By David Ross

Have you ever had an experience while driving your car when someone drives up next to you and gets your attention, yelling that your brake lights are out? You thank them and wonder how long they’ve been out, since that’s something you don’t look at too often.

You could have been in a serious car crash if someone behind you wasn’t paying attention. You’ve had your kids in the car at night and are sure glad that nothing happened, and now that you know, can get the lights fixed.

You are relieved nothing happened and are grateful that you can reduce the risk of being in a crash by fixing something that you didn’t realize wasn’t working correctly. The same type of situation applies to local government management when it comes to accounting matters.

As a former manager, here are numbers I would have never wanted to be associated with: $562,089, $78,650, $1,113,589, and $53.7 million. These numbers represent just four examples of the hundreds of known embezzlement losses for local governments, all from organizations with professional staff, long-time employees, and regular audits.

In 2017, an employee with the city of Kingman, Arizona (29,472 population), pleaded guilty to embezzling $1,113,589. The 60-year old employee stole from her employer for more than eight years and used the city’s credit card to pay for her personal expenses, including paying off numerous cash advances at various casinos.

In 2018, a 51-year old employee with the city of Rancho Mirage, California (18,306 population), pleaded guilty to embezzling $78,650 from her employer over a three-year period of time. In her position as a code compliance manager, she conspired with her sister-in-law, whose company allegedly performed nuisance abatement cleanup, and then approved the invoices for work that wasn’t done, including draining nuisance pools that might endanger children at houses that didn’t even have pools.

In Garwin, Iowa, its clerk allegedly embezzled $562,089 between 1998 and 2014 by paying herself extra using payroll and paying personal credit cards with city money, among other things.

There are hundreds of other cases and the largest one currently known is the city of Dixon, Illinois (15,202 population), when its treasurer embezzled $53.7 million over 20 years.

No manager wants to be associated with an embezzlement of any size or other serious employee misconduct issue because these types of incidents—especially if they have been going on for many years—are the ones that not only can crush employee morale and damage finances but also ruin a local government’s reputation.

A Problematic Mindset

Before working on my Ph.D. in local government internal controls, I was a city and county manager who strived every day to do a great job for the employees of the organization, the elected officials, and the residents of the community.

I didn’t know about employee reporting hotlines at the time and while publicly traded companies use them all the time now, perhaps some local government managers have not been introduced to their value.

About an annual internal control and fraud risk assessment, I remember thinking: Who needs this and why bother because it’s all good at my organization. At the time, I really didn’t think much about internal controls. I also thought: Our organization must be fine because we’ve never discovered anything, we have an annual audit, finance staff are top-notch, and I have other things to worry about.

I didn’t realize it at the time but that mindset, while human and understandable, probably put me and my organization at significant risk.

Put yourself in the shoes of any manager who might have had to deal with an embezzlement or other serious misconduct incident. First of all, I feel for them! One of the local government’s own employees—someone trusted within the organization, who maybe worked there for a decade or more—stole from it.

There are hundreds of reasons how it can happen, but without a critical look at internal controls, you might unintentionally be placing your organization at increased risk for employee misconduct.

Taking Preventive 
Measures

After examining hundreds of local government embezzlement cases over the past few years, I’m amazed at how they occur in organizations of all sizes. No organization is immune.

Employees in just about every department committed them, and employees’ ages ranged from the 20s to 70s. Many of the thefts happened over a period of several years and sometimes decades.

It is human nature to believe everything must be okay if nothing has ever been discovered. Here are three ways to protect your organization from employee misconduct, including embezzlement:

