Fraud Prevention for Small Governments

By Charles Hall | Fraud , Local Governments

Many small governments suffer losses from theft since they lack a sufficient number of employees to segregate accounting duties. There are, however, steps you can take to protect your resources. In this post, I provide ideas for fraud prevention in small governments.

Most government officials don’t realize that external audits are not designed to detect immaterial fraud (immaterial can be tens of thousands of dollars – sometimes even more). Such officials incorrectly believe that a clean opinion means no fraud is occurring in their locale – this is a mistake. External financial statement opinion audits are not designed to look for fraud at immaterial levels. Even if your government has an external audit, consider implementing fraud prevention procedures.

In a typical small government accounting setting, the city of In Between (as in between two stop lights) (population 1,202) has a mayor and three council members. The city has one bookkeeper (we’ll call him Dale) who orders and receives all purchased items; he writes all checks, reconciles bank statements, and keys all transactions into the accounting system. Dale also receipts all collections and makes all deposits. Mayor Chester signs all checks (vendor and payroll). (In a long-standing tradition, the mayor also graces the city Christmas parade float as Santa Claus.) With so little segregation of duties, what can be done?

The smaller the government, the greater the need for fraud prevention – even if Santa Claus in involved. And yet, these are the governments that most often don’t have the resources–whether the money to pay for outside assistance or employees to segregate duties–to prevent fraud. Here are few ideas for even the smallest of governments.

Low-Cost Fraud Prevention

First, let’s look at low-cost fraud prevention options:

• Have all bank statements mailed directly to Mayor Chester who will open and inspect the bank statement activity before providing the bank statements to Dale; alternatively, provide online access to Mayor Chester who reviews bank statement activity and signs a monthly memo documenting his review
• Once or twice a year, have council members pick two months at random (e.g., May and September) and review key bank statement activity (e.g., the operating and payroll accounts)
• Once or twice a year, have council members randomly select checks (e.g., ten vendor checks and ten payroll checks) and review supporting documentation (e.g., invoices and time sheets)
• Once or twice a year, have the mayor and council review receipt collections and related documentation (e.g., for two days deposits); agree receipts to bank deposits and to the general ledger
• Provide monthly budget to actual reports to mayor and council
• Provide monthly overtime summaries to mayor and council
• Do not allow Dale to sign checks
• Require two signatures on checks above a certain level (e.g., $5,000); have two of the council members (in addition to the mayor) on the bank signature cards; supporting documentation (e.g., invoice) should be provided to check signers for review
• Require Mayor Chester and Dale to authorize any wire transfers
• Have Dale provide the mayor with monthly bank reconciliations; the mayor should document (e.g., initial the reconciliation) his review
• Don’t provide Dale with a credit card
• If Dale is provided a credit card, provide him with one card; use a low maximum credit limit (e.g., $1,000); Dale’s credit card statements should be provided to the mayor when he signs the related check for payment
• Use a centralized receipting location (if possible); receipts should always be written upon collection of a payment

Higher Cost Fraud Fraud Prevention

Now let’s examine some higher cost options (that are probably more effective):

• Have an outside CPA or Certified Fraud Examiner (CFE) perform the receipting and payment tests listed above
• Have an outside CPA or CFE map your internal control system and make system-design recommendations
• Have an outside CPA or CFE make surprise unannounced visits (e.g., two per year) to examine the receipting system, payroll, and the payment system; at the beginning of the year, tell Dale that the surprise visits will occur (details of what will be tested should not be communicated to Dale)
• Install a security camera to record all of Dale’s collection and receipting activity
• Purchase fidelity bond to cover elected officials and Dale

Keep in mind that you can limit the cost of the outside CPA. The contract might read Surprise audit of vendor payments with cost limited to $1,500. Try to contract with a CPA or CFE with governmental experience. The surprise audits and the fidelity bond recommendations are, in my opinion, the most critical steps.

Some states like New York audit local governments for fraud; consequently, if your local government is frequently audited by a state agency, there may be less of a need to hire an outside CPA or CFE to perform fraud prevention procedures.

Additional Fraud Prevention Resources

Click here for a list of local government controls to consider.

For additional insights into preventing fraud in your government, get The Little Book of Local Government Fraud Prevention on Amazon.

Four Keys to Better Client Interviews

By Charles Hall | Auditing

Many times I have interviewed accounting staff and walked away thinking, “I have no idea what they just said to me.” Do you ever have this problem? If yes, this article is for you. Below I provide four keys to better client interviews.

