Lessons learned from shocking municipal fraud cases

It’s an all-too-common headline: Government employee steals public money. While the details are different, the general outline of the scheme is usually the same. A trusted employee, at the financial center of the municipal body, siphons off small amounts of money by writing checks or electronically transferring funds to himself or herself, or co-conspirators, over the course of several years until one day, he or she is discovered to have stolen hundreds of thousands, if not millions, of dollars.

There have been several shocking cases of municipal fraud discovered in the last decade. Rita Crundwell, a long-trusted comptroller and treasurer in the small town of Dixon, Ill., stole nearly $54 million over 22 years to finance a lavish lifestyle of competitive horse breeding; Michael Minh Nguyen, a financial services manager in Placentia, Calif., embezzled $5 million by wire transferring money to himself and others to pay off gambling debts and make dubious investments; Claudia Viles, the tax collector in Anson, Maine, for 33 years, was convicted of stealing $500,000 in tax receipts from 2009 to 2015.

Unfortunately, these crimes aren’t rare. While most cases don’t feature the same kind of publicity-generating dollar totals, municipal fraud is widespread across the country, according to research by fraud investigator Christopher T. Marquet, author of the Marquet Report on Embezzlement.

“The bottom line is a lack of oversight,” said Marquet, now president of the investigative services division at SunBlock Systems, a cybersecurity and digital forensics firm based in Boston. “The oversight in these agencies is very weak, and that gives you a recipe for trouble.”

Marquet cites a lack of financial literacy among elected officials; a culture of blind trust, especially among smaller communities in which employees and officials have long-standing relationships; and turnover among elected officials as contributing to weak internal controls.

So what can municipalities do to develop oversight systems to prevent embezzlement, and what can CPAs and auditors do to assist them?

We spoke to three municipal fraud experts about the lessons they’ve learned about this type of crime and what can be done to prevent and detect it.

Divide and conquer. Perhaps the most common denominator of municipal fraud is the chokepoint person — an individual within the organization who controls all aspects of financial management. Fraudsters often gain these positions of trust by being the most outwardly reliable person in the building, according to Marquet.

“They never take vacations, they’re control freaks, they seem so helpful and so knowledgeable but in reality, they want that control,” Marquet said. “You have a single individual with hands on all the different levers of finance, trusted implicitly, but remember, you have to trust the person before they can steal from you.”

It can be hard for small town governments, built on tight-knit community connections, to not trust their neighbors and friends who’ve worked in the finance department for decades and become the institutional financial knowledge base, but that is a situation ripe for exploitation.

“The organizations create an environment that gives this person unbelievable opportunity to not only commit fraud but to cover it up and conceal it because there are no checks and balances in place,” said Robert N. Brown Jr., CPA, founding partner of The CPA Solution, a fraud forensics and litigation support firm in Bangor, Maine.

Both Brown and Marquet suggested that the simplest solution to preventing this chokepoint person is to separate financial duties within an organization — the check writer isn’t allowed to perform the bank reconciliation or prepare the financial reports in order to build in a system of checks and balances. While this may seem like an overly burdensome addition of duties for overworked municipal employees, especially in municipalities with tight budgets and small staffs, in the end it is beneficial to towns and employees alike, according to Brown.

“I can help my employees if there is a simple control in place and an understanding at the top that someone is looking over this,” he said.

Trust the system, not people. It may seem coldhearted to say, but municipalities have to value systems of checks and balances over personnel when it comes to fraud, according to Brown. This is especially true when everyone seems like a friendly neighbor. Without the right system in place, municipalities risk creating an embezzlement opportunity, even for the most trusted employees.

“In the right environment, anyone can take,” said Kelly Richmond Pope, CPA, CGMA, Ph.D., and associate professor in the School of Accountancy at Chicago’s DePaul University and a former forensic accountant. Pope recently produced and directed a film about the Dixon fraud called All the Queen’s Horses.

Which system is right for a municipality depends on its size, needs, and resources, but the main goal is transparency and accountability, Brown said, and a clear division of responsibilities, along with a process of independent verification, can further that goal in organizations of all sizes. Employees and municipalities need to know that their work is seen, double-checked and understood by everyone involved. Separation of duties is important for preventing fraud in any system.

“Don’t trust the person, trust the system,” Brown said.

Be proactive. Too often, municipalities don’t take action to prevent fraud because it doesn’t seem to be a pressing issue, according to Brown.

“There’s a lack of focus on what these systems should be because there’s not a problem there,” Brown said. “No one is yelling and screaming and saying that we have to.”

The overreliance on a single person often stems from a lack of institutional financial literacy. Municipal administrators and citizens can help fight fraud by increasing their financial knowledge, according to Pope.

“Get a basic understanding of how to read a financial statement,” she said. “You need to feel comfortable that you have enough knowledge to ask a question.”

Once you have a level of financial literacy that allows you to ask questions, Pope recommended being assertive when questions arise, especially suspect transactions.

“Not paying attention to red flags, not following up on your gut feelings is a problem,” said Pope.

Bridge the expectation gap. Fraudsters can pass annual financial audits for years if they’re the ones preparing and manipulating the reports and statements on which those audits are based. Auditors can evaluate only the information that they are given and are usually not tasked with rooting out fraud.

“Whatever financials get submitted they write it themselves, so it is fairly easy to hide and it never sees the light of day for years,” Marquet said.

However, because of a lack of financial literacy within municipal governments, audits that don’t raise red flags create a false sense of security. Administrators and citizens often believe that everything is fine because the town is being audited regularly and they don’t understand the purpose and limits of an audit.

“Auditors have a responsibility to communicate significant deficiencies and material weaknesses in internal control over financial reporting that they encounter to those charged with governance, as well as any fraud or suspected fraud the auditor has identified,” said Ahava Goldman, CPA, CGMA, AICPA associate director, audit and attest standards. “Auditors are not responsible for telling those charged with governance how to fix significant deficiencies or material weaknesses. In fact, those charged with governance often don’t make the changes necessary, because they think, for example, it is too expensive or they are willing to accept the risk.”

That is a situation Brown has seen repeatedly. “There’s what I call an expectation gap between what a traditional CPA audit firm does and what the public thinks they do,” said Brown. “People don’t understand that it’s the responsibility of organizations, not auditors, to create controls.”

Drew Adamek (Andrew.Adamek@aicpa-cima.com) is a JofA senior editor.