"Hope is a dangerous thing."

"Seriously, how often do you really look at a man’s shoes?"

I’ve watched The Shawshank Redemption far too many times, but these two quotes from the movie are great. Not surprisingly, they also apply to the hundreds of recent local government fraud/embezzlement incidents occurring in the United States annually.

I served as a city and county manager for 12 years after serving in law enforcement for almost 18 years. As a manager, I was always relieved when I heard from my external auditors that we had an unqualified opinion (clean audit) and that there weren’t any material weaknesses. Admittedly, I thought to myself “We are good for another year, and I don’t need to give this much more thought. I have too much going on anyway.” Boy, was I naive.

Now that I’ve run a national consulting firm for seven years and having investigated over 400 actual fraud cases in my career, I realize that a lot of my friends and colleagues thought as I did. I get it, too. We get our annual external audit, and the auditors do their due diligence for that audit—asking questions about fraud and sampling a few payroll records and a few other things. But an external audit IS NOT designed to be a fraud risk assessment and until I knew the real scope of the problem of fraud and embezzlement in local government, I simply didn’t recognize how vulnerable we were. According to the Association of Certified Fraud Examiners, external audits are responsible for detecting only 4% of known fraud cases. Effective internal controls, however, are identified as one of the most effective ways of deterring and knowing if something is happening in your organization.

If I had good people working for me, I trusted them, we had solid policies in place, and we had a clean annual audit each year, how could we have vulnerabilities to fraud/embezzlement? It simply wasn’t a thought on my mind. The reality is that if there are vulnerabilities (and we find them in every organization), maybe it is because nobody has ever tried to exploit those vulnerabilities is why we don’t know they exist. 

Seven Fraud and Embezzlement Prevention Questions CAOs Must Ask

Ask your finance and HR directors these seven questions:

1. Have we ever had a fraud and embezzlement vulnerability study?
2. Are we positive we know where fraud risk vulnerabilities are in all functions within every department?
3. Do our senior management job descriptions list a responsibility for fraud prevention and detection?
4. What is our process for multifactor authentication for vendor maintenance (to prevent several different types of vendor payment fraud) and are we certain there aren’t any vulnerabilities in that process?
5. Do we have vulnerabilities in any of our inventory management control policies or procedures?
6. During our offboarding process, do we ask the departing employee if they have any knowledge about any possible fraud going on within our organization?
7. Are we using best practices to reduce the risk that any of the items we purchase every day are not being used for official purposes?

Examples of When It Goes Wrong

Knowing your organization’s vulnerabilities and risk of fraud/embezzlement is a priority. You cannot address issues of which you are unaware. This list of just 10 recent examples out of hundreds where a “trusted” employee was accused of embezzling from their local government demonstrates fraud can happen anywhere, at any organization, at any employee level, at any amount:

• $23,250 allegedly embezzled over three years by a water billing employee.
• $68,200 embezzled over four years by a police detective.
• $100,000 allegedly embezzled in a ghost employee scheme by a recreation services manager.
• $118,451 embezzled over three years in a paycheck scheme by an HR employee.
• $300,000 allegedly embezzled over five years by a court employee.
• $321,399 embezzled over four years by a finance department employee.
• $712,000 embezzled over 11 years by the finance director.
• $1,200,000 embezzled over the years by an IT employee.
• $1,251,578 embezzled over nine years by a sheriff’s office supervisor.
• $1,300,000 embezzled over 10 years by a liability claims technician.

Keep in mind that these are professional organizations with trusted employees who have worked for the city or county for years. They get regular audits and have policies in place. These are just a handful of the hundreds of recent local government organizations that have fallen victim to embezzlement from a trusted employee. It’s human nature to trust the people with whom we work most closely each day.

From a managerial and leadership perspective, showing trust is essential! But remember trust is never a control and, more importantly, hope is a dangerous thing. And seriously, how often do you really look at a man’s shoes?

Fraud Prevention at ICMA Annual Conference

Save the date for ICMA Annual Conference in Pittsburgh! September 21-15, 2024. Registration opens in June.

David Ross will present “Fiscal Well-being: Financial Practices and Fraud Prevention for First-time Managers” along with Kevin Knutson, assistant county administrator, Pinellas County, Florida, and Randy Reid, ICMA southeast regional director.