Ever Had More Money than You Can Spend?

Written by Matt Weller, Oklahoma City, OK, 

Initially we planned to audit Oklahoma County’s administration of Oklahoma City’s property tax revenues, which are used to service GO Bonds.  Oklahoma City primarily uses proceeds from GO Bond issuances to finance street, bridge, and drainage improvements.  During the planning phase of our audit we discovered that GO Bond funds were accumulating.  The City’s Public Works Department is responsible for implementing the GO Bond and other capital programs, including design, management, construction and oversight of projects.

Since 1989, the citizens of Oklahoma City approved GO Bonds totaling $715 million. Also since 1989, the citizens of Oklahoma City approved two limited-purpose City sales tax programs to fund downtown facilities renewal and public school improvements.  From 1995 through 2003, 60% of the expenditures for capital programs administered by Public Works related to projects funded by the two limited-purpose sales tax programs while only 30% related to the GO Bond program.  Oklahoma City’s GO Bond fund balance more than doubled from $63 million in fiscal year 1995 to $157 million in fiscal year 2004.  GO Bond fund balance increased because expenditures did not keep pace with GO Bond issuances.  As illustrated in the following graph, GO Bond fund balances were projected to reach $217 million at the time of the next scheduled bond election in fiscal year 2007 which is equivalent to about 2/3rds of the largest GO Bond authorization in the City’s history.

 

Oklahoma City found itself in an unusual situation for most local governments…more capital funds available than could apparently be spent. Further, the situation would translate to significant delays in essential infrastructure improvements that were promised to citizens and erode citizen confidence in the City’s ability to keep their promises to citizens.  Rather than audit tax administration, we set out to determine how to solve the problem of having more capital funds available than we could spend.

An assessment of remaining GO bond funds on-hand and GO Bonds authorized for issuance found that the largest portion related to street projects.  We found that the number of project managers responsible for these projects had been steadily reduced since 1995. Based on an assessment of GO Bond project expenditures and time worked on GO Bond projects for the last three years, we estimated it would take an astounding 17 years to complete existing authorized and funded street projects.

An assessment of overall GO Bond program management found multiple deficiencies including:

  • Lack of a schedule for completion of GO Bond projects.
  • Inadequate GO Bond management reports and an ineffective reporting process.
  • Incomplete internal billings for staff time spent on GO Bond projects.
  • Inefficient allocation of GO Bond funds to projects.
  • Project engineering costs paid by other funds were not reimbursed by the GO Bond fund.
  • GO Bond program oversight responsibilities were not assigned to specific personnel.

Our assessment led us to the conclusion that additional staffing for the GO Bond program was warranted, but program management improvements were needed before an appropriate staffing level for the program could be determined.  We recommended phasing in additional staff on street improvement projects over a three-year period. In our view, phasing in additional staff on street projects would mitigate the risk of over staffing by allowing time for management to address program-level deficiencies, evaluate project-level management procedures, and would devote additional staff to the portion of the GO Bond program where the most GO Bond monies remain and where staff had been steadily reduced over the past 10 years.

City management responded positively to our recommendations and immediately took several measures to improve program management.  A GO Bond program work section was created in the Public Works Department, including the creation of a GO Bond Program Manager position to manage the program and the addition of four project manager positions.  Project manager staff assignments were clarified and regular status meetings are held to improve the consistency of project management and communications.  An oversight committee consisting of executive level City personnel was established to review all major program level decisions. Additionally, an outside financial advisor was engaged to establish standardized quarterly budget and schedule reports, develop recommendations to improve program efficiencies and program management, identify benchmarks and best practices and develop recommendations for appropriate fund balance levels.

Significant to management’s response to our findings was the development of goals for GO Bond project delivery for each fiscal year.  Management established a goal of $60 million in GO Bond projects for the first fiscal year after the audit.  Management exceeded this goal, by achieving $71 million in GO Bond project work for that fiscal year. For the next fiscal year, management increased the target to $72 million.  Additionally, the outside financial advisor has been consulted to determine additional staffing needs and program refinements necessary to continue meeting the goals that have been established.

Management is now actively managing the program to complete infrastructure projects.  Often, as auditors, we are told that program results are not possible because resources are not available.  This story serves as an important reminder that in many cases lack of resources is not the reason for poor program performance, but lack of management of available resources.

The Psychology of Consultative Auditing

Written by Kymber Waltmunson, 

“Build your opponent a golden bridge to retreat across.”  This is the message of Sun Zsu in his 6th century BC work, The Art of War. In auditing, the golden bridge we build crosses the river of resistance, resentment, and frustration and leads to positive organizational change: efficient, effective, economical, and equitable government.  In this article I revisit my first career as a psychotherapist to review techniques that may make us more successful auditors.  

When I use the term “consultative auditing” I am referring to the tone and approach to a fully independent audit, not to consulting activities. Consultative auditing is respectful, collegial, honest, and motivating.  The consultative audit approach can only enhance your independent, standard-compliant audit.

The most effective auditors do not simply report on conditions observed; they help to create conditions that result in organizational improvement without compromising audit principles.  Understanding some basic Transactional Analysis (TA) concepts and techniques can help us to do this more effectively.  TA is an approach to human beings and relationships initially developed by Eric Berne and expanded upon by others.

 

World View 

The way we look at the world is the foundation of TA theory.  In TA, the most effective way of operating is to assume the basic goodness and positive intent in others.  For example, when an audit customer fails to provide a key document the healthy way to interpret this is that it was overlooked rather than intentionally hidden.  TA theory states that we can choose how to interpret the world around us and by doing so can significantly impact the course of events.

Taking the previous example further, imagine the difference in response and impact on the tone of the audit when you say, “Thank you so much for gathering all of this data for us, I know that you are incredibly busy.  I noticed that ‘x document’ got missed. Can I swing by and pick it up later?”  Or the opposite impact of, “Local law requires you to provide all documents to the auditor.  If you don’t provide me with ‘x document’ within 24 hours I will begin the subpoena process.”

Taking the positive perspective does not eliminate professional skepticism.  These two world filters can co­exist. Skepticism requires that we ask enough questions, gather enough supporting data, and see the whole picture. It does not oblige us to label the audited group as devious liars intentionally misusing taxpayers’ hard earned dollars.

