Time and time again we’ve seen reactions to various accounting scandals, after which new policies, procedures, and legislation are created and implemented. An example of this is the Sarbanes-Oxley Act (SOX) of 2002, which was a direct result of the accounting scandals at Enron, WorldCom, Global Crossing, Tyco, and Arthur Andersen.
SOX was established to provide additional auditing and financial regulations for publicly held companies to address the failures in corporate governance. Primarily it sets forth a requirement that the governing board, through the use of an audit committee, fulfill its corporate governance and oversight responsibilities for financial reporting by implementing a system that includes internal controls, risk management, and internal and external audit functions.
Governments experience challenges and oversight responsibility similar to those encountered by corporate America. Governance risks can be mitigated by applying the provisions of SOX to the public sector.
Some states and local governments have adopted similar requirements to SOX but, unfortunately, in many cases only after cataclysmic events have already taken place. In California, we only need to look back at the bankruptcy of Orange County and the securities fraud investigation surrounding the City of San Diego as examples of audit committees that were established in response to a breakdown in governance.
Taking your audit committee on the right mission
Governments typically establish audit committees for a number of reasons, which include addressing the risk of fraud, improving audit capabilities, strengthening internal controls, and using it as a tool that increases accountability and transparency. As a result, the mission of the audit committee often includes responsibility for:
Oversight of the external audit.
Oversight of the internal audit function.
Oversight for internal controls and risk management.
Chart(er) your course
Most successful audit committees are created by a formal mandate by the governing board and, in some cases, a voter-approved charter. Mandates establish the mission of the committee and define the responsibilities and activities that the audit committee is expected to accomplish. A wide variety of items can be included in the mandate.
Creating the governing board’s resolution is the first step on the road to your audit committee’s success.
Follow the leader(ship)
In practice we see a combination of these attributes, ranging from the full board acting as the audit committee, committees with one or more independent outsiders appointed by the board, and/or members from management and combinations of all of the above. While there are advantages and disadvantages for all of these approaches, each government needs to evaluate how to work within their own governance structure to best arrive at the most workable solution.
Strike the right balance between cost and risk
The overriding responsibility of the audit committee is to perform its oversight responsibilities related to the significant risks associated with the financial reporting and operational results of the government. This is followed closely by the need to work with management, internal auditors and the external auditors in identifying and implementing the appropriate internal controls that will reduce those risks to an acceptable level. While the cost of establishing and enforcing a level of zero risk tolerance is cost prohibitive, the audit committee should be looking for the proper balance of cost and a reduced level of risk.
Engage your audit committee with regular meetings
Depending on the complexity and activity levels of the government, the audit committee should meet at least three times a year. In larger governments, with robust systems and reporting, it’s a good practice to call for monthly meetings with the ability to add special purpose meetings as needed. These meetings should address the following:
External Auditors
Confirmation of the annual financial statement and compliance audit, including scope and timing.
Ad hoc reporting on issues where potential fraud or abuse have been identified.
Receipt and review of the final financial statements and auditor’s reports
Opinion on the financial statements and compliance audit;
Internal controls over financial reporting and grants; and
Violations of laws and regulations.
Internal Auditors
Review of updated risk assessments over identified areas of risk.
Review of annual audit plan, including status of the prior year’s efforts.
Status reports of ongoing and completed audits.
Reporting of the status of corrective action plans, including conditions noted, management’s response, steps taken to correct the conditions, expected time-line for full implementation of the corrective action and planned timing to verify the corrective action plan has been implemented.
Establish resources that are at the ready
Audit committees should be given the resources and authority to acquire additional expertise as and when required. These resources may include, but are not limited to, technical experts in accounting, auditing, operations, debt offerings, securities lending, cybersecurity, and legal services.
Taking extra steps now will save time later
While no system can guarantee breakdowns will not occur, a properly established audit committee will demonstrate for both elected officials and executive management that on behalf of their constituents they have taken the proper steps to reduce these risks to an acceptable tolerance level. History has shown over and over again that breakdowns in governance lead to fraud, waste and abuse. Don’t be deluded into thinking that it will never happen to your organization. Make sure it doesn’t happen on your watch.
The second article in a series for municipal executives: Avoiding the Headlines
By Scott P. Johnson, CPA, CGMA Partner, State & Local Government, Advisory Services
As a public official for more than 24 years, I continuously strived to implement best practices, internal controls and policies and procedures to mitigate fraud, waste and abuse. Being a municipal finance officer responsible for literally billions of dollars, there were times when I would wake up in the middle of the night thinking about what could happen or what I may not know that could be occurring that could put the organization at risk. Fortunately throughout my municipal career the organizations I served did not experience headlines due to significant fraud. We had the appropriate “tone at the top” and practiced effective measures throughout the organization to mitigate potential fraud. However, from time-to-time, we would uncover the occasional lapse of an employee’s good judgement and detect inappropriate use of government funds, such as; improper procurement credit card use for personal purposes, time cards reporting that fraudulently claimed hours worked in excess of actual hours worked, and fictitious reimbursement claims for travel.
