When I speak to federal grant recipients about the new risk and integrity assessment, I often say that risk is NOT an “only” child. In other words, when bad things happen to good grant recipients it often is a failure on many levels that allow waste, fraud and abuse to occur and grow.
A recent example in the news about a municipal employee who is accused of using her city credit card to make over $91,000 in personal purchases over a seventeen month period is a great case in point.
Grand Theft and Scheming to Defraud
Police discovered a large amount of consumer electronics purchased with city credit cards at the home of the accused thief. While this case winds its way through the legal system, let’s look at some of the internal control failures that allowed this type of abuse of both taxpayer money and broken trust to flourish:
WUFT TV reports the employee:
- Was hired as an assistant to two different city department managers
- Used both credit cards issued to her and the two managers to whom she was assigned to support to make 169 purchases
- Made many of the purchases during off-duty hours and at locations away from her job site
- Purchased electronics and gift cards with the credit cards
Are you seeing some of the things that should have thrown up red flags in a well-functioning internal control environment?
When an employee reports to multiple managers without a clear line of accountability confusion is introduced into the control environment. Control activities such as purchase authorizations and review of credit card charges should have alerted management and the finance department bad things were happening.
And as painful as this reality is… it really gets even worse!
>>For more on internal controls, check out the Minimalist Guide to Internal Controls
Let’s look at more ways multiple failures of internal controls allowed this theft to thrive:
Red Flags: Motive, Opportunity and Excuses
For fraud to occur there are three key elements that you will always find:
#1: Motivation (Do I want it?)
#2: Rationalization (Do I “deserve” it?)
#3: Opportunity (Can I get away with it?)
The trifecta of motive, rationalization and opportunity create holes in the safety net of protection for taxpayer funds. While motivation and rationalization are difficult to deter; preventing and detecting opportunities for waste and fraud to occur is within the control of the organization.
In this case study, we will look at ways grant managers and others protecting taxpayer funds can reduce the odds that this type of fraud could take place at their organization.
Red Flags: Authorization. Record-keeping and Custody
Control activities such as purchase requisition forms, and review of expense reports should be incorporated into the day-to-day processes and procedures at your organization.
This is because control activities like these can preserve the public trust by deterring and detecting waste, fraud and abuse of taxpayer funds.
In fact, one of the cornerstone concepts that limit the opportunities for fraud to occur is called “segregation of duties”. Simply put, segregation of duties mean that the activities of authorization, record-keeping and custody should not be done by the same person. In this case:
- The employee had physical custody of credit cards for herself and her two managers and many of the goods purchased were in her custody at her home.
- It appears that the employee was able to authorize purchase both for herself and her managers without oversite by at least one level above the person making the purchase such as a purchase requisition process or manager review of credit card charges.
- Record-keeping was non-existent or not reviewed, as purchases after work hours and for items such as gift cards should have stuck out like a sore thumb especially since the city stated their policy was to have expense reports reviewed by two levels of supervisors.
Limiting the opportunities to commit fraud is one of the reasons the emphasis on internal controls for grant recipients has been increased for federal grants since the advent of 2 CFR Part 200-Uniform Guidance. Internal controls are not just for finance people anymore!
Red Flags: A Tale of Two Budgets
One of the required reports for federal grant recipients is budget vs. actual reporting. This form of reporting is valued because it can signal problems with completing the program objectives on time and on budget. There is also another reason and that is it has a detective benefit of flagging potential minefields such as waste and abuse of taxpayer funds.
This case-study proves that point as one of the red-flags to authorities was when her two managers started investigating their two actual spending reports to determine why they were more than their respective budgets. One thing led to another and managers came to realize that the unauthorized credit card purchases were a major contributor to the costs exceeding the agreed upon budget.
Score one for budget vs. actual reporting!
Red Flags: Background Checks and an Ounce of Prevention
Finally, internal controls can be preventive (before-the-fact) or detective (after-the-fact.) By putting in place preventative controls in addition to detective controls such as monitoring, you can limit risk and reduce opportunities for fraud to occur.
In our case study, the person accused of grand theft and scheming to defraud had a discoverable criminal history including charges for scheming to defraud in another county.
Does your organization have preventive controls in place? For example:
- How do you ensure that people with prior convictions for financial crimes are not placed in positions of trust that include access to credit cards and other purchase methods?
- How is risk communicated from the Human Resource function charged with hiring individuals to the managers of departments they work in, and the financial staff issuing credit cards and other purchasing access?
- Do you have a periodic evaluation process that looks for new opportunities for fraud to occur as business processes and personnel change over time?
As you can see, bad things can happen to good organizations if strong internal controls are not in place. Wise organizations recognize that the risk of waste, fraud and abuse thrives as there are breakdowns in control activities. What steps are you taking to prevent a similar unfortunate story at your organization?
Want to Know More About Grant Management?
We offer online and live grant management training with our signature 2-day Grant Management Boot Camp program. Go through the Administrative Requirements and Cost Principles, network with other grant professionals and feel supported in your learning with a full year of e-mentoring during and after your training.
Author: Lucy M. Morgan, CPA, MBA, GPA Approved Trainer