When I speak to federal grant recipients about the new risk and integrity assessment, I often say that risk is NOT an “only” child.
In other words, when bad things happen to good grant recipients, it often is a failure on many levels that allow waste, fraud, and abuse to occur and grow.
A recent example in the news about a municipal employee accused of using her city credit card to make over $91,000 in personal purchases over a seventeen-month period is an excellent case in point.
Grand Theft and Scheming to Defraud
Police discovered many consumer electronics purchased with city credit cards at the home of the accused thief.
While this case winds its way through the legal system, let’s look at some of the internal control failures that allowed this type of abuse of both taxpayer money and broken trust to flourish:
WUFT TV reports the employee:
- Was hired as an assistant to two different city department managers
- Used both credit cards issued to her and the two managers to whom she was assigned to support to make 169 purchases
- Made many of the purchases during off-duty hours and at locations away from her job site
- Purchased electronics and gift cards with the credit cards
Are you seeing some of the things we highlight in this internal control case study that should have thrown up red flags in a well-functioning internal control environment?
When an employee reports to multiple managers without clear accountability, confusion is introduced into the control environment.
Control activities such as purchase authorizations and review of credit card charges should have alerted management and the finance department bad things were happening.
And as painful as this reality is… it really gets even worse in this internal control case study!
>>For more on internal controls, check out the Minimalist Guide to Internal Controls
Let’s look at more ways multiple failures of internal controls allowed this theft to thrive:
Red Flags: Motive, Opportunity, and Excuses
For fraud to occur, there are three key elements that you will always find:
#1: Motivation (Do I want it?)
#2: Rationalization (Do I “deserve” it?)
#3: Opportunity (Can I get away with it?)
The trifecta of motive, rationalization, and opportunity create holes in the safety net of protection for taxpayer funds.
While motivation and rationalization are difficult to deter, preventing and detecting opportunities for waste and fraud is within the organization’s control.
In this internal control case study, we will look at ways grant managers and others protecting taxpayer funds can reduce the odds that this type of fraud could occur in their organization.
Red Flags: Authorization. Record-keeping and Custody
Control activities such as purchase requisition forms and review of expense reports should be incorporated into your organization’s day-to-day processes and procedures.
The control activities described above can preserve public trust by deterring and detecting waste, fraud, and abuse of taxpayer funds.
One cornerstone concept that can limit fraud’s opportunities to occur is called “segregation of duties.”
Simply put segregation of duties means that the same person should not do the activities of authorization, record-keeping, and custody.
In this case:
- The employee had physical custody of credit cards for herself and her two managers, and many of the goods purchased were in her possession at her home.
- It appears that the employee could authorize purchases for herself and her managers without oversite by at least one level above the person making the purchase, such as a purchase requisition process or manager review of credit card charges.
- Record-keeping was non-existent or not reviewed, as purchases after work hours and for items such as gift cards should have stuck out like a sore thumb, especially since the city stated their policy was to have expense reports reviewed by two levels of supervisors.
Limiting the opportunities to commit fraud is one of the reasons the emphasis on internal controls for grant recipients has been increased for federal grants since the advent of 2 CFR Part 200-Uniform Guidance.
Internal controls are not just for finance people anymore!
Red Flags: A Tale of Two Budgets
One required report for federal grant recipients is budget vs. actual reporting.
This reporting form is valued because it can signal problems with completing the program objectives on-time and on-budget.
Another reason is that reporting has the detective benefit of flagging potential minefields such as waste and abuse of taxpayer funds.
This internal control case study proves that point as one of the red-flags to authorities was when her two managers started investigating their two actual spending reports to determine why they were more than their respective budgets.
One thing led to another, and managers realized that the unauthorized credit card purchases were a major contributor to the costs exceeding the agreed-upon budget.
Score one for budget vs. actual reporting!
Red Flags: Background Checks and an Ounce of Prevention
Finally, internal controls can be preventive (before-the-fact) or detective (after-the-fact.)
By putting in place preventative controls in addition to detective controls such as monitoring, you can limit risk and reduce opportunities for fraud to occur.
In our case study, the person accused of grand theft and scheming to defraud had a discoverable criminal history, including charges for scheming to defraud in another county.
Does your organization have preventive controls in place? For example:
- How do you ensure that people with prior convictions for financial crimes are not placed in positions of trust, including access to credit cards and other purchase methods?
- How is risk communicated from the Human Resources function charged with hiring individuals to the managers of their departments and the financial staff issuing credit cards and other purchasing access?
- Do you have a periodic evaluation process that looks for new opportunities for fraud to occur as business processes and personnel change over time?
As you can see, bad things can happen to good organizations if strong internal controls are not in place.
Wise organizations recognize that the risk of waste, fraud, and abuse thrives due to breakdowns in control activities.
What steps are you taking to prevent a similar unfortunate story at your organization?
Leave a Reply