‘Atta Girl/Boy 

A second key idea of TA is “strokes.”  Strokes are all forms of interpersonal recognition and can be positive or negative.  Positive strokes can range from looking someone in the eye to saying, “good job!”  Negative strokes can range from being ignored when we say, “good morning” to being physically attacked.

We must acknowledge, as auditors, that all human beings, including our audit customers, need positive strokes to thrive. Many people believe that part of being a grown-up is being able to do your best with no recognition.

There has been media attention to the profile of the Generation X workforce recently identifying the need for positive reinforcement as a unique attribute of this new, young worker.  When examined honestly, however, the fact is that all human beings perform better and are more contented when there is an environment of positive strokes.

Positive recognition in the audit environment may come from auditors during meetings, conversations in the hall, or in audit reports. As we move through our audit work ensuring that there are more positive than negative strokes in your interactions will make audit work more successful.

The semantics and tone of audit reports, the balance of positive and negative strokes, is critical to creating an environment that is conducive to improvement.  There are endless ways to communicate a finding.  The auditor should work to choose language that motivates audit customers to act by recognizing strengths and positioning audit customers to leverage those strengths to address the recommendations we make.  The following chart compares “classic” audit language to motivating language:

 

Motivating Language Classic Audit Language Comparison
Officers write detailed, thorough reports , and treat victims res pectfully but it is not clear that advocates are cons is tently notified. Victim advocates are not consistently notified. This wording recognizes the audit customer’s strengths in the area examined.
Setting specific goals and monitoring performance would help the city improve key cleanliness conditions and improve satisfaction. Program goals and performance measures have not been developed. This language points to the direction the audit customer should go and minimizes language that may be chafing.
The county is working toward sufficient planning for continuity of government operations. County continuity of operations planning is insufficient. There are usually many shades of grey in implementation of best practices.  This wording recognizes that the audit customer has done some work, but has further to go.
Within constraints, opportunities may exist for more cost-efficient staffing. Staffing is not cost efficient. This wording acknowledges complexity and policy decisions involved.  Management will build internal capacity by analyzing further.

Audit reports generate energy. We can help direct audit energy toward further developing positive practices in the organization or we can expect the audit customer to use audit energy to criticize and challenge the audit report.

Audit Drama 

One TA tool developed by Stephen Karpman, the drama triangle, represents a psychological dynamic that feeds into itself creating power plays, bad politics, and general chaos.  There are three points on the drama triangle: the Persecutor, the Rescuer, and the Victim.  Instead of playing out these dynamics, auditors can choose ways of communicating with audit customers that have positive results.

 

The Persecutor sees the world through an unconscious, “I can make you feel bad” filter.  The Rescuer has the opposite, “I can make you feel good” filter.  Finally, the Victim is powerless sufferer who believes that they can be made good or bad by one of the other positions.  Both auditors and audit customers can fit into any of these three categories and can switch roles quickly creating detrimental drama.

The most typical auditor approach is the Persecutor.  When an auditor chooses the Persecutor role unless the audit customer is a highly emotionally stable organization they will likely react in one of two ways:

  1. The audit customer will react as Victim and sink into a “poor me” stance. This will stifle their
    motivation and ability to create positive change.
  2. The audit customer will react from as Persecutor and attack the auditor. They might try to paint the auditor as incompetent or work to poke holes in any recommendations made instead of working to improve their processes.

The way to avoid drama in auditing is to choose not to rescue, persecute, or be the victim in communications with audit customers.  In addition, if the audit customer chooses a persecutor role to communicate with the auditor, auditors can decide not to follow the gut reaction to fight back.  To be effective, auditors must take a deep breath and take the high road every time.

Auditor as Parent 

Although few auditors would consider audit customers their children, parenting styles are a tool to evaluate audit approaches. Just as parents hope to raise smart and successful children, most auditors hope that their audit customers run smart and successful organizations.  In parenting literature core styles of parenting include authoritarian and authoritative.  Each approach elicits predictable behavior from children and will elicit the same predictable results with audit customers.

The authoritarian auditor has high expectations of conformity and compliance to rules and directions.
Authoritarian auditors expect much of their audit customers but do not explain the rules or provide tools to succeed. The auditor attempts to control an audit customer’s behavior and attitudes, stressing the importance of obedience to authority and discouraging discussion.  Auditors who use this method often deal with the auditee very firmly.

Authoritarian results: Those audited with this style tend to be less responsive, more distrustful and withholding, and have lower achievement.

The authoritative auditor has high expectations of compliance to rules and directions, an open dialogue about them, and a customer-centered approach characterized by positive affect.  Authoritative auditors encourage the audit customer to be independent and successful. The authoritative auditor operates on the belief that both the audit customer and the auditor have certain desires and that the needs of both are important.

Authoritative results:  These audit customers are self-reliant, become self-controlled, and are more independent and successful.

When does a consultative approach not make sense?

The choice of audit approach is not black or white; for each audit there is a point along the continuum of consultative methodology that makes sense.  Occasionally, acting in a consultative manner could make the auditor vulnerable and decrease the value of the audit.

For instance, one should always consider whether consultative activities will impair or appear to impair independence in the current project or in future audit work.  Consultative auditing requires clear, consistent boundaries.

There are times when an audit customer comes into the process very aggressive and withholding and your attempts to shift the tone are unsuccessful.  In this case, being too consultative could simply provide the audit customer ammunition to shoot down audit recommendations at the last minute and give them tools to render the audit ineffective politically or otherwise.

In closing…

When auditors act to support positive organizational change, back away from harsh pronouncements, and provide tools for success we leave one route available to our customers: the golden bridge.

Focus upon Infrastructure

At the end of the working day and the end of the tension-filled fiscal year every entity has one thing in common that they must recognize as a potential area for audit work-infrastructure.

In local government, infrastructure makes up the bones and connective tissue that supports all the other functions. Different departments make up the vital organs and auditors, well, that’s when the metaphor breaks down. I suppose auditors would be the hypothalamus, pituitary, or some other critical but unpopular regulatory organ.

The point is, infrastructure means many things to many people. 

It can mean the people who perform the critical activities for an organization. It can also mean the organizational structure and channels for communication within local government.  More often than naught it refers to the physical construction of buildings and roads that are paid for with bond monies as a part of capital improvement program.