Employee fraud is a significant problem across industries and is faced by organizations of all types, sizes, locations, and industries. While employee fraud in private organizations rarely merits a mention in the local paper, the same fraud in a government agency will have editors competing to write the splashiest headlines and garner the highest reader traffic. It is critical for such organizations to maintain a positive reputation. Reputational risk can carry long-lasting damage in monetary losses, regulatory issues, and overall risk exposure. Frankly, all types of fraud are on the rise, and municipalities need an effective fraud mitigation strategy in place to protect against reputational and monetary harm.
Just a few recent examples of municipal fraud that have had significant press coverage and put the respective organizations in a challenging position: In 2014 officials in St. Louis County, IL, uncovered a $3.4 million embezzlement that escaped detection for more than six years. According to officials, a County Health Agency Division Manager overcharged for IT computer and technical services (unbeknownst to the County, the Division Manager owned the technology company). Unfortunately, the day after the suspected embezzlement was detected by County officials, the employee committed suicide, according to the County Medical Examiner.
The largest known municipal fraud in US history was uncovered in 2012 at the City of Dixon, IL. This embezzlement scheme of almost $54 million over a 22 year period was perpetrated by its Comptroller, Rita Crundwell, who used the proceeds to finance her quarter horse ranch business and lavish lifestyle. She was convicted and pleaded guilty to the crimes and is currently serving a 20 year sentence. Another recent case of an alleged fraud allegation is currently under trial in the Los Angeles Superior Court in which ex-Pasadena city employee, Danny Wooten and co-defendants are due back in court for arraignment on April 1, 2016, according to the Los Angeles County District Attorney’s Office. The criminal case involves allegations that more than $6 million in city money was embezzled over a decade in which Wooten is suspected of creating false invoices for the underground utility program between 2004 and March 2014.
Many factors can contribute to fraud, but the key factors are the improper segregation of duties, lack of management review, maintaining undocumented procedures, common exception processing, trust without verification and validation, and lack of accountability and monitoring. Employing proper risk assessments of events that could prevent, delay, or increase the costs of achieving organizational objectives and implementing a risk management plan not only ensure compliance, but strategically safeguard on organization against fraud. There are three important steps to earning a good night’s sleep.
1. Fraud Risk Assessment – understanding the organization as a whole and individual business units will lead to the most comprehensive risk management plan. Understand how resources flow as well as internal environments and processes. Conduct interviews, make observations and review all factors. Identify the possible and probable fraud schemes for all resource flows.
2. Prevention – “Tone at the Top” is critical. Inspiring employees to follow ethical standards starts with the tone at the executive level and must trickle down through the management level and ultimately throughout the entire organization. The organization needs to know that unethical practices will not be tolerated and when detected, will be dealt with in a timely and effective manner. One measure to communicate the “tone” is writing a fraud policy in concert with the employee conduct handbook will ensure the message is designed into the orientation, onboarding, and training process. Conduct management reviews, provide whistleblower channels, and communicate often with key business unit leaders, who in turn should communicate with their staff regarding fraud prevention, detection, and correction.
3. Detection – while assessment and prevention will create a strong defense against fraud, it is still important to seek out other measures to detect fraud that may not have been included in the fraud risk assessment plan. Only three percent (3%) of all fraud is discovered by accident or the good luck of the right person in the right place. Only six percent (6%) of fraud is discovered through account reconciliation. Clearly we cannot simply rely on these detection methods. In addition to account reconciliation and keeping your ears open, creating channels for detection are of the utmost importance. Eleven percent (11%) of fraud discoveries are due to an internal audit. Return to step one by assessing and re-assessing fraud risk regularly. Conduct meaningful management reviews on-time. Twelve percent (12%) of fraud detection were the result of properly conducted management reviews. Finally, be sure to enforce an open door policy and a culture of interest in detection and reporting. Fifty-four percent (54%) of all fraud detection comes through insider tips. Ensuring there are proper procedures in place to accept these tips is paramount when designing and especially, implementing the fraud management and detection plan.
Deceitful misconduct among employees significantly damages reputations, negatively affects resources, and limits the ability of any organization to effectively serve the consumer and their community. Following this roadmap on how to respond to and prevent employee fraud will not only protect the organization and its key objectives but will lead to an easier night’s sleep – even in the face of increasing fraud across all industries.
