control, and governance
A city audit has revealed that a former Albuquerque fire chief received more than US $5,700 in compensation time for which he was ineligible, according to a KOAT-TV report. The chief retired in 1997 but returned to the fire department to work as a logistics manager from 2006 to 2010. The city of Albuquerque will not seek financial restitution, as it may cost taxpayers more in the end to pay attorney fees.
Fraud usually results from poor separation of duties or some form of collusion that reduces the effectiveness of internal controls. In the case of the Albuquerque fire department, fraud resulted from poor supervisory and administrative controls over changes to time cards. However, I think management made two major mistakes in addressing the fraud and control weakness. The first mistake was not prosecuting the former fire chief because it would cost too much. Management needs to consider the message they are sending to employees — small frauds will not be prosecuted. This perceived message easily could lead to other frauds, since perpetrators may see the punishment as a sufficient deterrent.
The second mistake was addressing only the prevention portion of the control over time card changes. To be effective, controls should include prevention, detection, and correction aspects. A total of 150 hours — or US $5,700 — of compensation time was collected from 2006 to 2010. The reason this happened was a failure in the prevention control. But that fact that it continued to happen for four years was because there was no detective control in place. If the prevention control fails, then the detection control will highlight the transaction as a problem, and the corrective control should fix the problem. The detection control will trigger a review and highlight the fraud before significant loses have occurred.
Management should reconsider their reaction to the fraud by looking at how they deal with fraud in general. What message are they sending to potential fraudsters, and how are they preventing — and detecting and correcting — fraud risks?
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.