Tag Archives for " Government "

Jul 17

Government Auditing Standards 2018 Revision (Hot Off the Press)

By Charles Hall | Auditing , Local Governments

Government Auditing Standards 2018 Revision

The Government Accountability Office just issued the new Yellow Book titled Government Auditing Standards 2018 Revision.

Government Auditing Standards 2018 Revision

Get Your Free Copy

An electronic version of the 2018 Yellow Book can be accessed on GAO’s Yellow Book web page at http://www.gao.gov/yellowbook.

Major Changes

The introduction to the new Yellow Book summarizes the significant changes as follows:

This revision contains major changes from, and supersedes, the 2011 revision. These changes, summarized below, reinforce the principles of transparency and accountability and strengthen the framework for high quality government audits.

  • All chapters are presented in a revised format that differentiates requirements and application guidance related to those requirements.
  • Supplemental guidance from the appendix of the 2011 revision is either removed or incorporated into the individual chapters.
  • The independence standard is expanded to state that preparing financial statements from a client-provided trial balance or underlying accounting records generally creates significant threats to auditors’ independence, and auditors should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level or decline to perform the service.
  • The peer review standard is modified to require that audit organizations comply with their respective affiliated organization’s peer review requirements and GAGAS peer review requirements. Additional requirements are provided for audit organizations not affiliated with recognized organizations.
  • The standards include a definition for waste.
  • The performance audit standards are updated with specific considerations for when internal control is significant to the audit objectives.

Effective with the implementation dates for the 2018 revision of Government Auditing Standards, GAO is also retiring Government Auditing Standards: Guidance on GAGAS Requirements for Continuing Professional Education (GAO-05-568G, April 2005) and Government Auditing Standards: Guidance for Understanding the New Peer Review Ratings (D06602, January 2014).

Effective Dates

The 2018 revision of Government Auditing Standards is effective for financial audits, attestation engagements, and reviews of financial statements for periods ending on or after June 30, 2020, and for performance audits beginning on or after July 1, 2019.

Early implementation is not permitted.

The 2018 revision of Government Auditing Standards supersedes the 2011 revision (GAO-12-331G, December 2011), the 2005 Government Auditing Standards: Guidance on GAGAS Requirements for Continuing Professional Education (GAO-05-568G, April 2005), and the 2014 Government Auditing Standards: Guidance for Understanding the New Peer Review Ratings (D06602, January 2014). 

governmental internal controls
Apr 02

Useful Governmental Internal Controls that You Need Know

By Charles Hall | Fraud , Local Governments

Below I provide useful governmental internal controls that you need to know.

Why am I providing this list of useful controls? Most small governments struggle with establishing sound internal controls. So, the list provides a foundation for preventing theft in your government. While not a comprehensive list, I thought I would share it.

Many of the internal controls listed below are also pertinent to nonprofits and small businesses as well. You will find this same checklist in The Little Book of Local Government Fraud Prevention (available on Amazon) which provides many more fraud prevention ideas.

I am providing general fraud prevention controls and then transaction-level controls for:

  • Cash receipts and billing
  • Cash payments and purchasing
  • Payroll

governmental internal controls

Useful Governmental Internal Controls

General Internal Controls

  1. Have bank statements mailed directly to someone outside of accounting; recipient should peruse bank statement activity before providing it to accounting
  2. Perform surprise audits (use outside CPA if possible)
  3. Elected officials and management should review the monthly budget to actual reports (and other pertinent financial reports)
  4. Map internal control processes by transaction cycle (preferably done by a seasoned CPA); once complete, provide the map to all employees involved in the cycle; when control weaknesses exist, institute additional controls (see 11. below)
  5. Use a whistleblower program (preferably use an outside whistleblower company)
  6. Reconcile bank statements monthly (have a second person review and initial the reconciliation)
  7. Purchase fidelity bond coverage (based on risk exposure)
  8. Periodically request from the government’s bank a list of all bank accounts in the name of the government or with the government’s federal tax I.D. number; compare the list to bank accounts set up in the general ledger
  9. Secure computer access physically (e.g., locked doors) and electronically (e.g., passwords)
  10. Do not allow the electronic transmission (e.g., email) of sensitive data (e.g., social security numbers) without the use of protected transmission technology (e.g. Sharefile); create policy and train staff
  11. Where possible, segregate who (1) authorizes transactions, (2) records transactions, (3) reconciles records, and (4) has custody of assets; when segregation of duties is not possible, require documented second-person review and/or surprise audits

