Embezzlement scandals at the local government level certainly are not unheard of in our society. Newspapers report that governments and organizations of all sizes are at considerable risk for white-collar crimes. So how can managers, elected officials, and citizens help stop this dishonesty?

Although technology can be the tool of modern embezzlers, other tools and procedures need to be dealt with before focusing on the technology-related issues. While localities can profess to follow standards developed by the Government Finance Officers Association and the Governmental Accounting Standards Board, many lack tight controls, which makes them subject to embezzlement and fraud.

Examples of this kind of situation might include checkbooks that are not accounted for in the general ledger; revenue receivers who reconcile their own drawers; treasurers who collect cash, making their own deposits and their own journal entries; and payroll clerks who might be printing checks and electronically signing them without careful oversight.

In each case, deliberate accounting principles need to be applied. But also, the clever embezzler will require vigilance through more indirect methods of discovery. Here is a list of some conditions that should raise warning flags, along with a summary of procedures that will discourage even the most vicious and persistent embezzler.

Signposts
Never let anyone in the organization not take a vacation. It is common to see key financial processing personnel who are overworked and must postpone their vacations. For the health and happiness of the employee, as well as those of the organization, however, no one should become so indispensable as to preclude their taking a vacation.

Be sure the person who takes the required vacation does not tell everyone to leave his or her work undone until he or she returns. This is a giant red flag: not only might this employee be the one person able to do the task at hand, but also there could be more to this control than just carrying out the tasks. Management has let the fox have the keys to the chicken coop, and without establishing checks and balances.

No one in an organization should be indispensable. It is the obligation of management to ensure that no one person is the only one controlling money or posting transactions. It is ridiculous, for example, to allow the building-permit staff both to issue the permits and then to collect the money for them. Or for one person in the parks and recreation department both to register people for classes and to collect their fees.

Similarly, whoever authorizes disbursement should not also reconcile. Whoever authorizes a disbursement procedure—writing checks, making electronic transfers, and the like—for any checking account, savings account, money market fund, or investment account should not also be allowed to reconcile the corresponding statements.

In one case, a clerk wrote checks to herself in varying amounts equaling about $2,000 per month for hundreds of months (and some $2,000 per month for 240 months does equal $480,000 over 20 years). When the time came for her to reconcile the checkbooks, she would shred her canceled checks and show the books to be balanced.

The culprit can be a fiscal officer or a low-paid clerk. No one is immune to the temptations of stealing.

Always make a universal double-entry accounting of all monies collected. In one case, a clerk in the water department collected money from contractors and dutifully marked the giant paper ledger indicating that the contractor had paid his tap fees or other fees. Unfortunately, no one ever reconciled the ledger with the money in the bank, which allowed the embezzlement of $1 million over 10 years.

Look for revenue patterns. Someone should be checking for consistent and inconsistent patterns. For example, if, on the average, parking tickets yield roughly $30,000 in the month of April, and if the average revenue for one April is half that amount, then someone needs to ask why these revenues are so much lower. (There may, of course, be logical reasons like heavy snowfall or extensive street repairs.)

Nothing is too small to overlook. Governments usually are large, revenue-driven operations. What if an accountant were to tell the manager that the books were balanced to within 99.5 percent accuracy? One might think that was good. But if the accountant were auditing a $150 million budget, then a .005 percent margin of error would yield a $75,000 opportunity for embezzlement over one year, $750,000 over 10 years, and $1.5 million over 20 years. A $1.5 million retirement fund is not bad for an employee who may believe that she or he is underpaid and overworked.

Make a model public denouncement of every infraction. A fiscal officer of a medium-sized city also was the data processing manager, the purchasing and accounts-payable guru, and the payroll and auditing manager. It was not so surprising to find that this person was buying X millions of dollars a year in computers but only had about one-half that number on hand. When these disclosures were made to the elected officials, they responded that they would change this person’s title and make sure this possible embezzlement ceased. Because they did not prosecute the individual, however, they sent the grapevine message that they would condone irregular behavior. There must be a clear-cut separation of duties.

Don’t let anyone be the only person to know something. Sometimes, there is only one person who knows how to do something. Look out for an employee or manager who insists that their duties or functions cannot be performed by or shared with others so that when they are out, or not present, their functions stop and resume only when they return. Look out when only one person knows how to prepare financial reports. Look out for long tenured employees who are overly protective or secretive of their work who use such statements as “this is my area and you cannot be here,” “these reports are too complex for you to understand,” or something similar.

