‘Man Bites Dog’: An Internal Control Lesson for Grantees

Source: Federal Fund Management Advisor

“If a dog bites a man,” a grizzled old newspaper city editor once apparently snarled at a cub reporter, “it’s not news!” But, he went on, “When a man bites a dog, that’s a story!”

The Washington Post recently reported on one such story. The headline read, “Auditor accused of taking $30,000.” The text chronicled the indictment of a former director of internal audit for a suburban county who has been charged with stealing the funds from a local chapter of a national professional association of auditors, where he had served as an officer.

Comments from former colleagues expressed surprise that an individual with a background in detecting accounting misstatements and weaknesses in internal controls would think that he could get away with such actions. News of the indictment set off a reaction among the individual’s current and former employers, who moved to check their own books and records for any evidence of similar conduct.

Unfortunately, particularly for smaller organizations where segregating duties and performing reconciliations are often difficult to accomplish effectively, the story of a previously trusted individual being caught with a “hand in the cash drawer” is repeated too often. When organizations receive federal grants and subgrants, they are charged, under applicable federal rules, with the responsibility to exercise “effective control over all funds, property, and other assets” and to “adequately safeguard all such assets and assure they are used solely for authorized purposes.”

While requiring that internal controls be designed and maintained, however, the federal government has wisely stayed out of the business of dictating what those controls should look like for all grantees and subgrantees, large or small. And that can leave smaller entities, in particular, with challenges about how to fashion or upgrade what is often referred to as “internal controls over federal programs” — or stated another way, their grants management system.

One place to start the process is to review a booklet published by the U.S. Government Accountability Office entitled “Standards for Internal Control in the Federal Government.” Despite the fact that the federal government is the largest enterprise in the world, the booklet’s discussion of how those involved with government organizations, programs, activities and functions can achieve internal control is readily adaptable to organizations of any size. It focuses on fundamental concepts and, in particular, discusses types of control activities such as physical control of assets, access restrictions and timely execution of transactions that can help prevent or detect fraud, waste or abuse.

This treatment of control activities could actually serve as a template for organizations to flesh out the details of how they might address internal control as it relates to their federal awards. But, as if to acknowledge that an occasional “man bites dog” story will surface, GAO warns, “People are what make internal control work. The responsibility for good internal control rests with all managers. Management sets the objectives, puts control mechanisms and activities in place, and monitors and evaluates the control. However, all personnel in the organization play important roles in making it happen.”