RFP Staff
♦ If the public doesn’t watch for fraud, the motivation to prevent it or end it by City management isn’t likely to be a high priority. Auditors test financial statements, not what people do in city government. Even so, the public can see warning signs of potential fraud and a gradual trend in the last five years of the City’s Comprehensive Annual Financial Reports toward increasing vulnerability for fraud.
What makes the City of Salisbury’s government prone to financial fraud, misappropriation of funds, corrupt cover-ups of mismanaged or even hidden funds? Why are there more warning signs now than six years ago? Barring that city management then was better at hiding weaknesses, deficiencies, and violations than they are now, Salisbury appears to be more vulnerable these days to fraud.
Warning Bells about Fraud in Salisbury
Martin Starnes uncovered that Salisbury’s financial statements had “material weaknesses” and “significant internal control deficiencies” in recent years. They also uncovered that Salisbury, NC is in violation of NC General Statutes because Fibrant is operating with a deficit.
Salisbury Has Been in Violation of NC General Statutes for Five Years Due to Fibrant’s Deficit
Over the last five fiscal years, an audit finding each year indicates the City has violated NC General Statutes:
“Criteria: Management should have a system of controls in place to reduce the likelihood that violations of General Statutes occur and go undetected.
Condition: At the end of the current year, the Broadband Services Fund was operating in a deficit (deficit net position).
Context: While reviewing the client’s draft of the financial statements, we noted the condition described above.
Effect: The City was in violation of North Carolina General Statutes” (found on p. 169 of 172 this year).
Salisbury Was Found to Have Both Material Weaknesses and Significant Internal Control Deficiencies
For the fiscal year ending in June of 2014, an audit finding stated that material weakness(es) were identified in internal control over financial reporting. Material weaknesses indicate that there is a reasonable possibility that a misstatement of the entity’s financial statements will not be prevented or detected and corrected on a timely basis. A material weakness in a financial statement can mean that fraud or errors will exist undetected or unreported for a period of time. Such a period of time may provide opportunities for additional fraud (or errors). Over a year may have passed before the controls were placed to end the weakness.
In the latest audit, Salisbury is found to have significant deficiencies identified in the internal controls over financial reporting. Internal controls are practices that lessen the likelihood of fraud and errors in finance reporting. Since people aren’t perfect, the results of any financial report or even audit are likely to contain a small percentage of error. Increasing controls keeps down error and – more importantly – fraud. A deficiency in control might include a failure to reconcile an account, a handwritten receipt by a spender who says he lost the original, or a purchase from a source that is found to be against policy (such as a relative of the official).
Despite findings such as a violation of state statutes, material weaknesses, and now significant internal controls in the financial statements, the City states – as it has every year since 1998 – “We believe the City’s internal accounting controls adequately safeguard assets and provide reasonable assurance of proper recording of financial transactions.”
What Exactly Is the Auditor Responsible for? (Or, Why is Salisbury Still in Violation?)
The auditor does not audit the city’s systems, only the financial statements provided by the management.
What that means for taxpayers is that local government fraud is best contained by the enforcement of strong controls by the City over how each individual manages financial collection and reporting in that institution.
In the City’s report, Martin Starnes & Associates state, “The purpose of this report is solely to describe the scope of our testing of internal control and compliance and the result of that testing, and not to provide an opinion on the effectiveness of the entity’s internal control or on compliance.”
The auditor is not responsible for the City’s compliance, for recommending prosecution, or for catching fraudsters in action. That is the responsibility of management or any individual who gains knowledge of fraud in the City. The auditor alerts management that weaknesses exist in financial statements and gives suggestions about how to address them in their findings.
Of course, we presume management would want to correct violations, weaknesses, and deficiencies in financial practices themselves – not simply in what is visible in the documents – and not hide fraud or errors.
What Are the Most Dangerous Risks for Fraud in Salisbury? A Look at Management
Unfortunately, the most dangerous risk for fraud is often located at the top of an organization in the management itself. It is most often staff, such as a fellow employee of a fraudster, who notices the misappropriation of funds. They may, however, choose not to report it. This is due to the not-so-surprising fact that whistle-blowers are sometimes persecuted, even fired. Worse still, management itself can perpetrate or hide fraud.