We most often focus upon the financing of the infrastructure, specific components of the construction, or the procurement process because they are more manageable.  These things are also more immediately understandable for the public. Above all, the public wants infrastructure to work. And as we have seen in the case of the bridge collapse in Minneapolis, levee failures in New Orleans, and decaying public transit systems in Chicago, Boston, and New York, this critical infrastructure affects the lives of citizens directly and profoundly. It is also quite expensive to build and maintain.

For these reasons, we have chosen Infrastructure as the theme for this issue.  While not all of the articles fromthis issue focus on lessons learned from infrastructure audits we did have several submissions.  Our reliable columnist Gary Blackmer leads off the articles with his Opportunities for Improvement that focuses on infrastructure issues followed by lessons learned from King County and Oklahoma City audits of their public works departments.

Our March issue will highlight ALGA’s 20th Anniversary which will be commemorated at the 2008 Annual Conference in Philadelphia.

Doug Whitworth
LGAQ Editor

Building Blocks for an Ethical Culture

Written by Nick Ciancio, Global Compliance,

Ethics hotlines, or whistleblower hotlines, are now prevalent within many organizations. While many assume that ethics hotlines were born as a result of prominent corporate scandals and the resulting Sarbanes-Oxley Act, the original compliance reporting hotline actually dates back to 1981. Global Compliance introduced the original reporting hotline and it was targeted to government defense contractors for disclosure of fraud and waste.

Section 301 of the Sarbanes-Oxley Act requires publicly traded corporations to implement procedures for confidential and anonymous submission of employee concerns regarding questionable accounting or auditing matters. However, organizations of all types, including those not mandated by the Sarbanes-Oxley Act such as private corporations, government entities, universities, and not-for-profit organizations, have also begun to implement hotline reporting systems. These hotline reporting systems are being put in place to protect the organizations and build public confidence along with the confidence of employees, customers, and stakeholders.

In reality, reporting hotlines are a very effective means of uncovering occupational fraud. The 2006 Association of Certified Fraud Examiners (ACFE) Report to the Nation shows that 34.2% of occupational fraud schemes were discovered by tips, the most common method of discovery. And, of those tips, nearly two out of three tips came from employees. Further, in the cases reviewed in the ACFE Report, organizations that had anonymous fraud hotlines suffered a median loss of $100,000 in fraud schemes, whereas organizations without hotlines suffered a median loss of $200,000.This data, therefore, supports the use of hotlines as a fraud detection tool.

However, while hotlines serve as an important source of information intake, hotlines are just one key element within an effective ethics and compliance program. While it’s one thing to provide a vehicle for information intake, it’s equally important to educate employees on an organization’s core values, relevant industry regulations, key legislation, and organizational processes and procedures, along with expected behaviors. This said, a thorough Code of Conduct, employee training, and ongoing employee communications each become a critical part of building an ethical business culture. These elements integrated with a hotline and web reporting system enable an organization to protect itself from financial, legal, and reputational harm. Lastly, with all of the key elements in place, it then becomes important to regularly measure and validate employee comprehension, as well as overall perception of the work environment and culture.

Recent high visibility scandals in a multitude of industries and sectors have made occupational fraud top of mind. Today, we’re seeing organizations including ethical risk in their overall risk assessment efforts, and high-level ethics and compliance functional positions directly reporting to the CEO and the Board of Directors established within organizations. No doubt, occupational fraud is not a new trend in today’s business world, but rather has been prevalent for years. However, the enactment of the Sarbanes-Oxley Act of 2002 followed by amendments to the Organizational Sentencing Guidelines in November of 2004 has raised the stakes for organizations of all types – public and private corporations, government entities and not-for- profit organizations. Accountability at all hierarchical levels is now mandated and mindsets are evolving. Perhaps in near time we’ll see businesses fully recognizing that ethical business is good business and the only responsible approach with respect to employees, customers, and stakeholders.

2006 ACFE Report to the Nation on Occupational Fraud & Abuse

The Nexters

Written by Brandon Haynes, City of Atlanta, 

Last August I posed a question to the list serve asking young auditors (mid 30’s or younger) and those new to the profession about their feelings coming into the profession. Although the question I asked generated many concerns about the validity of the question, the question itself did not spawn many responses. Most people who sent responses directly to me thought the concept was interesting and asked me to share what I found. So after six months and a different audit shop later, here is my essay. I hope it can foster thought about the future of our profession.

Introduction

Whether it is because of age, years of experience or other factors, retirement has started to siphon experienced auditors from our profession. Through their eventual departure, vacancies will open and be filled by a new generation of employees. As a profession, are we prepared for this? How can we make the transition easier? The next few paragraphs will describe the new generation entering the workforce, the “Nexters,” as well as discuss how a few Nexters feel about performance auditing. Although this may speak more about the younger generation entering performance auditing, I hope the central premise of my message can be embraced by the profession as a whole, since the cultural shock of entering the profession of performance auditing for the first time can be jolting at any age. Knowing and understanding this new workforce may prove beneficial in recruiting and retaining good employees in the profession.

RISE OF THE NEXTERS

From 1977-2000, the Nexter generation was born, raised, and matriculated into the workforce.

Being the children of the Baby Boomers, and younger siblings to Generation Xers, some circles refer to us as the Baby Boom Echo, Millennials or being a part of the Baby Boomlet. You may have started to see some now if you have employees who are around 30 and younger. The Nexters have grown up participating in so many different types of extra-curricular activities (athletics, drama, clubs, jobs) that time management and multitasking have become second nature. They came out of the womb pointing and clicking a mouse and playing video games, so technology is not a luxury to them, but a necessity. Living through the end of the boom of the 80’s and early 90’s into the down-sizing of the 90’s and the world of unrest in the 00’s, Nexters are expected to work well with “Seniors” (born 1922-1945), who made it through the Depression era. Nexters have a hopeful optimism that they can foster change and make life better. They are considered a “self confident group, and sometimes even cocky,” but they do “need structure and direction in the work place.” Nexters are expected to be fiercely loyal to managers that have helped train and develop their abilities, much like their coaches did. Though they believe in hard work, work will not be the only priority as Nexters want to strike a balance between work and family life.

