Feature Articles and Resources

• Fraud Risks in the Treasury Function
  
• Desperate Times Increase Risk of Employee Payroll Schemes
  
• What You Can Do to Prevent Purchasing Card Fraud
  

• Panel of Economists
  
• Interest Rate Outlook
  
• Snapshot of Economy and Interest Rates

• Performance Benchmarks
  • 10-Bill Index
  • Money Market Fund Index
  • LGIP Index
  • Key Rates: Cash Markets
  • Relative Value Yield Chart

Fraud Risks in the Treasury Function

by Joseph R. Dervaes

Fraud in the treasury function results in the loss of public funds, unwanted media coverage, and loss of trust. The key to preventing fraud is to be aware that fraud can (and does) happen and to counter it with a good offense. This article highlights seven fraud risks in the treasury function and recommends ways to mitigate these risks.

1. Responsibility Cannot be “Fixed on” a Specific Employee

Problem: More than one person could be accused if a loss occurred. In other words, responsibility cannot be “fixed on” a specific employee. At some points in the process, it is not clear which employee is responsible for the money. For example, if two employees share the same vault, both employees should be questioned in the event of a loss.

Solution: Procedures to safeguard funds at all times while “fixing” responsibility should be established. For daily cashiering operations, each cashier should have his own change fund and password for computer cash register systems. Each employee who stores funds in a safe or vault overnight must also have a separate locking container inside the safe or vault. Employees should always sign for the receipt of money when funds are transferred from one person to another. These procedures ensure the organization can identify responsibility for money at any given point in time. A helpful question is: “Who is responsible for the money right now?”

A word of caution: Segregating duties has long been an accepted internal control in the treasury function. However, governments should be aware of the risk that may accompany segregating duties if it destroys fixed responsibility. For example, where one person works alone collecting revenue from customers, many organizations require this employee to count and balance funds at the end of the day and then place the funds in a safe overnight. The following morning, another employee opens the safe and makes the bank deposit. This procedure is in place because managers believe that they have improved internal controls over funds by separating the duties of these employees. However, in this instance when funds are missing, responsibility for the loss cannot be fixed (unless someone confesses).

2. Bogus Check Fraud Risk

Problem: Check fraud is a huge and growing industry in the United States. Producing counterfeit checks is a simple and unsophisticated process: a relatively minor investment in computer and peripheral equipment can produce high-quality fake documents. With a government’s bank account number, checks and warrants can be issued, and electronic debit transactions created.

Solution: A useful way to prevent such fraud is to establish “positive pay” procedures with the government’s bank. This is a daily reconciliation of the checks issued versus the negotiable instruments being presented for payment to the bank. Smaller checking accounts should require that an independent party reconcile the account immediately upon receipt of the bank statement, and no later than 30 days after the bank statement date. Check stock should meet industry standards and have security features that make counterfeiting more difficult. Finally, filters and/or blocks should be implemented either totally or selectively.

3. Money Laundering

Problem: Laundering is converting checks for personal gain. Employees can steal unrecorded revenue checks and launder them both inside and outside the organization to receive the proceeds. Usually, the employees who steal the checks are not the ones who originally received them.

Check laundering can occur inside an organization by:

1. Using a check-for-cash substitution scheme in the daily bank deposit.
2. Making irregular deposits into and withdrawals from an authorized bank account with a name similar to the name of the organization, such as an employee fund.
3. Making irregular deposits into and withdrawals from an authorized bank account used within the organization (general depository, trust, etc.).
4. Making a “cash-back” withdrawal from a deposit for any type of bank account at the organization.
5. Altering checks by increasing the amount and removing an equivalent amount of currency from the till drawer and subsequent daily bank deposit.

Check laundering occurs outside an organization by:

1. Making deposits into a “bogus” bank account in the name of the organization.
2. Making deposits into a personal bank or credit union account.
3. Cashing the checks at a financial institution or business/vendor.

Solution: Accountability must be captured for incoming revenue checks immediately. As soon as items are received, the transactions should be recorded through the receipting mechanisms in place (manual receipts, computer receipts, cash registers). Ideally, two individuals should open the mail, make a log or record of the transactions, turn these checks over to the cashier function, and then reconcile the log to daily cash receipts and the bank deposit to ensure that all transactions have been properly accounted for and controlled.

4. Accounts Receivable

Problem: Funds from cash receipts in the accounts receivable system are misappropriated in one of two ways: 1) write-offs in the account, such as through a “non-cash credit” transaction (account write-off, adjustment, or cancellation) or 2) allowing the account to become delinquent (without taking any action). The latter situation is usually detected though customer feedback.