1. Consider using an independent third party, 24/7 anonymous fraud, waste, and abuse reporting hotline. According to the Association of Certified Fraud Examiners (ACFE), these hotlines are proven to be effective at reducing the duration of, and lost money from, employee fraud cases. Federal law mandates publicly traded companies have whistleblower programs, but a similar requirement does not currently exist for public sector organizations and so fraud, waste, and abuse hotlines are not nearly as prevalent in local government. This is unfortunate because the cost for a third-party hotline is reasonable. Some companies use an answering service to take calls while others make sure only certified fraud examiners speak directly with employees. Some might call these “snitch lines.” For the occasional employee who uses them for that purpose, however, you will also realize an incredible benefit when a serious incident is reported and it can be stopped quickly. Imagine seeing your organization through the eyes of employees. You are still the same manager, just with more knowledge of what is really going on. If something detrimental to the organization or employee morale is happening, you stand a better chance of knowing about it. If misconduct is happening, it can demoralize employees and an anti-fraud workplace helps keep morale high.
2. Consider conducting an annual internal control and occupational fraud risk assessment. Outside experts can conduct these assessments or you can use staff members to do them. The purpose of assessments is to improve anti-fraud communication with employees while developing and modifying techniques (controls) to reduce risk of fraud, corruption, and asset misappropriation. Employee education on the benefits of an anti-fraud workplace is important and these assessments educate employees on how to prevent and detect fraud or other workplace misconduct. If you want to complete a fraud risk assessment using staff members, create a fraud risk assessment team of management employees, brainstorm ways in which fraud and theft can occur, analyze what is currently done to prevent and detect those incidents, and determine what are the greatest threats (either because they are easy for someone to commit or if they occur it would be catastrophic). Then develop preventive and detective policies and procedures to reduce each risk. It’s worth repeating: Fraud in the workplace can damage employee morale, hurt finances, create ineffective teams, and otherwise devastate an organization’s reputation. It hurts all employees when it’s happening.
3. Consider the use of data analytics to detect fraud that you probably wouldn’t have noticed with your naked eye. There are a wide variety of data analytics techniques that can be employed while using existing staff, including horizontal analysis, vertical analysis, ratio analysis, Benford’s analysis, data matching, gap testing, and duplicate testing. Using Excel, finance staff can perform these analyses. Look for missing data in accounting entry fields, verify even-dollar amounts, check for duplicate voucher payments, and match data sets like vendor and employee files. Benford’s Law describes the expectation that in large data sets, you will find the number “1” occurring at a specific frequency more often than the number “2”, which occurs more often than “3”, and so on. When looking at the frequency of numbers in that data set in a chart, you will see a predictable pattern. If that pattern shows something other than what Benford’s Law says should be there, that could be an indication that certain numbers were “made up” (from fraudulent invoices, for example). Nothing is ever 100 percent, but any of these analytical techniques could possibly help detect areas that warrant further investigation.

Here are some sobering statistics: According to ACFE’s 2018 Report to the Nations, the median embezzlement loss was $130,000 (per incident). Not using proactive data monitoring, not using hotlines, not conducting fraud risk assessments, and not educating employees on fraud prevention and detection were some of the internal control weaknesses identified as being responsible for almost half of all fraud cases.

Anonymous hotlines combined with strong internal controls helped detect almost 68 percent of workplace fraud incidents, while external audits only detected about 4 percent of cases.

The longer the fraud scheme goes on, the greater the loss. Payroll fraud cases average 30 months before their discovery. Check-tampering schemes, expense reimbursement schemes, billing schemes, and theft of cash lasted an average of 24 months. (View the AFCE report here.) 

The Time to Act Is Now

The truth is that the risk is real, and no local government is immune to falling victim to serious employee misconduct, including embezzlement. Take a moment to evaluate your organization’s internal controls and whether leading practice policies and procedures are being used to prevent, deter, and detect workplace misconduct throughout the entire organization.

Consider the procedures briefly discussed in this article: implementing anonymous fraud, waste, and abuse reporting hotlines, performing annual internal control fraud risk assessments, and using data analytics to help prevent and detect fraudulent acts.

When that proverbial car slams into you, it might not sit well with elected officials that you didn’t know your brake lights were out. Maybe luck has been on everyone’s side, but luck only takes us so far. If you want a list of some of the hundreds of recent local government embezzlement cases, don’t hesitate to contact me.

David Ross, Ph.D., a former city and county manager and certified fraud examiner, is a senior manager, Matrix Consulting Group, Chandler, Arizona. dross@matrixcg.net