Article Everyday Ethics for Local Officials

Ethics and the Agency Auditing Function

This column is a service of the Institute for Local Government’s Ethics Project, which offers resources on public service ethics for local officials. For more information, visit www.ca-ilg.org/trust. Special thanks to the following individuals who contributed to this article: Eduardo Luna, city auditor, City of San Diego; Mike Taylor, city auditor, City of Stockton; Renata Khoshroo, senior program performance auditor, City of San Jose; and Ricky Lau, internal audit manager, County of Alameda.


Question

What role can an auditor play in preventing ethics issues in an agency?

Answer

Auditors can help elected officials and agency managers make sure that public resources are properly used. By conducting periodic audits, local agencies can underscore their commitment to ethics and ensure that any misuse of public resources is detected and investigated. Thus, auditors play a vital part in the process of confirming that an agency is operating responsibly and ethically.

For example, auditors:

  • Evaluate agency records to ensure that they accurately reflect the status of the agency’s assets;
  • Prevent or detect unauthorized acquisition, use or disposition of the agency’s assets;
  • Assess whether internal controls designed to safeguard resources are in place and working effectively, and make recommendations on how to improve such controls (see “What Is an Internal Control?”);
  • Determine whether transactions are recorded as necessary to permit the preparation of financial statements that accurately reflect the agency’s financial situation;1 and
  • Follow up on audit findings and recommendations to determine if timely, appropriate action has been taken to correct internal control weaknesses. 

In some agencies, auditors also review procedures for handling potential conflicts of interest among staff. 2

Auditors deter fraud by identifying and reducing or eliminating the conditions that allow fraud to occur.3 Moreover, the very fact that activities are subject to review through an audit can deter improper activities.

Auditors are also in a position to determine whether potentially fraudulent acts have occurred4 and initiate investigations based on suspicious circumstances or complaints.

What Can Go Wrong?

The overwhelming majority of public employees are conscientious stewards of public resources and property. However, for a few employees, the temptation to use one’s position for personal financial gain is too great to resist. Giving in to such temptation can take the form of soliciting or accepting bribes and misusing or misappropriating public resources.

The Auditing Function

Some local agencies have a standing in-house auditing function. For example, most counties and some cities have elected auditors. In other agencies, audits are handled either by staff who were appointed by the governing body or by contracted certified public accountants. The question of who performs audits depends on local conditions and resources.5

The Institute of Internal Auditors (www.theiia.org) has identified the following seven key elements of an effective public sector audit:6

  1. Organizational Independence. Auditors should have sufficient independence from the people they are required to audit so that they can conduct their work without interference and be seen as able to do so.
  2. A Formal Mandate. Auditors’ powers and duties should be established by the agency’s legislative body by an ordinance, resolution, policy statement or charter amendment.
  3. Unrestricted Access. Audits should be conducted with complete and unrestricted access to employees, property and records.
  4. Sufficient Funding. Auditors must have sufficient funding relative to the size of their audit responsibilities.
  5. Qualified Staff. If the auditing function is in-house, the head of the audit staff must be able to recruit, retain and manage highly skilled employees.
  6. Stakeholder Support. The legitimacy of the auditor’s role must be understood and supported by a broad range of elected and appointed officials as well as the media and involved citizens.
  7. Professional Audit Standards. Auditors should conduct their work in accordance with recognized standards, such as the Government Auditing Standards issued by the U.S. comptroller general (www.gao.gov/govaud/ybk01.htm).  

A key issue is determining to whom irregularities are reported. In some cases, the auditor reports directly to the governing body. Some agencies create an independent audit committee for this purpose. In some agencies, audit committees are formed as subcommittees of the legislative body, such as the board of supervisors, city council or board of directors. Other agencies may include members of the public as part of the audit committee.7

Audit committees should be independent of management, and committee members must be collectively knowledgeable about financial matters. Local agencies should evaluate their governance structure to determine whether an audit committee is appropriate for their particular situation. For more information, see the American Institute of Certified Public Accountants’ Audit Committee Toolkit for Government Organizations (www.aicpa.org/Audcom mctr/toolkitsgovt/homepage.htm).

What Powers Should an Auditor Have?