Nexters’ Thoughts on Performance Auditing

The Nexters who responded to my email displayed some characteristics, which I described in this article. Nexters enjoy performance auditing because of its versatility. One person said they enjoyed the variety in skills needed for different projects; that it kept things from getting boring. Performance auditing actually lets us use the array of skills we have spent years and money developing in college, such as critical reading and thinking, researching, and using numerous computer software packages. Some are pleased that performance auditing has propelled them closer to those who create and implement policy. The profession also lends itself to our idealistic nature that we can help change the world.

However, some Nexters mentioned that lack of training and development is a problem within the profession. They are not speaking of the 80 hours of biannual training to meet Yellow book standards, but the initial training can be crucial to develop and retain new auditors. Fellow Nexters feel there is no training on how to be an auditor. There is a sink or swim mentality within the profession that does not necessarily work well with all Nexters. One person said they were “given the keys to an office and told to ‘have at it’.”

When I first started, I was oriented to the office and the city, and was told to read the Yellow Book sections on performance auditing, but there was little connecting that to what we actually did day to day. I reviewed workpapers and past audits, but I still did not grasp auditing. There was nothing to tell me what a good workpaper looked like, or how to write effective planning summaries. Fortunately, my first supervisor scheduled weekly meetings with me to provide feedback on my work, including workpapers, interviews and other writings, and helped me with some of the terminology we use. At the time I did not fully understand everything he told me, but as I became more experienced, I started understanding the concepts and how they related to the work we do. I understood the processes and how their sequence fit within the context of the audit and standards. This type of feedback may not be the norm in every audit shop, but maybe it should be. Although every shop varies in its approach, one person suggested creating a guide that would direct new auditors through the entire audit process from an engagement letter to the final report. In the short term, that would provide direction for people new to the profession. Even though some catch on faster than others, there’s no need for potentially good auditors to get frustrated and leave the profession because of an initial lack of direction.

Another concern from Nexters was the pace of auditing. Some believe the process to be a bit slow. Nexters understand that auditing by nature is a slow and methodical process, and that slow responses from auditees can account for some of the lethargy. With that said, it is doubly important that we stay on task and not add length to an already lengthy process. One Nexter believes that how knowledgeable and confident an auditor is will determine how fast the audit is performed. While I believe this is true, it has been my experience that we increase the time of an audit, which at times slows the pace, by adding work steps after the planning and, sometimes, fieldwork reviews. As auditors we want to know every possible detail possible, even when in some instances its unnecessary information. We must find a balance between precision and timeliness. Quicker, more focused audits can still be as accurate as longer, broader audits. As one auditor said, “Taking 9-12 months to do an audit is a luxury that we probably can’t afford.”

Thoughts about Nexters

Although we have the necessary skills to be successful in the profession, Nexters can be overconfident and fail to listen to voices of experience trying to guide us over the pitfalls of youth and inexperience. The experienced auditors that responded said they enjoy Nexters’ “fresh perspectives”, “quicker pace” and “comfort with technology.” They like how we were not “burnt out or cynical” just yet. However, some didn’t like this generation’s sometime “what’s in it for me” or “know it all” attitude. Nexters have grown up in an information age where everything we’ve wanted to know has been at the tip of our finger. Nevertheless, we still have to understand that, although we sometimes think we know all that we need to know, we still should look to our predecessors as guides teaching us how to use the knowledge we possess.

Looking to the Future

So, that was just a brief snapshot of the concerns of the generation that will be entering the workforce in the coming years. As we move farther away from Generation X, these traits will most likely be accentuated in your new hires. Do not take this as the end all be all of my generation, as they will come in all shapes and sizes. I wrote this to say that the world is a changing place and performance auditing has to change with it. A little more direction may be needed by the experienced auditors to help not only the Nexters, but to anyone new to the profession. And as Nexters, we will need to show a little more patience and professionalism as our chosen craft grows not necessarily at the rate we want it to, but at its own pace.

Combining the lessons of the past with new technology and a healthy optimism for the future will keep our profession moving in the right direction.

Sources:
The New Workforce by Harriet Hankin

Mixing and Managing Four Generations of Employees by Greg Hammill
www.fdu.edu /newspubs/magazine/05ws/generations.htm

Managing a Multi-Generational Workforce

(Training material provided to supervisors in the City of Kansas City)

Born to Audit

Written by Gary Blackmer,

I intend to write about the challenges and strategies of performance auditing, to provoke debate, and help us all be better professionals.

I don’t presume to fill Mark Funkhouser’s shoes, which I’m sure are much larger than my size 10s, but I’d like to share some of my observations as an auditor here in the beautiful Pacific Northwest. I intend to write about the challenges and strategies of performance auditing, to provoke debate, and help us all be better professionals. I’ll try to keep the tone light and my black humor lightened to the color of Portland’s winter sky.

My perspective reflects the work environments I’ve been auditing since 1985, which differ from yours. You may find the ideas and strategies in future columns compelling, but I would caution you not to attempt them yourself without considerable forethought and preparation (this fine print is included to satisfy ALGA’s team of lawyers).

My background is intertwined with the institution of elected auditors in the Portland area. I worked as a staff auditor to the elected Portland auditor for six years, campaigned and was elected the Multnomah County Auditor (the metropolitan county), and later returned as the elected Portland Auditor. We also have an elected regional government auditor (Metro) and neighboring Washington County has an elected auditor.

The City and County auditors were part of those governments’ charters, which were drafted in the American populist era around 1910. Oregon was engulfed in populism – the first state to directly elect its congressional representatives; created the initiative, referendum, and recall powers; and an early grantor of the vote to women to name a few. These were all accountability measures, though professionalism in government was only beginning with the introduction of features such as civil service.

Auditors were the elected Council clerk, which included other duties such as accounting. In the 1960s, with the invention of the computer and financial software, these offices began shedding various duties and concentrating on auditing. I read about the political battle waged by Multnomah County Auditor Jake O’Donnell to possess the new computer due to arrive. He lost the battle for the computer and about 60 of his accounting staff were transferred to the new Finance Office. He was left with a half-dozen employees, still called auditors, who had little purpose or direction. I joke that the Portland Auditor’s Office had computers in the 1930s, because I saw them in the budget. Computer I, II, and III were job classifications. Good math skills were a basic requirement back then, in order to verify the payments.