Transaction Level Controls

Cash Receipts and Billing Controls

  1. Use a centralized receipting location (when possible)
  2. Assign each cash drawer to a separate person; require daily reconciliation to receipts; require second person review
  3. Deposit cash timely (preferably daily); require the composition of cash and checks to be listed on each deposit ticket (to help prevent check-for-cash substitution)
  4. Immediately issue a receipt for each payment received; a duplicate of the receipt or electronic record of the receipt is to be retained by the government
  5. A supervisor should review receipting-personnel adjustments made to accounts receivable
  6. Do not allow the cashing of personal checks (e.g., from cash drawers)

Cash Payments and Purchasing Controls

  1. Guard all check stock (as though it were cash)
  2. Do not allow hand-drawn checks; only issue checks through the computerized system; if hand-drawn checks are issued, have a second person create and post the related journal entry
  3. Do not allow the signing of blank checks
  4. Limit check signing authorization to as few people as possible
  5. Require two employees to effectuate each wire transfer
  6. Persons who authorize wire transfers should not make related accounting entries
  7. Require a documented bidding process for larger purchases (and sealed bids for significant purchases or contracts); specify procedures for evaluating and awarding contracts.
  8. Limit the number of credit cards and the chargeable maximum amount on each card
  9. Allow only one person to use an individual credit card; require receipts for all purchases
  10. Require a street address and social security or tax I.D. numbers for each vendor added to accounts payable vendor list (P.O. box numbers without a street address should not be accepted)
  11. Signed vendor checks should not be returned to those who authorized the payment; mail checks directly to vendors
  12. Compare payroll addresses with vendor addresses for potential fictitious vendors (usually done with electronic audit tools such as IDEA or ACL)

Payroll Controls

  1. Provide a departmental overtime budget/expense report to governing body or relevant committee
  2. Use direct deposit for payroll checks
  3. Payroll rates keyed into the payroll system must be supported by proper authorization in the employee personnel file
  4. Immediately remove terminated employees from the payroll system
  5. Use biometric time clocks to eliminate buddy-punching
  6. Check for duplicate direct-deposit bank account numbers
  7. A department head should provide written authorization for overtime prior to payment

Your Recommendations

What additional controls do you recommend? Share your thoughts below.

Rita Crundwell story
Dec 06

The Rita Crundwell Story: Why Some Ranches Have a Bad Smell

By Charles Hall | Asset Misappropriation

Is it possible for one person to steal over $53 million from a city with an annual budget of less than $10 million? Yes. The Rita Crundwell story provides a cautionary tale for small businesses, governments, and nonprofits.

The Theft

Rita Crundwell, comptroller, and treasurer of Dixon, Illinois stole $53 million over a twenty-year period. The city of 16,000 residents held Crundwell in high esteem. One friend described her as “sweet as pie.” Another said: “You could not find a nicer person.”

So why did she steal? It appears Rita just enjoyed the good life. She used the money to fund one of the top quarter horse ranches in the country, and she did it with style: Some of the funds were used to purchase over $300,000 of jewelry and a $2.1 million motor coach vehicle.

Rita Crundwell story

The picture is courtesy of AdobeStock.com

Her annual salary? $80,000.

The city’s annual budget? $6 to $8 million

Were yearly audits performed? Yes.

Were budgets approved? Yes.

So how could this happen? Ms. Crundwell had won the trust of those around her—especially that of mayor and council. In April 2011, finance commissioner and veteran council member, Roy Bridgeman, praised Crundwell calling her “a big asset to the city as she looks after every tax dollar as if it were her own.” (Too much trust is the main cause of white-collar crime.)

It was a disturbing moment when Dixon Mayor James Burke presented the FBI with evidence of Crundwell’s fraud. Burke later recalled his emotions and words: “I literally became sick to my stomach, and I told him that I hoped my suspicions were all wrong.” Such a response is understandable given that Crundwell had worked for the city for decades. She had fooled everyone.

According to the mayor, the city’s annual audits raised no red flags, and the city’s primary bank never reported anything suspicious. So how did she steal the money? In 1990, Crundwell opened a secret bank account in the name of the city (titled the RSDCA account: the initials stood for reserve sewer development construction account). Crundwell was the only authorized check signer for the account, and the RSDCA bank account was never set up on the city’s general ledger. The City’s records reflected none of the RSDCA deposits or disbursements.

Crundwell would write and sign manual checks from a legitimate city capital project fund checking account, completing the check payee line with “Treasurer.” (Yes, Crundwell had the authority to issue checks with just her signature—even for legitimate city bank accounts.) She would then deposit the check into her secret account. From the bank’s perspective, a transfer had been made from one city bank account to another (from the capital projects fund to the reserve sewer development construction fund).

