targets of the attack but rather the corporate customers of the institution. Using malware, social engineering, and various other methods, the fraudster obtains information about the customer’s online banking credentials. Once the online banking credentials have been obtained, a request for wire or ACH transfers is placed by the thief. Any business may be targeted for these types of attacks, but those at risk mostly are small businesses, governments, and nonprofits who have limited resources to protect against such threats.

governmental internal controls
Apr 02

Useful Governmental Internal Controls that You Need Know

By Charles Hall | Fraud , Local Governments

Below I provide useful governmental internal controls that you need to know.

Why am I providing this list of useful controls? Most small governments struggle with establishing sound internal controls. So, the list provides a foundation for preventing theft in your government. While not a comprehensive list, I thought I would share it.

Many of the internal controls listed below are also pertinent to nonprofits and small businesses as well. You will find this same checklist in The Little Book of Local Government Fraud Prevention (available on Amazon) which provides many more fraud prevention ideas.

I am providing general fraud prevention controls and then transaction-level controls for:

  • Cash receipts and billing
  • Cash payments and purchasing
  • Payroll

governmental internal controls

Useful Governmental Internal Controls

General Internal Controls

  1. Have bank statements mailed directly to someone outside of accounting; recipient should peruse bank statement activity before providing it to accounting
  2. Perform surprise audits (use outside CPA if possible)
  3. Elected officials and management should review the monthly budget to actual reports (and other pertinent financial reports)
  4. Map internal control processes by transaction cycle (preferably done by a seasoned CPA); once complete, provide the map to all employees involved in the cycle; when control weaknesses exist, institute additional controls (see 11. below)
  5. Use a whistleblower program (preferably use an outside whistleblower company)
  6. Reconcile bank statements monthly (have a second person review and initial the reconciliation)
  7. Purchase fidelity bond coverage (based on risk exposure)
  8. Periodically request from the government’s bank a list of all bank accounts in the name of the government or with the government’s federal tax I.D. number; compare the list to bank accounts set up in the general ledger
  9. Secure computer access physically (e.g., locked doors) and electronically (e.g., passwords)
  10. Do not allow the electronic transmission (e.g., email) of sensitive data (e.g., social security numbers) without the use of protected transmission technology (e.g. Sharefile); create policy and train staff
  11. Where possible, segregate who (1) authorizes transactions, (2) records transactions, (3) reconciles records, and (4) has custody of assets; when segregation of duties is not possible, require documented second-person review and/or surprise audits

Transaction Level Controls

Cash Receipts and Billing Controls

  1. Use a centralized receipting location (when possible)
  2. Assign each cash drawer to a separate person; require daily reconciliation to receipts; require second person review
  3. Deposit cash timely (preferably daily); require the composition of cash and checks to be listed on each deposit ticket (to help prevent check-for-cash substitution)
  4. Immediately issue a receipt for each payment received; a duplicate of the receipt or electronic record of the receipt is to be retained by the government
  5. A supervisor should review receipting-personnel adjustments made to accounts receivable
  6. Do not allow the cashing of personal checks (e.g., from cash drawers)

Cash Payments and Purchasing Controls

  1. Guard all check stock (as though it were cash)
  2. Do not allow hand-drawn checks; only issue checks through the computerized system; if hand-drawn checks are issued, have a second person create and post the related journal entry
  3. Do not allow the signing of blank checks
  4. Limit check signing authorization to as few people as possible
  5. Require two employees to effectuate each wire transfer
  6. Persons who authorize wire transfers should not make related accounting entries
  7. Require a documented bidding process for larger purchases (and sealed bids for significant purchases or contracts); specify procedures for evaluating and awarding contracts.
  8. Limit the number of credit cards and the chargeable maximum amount on each card
  9. Allow only one person to use an individual credit card; require receipts for all purchases
  10. Require a street address and social security or tax I.D. numbers for each vendor added to accounts payable vendor list (P.O. box numbers without a street address should not be accepted)
  11. Signed vendor checks should not be returned to those who authorized the payment; mail checks directly to vendors
  12. Compare payroll addresses with vendor addresses for potential fictitious vendors (usually done with electronic audit tools such as IDEA or ACL)

Payroll Controls

  1. Provide a departmental overtime budget/expense report to governing body or relevant committee
  2. Use direct deposit for payroll checks
  3. Payroll rates keyed into the payroll system must be supported by proper authorization in the employee personnel file
  4. Immediately remove terminated employees from the payroll system
  5. Use biometric time clocks to eliminate buddy-punching
  6. Check for duplicate direct-deposit bank account numbers
  7. A department head should provide written authorization for overtime prior to payment

Your Recommendations

What additional controls do you recommend? Share your thoughts below.

theft of cash from local governments
Jul 26

Thefts of Cash From Local Governments are Common

By Charles Hall | Asset Misappropriation , Local Governments

Thefts of cash from local governments are common, are they not? 

How many times have you seen a local newspaper article like the following?

Johnson County’s longtime court clerk admitted today to stealing $120,000 of court funds from 2015 through 2016. Becky Cook, 62, faces up to 10 years in federal prison after pleading guilty to federal tax evasion and theft.