The elected auditors in Washington County and Metro arrived in the late 70s and 80s, based upon the performance auditing models of Portland and Multnomah County.

All these offices now have certification requirements – Certified Public Accountant or Certified Internal Auditor – for any candidates. The credential fences off the offices from political opportunists and ensures that a professional leader is selected. In addition, the forms of government in Portland and Multnomah County make it difficult to have an appointed auditor.

I never conceived of being an elected official because politics seemed to be the antithesis of an analyst. Jewel Lansing, prior Multnomah County Auditor and Portland Auditor, hired me in 1985, for my analytical skills and practical operational experience, I believe. I also recall Jerry Silva was on the interview panel because Dick Tracy promised him dinner and drinks if he came up to help out, though that may be just stereotyping. One condition Jewel placed on me before offering the position was that I seek a professional certification, because I needed better credentials as a basis to “tell Bureau Directors how to do their job.” I managed to become a Certified Internal Auditor, back in the old days when there were essay questions and only 20% of the candidates succeeded in getting certified. And I had to walk three miles through the snow to take it. I made that last one up to uphold the geezer tradition.

Five years later Jewel approached me about running for the County Auditor seat. I dismissed her notion immediately. But I did start looking at the work being done by the incumbent, who won the office because there was no certification requirement at the time and his father was the former Mayor of Portland. I knew I could do better than someone with no audit experience; there were no other opponents, so I ran and got elected (it was much more complicated but we’ll move on for now).

Performance auditing fits my abilities and interests like a glove. I get great satisfaction from practical problem-solving and serving the public. The variety of assignments means new challenges and a bird’s eye view of government operations. Police patrol scheduling, fire workload and performance, parking garage management, street paving operations, and financial condition reporting taught me a great deal while I was a staff auditor in Portland.

As the County Auditor, I could focus on the larger issues and develop a strategy in audit selection. I enjoyed the broad power to consider the quality of management in departments and time the audit schedule to have the most positive impact. I enjoyed the enthusiasm, curiosity, and creativity of the auditors. And I still enjoy the shock among students and citizens when I explain my job and they realize how interesting and challenging performance auditing can be.

I discovered performance auditing by accident, because my agency was being audited. I had been working in the Multnomah County Sheriff’s Office planning and research unit. In the months we weren’t preparing the budget I was analyzing patrol deployment practices to see how we matched up with the workload. I had filled entire shelves with binders of charts and tables of data by hour of day, day of week, geographically, and about every other conceivable way. Imagine my excitement when an auditor showed up and began asking me how we tracked patrol deployment!

I realized that this auditor got to analyze the same questions I did, but in a wide variety of fields, not just law enforcement. That County auditor was Doug Norman who later joined the Portland audit staff and shared his office with me in my rookie years after I was hired.

Multnomah County had started conducting performance audits in the late seventies. This came about because Jewel Lansing volunteered to drive Lennis Knighton from the airport to his speaking engagement. She learned about performance auditing and made it a part of her campaign platform when she ran for the office. She got rid of the Jake O’Donnell staff and hired new auditors with a skill set that encompassed much more than accounting, and started issuing audits that brought attention, and change, to Multnomah County operations.

Jewel Lansing became very popular and ran for State Treasurer but was defeated. She later ran for City Auditor and introduced performance auditing there as well. I have not described the challenges she faced in these two large accomplishments or her other contributions to performance auditing, which is a story in itself. In the Multnomah County Auditor’s Library, we had the complete collection of Yellow Books, from the very first in 1972, which really should have been called the Yellow Pamphlet.

That was the year I graduated from college. Northern Illinois University has a very well-respected school of accounting. I am not boasting, because my degree is in philosophy. I liked philosophy because I saw it as analysis and problem-solving, though I later learned it had limited practical applications. I had been majoring in pre-optometry, heavy in math and science, but soon realized it wasn’t the career I really wanted, but I needed to graduate in four years in some major.

Looking for some direction, I took a vocational aptitude test and it said I should either be a computer programmer or a journalist. I had never used a computer in 1969 and I did write for the college newspaper, but hated producing stories about boring things. When I ran across the results of the aptitude test 25 years later I realized how close I had come to a combination of those two professions. I had found a way to use computers to tell important stories to the public. Besides philosophy, I had also done post-graduate work in Systems Science, which taught me a toolbox of analysis methods, including Revised Polish Notation on my Hewlett-Packard 25 programmable calculator.

Now, with the development of the performance auditor profession, I imagine more students are getting directed earlier to the field it took me 15 years to find. I have college friends who still shake their heads at the arc of my career. I had no plan, but it was still a natural progression. Even I am surprised at the sequence, because I remember a ride home from college, with my folks sitting in the front seat. My Dad was going on about some detail at work and I could not reconcile it with the massive demonstrations against the Vietnam War and the obvious moral bankruptcy of President Nixon. I remember thinking to myself, there is no way, no how, that I could ever do my Dad’s kind of work.

Though I also remember sometimes on a Saturday morning, he would take me to work with him and he would show me the machinery he worked with. He would let me type my name on the keyboard, which would produce a card with holes in it, just like the stacks of others he ran through an immense sorting machine that printed out lines on wide paper. He was the controller in a corporation, and by gosh, I fell a little farther from that tree.

And I still remember an old schoolhouse saying he taught me:

Good, better, best,
Never let it rest,
Until your good gets better,
And your better best.

That’s the course of my professional life to its headwaters, with some of what I witnessed and learned about the field of auditing as it transformed from a clerk to an accountability professional.

Summertime Rolls

This summer’s blockbuster for many of us will not be Hollywood’s finest but witnessing and/or participating in budget discussions for the coming fiscal year.  Our days may be filled with anticipation as we discover whether our audit shops will expand or contract, will be assigned interesting or boring work, and whether or not our auditees in other departments will be funded for their own projects.

We wait with bated breath for news, even rumors, about presentations from our elected officials.  Who is meeting with whom?  Did they really say something cutting funding in one place to give to another? How will the citizens react to the budget presentations?  What do they really care about?  As this drama unfolds, we may all find ourselves at least marginally affected, even if other departments are impacted more than our own.

