Accountability Without Blame

Local government leaders often face the harshest public scrutiny when unforeseen problems arise. When fraud or financial misconduct happens, they must ask themselves: how did this occur on my watch?

The problem is that many internal control weaknesses go unnoticed until a loss happens. Demonstrating true integrity requires more than good intentions. It demands a willingness to identify risks that are not yet visible and to go beyond the assumption that everything is fine because we have an annual audit, trust our employees, follow policies, and nothing has been found before.

Internal control resiliency is a leadership responsibility. It protects public trust, safeguards employees from suspicion or accusations, and reduces the likelihood of costly insurance claims or damage to reputation. Palm Bay, Florida, with a population of approximately 157,814, provides a compelling example of how organizations can proactively strengthen their internal controls before issues develop into crises. On the flip side, some communities find themselves doing everything they can to recover from an embezzlement by a trusted employee or official.

The Worst Day

Imagine you are an official in a small community renowned for its rural charm, situated near a charming downtown area. With 9,000 residents, it feels like everyone is your neighbor. Your local government works together to make marginal progress in a place people love to call home. Your administration is focused on preserving open space, building trails and greenways, managing land development pressures, and maintaining your community’s sense of pride and place.

Then one day, the bank calls. They have three checks totaling $750,000 written directly to a township employee. Your name is a signatory on the checks. A few hours later, you are in the township building, where law enforcement finds a hidden stamp with your name on it.

This is what happened in Kennett Township, Pennsylvania, where the township manager was discovered to have embezzled $3.2 million in taxpayer funds over a seven-year period. The scheme utilized credit cards, signature stamps, payroll manipulation, e-trade accounts, direct deposits, and check-writing practices. The former manager was a long-time employee who was trusted by the governing body, staff, and community. There was nothing in the financial oversight practices, reporting, or operations to suggest there was an ongoing theft.

An award-winning community that was once viewed as a leader in the local government space spent the next several years trying to restore community trust, participating in the investigation and prosecution process, rebuilding its institution, and working to recover as much of the stolen funds as possible. The embezzlement had a devastating impact on the organization and the community.

The State of Fraud Risk in Local Government

Each year, governments in the United States experience hundreds of cases of embezzlement, procurement manipulation, utility billing fraud, cyberattacks, ACH vendor payment fraud, and other theft of public funds. Many of the largest losses ever seen by public sector insurance carriers involved highly trusted and respected employees. Several well-documented cases have resulted in eight-figure losses, including those exceeding $53 million in Illinois and $39 million in Arizona. These incidents demonstrate a universal reality. Serious fraud risk vulnerabilities exist across governments of every size.

Fraud is almost always committed by someone who is respected and known. This is not because public employees are untrustworthy. It is because opportunity exists quietly within operations, and strong controls determine whether that opportunity can be exploited. When internal pressure and rationalization to commit the fraud have already occurred, the only thing reducing risk is opportunity.

Why Leaders Believe Vulnerabilities Do Not Exist

Many executives feel confident that their organizations are protected. That confidence is typically grounded in several assumptions:

• The government receives a clean annual financial audit that would alert management to major problems.
• The staff reports that controls are functioning properly.
• Employees are trusted and long tenured, creating the belief that misconduct is unlikely.
• Nothing concerning has ever surfaced before.
• Policies have been written and are believed to be sufficient.

These beliefs are understandable. They are also incomplete. Audits are not intended to be fraud risk assessments, as management is solely responsible for establishing and maintaining internal controls within the organization. Policies often exist on paper but may not reflect current technology or workload realities. Most importantly, risk evolves faster than oversight mechanisms, unless leaders intentionally update them.

These assumptions do not indicate that risk is under control. They are evidence that risk has not yet revealed itself.

Understanding Why Fraud Happens

The fraud triangle describes three conditions that allow misconduct to occur: An individual experiences pressure, the individual is able to rationalize the behavior, and most importantly for public managers, there is opportunity. Opportunities arise when oversight is inconsistent, access is excessive, or duties are consolidated without adequate review. Leaders cannot eliminate personal pressure or rationalization. Leaders can significantly reduce opportunities.

Palm Bay, Florida’s Proactive Commitment to Integrity

Palm Bay, Florida, recognized that safeguarding its organizational integrity required a deeper understanding of its control environment. Management launched a fraud risk vulnerability study targeting several high-exposure areas. This initial review demonstrated the importance of independent analysis and uncovered previously unidentified control weaknesses.

Rather than stopping there, leadership elected to expand the review to the entire organization. The expanded study evaluated internal control design and oversight throughout every department and function. The findings created a roadmap for corrective action. The city used the results to:

• Clarify roles and responsibilities.
• Strengthen separation of duties.
• Improve system permissions and supervisory review.
• Modernize policies and procedures.
• Enhance cyber and social engineering defenses.
• Increase internal transparency and accountability.
• Implement a new enterprise resource planning (ERP) software with advanced security controls.

The benefits extended beyond operations. The commitment to integrity increased confidence among insurance carriers, improved credibility with rating agencies, reassured elected officials, and strengthened trust among employees and residents.

A Call to Responsible Governance

Public trust is built on prevention, not recovery. Leaders are judged not by whether fraud attempts occur, but whether controls exist that make misconduct difficult to execute and easy to detect. A clean audit does not mean operational protection. What leaders do not know can truly harm them, their employees, and their communities.

Palm Bay’s example reinforces a timeless lesson. Integrity requires action long before a crisis emerges. Every local government c an strengthen confidence, stability, and credibility by taking a proactive approach to internal control resiliency so that hopefully your worst day never materializes.

EDEN RATLIFF, ICMA-CM, is a manager currently in transition.

BRIAN ROBINSON, PhD, is deputy city manager of Palm Bay, Florida. (brian.robinson@ palmbayfl.gov)

DAVID ROSS, PhD, ICMA-CM, CFE, CICA, is president and CEO of 65th North Group, a local government consulting firm specializing in internal control resiliency, fraud risk vulnerabilities, and public sector operational efficiency. (dross@65thnorth.com)