skip to main content
SAO Home/ How to Report a Concern / Fraud Program

Fraud Program

Reporting fraud in government

We encourage all local governments, state agencies, and citizens to report fraud allegations directly to the State Auditor’s Office (SAO). 

Washington state law (RCW 43.09.185) requires all state agencies and local governments to immediately notify the State Auditor’s Office if staff know or suspect a loss of public resources or other illegal activity, including certain cyberattacks. In 2022, the Legislature amended this law to require the State Auditor’s Office to establish policies that further define the loss reporting requirements. Our General Loss Reporting Policy is outlined below, and a PDF copy can be found here. State and local government employees should alert us to known or suspected incidents through the online Report a Suspected Fraud or Loss form linked below. This form is specifically to report instances where a state or local government is the target or victim of loss or illegal acts. Any citizens wishing to report other concerns about a state agency or local government should file a citizen hotline.

What to do if you suspect fraud

State agencies and local governments should take the following actions when they suspect or detect a loss of public resources or other illegal activity:

  • Report the loss to SAO using the form on our website.
  • Protect the accounting records. Secure all original records related to the loss in a safe place until we have completed our investigation.
  • Notify others who need to know. This may include the governing body, agency head or deputies, chief financial officer or internal auditor, depending upon the circumstances.
  • Notify your legal counsel.
  • File a police report with the appropriate local or state law enforcement agency when advised to do so by SAO.
  • Read and follow SAO’s guidance before entering into any restitution agreement with an employee.
Report a suspected fraud or loss

General Loss Reporting Policy (effective October 21, 2022)

SAO is in the process of adding additional sections to this policy, which will clarify fraud reporting requirements for specific government entities and agencies. We will publish new sections of the policy on this page as they are finalized.

Losses or Illegal Activities Exempt from Reporting Requirement

The following is a list of losses or illegal activities that state agencies and local governments are NOT required to report to SAO:

  • Normal and reasonable “over and short” situations from cash receipting operations. Record these transactions in the accounting system as miscellaneous income and expense, respectively, and monitor this activity for any unusual trends.
  • Reasonable inventory shortages identified during a physical count. Record inventory adjustments in the accounting system.
  • Unauthorized credit card attempts and/or transactions that are determined fraudulent by the bank and refunded.
  • Breaking and entering or vandalism of property, including assets stolen out of government vehicles
  • Loss of cellphones, tablets, laptops valued under $1,000 and not containing confidential data.
  • For schools and libraries, laptops or iPads checked out by students or patrons, but not returned.
  • Non-Sufficient Funds (NSF) checks accepted by the government
  • Counterfeit currency accepted by the government (please report these to the FBI)

Clarification of Losses to Report Cybersecurity Incidents

State agencies and local governments must report cybersecurity incidents that involve the finances or financial records in some way. Below are some examples of activity you must report:

  • Your government experiences a ransomware attack and makes a payment to the criminal actors to regain access to your data, even if your insurance company either pays the ransom or reimburses your government for the payment. This extortion payment is a financial loss as a result of illegal activity.
  • Your government falls victim to a ransomware attack. You can restore your data from backups and do not pay the ransom. You should report this incident if it’s possible the attackers accessed any financial records. Keep in mind that even though attackers may have only encrypted non-financial records, they could have accessed financial records and are waiting to ransom them at a later point. Determining which records the attackers accessed involves more than simply evaluating which records the attackers ransomed.
  • Your staff relies on a fraudulent email to change banking information and an electronic payment is sent to a criminal, instead of to a vendor or employee, even if your insurance company covers the loss, or the bank is able to recover your funds.
  • Someone gains unauthorized access to your computer system and they may have accessed your financial records, even if those records were not harmed or impacted in any way.
  • You have a security incident that might have impacted your financial records or systems, but you are not certain.

For questions about fraud procedures or the fraud program, contact us at fraud@sao.wa.gov.