Understanding and Preventing Fraud in Local Governments

When it comes to fraud in government, I've found that prevention is always better than litigation. As both a Certified Fraud Examiner and someone who's worked in governmental accounting since my internship days, I've seen firsthand how fraud isn't just a financial issue—it's a deeply personal betrayal that hurts everyone involved.

The Reality of Fraud in Government

Let's start with some sobering statistics from the Association of Certified Fraud Examiners' 2024 Report to the Nations:

• Organizations lose approximately 5% of revenue each year to fraud
• In 22% of cases, losses exceed $1 million
• The typical fraudster commits fraud for about 12 months before being caught
• The median loss in governmental organizations is about $148,000 per case

One misconception I frequently encounter is that all fraud gets reported. In reality, 43% of fraud is never reported to police. Why? About 34% of entities cite bad publicity as the reason, which is particularly concerning for governmental organizations using taxpayer funds.

Even more surprising, while 68% of perpetrators are terminated by employers, that means 32% of known fraudsters keep their jobs. This happens for various reasons—sometimes out of embarrassment, fear of litigation, or simply because we want to believe the best in people.

How Fraud is Detected

The majority of fraud (43%) is initially detected through tips, with 52% of those tips coming from employees. This highlights just how critical reporting mechanisms are within your organization.

Another important reality check: external audits only detect 3% of fraud. This counters the common misconception that auditors should catch fraud. As we'll discuss later, this isn't their primary role.

The Fraud Triangle: Your Prevention Framework

Understanding the fraud triangle is essential for prevention:

1. Rationalization: The justification for the action ("I'm not getting paid enough")
2. Pressure: The motivation or incentive (mounting debt, medical expenses, etc.)
3. Opportunity: Poor organizational controls that allow fraud to occur

While you can't control rationalization and pressure—those are specific to individuals—you can control opportunity through strong internal controls. In fact, 51% of occupational fraud occurs due to either lack of internal controls or override of existing controls. This is why your control environment is so crucial.

Segregation of Duties: Your First Line of Defense

The most fundamental control is segregation of duties. Even in smaller organizations, try to keep these three roles separate:

• Custody: Physical possession of assets
• Authorization: Approving transactions (and remember, just putting initials on something isn't true approval!)
• Record-keeping: Recording transactions in your general ledger

And here's an important distinction: procedures and controls are not the same thing. A policy is broad, a procedure is specific instructions, but a control is an action designed to mitigate risk. Controls come in three types:

• Preventative: Proactive measures to stop errors or fraud before it happens
• Detective: Methods to identify errors or fraud after it occurs (sometimes called mitigating controls)
• Corrective: Actions to fix issues once detected

Management vs. Auditor Responsibilities

There's often confusion about who's responsible for what regarding internal controls and fraud detection. The audit opinion clearly states that management is responsible for the "design, implementation, and maintenance of internal controls.” You cannot have a person outside your department being part of your internal control. This includes auditors, citizens, and vendors.

For financial statement audits (excluding the audit related to federal grants), auditors typically will not test or opine on internal controls—we simply gain an understanding to design appropriate audit procedures. Our work is risk-based and materiality-driven, which is why fraud (especially collusion or forgery) can be difficult to detect through traditional audit procedures.

Case Studies: Learning from Others' Mistakes

The Dixon, Illinois Case ("All the Queen's Horses")

In this infamous case, Rita Crundwell, the treasurer/comptroller of Dixon (population 16,000), embezzled $54 million over 22 years. She created a secret account called "Reserve Sewer Capital Development Account" in 1991, created false invoices, and transferred funds to support her quarter horse farm.

What's shocking is how this went undetected for so long. The failures occurred at multiple levels:

• Rita was the sole signer on the secret account
• She had incompatible duties (approving, executing, and recording transactions)
• The auditors did extensive bookkeeping for the town, creating independence issues
• City council approved budgets without questioning significant revenue shortfalls

Rita was eventually caught by accident when her clerk received all bank statements during Rita's absence and discovered the secret account.

Case Study: The Department Director Fraud

In another case, a director ("Jane") embezzled nearly $1 million over just two years by creating a fictitious sales company. She either sold equipment at inflated prices and billed the Town, or billed for equipment never delivered.

What's notable here is that, unlike Dixon, this organization had properly designed controls:

• A procurement policy was in place
• Purchase orders required two signatures
• Quotes were supposed to be included on purchase orders

However, these controls failed in execution. Approvers simply signed purchase orders without verifying quotes or checking whether prices were reasonable. Jane also had incompatible duties—handling procurement, receiving equipment, and maintaining inventory.

This fraud was only discovered when another employee took over Jane's responsibilities and quickly noticed discrepancies.

Moving Forward: Strengthening Your Controls

As you think about your own organization's controls, be honest about where you stand. Remember that your external auditors only do a brief review of internal controls during financial statement audits.

If you're interested in a deeper examination of your controls, consider requesting an agreed-upon procedures engagement focused specifically on internal controls. This can help identify weaknesses and provide recommendations for improvement before fraud occurs.

Fraud prevention isn't just about checking boxes—it's about creating a culture of accountability where authorization means true review, not just initials on a page. By focusing on strong controls, you can significantly reduce the opportunity for fraud in your organization.

Remember, the goal isn't just catching fraud—it's preventing it from happening in the first place.