While the capital project fund disbursement was recorded on the city’s books, the RSDCA deposit was not. A capital project fund journal entry was made for each check debiting capital outlay expense and crediting cash. But no entry was made to the city’s records for the deposit to the RSDCA account. Once the money was in the RSDCA account, Crundwell wrote checks for personal expenses—and she did so for over twenty years.

To complete her deceit, Crundwell provided auditors with fictitious invoices from the Illinois Department of Transportation; these invoices included the following notation: Please make checks payable to Treasurer, State of Illinois. (So the canceled checks made out to Treasurer agreed with directions on the invoice, but the words “State of Illinois” were conveniently left off the check payee line.) Remember Crundwell was the treasurer of Dixon. 

Those invoices and the related checks were often for round dollar amounts (e.g., $250,000) and most were for more than $100,000. In one year alone, Crundwell embezzled over $5 million.

So how was she caught? While Rita was on an extended vacation for horse shows, the city hired a replacement for her. For some reason, Crundwell’s substitute requested all bank account statements from the city’s bank. As the bank statements were reviewed, the secret bank account was discovered. And soon after that, the mayor contacted the FBI.

The Weakness

Why was Rita able to steal $53 million? Wait for it…a lack of segregation of duties (getting tired of my saying this?–sorry, but so many thefts are rooted in this weakness).

Rita could do the following:

  • Write checks
  • Approve payments
  • Create and monitor the budget
  • Enter transactions into the accounting system
  • Reconcile the bank statements

The Fix

Multiple people should perform accounting duties, not just one person.

Accounting employees should be required to take at least a one-week vacation, and while they are gone, someone else should perform their duties. The vacation itself is not the key. The performance of the absent accountant’s duties is. Why? Doing so allows the replacement person to understand the work of the vacant employee. And, more importantly, as the substitute employee works, he or she sees any unusual or fraudulent activity.

Here’s another action to take. Periodically contact your organization’s bank and ask for a list of all bank accounts. Then compare the list to the bank accounts set up on the general ledger. If a bank account is not on the general ledger, see why. Request a copy of the related signature card from the bank.

What Happened to Rita?

So, what happened to Rita? She was sentenced to 19.5 years in prison. Here are pictures from the Chicago Tribune that shed light on the fraud.

Capital asset theft
Nov 07

Theft of Capital Assets: How to Understand It and Prevent It

By Charles Hall | Asset Misappropriation

The Theft

In businesses, nonprofits, and governments, the theft of capital assets happens often. Today I explain how these thefts occur and how you can prevent them.

A USA Today article began with, “Stolen and sensitive U.S. military equipment, including fighter jet parts wanted by Iran…have been available to the highest bidder on popular Internet sales sites.” The article went on to say that the equipment, “purchased with taxpayer money,” was available for purchase on eBay and Craigslist and included “components from F-14 fighter jets” and “used Nuclear Biological Chemical protective suit.”

Capital asset theft

Picture is courtesy of Adobe pStock.com

Capital assets often go missing because no one is paying attention, and the thief knows it. Such assets can be stolen with the intent to sell and convert to cash or simply for personal use.

The thefts often occur when employees place equipment or other capital assets in their vehicles and drive home. If the employee wants to cover their tracks, they might complete accounting paperwork for disposal of assets (saying the equipment was junked). More often than not, however, the asset is just stolen because the employee knows that no one will notice, or, if someone does, he can say, “I don’t know what happened to that piece of equipment.”

Long-term employees realize that the external auditors seldom audit existing capital assets. Yes, the auditor will examine an invoice, but how many auditors physically inspect plant, property and equipment?

The Weakness

The main enabling factor is usually a lack of accountability. Many companies, nonprofits, and small governments do not perform periodic fixed asset inventories. Often equipment is purchased and added to the depreciation schedule, but no one–at a later date–compares this master list of fixed assets to what is (or should be) physically present.

The Fix

Performing periodic inventories is the key to lessening the threat of capital asset theft.

First assign each capital asset to a person (usually a department head or a supervisor); let this person know that he or she is personally responsible for the item. Then have someone external to each department perform periodic inventories of departmental assets.

Also, install security cameras to record all activity.

Segregation of Duties
Jun 06

How to Lessen Segregation of Duties Problems in Two Easy Steps

By Charles Hall | Auditing , Fraud

Darkness is the environment of wrongdoing.

Why?

No one will see us–or so we think.

As you’ve seen many times, fraud occurs in darkness.