Thefts of Cash from Local Governments

Usually, the causes of such cash thefts are (1) decentralized collection points and (2) a lack of accounting controls.

Thefts of Cash from Local Governments

1. Decentralized Collection Points

First, consider that governments commonly have several collection points.

Examples include:

  • Recreation department
  • Police department
  • Development authority
  • Water and sewer department
  • Airport authority
  • Landfill
  • Building and code enforcement
  • Courts

Many governments have over a dozen receipting locations. With cash flowing in so many places, it’s no wonder that thefts of cash are common. Each cash receipt area may have different accounting procedures – some with physical receipt books, some with computerized receipting, and some with no receipting system at all. 

A more centralized receipting system reduces the possibility of theft, but many governments may not be able to centralize the receipting function. Why? Here are three reasons:

  1. Elected officials, such as tax commissioners, often determine how monies are collected without input from the final receiving government (e.g., county commissioners or school). Consequently, each elected official may decide to use a different receipting system.
  2. Customer convenience (e.g., recreation centers and senior citizen centers) may drive the receipting location decision.
  3. Other locations, such as landfills, are purposely placed on the outer boundary of the government’s geographic area.

What’s the result? Widely differing receipting systems. Since these numerous receipting locations have varying controls, the risk of theft is higher. 

2. Lack of Accounting Controls

Second, consider that many governments lack sufficient accounting controls for cash.

It’s more likely cash will be stolen if cash collections are not receipted. If the transaction is recorded, then the receipt record must be altered, destroyed or hidden to cover up the theft. That’s why it’s critical to capture the transaction as early as possible. Doing so makes theft more difficult.

Additional steps that will enhance your cash controls include the following:

  1. If possible, provide the government’s administrative office (e.g., county commissioners’ finance department) with electronic viewing rights for the decentralized receipting locations (e.g., landfill).
  2. Require the transfer of money on a daily basis; the government’s administrative office (e.g., county commissioners’ finance department) should provide a receipt to each transferring location (e.g., landfill).
  3. Limit the number of bank accounts.
  4. Deposit funds daily.
  5. Periodically perform surprise audits of outlying receipting areas.
  6. Use a centralized receipting location (and eliminate the decentralized cash collection points).
  7. Persons creating deposit slips and handling cash should not key those receipts into the accounting system.
  8. The person reconciling the bank statements should not also handle cash collections.
  9. Don’t allow the person billing customers to handle cash collections.

If segregation of duties is not possible (such as 7., 8. and 9. above), consider having a second person review the activity (either an employee of the government or maybe an outside consultant).

Final Thoughts About Fraud Prevention for Cash

When possible, use an experienced fraud prevention specialist to review your cash collection procedures. Can’t afford to? Think again. The average incidence of governmental fraud results in a loss of approximately $100,000.

Finally, make sure your government has sufficient fidelity bonding. If all else fails, you can recover your losses through insurance.

For more fraud prevention guidance, check out my book on Amazon; click the book below. Also, see my free slide deck titled Finding and Preventing Fraud in Local Governments. Additionally, here’s a post concerning how to audit cash.

 

omission of management, discussion and analysis
Mar 27

Omission of MD&A from Governmental Financial Statements

By Charles Hall | Auditing , Local Governments

Can a government exclude the management, discussion, and analysis from its financial  statements? This article answers that question.

According to AU-C 730, the auditor’s report on the financial statements should include an other-matter paragraph that refers to the required supplementary information (RSI). In governmental financial statements, the management, discussion, and analysis (MD&A) is considered RSI. Though the MD&A is “required” supplementary information, governments can–strangely enough–exclude it from the financial statements.

omission of management, discussion and analysis

Picture from AdobeStock.com

Omitting the MD&A – Effect on an Audit Opinion

If the required supplementary information is omitted, the auditor should include an other-matter paragraph in the opinion such as the following:

Management has omitted the management, discussion, and analysis that accounting principles generally accepted in the United States of America require to be presented to supplement the basic financial statements. Such missing information, although not a part of the basic financial statements, is required by the Governmental Accounting Standards Board, who considers it to be an essential part of financial reporting for placing the basic financial statements in an appropriate operational, economic, or historical context. Our opinion on the basic financial statements is not affected by this missing information.

Notice the omission of the MD&A does not affect the opinion rendered (in other words, it does not result in a modified report).

RSI Audit Standard

AU-C 730 is the audit standard for required supplementary information. Click here for an overview of the supplementary information audit standards. The former supplementary information standards were SASs 118, 119 and 120; those standards are now–under the Clarity Standards–AU-C sections 720, 725, and 730.

Omitting the MD&A – Effect on a Compilation Report

In compilation reports, the language is as follows:

Management has omitted the management, discussion and analysis that accounting principles generally accepted in the United States of America require to be presented to supplement the basic financial statements. Such missing information, although not a part of the basic financial statements, is required by the Governmental Accounting Standards Board which considers it to be an essential part of financial reporting and for placing the basic financial statements in an appropriate operational, economic, or historical context. 

1 2 3 4
>