control, and governance
TRANSPORTATION EMPLOYEES CASH OUT
The Nevada News Bureau reports that Nevada Gov. Brian Sandoval has asked for a statewide review of cash settlements with former state employees after Nevada’s controller uncovered three payments — totaling more than US $180,000 — to former Nevada Department of Transportation (NDOT) employees that were not approved as required by state law. The payments were authorized by top officials with NDOT but were never reviewed by the Nevada Transportation Board or the Nevada Board of Examiners despite the US $75,000 threshold requiring action at a public meeting of the Board of Examiners.
Currently, the state’s Division of Internal Audits reports to the Department of Administration, but a bill making its way through the Legislature would transfer the function to the state controller.
There are a couple of important lessons to be learned from this case. The first relates to the control over cash payments to former employees. Most auditors would agree that cash payments are a high-risk transaction. In this case, despite regulations, payments were being made with little to no visibility. The result was that even payments over US $75,000, which were required to be approved by the Board of Examiners, were not being reviewed correctly. Part of the problem was a lack of reporting. Another problem was the mistaken perception that payments were confidential. To exercise adequate control, the board must be aware of all payments. Therefore, the board should be receiving regular reports of any cash settlements, and these reports should highlight all settlements of more than US $75,000.
The second lesson learned is the importance of the internal audit function’s reporting relationship. The controller stated, “If you’ve got auditing reporting directly to the governor’s office, it’s kind of like the fox guarding the hen house.” The independence and objectivity of internal auditing is paramount to the function being able to do its job effectively. While the article does not explicitly state that there was a problem in this regard, the reporting relationship did present opportunities for internal auditing to not report on incorrect procedures.
I encourage all auditors to review high-risk cash transactions to ensure that there are adequate controls — including detective controls — and transparent reporting of all transactions. I also encourage senior management, including the controller and the chief audit executive, to examine the reporting relationship of the audit activity and the potential for any impairment to its independence and objectivity. Fraud and abuse are often crimes of opportunity, and effective controls can reduce these opportunities.
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.