Solution: At the end of each business day, the accounts receivable accounting system should produce an “exception” report listing the universe of all “non-cash credit” transactions. Each transaction should be authorized, approved, and supported by appropriate documentation for the action. The “exception” report should be mandatory as a monitoring tool in the accounts receivable system. Delinquent accounts should be monitored closely. Customer account confirmations should also be reviewed. Finally, all customer feedback should go to someone who is independent of the accounts receivable function for proper research.

5. Payroll Fraud Schemes

The table below summarizes the five most common payroll fraud schemes. See Desperate Times Increase Risk of Employee Payroll Schemes for more information.

6. Monitoring Employee Tasks

Problem: The last person who prepares the deposit before it goes to the bank typically poses the highest risk. The fact that this employee is usually a supervisor who occupies a critical position of trust confounds the situation and creates opportunity to manipulate the contents of bank deposits without detection, usually for long periods of time – resulting in huge dollar losses.

Solution: An individual independent of the function involved must periodically verify the work of this key, trusted employee. This can be accomplished by performing unannounced cash counts, which can verify that the payment mode for records of all cash receipt transactions matches the check and cash composition of the daily bank deposit.

7. Compromising the Accounts Payable System

Problems: Cash disbursement schemes work by obtaining a negotiable instrument and converting it to cash for personal gain.

The largest cash disbursement fraud schemes involve either accounting functions being performed in the data processing function (or some other function), or vice versa. Employees with both input and output responsibilities are able to compromise the organization's internal control structure in the accounts payable system. As a result, these employees are able to create fictitious disbursement transactions using either legitimate or false vendors, obtain the check, and then use the proceeds for their personal benefit.

A common compromise of the accounts payable system involves the use of Post-it™ Notes. Employees initiating these transactions use Post-it™ Notes to ask the staff in accounts payable to return the check to them after issuance, usually so they can hand carry it to the vendor for emergency purposes or present it at subsequent meetings. Or, they verbally ask the staff in the check distribution section to similarly return checks to them.

Managers should look for a “straight line” from the source requesting payment for the transaction to accounts payable for review and production of the checks to the individual making distribution of the checks. Anytime there is a u-turn in accounts payable or check distribution where the check is returned to the source, the transaction automatically becomes an exception requiring scrutiny and monitoring by managers.

If a government codes these u-turn transactions in the computer system prior to processing, managers will be able to prepare an “exception” log listing the universe of all such transactions each business day. If not, managers must prepare this “exception” log manually. This log should include the date, check number, amount, who picked up the check, and why. This log should be periodically reviewed for trends. Review check endorsements for questionable transactions.

Another common compromise of the accounts payable system is the abuse of “pseudo-vendor codes” (one-time payments in lieu of establishing valid vendor codes). Violations of policy occur first, with fraud sometimes following when an employee realizes that the internal controls are not enforced.

Solutions:

1. Review access controls to ensure that no employee can initiate disbursement transactions, release the batch of transactions to request production of checks, and then pick up or obtain the negotiable instruments.
2. Prohibit either accounting functions from being performed in the data processing function, or vice versa. Accounting department personnel should not have the authority to make computer software changes to any program, such as the check redemption software program.
3. Any compromise of the accounts payable system should be documented on an exception record to identify the universe of all transactions processed outside normal parameters. These include the use of Post-it™ Notes or any other verbal or written messages to accounts payable personnel or check distribution personnel and employees personally picking up checks when this is not the organization's normal procedure. Managers should periodically review the supporting documents for these transactions for trends, and examine the bank endorsements on the checks for validity.
4. Ensure that managers closely monitor all disbursement transactions initiated by anyone working in the accounts payable function. Most accounts payable employees “process” the work of others, but some actually “initiate/create” transactions for routine monthly payments. All transactions initiated in accounts payable must be approved by a supervisor who is independent of the original transaction.
5. Accounts payable duties should not be performed by anyone outside the accounts payable function.
6. Use of “pseudo vendor codes” (one-time payments in lieu of establishing valid vendor codes) should be documented on an exception report. Managers should periodically review the supporting documents for these transactions for trends, including any abuse of the system such as multiple payments to the same vendor. It is often forgotten that employees assigned specific computer tasks can always perform the task at any time of the day or night whether the action is authorized or not. The ultimate question is whether all such transactions are authorized, approved, and properly supported.
7. In small organizations, the governing body should closely monitor all disbursement transactions by individuals who have total control over all such transactions, such as an executive director or financial officer. This review should ensure that all transactions are properly authorized and supported, and are for official purposes.
8. Ensure managers closely monitor all refund transactions disbursed by check to guarantee that all such transactions are properly authorized and supported and are for official purposes. These types of transactions represent “negative cash” and are inherently high risk for fraud.
9. Examine vendor contracts in cases where the transaction analysis or analytical review procedures suggest high, increasing, or unusual volumes with specific vendors. For example, sort all expenditures by vendor by accounting year and list them from highest to lowest dollar amount. Compare the current accounting year to the prior accounting year for unusual or unexpected variances. If something appears out of the ordinary, find out why by obtaining an explanation from management officials. If this is the type of vendor that is selected by a competitive bidding process, review the underlying contract selection file to determine if valid documents are in the file. If not, find out why and determine if the selection process was documented properly and is reasonable.