For some of us, another highlight of summer of 2007 might be the ALGA Annual Convention.  It will give us the opportunity to meet old and new members, discuss practical tips to beat the audit performance blues, and share knowledge gained by experience in serving our organizations.

I would also like to take time to announce the addition of Brandon Haynes as the assistant editor for the Local Government Auditing Quarterly.  Brandon worked for Mayor Mark Funkhouser when he was the City Auditor of Kansas City then moved to Atlanta where he works closely with other ALGA activists.  I’m glad to add someone with the depth of experience, education, and energy that Brandon brings to the Communications team. Brandon will help usher in some changes to the LGAQ for next year including the construction of template to help standardize, and hopefully improve, the look and feel of our publication.

We will also be rolling out some themes for every issue to help you all as writers.

For example, the theme for the September Quarterly will be, “The Art and Science of Auditing.” I hope that you all take this broadly written prompt and use it to your advantage in generating articles.  Future issues may have themes such as “Auditing and Technology,” “Back to the Basics of Auditing,” or “The Role of Auditing in Local Governance.”

We look forward to seeing new faces, rekindling old relationships, and learning new skills in Memphis.  But if you aren’t able to make it to the conference, we hope that your endless summer is still filled with excitement from the sights and sounds of local government auditing.

A View From the Sidelines

Sometimes it’s helpful and often reinforcing to move to the side and view the context and outcomes of the endeavors we have undertaken.

As professionals in the operations and conduct of audit offices in government we are charged with significant responsibility. In almost every instance, government obtains its resources by involuntary payment from its citizens. Citizens seldom get to vote on payment of taxes, in many cases don’t get to express their concern regarding how the resources are used, and are expected to ante up the funds on demand.

Government therefore has a sacred responsibility to use the funds wisely, efficiently and effectively. Government also has the responsibility to protect the assets it obtains from the citizenry from losses of any nature.

The government audit function is part and parcel of these two responsibilities: It operates between the two conflicting forces of identifying inefficiency, lack of effectiveness, fraud, abuse and illegal acts, and the pressure from special interests, government management and elected officials to do in a manner that agency integrity remains unblemished, management and elected officials are not embarrassed and that public confidence in its governments remains high.

In this continuing push and pull many government auditors have lost their job or were not re-appointed upon completion of their term for simply attempting to accomplish the mission of their office. And, on the other side, employees, managers, and some elected officials have been turned out of office, lost their pensions, and in some cases been prosecuted and punished for the manner in which they conducted the peoples business.

Are these prices too high to pay? What is the context in which professionals in our profession should view this continuing drama? And why discuss it at all?

First a view of the playing field for the oversight coverage provided by the profession. The 2005 federal budget identified $2.037 billion (two trillion thirty seven billion) in expected revenues and $2,397 billion in outlays for operating a vast spectrum of public service operations. Add to that the hundreds of billions of dollars obtained and spent by state and local governments for an equally vast network of government funded programs and the result is a gold mine of opportunity for mismanagement, inefficiency, fraud, corruption and illegal acts – and don’t forget ineffective delivery of services to the public.

In it\’s 2006 Report to the Nation on Occupational Fraud and Abuse, the Association of Certified Fraud Examiners estimates that U.S. organizations lose five percent of their annual revenues to fraud. Applied to the federal government’s 2005 expenditure budget, this amounts to $105.8 billion in fraud losses alone. And that figure does not include mismanagement of funds, costs of programs that are no long necessary, costs of programs that result in ineffective service, nor does it include funds expended in the course of abusive use of power. Again, applying the CFE’s five percent estimate to state government and local municipalities’ expenditures, the estimated loss from fraud alone is staggering. When waste of governmental resources is factored in, the result is an enormous loss of taxpayer provided funds.

Fraud and mismanagement of funds is very difficult to identify. The Association of Certified Fraud Examiners (CFE) estimates that on average 18 months elapses from the time the fraud was initiated until it was identified. Similarly, mismanagement and misuse of funds is equally difficult to identify. Typically internal fraud occurs due to weak internal accounting and management controls, over-riding internal controls by management and/or inattention to the controls by management. Ineffective use of resources can be caused by many factors, among them are political directives spawned by special interest groups, promotion from a cadre of persons trained in a professional specialty, but not in management, and leadership resistant to change. The combination of huge amounts of funding available for expenditure in the public sector and the potential of weak internal controls and lax management provides a significant lure to persons interested in making illegal gains.

A final factor that fits into this mix is the lack of sufficient oversight. Most governments now undergo an annual independent audit of their financial statements by accounting firms external to the government. Typically the best that comes from such and audit is a declaration of reasonable assurance that the financial statements fairly represent the business activities of the audited agency accompanied by a management letter. And while external auditors have a responsibility for being alert for fraud, that function is not their primary mission. Moreover, if fraud is discovered and reported, the result could eventually lead to loss of future contracts for the engagement – for the same reasons that internal government oversight personnel are released simply for performing the job they were hired to do.

Also, many organizations employ internal auditors to check financial transactions and perform other financial oversight responsibilities. And while they should report to an audit committee, more often than not, they report to the finance director or the chief operating officer of the organization – an organizational placement that provides at a minimum, the appearance of conflict of interest. At worst it becomes an actual conflict of interest that results in pressure to not report financial details accurately.

Finally many government organizations, especially at the federal and state level employ offices of inspector general to conduct a variety of oversight functions that can include: financial audit, performance audit, fraud investigation, inspections and program evaluations. On paper, this oversight effort is laudable but given the lure of huge amounts of money expended by government and the potential for weak controls/management, the challenge is monumental.

The truth of the matter is that government oversight operations are generally not provided with the resources necessary given the vulnerability and relative risk contained in the entity in which they operate. If an oversight body were to lay out all the high risk, vulnerable functions inherent in the organization for which it has oversight responsibility and estimate the time necessary to examine by audit or pro-actively investigate for fraud deterrence given existing resources, the time it would take to complete work in all areas would stretch out over decades. Most governmental entities allocate less than half a percent of their annual budget to the oversight function. This situation does not provide a reasonable comfort level for protecting the assets entrusted to the entity by the public.