Look out for a person who frequently assumes financial duties in areas outside of their own work. No public entrusted entity should make themselves so vulnerable to let only one person be the only person who knows how to do a particular job.

Assume that anyone is open to dishonesty. With the ever-increasing pressures and stresses in the workplace and at home, it is no surprise that some of the most outstanding people can be tempted to be dishonest. Stress might lead a 25-year employee who has been honest and diligent to change his or her behavior.

Watch for unusual and expensive personal purchases by staff. Some people believe that it is not the business of the employer to know how a person pays for new purchases in private life, like a costly new car or a house. Conspicuous purchases, however, should raise the concern of any responsible official.

Hold management responsible. If a fiscal officer delegates tasks to a lower-level employee, he or she should be held equally responsible for any illegal acts perpetrated by the lower-level employee. Delegation of tasks should not imply or result in the delegation of all responsibility and accountability.

Look for an acceptance of dishonest behavior as simply the status quo. In one city, just before a quarterly sale of surplus and lost-and-found items, the person in charge of the operation was found loading five bicycles into his car. When asked what he was doing, he replied that it was the custom for anyone who worked on the quarterly sale to be entitled to take his or her choice of the best items. So the person received overtime for working on Saturday, plus free bikes. If this kind of behavior is condoned, then where is the ethical line being drawn?

Accountability procedures must be in place. Accountability procedures are a good first step in discouraging mischief. When books of parking tickets are given to an officer, for example, that officer must be held accountable for every ticket in the book, and there must be an independent procedure to keep track of the tickets issued, voided, or moved to the collections process.

Found in one police department were thousands of dollars in cash and personal checks stapled to parking tickets—years’ worth of stapled monies! One didn’t need to be an eminent psychiatrist to figure out what was happening, but it was unsettling to see all that cash and those seven-year-old checks left uncashed.

Use formatted change orders. In localities where purchase orders are used, and where there is a $1,000 limit, after which bidding is required, not uncommonly people will get $999 purchase orders and then submit, say, five of them. One government instituted a formatted change-order form wherein, for the 10 most common reasons for a change order, formatted boxes could be checked. Before this innovation, many people had scribbled unintelligibly the phony reasons for a change order. After it, change orders were reduced by 70 percent.

Get independent confirmation of revenues and expenditures. In one case, the locality’s fiscal officer had been choosing the same auditor each year. Because the fiscal officer was absconding with funds, somehow all of the other responsible auditors never won the audit contract.

Sometimes, it may be of value to consider an audit of the auditor. It is always of value to look at the bank statements to verify that the money listed in the reports balances with the money the bank seems to have in its accounts.

Seek reasonable explanations for failures to meet budgeted financial objectives for revenues or expenditures. A red flag should go up if an individual refuses to give a reasonable and written explanation for why revenue is lower or expenditures higher. There should be a routine analysis of revenue and expenditure projections, with corresponding longitudinal statistical analysis of the past five years.

It is especially valuable to keep comparative line or column charts. Graphics permit quick and visual identification of significant aberrations. Be wary of someone who makes hostile responses when information is requested. It may be that the person is overworked or annoyed, but it also may be that the person is covering something up.

Maintain records. When financial records management activities are undertaken, it is important not to destroy possible evidence that could be used in a trial for money mismanagement.

Insist on timely, written financial reports. It is imperative that managers require prompt, regular, written financial reports, prepared by internal staff and/or external auditors. When individuals in an organization insist on giving verbal reports, a red flag should be raised.
The time factor can be an interesting one to watch. One community had a clerk who routinely provided detailed financial reports on the third day of each month. Then, it was submitted on the ninth day of the month, and then on the 20th.

Over time, the reports were not being submitted monthly but only nine months a year. The missing months were being directed into the clerk’s private accounts. There must be written reports, and they must reconcile with the monthly bank statements. If the money is not in the bank, then there is definitely good reason to believe that it is missing!

Make sure that revenues are captured when paid. All revenues, whether they be for tax bills, receipt of licenses, or utility payments, must be entered systematically into point-of-sale (POS) capture workstations at the instant that a taxpayer or customer pays money to a government employee. Petty cash also should be subject to cash controls that require daily reconciliation.
Such workstations have the virtue of tracking every transaction, identifying the cashier, and balancing the cash drawer, along with validating checks and receipts. This makes reconciliation of cash receipts an efficient process while protecting the government from theft.

Lockbox receipting prevents thievery by using such controls as banks and by controlling journal entry through ACH processing. In one local government, installing a video camera pointed at the cash stations significantly discouraged attempts to embezzle money during transactions.

