Board members have a role to play in fighting fraud
Nov 15, 2021
Employee fraud is on the rise in government, yet it often comes as a shock to those charged with oversight of a government when it happens in their own agencies. It shouldn't. Elected officials and appointed boards have a duty to understand their agency's operations. They also have a key role to play when it comes to fighting fraud.
Electeds and boards are responsible for ensuring management has designed and put in place effective controls to manage fraud risk. In this article, we examine the role of electeds and boards – shorthanded throughout as “boards” – in preventing fraud, and offer tips to implement customized policies and best practices.
Set expectations for every employee as it relates to fraud
The most important thing a board can do is to set the appropriate tone at the top by not tolerating fraud at any level of the agency. Communicate this message to all employees verbally and in writing. Ensure that management is encouraging ethical behavior and empowering employees, customers and vendors to insist that ethical standards are met every day.
Talk about fraud risks at your board meetings
If you don't know much about operations, consider first conducting an assessment of the agency's internal controls over financial reporting. SAO has a resource to help you do this. Then have discussions at the board level about how fraud could occur, what internal controls are in place to prevent fraud, and how someone could override those controls.
Keep in mind that executives and those higher up in management can cause the largest losses for an agency. Someone in the agency who is willing to steal likely knows the controls and operating procedures that are in place to prevent fraud — and they also know how to circumvent those controls and how to conceal fraud from board members. It's important to keep the risk of management's override of controls in mind when evaluating the effectiveness of controls; an anti-fraud control is not effective if it can be overridden.
A well-crafted fraud policy is critical in communicating an agency's anti-fraud stance, the expected process for reporting fraudulent actions, and what happens to those who commit fraud. This policy should focus on deterrence, detection and correction of misconduct and dishonesty.
Conduct a fraud risk assessment
Conducting a fraud risk assessment will help you understand the agency's vulnerabilities and develop a mitigation strategy. Generally, boards should start with identifying fraud risks, which should include consideration of all types of fraud schemes and scenarios, incentives, pressures, and opportunities to commit fraud. Next, assess the relative likelihood of identified fraud risks by interviewing staff and business-process owners. Finally, decide what the response should be to address the identified risks, which could include a cost-benefit analysis of fraud risks to help determine which controls or specific fraud detection procedures to implement. If this feels like a daunting task this is also an area you can bring in an outside firm to help you with the risk assessment process.
Set up an audit committee
The purpose of an audit committee is to provide monitoring of the agency's financial reporting processes. This includes reviewing revenues and expenditures regularly, establishing monitoring procedures and reviewing systems of internal controls for the agency. This committee, which sometimes reports directly to the board or is a subset of the board, provides oversight of the Executive Director and Finance Director in order to verify that those positions are adequately performing their duties in these areas. It's also the ideal group to focus on fraud awareness and prevention. The committee should comprise members with some financial understanding or an accounting background, and it can include members outside of the board. This group should examine and understand the agency's operations.
Set up an anonymous tip hotline
The Association of Certified Fraud Examiners reported that tips detect 43 percent of fraud schemes, and half of those tips came from employees. Many insurance companies or government risk pools can help provide this service to your agency at a very low cost. Make sure that someone independent of operations, such as a board member, receives those tips.
Assess insurance coverage for fraud loss
Make sure your agency has adequate coverage in the event a fraud occurs and regularly reassess whether it is enough. Also, take a close look at which employees you're bonding to minimize the agency's risk of misappropriation.
Beware of the trusted employee syndrome
The trusted employee syndrome occurs when boards and management put full faith into someone and rely on their word because they trust them. It is great to have trusted employees in your agency, but you should also ask to see information from independent sources, such as system-generated reports and actual bank statements. Remember: Trust, but verify.
Ensure the board is receiving accurate and timely information
Most boards have fiscal responsibilities as it relates to budgeting or approving expenditures. Make sure you review original documents and system-generated reports before approving expenditures. Ask questions to ensure you understand what you are approving. And make sure the professional staff who are answering your questions can provide adequate supporting documents.
Attend meetings and interact with your external and internal auditors
Are you getting information regarding potential fraud occurrences? Do you understand the risks and issues auditors have identified relating to internal controls? As external auditors, SAO always encourages board members to attend our entrance and exit meetings, and we appreciate questions. We are more than willing to have conversations about risks your agency might encounter.
SAO's role for State and Local Governments
Washington state law requires all state agencies and local governments to immediately notify SAO if staff know or suspect loss of public resources, or of other illegal activity including a cyber-attack if it resulted in a loss of public resources or potentially impacted financial records or systems. If a loss does occur at your agency, please report the loss to us using our website form. If you want additional information about Preventing Fraud, you can visit our Preventing Fraud website for additional resources we have created. Please reach out to your audit team if you have additional questions about fraud, and they can connect you with our Special Investigations Team.
5 Fraud Tips Every Business Leader Should Act On – Download this resource and share it with your fellow board members.
Fraud Prevention Check Up – How vulnerable is your company to fraud? Do you have adequate controls in place to prevent it? Find out by using the Association of Certified Fraud Examiners' (ACFE) fraud prevention check-up.
Fraud Prevention Checklist – This checklist is designed to help you test the effectiveness of your fraud prevention measures.
Audit Committees (gfoa.org) – Government Finance Officers Association has some tips for Audit Committee Best practices.