  • The Association of Local Government Auditors (www.governmentauditors.org) recommends that an agency’s auditor have authority to conduct audits of all agency departments, offices, boards, activities and programs in order to independently and objectively determine whether:
  • Activities and programs being implemented have been authorized by the agency’s charter, code or other laws and regulations and are being conducted and funds expended in compliance with applicable laws;
  • The agency is acquiring, managing, protecting and using its resources — including public funds, personnel, property, equipment and space — economically, efficiently, effectively and in a manner consistent with the objectives intended by the authorizing entity or enabling legislation;
  • Agency programs, activities, functions or policies are effective, including the identification of any causes of inefficiencies or uneconomical practices;
  • The desired results or benefits are being achieved;
  • Financial and other reports are being provided that disclose fairly, accurately and fully all information required by law to ascertain the nature and scope of programs and activities and establish a proper basis for evaluating the programs and activities including collecting, accounting for and depositing revenues and other resources;
  • Management has established adequate operating and administrative procedures and practices, systems or accounting internal control systems and internal management controls; and
  • Valid indications of fraud, abuse or illegal acts exist that require further investigation. 

The Association of Local Government Auditors provides guidelines that local agencies can use to incorporate these provisions in an ordinance, resolution or charter amendment. The Model Legislation Guidelines for Local Government Auditors is available online at www.governmentauditors.org/images/stories/reports/Legislation.pdf.

Conclusion

For more information about the role auditors play within an agency, visit www.ca-ilg.org/auditors for links to the resources that informed this article. The web page also provides an opportunity to comment on this article and share your experiences with audit functions. 


The Importance of Tips

Confidential reports of misconduct from employees and others are one of the most effective means of detecting fraud.8 Increasingly, local agency auditors are establishing and operating ethics/fraud hotlines. Auditor-operated hotlines are authorized by California state law.9 A requirement for auditors to protect the identity of callers helps encourage reporting fraud and misconduct.10

Organizations can improve their detection efforts by establishing formal structures to receive reports about possible fraudulent conduct. California’s state auditor has a web page that contains useful information to request from those reporting potential wrongdoing (www.bsa.ca.gov/hotline/).

In a 2008 survey, the Association of Certified Fraud Examiners (www.acfe.com) found that more than half of all fraud detection tips came from employees, which suggests that agencies should focus on employee education as a key component of their fraud detection strategies. Employees should be trained to understand what constitutes fraud and how it harms the agency. They should be encouraged to report illegal or suspicious behavior, and they should be assured that reports may be made confidentially and that the agency prohibits retaliation against whistle-blowers.11

Tips from external sources like vendors and clients can also play an important role in fraud detection. Agencies should include external sources in their fraud detection programs by making them aware of the agency’s reporting mechanism and encouraging them to report misconduct.


What Is an Internal Control?

A key function of any audit is to assess an agency’s internal controls, which are key tools in preventing misuse or misappropriation of public resources and assets.

Examples of internal controls include:

  • Segregation of Duties. It’s prudent to separate responsibilities like authorizing payment, issuing checks and record-keeping among several people to limit the risk of fraud or error by one person;
  • Authorization of Transactions. An appropriate person should review specific transactions;
  • Retention of Records. Agencies should maintain documentation to substantiate transactions and track assets;
  • Information Technology Security. Using passwords, access logs and other safeguards helps ensure that access is restricted to authorized personnel.12

For more information, visit the American Institute of Certified Public Accountants’ Governmental Audit Quality Center at http://gaqc.aicpa.org.


Footnotes:  

[1] Kenneth M. Dye, “Corruption and Fraud Detection by Public Sector Auditors,” EDPACS: The EDP Audit, Control, and Security Newsletter (November-December 2007).

[2] City of Palo Alto, Audit of Employee Ethics Policies (January 2008).

[3] The Institute of Internal Auditors, The Role of Auditing in Public Sector Governance (November 2006).

[4] Id.

[5] Association of Certified Fraud Examiners, 2008 Report to the Nation on Occupational Fraud & Abuse (2008).

[6] The Institute of Internal Auditors, The Role of Auditing in Public Sector Governance (November 2006).

[7] Association of Local Government Auditors, Model Legislation Guidelines for Local Government Auditors (Third Edition 2007).

[8] Association of Certified Fraud Examiners, 2008 Report to the Nation on Occupational Fraud and Abuse.

[9] Cal. Gov’t Code § 53087.6.

[10] Cal. Gov’t Code § 53087.6(e).

[11] Kenneth M. Dye, “Corruption and Fraud Detection by Public Sector Auditors,” EDPACS: The EDP Audit, Control, and Security Newsletter (November-December 2007).

[12] City of Sacramento Audit Office, What Do We Look For? (www.cityofsacramento.org/auditor/Other.htm).


This article appears in the December 2009 issue of Western City
Did you like what you read here? Subscribe to Western City