In my early years–fresh out of college–I would think: “I must be stupid. It’s obvious, he understands what he just said, but I don’t.” Often my anxiety would increase when I realized the interviewee (e.g, accounts payable clerk) had no college degree (and me, a masters in accounting).

Reasons We Don’t Understand

After years of performing interviews, I realized that I wasn’t dense (at least, not as much as I thought), and that I was encountering what The Art of Explanation calls, the “curse of knowledge.”

What is the “curse of knowledge?” It’s when someone knows a subject very well, and, consequently, has a difficult time imagining what it is like to not know it. I was experiencing the “curse of knowledge.” Those I interviewed thought I knew what they knew. As a result, they left out details.

Also, those I interviewed had years of experience doing the same job day after day. Of course they understood what they did. But I had less than an hour, in many cases, to grasp their duties.

Additionally, those I interviewed used a language unique to their office, and I, mistakenly, tried to use a different language—one I had learned in college. The result: we did not understand one another. So how can I communicate and comprehend better?

Four Keys to Interviewing

1. Pay attention to their language and use it.

If they call it a thingy, then I call it a thingy.

2. Seek understanding more than trying to impress.

I often want to impress more than I desire to understand. The remedy: Admit (maybe even out loud) I don’t know everything.

I tell the clerk, “Treat me like I don’t know anything. I’ve never been here, so I need your help in understanding what you do.”

To higher level personnel (e.g., CFO), I might say, “I have worked in this industry for fifteen years, but I need your help to understand how you guys operate.”

3. Repeat what is said to you.

For example, “May I repeat what you just said to make sure I understand? ‘The thingy is created once per week on Mondays to ensure that total receipts agree with deposits.’”

4. Use your cell phone to take pictures and to record parts of the interview.

Just last week, I reviewed a complex accounting system (for about three hours). As I did so, I used my cell phone Evernote app to take pictures of computer screens and printed reports. I also used the app to record parts of the conversation. Later, I summarized the conversation in memo form (complete with pictures).

Scanbot is another useful iPhone app if you take pictures of client information. By using your phone to take pictures, you can leave your physical scanner in your office.

Your Interviewing Ideas

Have I left out any key interviewing ideas? Please share your thoughts.

Check out my series of articles about auditing.

AICPA Consulting Standards – The Swiss Army Knife

By Charles Hall | Accounting and Auditing

Do your clients ever ask you to perform unusual services? When those requests come, do you ever struggle with which standards to follow or what the deliverable will be? Should you follow the Attestation Standards or the Auditing Standards, or maybe the SSARS–or are we forgetting something? Sometimes the answer lies in the Consulting Standards. 

Examples of Consulting Services

Here are three examples of consulting services:

1. My client wants me to perform test counts of inventory, but he wants it done at a low cost. No third party will see the results of the engagement. 
2. My client wants me to review their accounts payable internal controls, and he doesn’t need an audit or a formal attest engagement. 
3. My client thinks fraud is occurring in his payroll, but she does not want an audit. 

Most CPAs are familiar with compilation and review standards (Statement on Standards for Accounting and Review Services) and audit standards (Statement on Auditing Standards). They also know about the attestation standards (Statement on Standards for Attestation Engagements), but many are not familiar with the consulting standards (Statement on Standards for Consulting Services).

Consulting Standards Primer

You might call the AICPA Consulting Standards the CPA’s swiss army knife. Many of the services you provide fall under these standards.

What services fall under the consulting standards? 

The consulting standards specifically address six areas:

1. Consultations – e.g., reviewing a business plan
2. Advisory services – e.g., assistance with strategic planning
3. Implementation services – e.g., assistance with a merger
4. Transaction services – e.g., litigation services
5. Staff and other support services – e.g., controllership services
6. Product services – e.g., providing packaged training services

CPAs often provide consulting services such as the following:

• Consultations about complex transactions
• Fraud investigation services
• Internal control services
• Bankruptcy services
• Divorce settlement services
• Controllership services
• Business plan preparation
• Cash management
• Software selection
• Business disposition planning

When can I use the consulting standards?

I recently posted about when you can use the consulting standards. If there is no third-party reliance on the report, consider the option.

Also, you can use the consulting standards in conjunction with other standards. For example, you could perform an agreed-upon procedures engagement, issuing an AUP report, and also provide the client with a second consulting report. Many times this is a good option. Too often CPAs put consulting type information (e.g., recommendations) in an AUP report. Since AUPs are designed in a “procedures, results” format, it’s best to address secondary issues in a separate consulting report. If you design your engagement in this manner, the results will be (1) an AUP report that addresses the agreed upon procedures and results, and (2) a consulting report that covers other considerations.