This article is only a small representation of the material presented during MGO’s “Case in Point” presentation at the 2016 CSMFO Conference. Special recognition to Ruthe Holden, Internal Audit Manager at the City of Pasadena for her contribution to the “Case in Point” presentation. Contact Scott Johnson at [email protected] if you have any questions or comments. Comments and opinions expressed in this article are those of the authors and may not reflect the positions, opinions, or beliefs of the CSFMO or MGO and should not be construed or interpreted as such.
10 Preliminary Implementation Steps That Will Supercharge Your Action Plan
GASB 87 readiness
With an effective date within the next year for some governments (i.e., as soon as January 1, 2020, for governments with a calendar year ending December 31, 2020) – the countdown has begun for planning for the impending changes to accounting and reporting for leases.
Under these new rules, the recording of leases, including assumptions, will significantly impact financial statement amounts and disclosures. Because governments use a variety of leasing arrangements to stabilize cash flows and reduce risk and uncertainty, the new requirements have strong accounting and financial reporting implications requiring a readiness plan. But first, why are these changes occurring?
The backstory on GASB 87
It is important to have some context for the impending changes. The new statement was created because leasing guidance for state and local governments, as we know it, predates GASB’s existence. Because of this fact, the GASB’s conceptual framework was not taken into consideration, which includes definitions of assets, deferred outflows of resources, liabilities, and deferred inflows of resources. The updated guidance for lease accounting has rectified the situation, which is currently underreporting the economics of a lease transaction.
The new lease accounting standards will replace the current operating and capital lease categories with a single model for lease accounting, based on the concept that leases are a means to finance the right to use an asset.
Lease assessment timeline
With the effective date approaching quickly, the time to prepare is NOW!
Taking the lead
The MGO GASB 87 Implementation Team has created a readiness assessment tool providing 10 preliminary implementation questions for consideration in your planning. These will not only prepare you for the new lease accounting standards, but may uncover matters that were not previously considered or identified.
This 10-step Implementation Plan is more of a general guide designed to assist you in identifying issues and help you organize your implementation process, rather than being an all-inclusive plan with specific technical guidance. As you evaluate the leases that are unique to your organization, you will most likely find that further research and analysis is necessary to ensure proper accounting considerations. For example, if you operate an airport and have aviation leases with air carriers regulated by the U.S. Department of Transportation and the Federal Aviation Administration, it will be necessary to understand how the regulated lease provisions affect your contracts, especially in situations where there are multiple lease components.
Preliminary implementation steps
Step 1. Know where to find your leases.
It may seem obvious, but the first step in managing your leases is knowing where they are and, specifically, who is responsible for maintaining them. A good place to begin is with organizational charts. This is an example for a municipal government.
Depending on how your government contracts services, leases may be held centrally within the Finance Department or they may be decentralized in a multitude of departments, and possibly even managed by various entities. Keep in mind that most leases that were previously expensed as operating leases will need to be accounted for as a lease obligation under the new standards, including option years if you are reasonably certain they will be exercised.
After the “where” has been established you can move into the “what” by identifying the universe of leases for your organization. This can be accomplished by evaluating the general ledger, reviewing contract files and surveying purchasing and operating departments, which leads to assembling a task force and formulating a plan for data collection.
Step 2. Assemble a Lease Implementation Task Force.
Identify people who are critical to a successful implementation. Consider including operational and legal staff who are already familiar with existing lease terms and conditions. The Lease Implementation Task Force should remain in place until the action plan for lease implementation is finalized. The benefits are many, including a collective think tank to evaluate and apply appropriate accounting treatment to each class of leases. This task force may also be important to developing internal policies and procedures, such as whether or not a materiality threshold is appropriate, and whether or not lease accounting software should be utilized to manage the lease database. Furthermore, the implementation of the lease accounting standards is only a start, proper accounting treatment, including the remeasurement of the initial lease liability when certain lease changes have occurred and the evaluation of new leases subsequent to implementation, will be an on-going requirement.
Step 3. Identify the plan for lease data collection.
Converting your lease data into an organized structure is not without its challenges. You may encounter incomplete lease files, “hard copy versions only” of certain lease agreements, voluminous amendments, and the need to translate data from lease agreements into databases. This is all part of the process leading to a successful implementation of the new standards. Once you complete the database, you’ll then need to properly classify the leases.
Step 4. Understand what types of leases do NOT apply to GASB 87.
While a multitude of leases will be impacted by the new GASB 87 standards, there are several classifications that are not subject to GASB 87, including: intangible assets (such as computer software licenses); biological assets, including timber, plants and animals; inventories; service concession arrangement contracts; leases in which the underlying asset is financed with outstanding conduit debt; and supply contracts, such as power purchase contracts. Additionally, nonexchange agreements are exempt: for example, in the case of leasing property to a school district for a reduced price of $1/year for 30 years.