Joseph R. Dervaes, CFE, ACFE Fellow, CIA , is the vice-chair of the ACFE Foundation Board of Directors. After 42.5 years of federal, state, and local government audit service, he retired as the audit manager for special investigations at the Washington State Auditor's Office where he was responsible for managing the agency's fraud program. During the past two decades, he participated in the investigation of more than 730 fraud cases involving losses of greater than $13 million. He can be reached at joeandpeggydervaes@centurytel.net.

Desperate Times Increase Risk of Employee Payroll Schemes

by Jeffrey R. Roberts

Employees who commit payroll fraud may justify it as a “payroll advance” or a self-awarded “bonus” they believe is deserved for extra hours spent on a special project. Or they may think about how much more money the boss makes compared to everyone else. The rationalization process goes on until the first act seems like something any other person would do given the opportunity. As time passes, rationalization is easy and the scheme builds like a snowball rolling down a hill.

In fact, the number of long-term, model employees who steal from their employers tends to increase as people get squeezed financially. Many of these frauds may not be discovered for a number of years. During tough economic times, how ready is your organization to identify and stop these sometimes creative fraud payroll schemes?

Creative Payroll Schemes & Scams. Corruption is the most common fraud in government. Payroll fraud can be one of the most insidious forms of embezzlement. The warning signs can be missed or even ignored. Often governments do not even know what to look for. The schemes can be creative and convincing. Managers should be aware of the following methods of payroll fraud.

Extra Payroll Checks: In smaller organizations, a common payroll fraud occurs when an employee writes extra payroll checks, often several, for bogus hours or self-awarded bonuses. When questioned, they will claim to have worked extra hours and might even create documents to justify it. They may rationalize it as a payroll advance, intending to pay it back some day - they won’t. Such frauds are often committed by those most involved in the daily payroll process. Alarms should go off when there are multiple checks to one individual over a period of weeks.

Leave Buyback: One creative fraud found in government involves variations of fraud using leave buyback programs. For example, a manager may convince a governing board to allow accumulated vacation days, to be paid rather than used, thus boosting take home pay. In reality, they still take regular vacations. They may even manipulate leave records to increase their earned time off balance. In one case, a manager more than doubled his base salary for several years after implementing a leave buyback scheme. Bottom line – governments should pay close attention if they allow employees to receive cash in lieu of taking time off. Better yet, make employees take time off each year and restrict or eliminate leave buyback programs.

Ghost Employees: A ghost employee is anyone receiving a paycheck who is not currently employed. Often, the people are real – it’s just they don’t work for the government. They might even be former employees. Commonly, it is an employee’s wife, child, or friend who is set up on the payroll. The person setting up the ghost employee obtains the check and may split the proceeds with the ghost employee. Ghost employee schemes frequently occur in entities with large payroll, high turnover, and those that have multiple locations or facilities. Under these conditions it can be difficult to know who is on the payroll. It is essential to know employees and ensure adequate procedures for adding and terminating employees in the accounting system are in place.

Preventing Payroll Fraud. All too often, these payroll frauds are committed by a single long-term employee everyone trusts and likes. Unfortunately, it is this trust built over years of closely working with colleagues that gives them the ability to commit fraud with little chance of detection. Typically, frauds are not committed by the person hired last month.

Checks and Balances. Governments should make sure a proper system of internal controls exists in their organization. No one person should have total control over the payroll process. Ensure controls extend to all procedures and duties – from employees who have been with the organization for one month and up to 30 years. The biggest trap organizations fall into is appointing the 30-year veteran manager to implement controls and supervise everyone else. The flaw is no one watches the work of the 30-year veteran creating the ultimate opportunity for fraud. It also is why so many frauds go on for five, 10, or even 20 years without discovery.

Governments that are not confident their controls are adequate, may wish to conduct further research using GFOA publications and recommended practices or consulting with a CPA or a consultant who specializes in employee/insider fraud. Such expertise can offer an objective opinion and provide advice during difficult times when fraud is suspected.

Jeffrey R. Roberts, CPA, CFE, is a senior managing consultant with BKD's Forensic & Dispute Consulting division in Springfield, Missouri.