Characteristics of a Consulting Engagement

1. Generally nonrecurring
2. Usually, requires a CPA with specialized knowledge and skills
3. More interaction with client
4. Done just for the client (usually no third parties seeing the results)

Consulting Work Paper Requirements

The work paper requirements are minimal.

The understanding with the client can be oral or in writing (I recommend the latter). 

Keep in mind that the AICPA Code of Professional Conduct does require the CPA who performs a nonattest service (e.g., consulting) and an attest service (e.g., audit) to follow the independence guidance in the Code of Conduct. See 1.295 Nonattest Services of the Code.

The consulting standards do not require the CPA to prepare work papers, but you should do so anyway. The work papers are the link between your work and your report. Also, the general standards of the profession, contained in 1.300 of the AICPA Code of Professional Conduct, apply to all services performed by members. 1.300 says “Sufficient relevant data. Obtain sufficient relevant data to afford a reasonable basis for conclusions or recommendations in relation to any professional services performed.”

Consulting Reports

The report content and format are up to you and your client.

No Opinion or Accountant’s Report

For consulting engagements, the CPA does not issue an opinion or any other attestation report (e.g., agreed-upon procedures report). Consulting reports are usually designed for the client and not third parties.

Subject to Peer Review?

Work performed under the Consulting Standards is not subject to peer review.

Where Can I Find the AICPA Consulting Standards?

You can see the consulting standards here. 

The AICPA Consulting Standards: Another Arrow in Your Quiver

By Charles Hall | Accounting and Auditing

I find that many CPAs aren’t aware of the AICPA Consulting Standards. So, here’s a post about them.

Are you ever asked to perform an atypical engagement (e.g., creating a schedule of water losses for a city)–and then you wonder “what professional standards should I follow?”

Audit standards? No, you’re not opining on anything.

Maybe the compilation and review standards? No, a schedule is not a financial statement.

How about agreed upon procedures? Well, no again–AUPs normally include tests and conclusions.

We need another arrow in our quiver!

Most CPAs are familiar with compilation and review standards (Statement on Standards for Accounting and Review Services – SSARS) and audit standards (Statement on Auditing Standards – SAS) and even attestation standards (Statement on Standards for Attestation Engagements – SSAEs – commonly used for agreed upon procedures), but many are not familiar with the consulting standards (Statement on Standards for Consulting Services – SSCS).

Why?

I’m not really sure. But I seldom see consulting standard CPE classes. Yet many services are subject to this guidance.

AICPA Consulting Standards Primer

You might call the AICPA Consulting Standards the CPA’s swiss army knife.

What services fall under the consulting standards?

The consulting standards specifically address six areas:

1. Consultations – e.g., reviewing a business plan
2. Advisory services – e.g., assistance with strategic planning
3. Implementation services – e.g., assistance with a merger
4. Transaction services – e.g., litigation services
5. Staff and other support services – e.g., controllership services
6. Product services – e.g., providing packaged training services

CPAs often provide consulting services such as the following:

• Consultations with regard to complex transactions
• Fraud investigation services
• Internal control services
• Bankruptcy services
• Divorce settlement services
• Controllership services
• Business plan preparation
• Cash management
• Software selection
• Business disposition planning

When can I use the consulting standards?

Usually when the information will not be provided to a third party.

When performing work under the consulting standards, you are not attesting (providing comfort) on the work performed. Usually, you need to follow the SASs, SSARS, or SSAEs if you are attesting (providing comfort to an outside party).

Characteristics of a Consulting Engagement

• Generally nonrecurring
• Requires a CPA with specialized knowledge and skills
• More interaction with client
• Generally performed for the client (usually, no third party sees the information)

Consulting Work Paper Requirements

Consulting work paper requirements are minimal. Nevertheless, documentation is always wise.

The understanding with the client can be oral or in writing (I recommend the latter).

The consulting standards do not require the CPA to prepare work papers, but you should do so anyway – the work papers are the link between your work and your report. Also the general standards of the profession, contained in the AICPA Code of Professional Conduct, apply to all services performed by members. The general standards state:

Sufficient Relevant Data. Obtain sufficient relevant data to afford a reasonable basis for conclusions or recommendations in relation to any professional services performed.

Consulting Reports

The report content and format are up to you and your client.

No Opinion or Accountant’s Report

For consulting engagements, the CPA does not issue an opinion or any other attestation report (e.g., accountant’s report on agreed-upon procedures ).

Subject to Peer Review?

Are products created using the Consulting Standards subject to peer review? No.

Where Can I Find the AICPA Consulting Standards?

You can see the consulting standards here.

Photos above are courtesy of iStockphoto.com.