Internal Controls in the Government Sector – How to Say “No”

Employees in the internal controls environment must be comfortable saying “No,” or they may suffer a critical reduction in the ability to prevent fraud.

When people in the control environment can’t say “No,” the system of internal control deteriorates, and once effective control activities no longer protect the agency from fraud, misappropriation of funds, and other malfeasance.

Misconduct in Hindsight

When financial misconduct by board members, CFOs, school superintendents, principals, executive directors, procurement officers, village clerks, and other managers comes to light, in many cases it’s clear that controls were circumvented or ignored. Inevitably, a business manager, accounts payable clerk, or finance director could have intervened, prevented, or minimized the misappropriation—but chose to remain silent. You may even find some individuals in the control environment arguing, “What was I supposed to do? The wrongdoer was my boss.”

As a leader in your organization’s internal controls, what can you do to prevent these situations?

How to Prevent Fraud

1. Speak Up

Staff with control responsibilities must be able to say:

  • “No, this purchase exceeds your authority, and you must present the expenditure to the Board for approval.”
  • “No, you can’t make that charge on your government-issued credit card, it’s against our policy.”
  • “No, I will not process this payment until I see a detailed supporting invoice.”

Many subordinates abdicate their role in the control environment when confronted with a boss stretching the rules. Often fearing reprisals, those in junior roles bury their heads in the next project with the hopes of avoiding entanglement in an investigation and possible exposure as the reluctant team member.

2. Implement Reporting Best Practices Training

In addition to training managers and employees on their internal control responsibilities, agencies must also encourage compliance with mandated processes at all levels. They should provide an outlet for subordinates to hold those above them on the organizational chart accountable to follow the same rules as everyone else.

3. Establish a Hotline

A whistleblower system or fraud hotline adds another layer of protection and provides hesitant stakeholders with anonymity. An effective whistleblower system requires confidentiality and reliable, consistent follow-up. If those attributes are not attainable within the agency – like an internal audit function or an Inspector General – then agencies should rely on outside resources to receive and evaluate the complaint, conduct an investigation if necessary, and report findings to decision-makers.

On occasion, an outside resource can serve as the “bad guy” and independently prove the misconduct and report the wrongdoer to the Board or even law enforcement, relieving the human resources director or business official from investigating co-workers, longtime associates, and sometimes friends.

When violations are not exposed or when an established control activity is overlooked, overridden, bypassed, or not enforced, the control system fails. Test your controls. Is there a history of subordinates questioning financial activities and seeking explanations for those transactions on the fringes of compliance? If not, maybe your control system needs rebooting.

If you’ve experienced internal control fraud or wish to proactively prevent fraud in your organization, it’s important to have the necessary procedures in place. Contact our forensic and valuation services team today for help.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author