Ethics and the Agency Auditing Function
This column is a service of the Institute for Local Government’s Ethics Project, which offers resources on public service ethics for local officials. For more information, visit www.ca-ilg.org/trust. Special thanks to the following individuals who contributed to this article: Eduardo Luna, city auditor, City of San Diego; Mike Taylor, city auditor, City of Stockton; Renata Khoshroo, senior program performance auditor, City of San Jose; and Ricky Lau, internal audit manager, County of Alameda.
- Evaluate agency records to ensure that they accurately reflect the status of the agency’s assets;
- Prevent or detect unauthorized acquisition, use or disposition of the agency’s assets;
- Assess whether internal controls designed to safeguard resources are in place and working effectively, and make recommendations on how to improve such controls (see “What Is an Internal Control?”);
- Determine whether transactions are recorded as necessary to permit the preparation of financial statements that accurately reflect the agency’s financial situation;1 and
- Follow up on audit findings and recommendations to determine if timely, appropriate action has been taken to correct internal control weaknesses.
- Organizational Independence. Auditors should have sufficient independence from the people they are required to audit so that they can conduct their work without interference and be seen as able to do so.
- A Formal Mandate. Auditors’ powers and duties should be established by the agency’s legislative body by an ordinance, resolution, policy statement or charter amendment.
- Unrestricted Access. Audits should be conducted with complete and unrestricted access to employees, property and records.
- Sufficient Funding. Auditors must have sufficient funding relative to the size of their audit responsibilities.
- Qualified Staff. If the auditing function is in-house, the head of the audit staff must be able to recruit, retain and manage highly skilled employees.
- Stakeholder Support. The legitimacy of the auditor’s role must be understood and supported by a broad range of elected and appointed officials as well as the media and involved citizens.
- Professional Audit Standards. Auditors should conduct their work in accordance with recognized standards, such as the Government Auditing Standards issued by the U.S. comptroller general (www.gao.gov/govaud/ybk01.htm).
- The Association of Local Government Auditors (www.governmentauditors.org) recommends that an agency’s auditor have authority to conduct audits of all agency departments, offices, boards, activities and programs in order to independently and objectively determine whether:
- Activities and programs being implemented have been authorized by the agency’s charter, code or other laws and regulations and are being conducted and funds expended in compliance with applicable laws;
- The agency is acquiring, managing, protecting and using its resources — including public funds, personnel, property, equipment and space — economically, efficiently, effectively and in a manner consistent with the objectives intended by the authorizing entity or enabling legislation;
- Agency programs, activities, functions or policies are effective, including the identification of any causes of inefficiencies or uneconomical practices;
- The desired results or benefits are being achieved;
- Financial and other reports are being provided that disclose fairly, accurately and fully all information required by law to ascertain the nature and scope of programs and activities and establish a proper basis for evaluating the programs and activities including collecting, accounting for and depositing revenues and other resources;
- Management has established adequate operating and administrative procedures and practices, systems or accounting internal control systems and internal management controls; and
- Valid indications of fraud, abuse or illegal acts exist that require further investigation.
The Importance of Tips
Confidential reports of misconduct from employees and others are one of the most effective means of detecting fraud.8 Increasingly, local agency auditors are establishing and operating ethics/fraud hotlines. Auditor-operated hotlines are authorized by California state law.9 A requirement for auditors to protect the identity of callers helps encourage reporting fraud and misconduct.10
Organizations can improve their detection efforts by establishing formal structures to receive reports about possible fraudulent conduct. California’s state auditor has a web page that contains useful information to request from those reporting potential wrongdoing (www.bsa.ca.gov/hotline/).
In a 2008 survey, the Association of Certified Fraud Examiners (www.acfe.com) found that more than half of all fraud detection tips came from employees, which suggests that agencies should focus on employee education as a key component of their fraud detection strategies. Employees should be trained to understand what constitutes fraud and how it harms the agency. They should be encouraged to report illegal or suspicious behavior, and they should be assured that reports may be made confidentially and that the agency prohibits retaliation against whistle-blowers.11
Tips from external sources like vendors and clients can also play an important role in fraud detection. Agencies should include external sources in their fraud detection programs by making them aware of the agency’s reporting mechanism and encouraging them to report misconduct.
What Is an Internal Control?
A key function of any audit is to assess an agency’s internal controls, which are key tools in preventing misuse or misappropriation of public resources and assets.
Examples of internal controls include:
For more information, visit the American Institute of Certified Public Accountants’ Governmental Audit Quality Center at http://gaqc.aicpa.org.