In J.R.R. Tolkien’s Hobbit stories, Sméagol, a young man murders another to possess a golden ring, beautiful in appearance but destructive in nature. The possession of the ring and Sméagol’s hiding of self and his precious (the ring) transforms him into a hideous creature–Gollum. I know of no better or graphic portrayal of how that which is alluring in the beginning, is destructive in the end.

Fraud opportunities have those same properties: they are alluring and harmful. And, yes, darkness is the environment of theft. What’s the solution? Transparency. It protects businesses, governments, and nonprofits. And while we desire open and understandable processes, often businesses have just a few employees that operate the accounting system. And many times they alone understand how it works.

It is desirable to divide accounting duties among various employees, so no one person controls the entire process. This division of responsibility creates transparency since multiple eyes see the accounting processes–but this is not always possible.

Lacking Segregation of Duties

Many small organizations lack appropriate segregation of duties and believe that solutions do not exist or that fixing the problem is too costly. But is this true? Can we create greater transparency and safety with simple procedures and without significant cost?

Yes.

Below I propose two processes to reduce fraud:

  1. Bank account transparency and
  2. Surprise audits.

1. Bank Account Transparency

Here’s a simple and economical control: Provide all bank statements to someone other than the bookkeeper. Allow this second person to receive the bank statements before the bookkeeper. While no silver bullet, it has power.

Persons who might receive the bank statements first (before the bookkeeper) include the following:

  • A nonprofit board member
  • The mayor of a small city
  • The owner of a small business
  • The library director
  • A church leader

What is the receiver of the bank statements to do? Merely open the bank statements and review the contents for appropriateness (mainly cleared checks).

In many small entities, accounting processes are a mystery to board members or owners since only one person (the bookkeeper) understands the disbursement process, the recording of journal entries, billing and collections, and payroll.

One set of eyes on an accounting process is not a good thing. So how can we shine the light?

Fraud Prevention

Picture courtesy of DollarPhoto.com

Second Person Sees the Bank Statements

Allow a second person to see the bank statements.

Fraud decreases when the bookkeeper knows someone is watching. Suppose the bookkeeper desires to write a check to himself but realizes that a board member will see the cleared check. Is this a deterrent? You bet.

Don’t want to send the bank statements to a second person? Request that the bank provide read-only online access to the second person, and let the bookkeeper know that the other person will review bank activity.

Even the appearance of transparency creates (some) safety.

Suppose the second person reviewer opens the bank statements (before providing them to the bookkeeper) and does nothing else. The perception of reviews enhances safety. I am not recommending that you don’t perform the review, but if the bookkeeper even thinks someone is watching, fraud will lessen.

2. Surprise Audits

Another way to create small-entity transparency is to perform surprise audits. These reviews are not opinion audits (such as those issued by CPAs) but involve random inspections of various areas such as viewing all checks clearing the May bank statement. Such a review can be contracted out to a CPA or performed by someone other than the bookkeeper–such as a board member.

Segregation of Duties

Picture courtesy of DollarPhoto.com

Adopt a written policy stating that the surprise inspections will occur once or twice a year.

The policy could be as simple as the following:

Twice a year a board member (or designee other than the bookkeeper) will inspect the accounting system and related documents. The scope and details of the inspection will be at the judgment of the board member (or designee). An inspection report will be provided to the board.

Why word the policy this way? You want to make the system general enough that the bookkeeper has no idea what will be inspected but distinct enough that an actual review occurs with regularity (thus the need to specify the minimum number of times the review will be performed).

Sample Inspection Ideas

Here are some sample inspection ideas:

  • Inspect all cleared checks that clear a particular month for appropriate payees and signatures and endorsements
  • Agree all receipts to the deposit slip for three different time periods
  • Review all journal entries made in a two week period and request an explanation for each
  • Review two bank reconciliations for appropriateness
  • Review one monthly budget to actual report (to see that the report was appropriately created)
  • Request a report of all new vendors added in the last six months and review for appropriateness

The reviewer may not perform all of the procedures and can perform just one. What is done is not as important as the fact that something is done. In other words, the primary purpose of the surprise audit is to make the bookkeeper think twice about whether he or she can steal and not be caught.

Again multiple people seeing the accounting processes reduces the threat of fraud.

Shine the Light

The beauty of these two procedures (bank account transparency and surprise audits) is they are straightforward and cheap to implement but nevertheless powerful. So shine the light.

What other procedures do you recommend for small entities?

For more information about preventing fraud, check out my book: The Little Book of Local Government Fraud Prevention.

>