Virtually all expense payments should be processed through computer checks or other electronic means. Multiple checking accounts that are not accounted for regularly in the general ledger are a potential source of significant embezzlement. Modern, computer-based accounting systems allow the convenient printing of even single checks through a laser printer. With the exception of specific funds that require a separate cash account, like an electric utility enterprise fund, as much money as possible should be passed through a central cash account. It should use due-to or due-from functionality to post transfer transactions from multiple funds.

Funds transfers can easily be accomplished through ACH processing and electronic transfers, so that such expense checking accounts as payroll and accounts payable can be kept at zero balances until expenditures are approved and ready for payment.

Control your passwords. Technology provides for electronic signatures without the use of a signature cartridge. The use of a secured personal identification number (PIN) to authorize check signing is a weak link if someone discovers the signatory PIN. This weakness also affects the electronic approval of requisitions and purchase orders.

A stolen PIN can result in collusion between vendors and the corrupt employee. Thus, there should be vigilance by department heads, comptrollers, and managers to see that checks, purchase orders, and refunds are being released to properly authorized parties.

Watch your check stock. Laser printers can transform plain paper stock into handsome purchase orders, invoices, and checks. Check stock can be an attractive tool for the embezzler. To discourage this use, build controls into the check stock. One option is to choose multiple security features to make checks theft- and tamper-proof. Other measures involve using control paper that is not sold in the open market, an artificial watermark, faint diagonal lines on the back of the check to prevent “cut and paste,” a “void” pantograph that reveals itself in a photocopy, chemically protected paper to prevent lifting the signature or amount, and an inventory number preprinted on each check.

Be positive that your checks are being cashed for the amounts that you intended. Positive payroll and positive payables prevent changes to check amounts that lead to fraud by notifying banks in advance of payroll or accounts-payable cashing of the amounts that have been authorized for payment. Check stock that is tamper-proof does discourage fraud, but a less-than-vigilant bank employee may miss the telltale signs of tampering.

Nice guys may be the bad guys. Ironically, the nasty people may be the good ones. Do not assume that nice people are good guys and nasty people are bad. Dishonest people can act sweet and passive, so that no one would think of them as criminals. If you were a thief, would it be wise for you to play the old curmudgeon, who is crusty and complaining, or the obliging, helpful person? Don’t make any assumptions about people’s behavior, however, until there is evidence to suspect them of wrongdoing. Looks can be deceiving, either way.

Technology may be to blame. One of the clear advantages of technology is that most people, especially the mischievous, halt their dishonest interactions when they think of the possibilities of technology. Technology is a weapon that often permits the unearthing of mischievous deeds, and technologists are the modern sleuths.

But technologists can become the technology gurus who “know it all.” They may say, “I’ll take care of it,” or “Don’t worry, I’ll make sure the computer knows.” Or they may become the sole knowledge bases of how information is captured and retrieved. Therefore, when starting with new technology, be sure that nontechnologists are managing the process and the security access codes. Also, ensure that fiscal detail-oriented personnel are involved in the setting-up of and transfer to the new technology.

Vigilance Needed
Maintaining the integrity of the information system is critical to the survival of an organization. If all of the viable audit trails are linked to the computer “black box,” clearly it is imperative that someone in management be entrusted with routine daily backups off-site; routine, independent auditing of the system by outside auditors; high-level security access; taking the defined steps to change security codes when a person leaves employment; and securing access to backup data and source and systems documentation.

Never allow only the technology department or the finance department to have computer access to records. If a reasonable audit trail is being adhered to, a manager or a designated representative must have access to all financial records. Computers can encourage larcenous temptations. When we find that only an information services staff member can secure all of the required information, we should be alarmed.

The electronic database must be more secure than the paper database, and it must be—allowing for reasonable security clearances—fully accessible by key management professionals. The management office cannot be at the mercy of the chief information officer, chief financial officer, or other individual who is the single person who both understands the system and knows how to get valid information.

Good information management protects the fiscal health of a local government and the integrity of its employees. The computer can be a vehicle for security controls, or it can be the gateway to an embezzler’s paradise. Computer software has yet to embed the intelligence gained from a careful understanding of the weak management and human desires that can cause compromised workflow, sloppy cash handling, concealed transactions, and opaque financial reporting. A vigilant manager’s office can use technology as a tool to reinforce fiscal security and to gain citizen confidence in the accountability and integrity of local government.

Fred Bartz is chief fiscal specialist for BSCA, Inc., Rensselaerville, New York, and was finance director and tax collector for Schenectady, New York. Barry Strock is president of BSCA, Inc., and Jack Harris is national director of the company.