In the end, it is all about evaluating the leases subject to GASB 87.
Step 5. Understand what criteria to use when evaluating leases.
After eliminating leases that are not subject to GASB 87, as identified in Step 4, further classification of leases is necessary to ensure that the appropriate accounting treatment is applied. Short-term leases, contracts that transfer ownership, leases of assets that are investments (lessors only), and certain regulated leases (lessors only) all qualify as leases, but have differing accounting treatments than the typical long-term, noncancellable leases.
Step 6. Determine the lease term.
A lease term is defined as the period during which a lessee has a noncancellable right to use an underlying asset, plus any extension periods and options that are reasonably certain to be exercised. The GASB wants organizations to consider extension periods and options, so there is no incentive to structure initial lease terms to avoid meeting the definition of a lease. Since month-to-month leases that continue into a holdover period until a new lease is signed are not part of the noncancellable period or a formal extension, there is no basis in the standard for currently including them. Let’s discuss the calculation of the lease liability.
Step 7. The lease liability should be measured at the present value of payments expected to be made during the lease term.
The lessee should initially measure the lease liability at the present value of payments expected to be made during the lease term, which includes the following elements:
Fixed payments
Variable payments that depend on an index or a rate, initially measured using the index or rate as of the commencement of the lease term
Variable payments that are fixed in substance
Amounts that are reasonably certain of being required to be paid by the lessee under residual value guarantees
The exercise price of a purchase option if it is reasonably certain that a lessee will exercise that option
Payments for penalties for terminating the lease, if the lease term reflects the lessee exercising (1) an option to terminate the lease or (2) a fiscal funding or cancellation clause
Any lease incentives receivable from the lessor
Any other payments that are reasonably certain of being required based on an assessment of all relevant factors
For additional guidance and context to these bulleted items, refer to GASB 87 paragraph 21. In order to determine the present value, you may need to develop the discount rate.
Step 8. Consider how to calculate the lease liability for contracts with multiple components.
Proper classification of leases is not always straightforward when both lease and nonlease components are included in the same contract. What if a building lease has utilities and common area maintenance costs? The answer can be found in guidance covering contracts with multiple components, which identifies maintenance services as a nonlease component. What if a lease involves multiple assets and those assets have different lease terms? The answer can also be found in guidance covering contracts with multiple components, which provides that each asset should be accounted for as a separate lease component. Many rental leases embed the cost of utilities and common area maintenance into the lease payment. Contract components should be separated using the best estimate available based on observable information. If it is not practicable to estimate these separate costs, then account for the contract as a single lease unit (see GASB 87 paragraph 67).
Step 9. Measurement of the leased asset.
The initial measurement of the leased asset should be based on the measurement of the associated lease liability. In the case of contracts with multiple components, the value of the underlying leased asset is not always clearly stated in the agreements, and many lease agreements will not cover the life of the leased asset. Some leased assets may involve proprietary information that lessors are not willing to share. Therefore, determining the value of the underlying asset is not always straightforward in these cases. Whenever possible, identifying comparable assets that are sold in a market transaction is an important part of the process. You can then utilize the knowledge of internal or external experts who can provide a basis for an estimate.
You are now ready for the final step.
Step 10. Define the threshold for recording leases in the financial statements.
Unfortunately, while GASB provides explicit guidance on capitalization thresholds for capital assets, it does not specify any such consideration for lease obligations. Using a threshold may help you avoid recording leases that are immaterial and avoid a mismatch with leased assets that are too small to capitalize. A good starting point may be to use the capitalization thresholds that are already established for your organization. Once you determine your initial criteria for establishing leases, verify that it does not exclude significant leases from application of the new standard. You can revise these thresholds as needed. Now that we have provided you with our 10-step GASB 87 readiness plan, you should have a fairly good idea what your next steps will be.
So you can plan for compliance, this is an excellent time for the MGO GASB 87 Implementation Team to review your leases. This will ensure that you are ready to take the most important step: Implementation. In addition, we have put together an online readiness assessment that helps you evaluate where you stand in the implementation process.
About the Author:
David Bullock is a thought leader in MGO’s State and Local Government practice. An Assurance and Government Advisory Services Partner with 25 years of professional experience, he currently oversees numerous audits and other services to governmental organizations throughout California. In 2018, David was appointed to the AICPA State and Local Government Expert Panel. He is also on the Governmental Accounting Standards Board’s (GASB) Financial Reporting Model Reexamination Task Force. In 2018, he was appointed to the California Society of CPAs’ Governmental Accounting and Auditing Committee. His numerous presentations cover topics related to generally accepted accounting principles promulgated by the GASB, and auditing standards, promulgated by the AICPA and the GAO.