Let’s look at what the experts say about who perpetrates fraud and how fraud can work.
According to documents posted by the National Association of Development Organizations (NADO), “Research shows that it is employees and managers, not auditors, who detect most misappropriation of assets and financial statement frauds. To prevent fraud effectively, widespread monitoring by employees and others must be encouraged” Additionally, NADO posts, “Most fraudsters exhibit behavioral traits that can serve as warning signs of their actions. These red flags — such as living beyond one’s means or exhibiting excessive control issues — generally will not be identified by traditional internal controls” (emphasis ours). NADO includes that “small government entities and nonprofits are more susceptible to theft and fraud than any other type of business.”
But what if you have a friend whose job was “eliminated” after he reported suspicious financial activity? Let’s say that your friend noticed money placed into his department’s account and then transferred out after an audit with no documentation for either transfer. After reporting it, let’s say he was informed his position was going to be eliminated to save costs for the city. Would you be as willing to blow the whistle if you notice fraud?
This leads us to a disturbing roadblock to detecting fraud that the American Institute of Certified Public Accountants (AICPA) calls “The Achilles Heel of Fraud Prevention”: management override of internal controls.
Yes, management – either on its own or as directed by those who oversee it – can operate outside detectible fraud prevention measures such as the yearly audit. In such a case, the yearly audit is merely a reflection of what is presented by the management. Should the management be particularly deft at fraud, or given particularly skilled directions by someone in a higher position, an auditor may not detect it at all. What then? Who is in place to control fraud?
The Achilles Heel of Fraud Prevention: Watching Over Management
According to AICPA, those who design and implement internal controls—management—can also override or bypass those controls. The AICPA states that “management override is very difficult to detect. However, an audit committee can take actions to address the risk of management override of controls[…]
- Maintaining an appropriate level of skepticism,
- Strengthening committee understanding of the business,
- Brainstorming about fraud risks,
- Using the code of conduct to assess financial reporting culture,
- Ensuring the entity cultivates a vigorous whistleblower program, and
- Developing a broad information and feedback network” (emphasis ours).
Where is the City of Salisbury’s Audit Committee?
So, then, where is the City of Salisbury’s audit committee? Where is the objective, external eye that scrutinizes finances? If the City wanted controls to be more strongly constructed and enforced, City Council would have an audit committee in place. Less embezzlements could be a result.
Why doesn’t Salisbury have an audit committee? That such committee does not exist could lead the public to ask if Salisbury’s elected board of oversight, City Council, might possibly not care or might possibly want financial controls to be overridden (it wouldn’t be possible – would it?)?
Surely City Council would not wish the public to think that.
The Government Finance Officers Association (GFOA) has crafted a best practice recommendation for how to form and conduct audit committees at the link below. You can read there on how it can be done. Perhaps City Council will take a long look at it as well.
Since the City’s statement of Accounting Systems and Budgetary Control (on page 12 of 152 of this year’s financial report) has been the same since the year 1998, even when material weaknesses and internal control discrepancies have been included in recent yearly audit findings, it is possible that additional scrutiny may be needed.
Resources
To discover more about detecting and deterring fraud in your local government, look at NADO’s presentation: http://www.nado.org/wp-content/uploads/2014/09/Matheny-detecting-and-detering-Fraud-in-Local-Governments.pdf
To read more about the Achilles heel of fraud prevention at AICPA, look here: http://www.aicpa.org/ForThePublic/AuditCommitteeEffectiveness/DownloadableDocuments/achilles_heel.pdf
The GFOA’s recommendations for forming and conducting audit committees can be seen here: http://www.gfoa.org/audit-committees
View the City of Salisbury’s Comprehensive Financial Report here: http://www.salisburync.gov/Departments/FinancialServices/finance/Documents/FY2015%20Audit.pdf
To learn more about the terminology of auditing and accounting, go here: http://pcaobus.org/Standards/Auditing/Pages/Auditing_Standard_5_Appendix_A.aspx
Learn more about basic accounting principles here: http://www.accountingcoach.com/accounting-principles/explanation