What You Can Do to Prevent Purchasing Card Fraud

by Jennifer L. Forsberg

The use of credit cards for procurement, also known as purchasing cards, has become an accepted practice in government. Yet as with other technology advancements, purchasing cards pose opportunity for exploiting public resources for personal gain. To safeguard public resources and detect losses early, governments should actively monitor their purchasing card programs. They should never wait for an audit to determine any losses; rather, they need be proactive and monitor accounts.

Use of purchasing cards has increased. They increase the efficiency of a government's purchasing process and reduce the volume of purchase orders, invoices, and checks. They are easy to use and eliminate the need and risk of a petty cash system.

Governments that decide to use purchasing cards, should be aware of the risks associated with them. The main risk is unauthorized use. This can happen when charges are made at unapproved vendors, when cards are used for unauthorized purposes, or when charges exceed the users' approved spending limit. Purchasing card companies offer tools to help prevent unauthorized uses, such as vendor blocking and daily limits; however, a review by someone within the organization is the best approach to identify questionable transactions.

Policies and Procedures. Policies and procedures must include adequate controls and these must be communicated to all staff members who will be using the cards. The polices should specifically address the risks involved which depend on:

• The number of cards issued.
• Who will be using the cards.
• How they may be used, including limits on expenditures.
• The agreement with the card issuer.
• The amount of staff dedicated to reconciling and monitoring card use.

Card User Agreement and Training. Requiring the card user to sign an agreement on card use prior to obtaining the card is also a strong control. The agreement should state that the purchasing card is for approved business purposes only; the employee is responsible for all purchases made on the card, and for monthly monitoring of card activity. The agreement should list the actions that will be taken in the event of a questionable charge. Training should be provided to all employees prior to purchasing card use. All cards should be physically safeguarded, as cash would be, and only those individuals who need a card should get one.

Monitor Card Activity. In monitoring card activity, consistent processes should be established to review account activities and ensure only authorized, supported, and valid transactions are posted to the account. The original statement should be copied to ensure an accurate account of the transactions can be compared to information received from the cardholder. After the cardholders' review of transactions, the government should consider:

• Are purchases adequately supported with documentation, including the original receipt? If the purchase was a meal, the full receipt showing what was purchased should be included in the support. An additional control would be to require documentation from the card user on who was present at the meal and its business purpose.
• Do the charges appear to be reasonable?
• Do the charges appear to be for a public purpose?
• Has the information been altered? This can be checked by comparing the statement received from the cardholder to the original on file.
• If the purchase was for an asset, has the asset been added to the government's asset listing?

When these controls are not in place, a government could experience a loss of public funds as the example below shows.

Case Study of Purchasing Card Fraud in a State Agency. A state agency experienced a loss of at least $8,500 over a year and a half. How did this misappropriation occur? The employee simply made numerous personal purchases on the government purchasing card. When statements came to the agency, they were given to the employee for review and approval. After altering the statement by blacking out the personal information, the employee approved the bills for payment. Airline tickets, jewelry, cash advances, and sports memorabilia were just some of the personal purchases made.

How was this loss detected? The employee who opened the monthly statement photocopied it before giving it to the employee to review. When the first employee received the approved copy back, he noticed information had been altered.

What allowed this loss to occur and not be detected? This loss was not detected earlier due to the lack of adequate internal controls. The agency lacked formal written policies regarding supporting documentation, approved uses of purchasing cards, and expenditure approvals. In addition, very little monitoring occurred to ensure purchases were approved, supported, and for a valid public purpose.

What is this agency doing now? It has established written policies and procedures that require adequate support for all expenditures. It also has established an audit committee that reviews all expenditures and purchasing card transactions in a timely manner.

Purchasing cards can be a convenient and efficient tool for purchasing goods and services; however, they require adequate policies, procedures, and active monitoring to avoid potential fraud and misuse. Therefore, they should be used when adequate safeguards are in place.

Effect of Stimulus Plan

This month, Treasury Management asked its panel of economists what effect the stimulus plan -The American Recovery and Reinvestment Act – will have.

Scott Brown of Raymond James & Associates says the ARRA seems unlikely to jump start the economy but should prevent a more severe downturn. He says the package includes some aid to states, but not enough to prevent state job cuts.

Eugenio J. Aleman of Wells Fargo Bank believes the plan is a first step in putting a floor on employment loss and will make things more bearable for state and local governments. However, he cautions that the net effects will depend on how deep and prolonged this recession is.

Peter Kretzmer of Bank of America states that although the economy will remain soft, the ARRA will help stabilize GDP growth and will prevent huge state and local cuts that would otherwise take place.

According to Geoffrey Somes of State Street Global Advisors Economics Team, the stimulus bill will mean that growth in 2009 will be as much as 0.75 percentage points higher than it otherwise would have been with the economy contracting at least 2.5 percent in 2009. He predicts the economy will likely post only a moderate gain in 2010.