So, looking at the big picture from the sidelines – the enormity of the responsibility, the tendency for nonacceptance by the entity leadership and the lack of suitable resources points to the most difficult of challenges. Each of the audit organizations in ALGA face that reality. And each such member is at the job every day, maintaining the integrity of the office, rooting out fraud, providing the entity with information that will improve efficiency and effectiveness and attempting to stay on top of the potentially foul things that can occur in their organization. There is every reason to be pleased and proud of the work so conducted and at the end of the day or the day you leave office, to be proud of what has been accomplished and what has been contributed to the citizens of your community. While there is no way that oversight can find all the instances that exist that waste and steal public resources oversight does make a difference.

There will always be a full day of challenges ahead – use those challenges as an opportunity and continue to uphold the righteousness of the oversight function.

Helping Volunteer Boards Become More Effective

Internal auditors are actively involved in volunteer organizations. Many serve as treasurers, on governing boards, and on finance, audit, and accounting committees of churches, civic agencies, and other Not-for-Profits (NFPs). They may have a professional role as well.


Effective systems of internal control are as essential to volunteer organizations as they are to business entities, yet the issue ranks low on the priority list of most NFP groups. Indeed it is often a sensitive issue. As a result, internal auditors who serve in such organizations have a special and essential role to play. Because internal auditors routinely deal with the examination and evaluation of systems of internal control, they can offer valuable knowledge and experience that can help volunteer organizations strengthen their governance practices and directors exercise due diligence.

THE STATE OF CONTROL

Many civic organizations or local chapters of large organizations can be quite small, with most of the oversight responsibility delegated to one individual, who usually has little, if any, training in business administration.

The need for effective governance is no less important in volunteer, NFP organizations than in profit organizations. NFPs often receive public funding and have a responsibility for care of these funds. The values held by volunteer NFPs may make them more subject to victimization. The structure of NFPs can contribute to their vulnerability. Many civic organizations or local chapters of large organizations can be quite small, with most of the oversight responsibility delegated to one individual, who usually has little, if any, training in business administration. Segregation of duties becomes difficult because of the limited number of personnel available to the NFP (either as staff or as volunteers). Some not-for-profits use volunteers to provide accounting and administrative functions. The level of the volunteer’s expertise has a significant impact on the effectiveness of the NFP’s internal controls. Lacking the proper training and awareness of issues affecting the financial operations can compromise the organization’s internal controls, and thus increase the risk of fraud. To compound the issue further, in some cases, volunteer boards lack an understanding of the financial and regulatory sides of the NFP’s operation. When and if the inexperienced board members review the financial data, they might not call into question information that is pivotal to identifying problem conditions. Consequently, board selection is an important issue that is often overlooked. Often, the board of directors consists of individuals committed to the beliefs of the organization, but who have little or no business aptitude.

The level of internal control often found in NFPs is illustrated by a 1990’s study that examined U.S. churches. Pastors at 1,200 churches received a questionnaire asking whether 40 basic internal controls were actually in place and operating. Although the study is based on churches, the results are equally applicable to most types of volunteer organizations.

The respondents indicated that some controls are in place, but many of the most important are missing. Approximately 70 percent of respondents stated that they had the recommended controls in place, and 90 percent said they maintain at least 10 of the 40 recommended control procedures. Yet 15 of the 40 were absent in more than 50 percent of the responding churches. Important steps such as limiting the financial secretary’s duties, establishing an audit committee, putting accounting procedures in writing, and requiring the finance committee to review supporting documentation for purchases were among the missing controls. A finding of great concern is that 70 percent of the churches didn’t have monthly bank reconciliations prepared by someone who wasn’t involved in the check writing process.

The study also reveals that the size of an organization makes a difference in the level of control. In general, the recommended control procedures were more common in larger churches than in smaller organizations.

BOARD EVOLUTION

Michael Burns, a board consultant, provided the following summary of board evolution. Each stage presents its own challenges. He noted that not all NFPs necessarily make these changes – some organizations recognize their niche and are effective as relatively small organizations.

Organizations at the “infancy” level, which may have few or no staff, usually have boards that are operationally focused. The board does the operational planning and board members are often key volunteers in implementing the plans. Boards in this stage develop few if any policies and evaluation programs are usually event- or activity-focused. Generally, NFPs at this stage lack resources for segregation of duties and are highly trusting of individuals.

Once an organization has grown to a certain level, the demands of keeping in touch with donors, issuing receipts, and performing regular administrative duties require paid staff. Boards in this “juvenile” stage of development often have a few staff who are focused on performing administrative tasks which board members are no longer prepared to do. Board interest in operations is reduced, and the board begins to examine the governance needs of the organization.

At the “adolescent” stage of board development, the NFP’s administration develops greater independence from the board. Staff have developed a deep understanding of the organization because of regular contact with members, financial sponsors and other interested parties. This understanding often leads to more vocal expression of opinions and ideas about how the organization should be run. At times, staff may undertake actions contrary to board direction. As staff assumes more control over daily functions, some board members may feel squeezed out and uncomfortable with the governance-focused role they now must take. It is also a time when internal conflicts among board members may occur as the board finds a balance between over-managing operational aspects and removing themselves from operations entirely. Finding this balance is critically important to the volunteer directors, as outlined in the “Volunteer Director Responsibility” section below.

If an organization makes it through the task of hammering out parameters for staff and board actions, it enters the “mature” stage of development. In this stage, staff are focused on operations and the board centers its efforts on the governance needs of the organization and its long-term goals. Still, each organization may be at a different place on the continuum, with some groups placing more directive power in the hands of staff and others reserving it for boards alone.

Although these stages appear as a linear progression, Burns notes that it is often necessary, and not always a setback, for organizations to move back to different stages, depending on their needs at the time. A mature organization that undergoes a major growth period – such as a capital campaign – may revert back to an operationally focused board (the juvenile stage) for the campaign period and pay only minimal attention to broader governance issues during that time. After the campaign, it will shift back into governance mode, often changing many board members at the same time.

VOLUNTEER DIRECTOR RESPONSIBILITY

Director duties/responsibility

Directors have a responsibility to ensure their “Nonprofit organizations carry out their activities through their officers, directors, staff and volunteers. The board of directors is accountable to ensure, among other things, that the organization carries out its mandate and does so in accordance with the law.”

Changing legal issues

Charitable and nonprofit organizations are facing a wide variety of legal issues. Sometimes, these issues are of the organization’s own making through inadvertence, negligence or misunderstanding, and they may, as a result, be involved in legal proceedings they could have avoided. In other situations, the law has changed affecting organizations that do not always know about the changes. A lack of knowledge can have serious and negative effects. For example, the enactment of lobbyist registration legislation in Ontario had significant impacts on charitable and nonprofit organizations.

Directors are accountable

Nonprofit organizations carry out their activities through their officers, directors, staff and volunteers. Sometimes the level of accountability and the due diligence expected of the members of the board of directors is very high, exposing the directors to potential personal liability for damages and to prosecution. The members of the board of directors are also where much of the action takes place – action that provides benefits to communities through charitable activities

All directors, whether of charitable or business corporations, in carrying out their functions must achieve a “standard of care.” In general, that standard of care for directors of charitable corporations is a subjective one, rather than objective. The subjective standard requires that a director exercise the degree of skill that may reasonably be expected from a person of his or her knowledge and experience. Under this subjective test, a lawyer or accountant would usually need to achieve a higher level of care than a person without similar training. By contrast, directors of business corporations under modern corporate legislation must meet an objective standard of care, i.e., exercise the care, diligence and skill that a reasonably prudent person would exercise in comparable circumstances.

Standard of Care

In a 1999 case, the Canadian Federal Court of Appeal reviewed the issue of the standard of care for directors. This issue was important because directors could escape liability for unpaid taxes if they could demonstrate that they exercised the degree of care, diligence and skill that a reasonably prudent person would have exercised in comparable circumstances. The Justices found that the standard of care was not less rigorous for a director of a nonprofit corporation than for a director of a corporation run for profit and found the directors responsible for the unpaid amounts. The directors, said the Court, ought to have taken additional steps, such as setting up controls to account for remittances, asking for regular reports from the manager on the ongoing use of such controls and ensuring at regular intervals that the remittances have taken place. “It was not sufficient for the directors to delegate their authority, especially where there was clear evidence of repeated omissions and failures on the manager’s part. The delegation amounted to nothing less than abdication.”

The Court noted that:

As sad as it may be, especially with respect to respondents who acted as benevolent directors and gave their time, it is simply
not possible to find that they have exercised the degree of care and diligence expected to prevent a failure to withhold and
remit when such known failure was allowed to repeat itself uninterruptedly for one year. . . .

Duties similar to those of trustees

The common law has also established other duties for directors that are fiduciary in nature. These fiduciary duties require directors to act with a reasonable degree of prudence, to be diligent, to act in good faith and with honesty and loyally, and to avoid conflicts of interest. In the case of directors of charitable corporations, the duties have been described as being akin to those of trustees.

Charitable and nonprofit organizations operate in the community. There are other statutory and common law obligations and duties that arise from this reality. For example, if the organization has employees, then the directors may have liability for unpaid wages, vacation pay and source deductions. Similarly, if the organization owns property, it will be required to comply with the laws that are applicable to other property owners, including planning law, environmental protection and so forth. The directors have responsibilities and potential for liability under a wide spectrum of statutes. Depending upon the activities of the organization, the potential for liability is substantial.

AUDITOR GUIDANCE

As stated earlier, internal auditors can offer valuable knowledge and experience that can help volunteer organizations strengthen their governance practices and directors exercise due diligence. We have a body of knowledge that allows us to provide professional guidance to establish a control environment, a wealth of experience in risk management to focus the control practices and knowledge of proven framework for evaluation.


Referring to SAS No. 55, Consideration of Internal Control in a Financial Statement Audit (AICPA, Professional Standards, vol. 1, AU sec. 319):
The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the following:

a. Integrity and ethical values
b. Commitment to competence
c. Board of directors committee participation
d. Management’s philosophy and operating style
e. Organizational structure
f. Assignment of authority and responsibility
g. Human resource policies and practices

Ways for NFP management to strengthen controls

To help strengthen internal control, NFPs may find these measures effective.

  1. Financially competent board members should perform complete reviews, on a regular basis, of budget and operating results and immediately follow up on questionable situations.
  2. The Board should:
    1. Confirm the NFP’s mission.
    2. Develop a basic statement of director duties and responsibilities.
    3. Provide director orientation.
    4. Create appropriate independent committees and establish a charter for each.
    5. Assure provision of timely and sufficient information.
  3. At least one board member should be the check signer of all significant NFP expenditures.
  4. Board members, managers, volunteers, and others must provide disclosures of any related-party issues involving their affiliation or knowledge of affiliations with the NFP.
  5. A proper tone at the top should be maintained. If employees, managers, and volunteers witness the board and the executives bending the rules, for whatever reason, all other rules are subject to bending as well.
  6. Since an adequate segregation is not often practical, the periodic redoing of the work of subordinates by supervisors may be used as a compensating control.
  7. Properly prepared reconciliations should be completed to quickly highlight differences resulting from errors and other problems, including wrongdoing.

References:
Dale L. Flesher and John B. Duncan “Control in volunteer organizations,” Internal Auditor, December 1999. “Board Structure”, Canadian FundRaiser, July – 1997 (Based on remarks by Michael Burns at the conference of the Canadian Council for the Advancement of Education (CCAE) in Fredericton, NB.)

Don Bourgeois, “Potential for director’s liability substantial”, Canadian FundRaiser, August 1999.

Don Bourgeois, “Directors’ failure to meet the standard of care will result in personal liability”, Canadian FundRaiser, October 1999.

Lori A. West, “Not-for-Profits Often Suffer from Weak Controls” ViewPoint, AICPA Accounting and Auditing Publications, August 2004.

Karen Sandrick, “Avoiding conflict of interest. How boards can withstand close scrutiny. Trustee: The Journal For Hospital Governing Boards, July-August 2003.

M. W. Peregrine and James R. Schwartz, “Taking the prudent path. Best practices for not-for-profit boards.” Trustee: The Journal For Hospital Governing Boards, November-December 2003.

Fighting Fraud with Words

Fighting fraud has been a key challenge for auditors since the accounting profession began. In the current era of “whistleblower” reform, fraud controls and hotlines have become a focus in the media and in the minds of citizens. Auditors within public agencies can enhance fraud detection and prevention through employee and vendor communications campaigns specifically designed with fraud prevention as the primary goal.