Trust is the cornerstone of any functioning society, especially in the context of government operations where the public entrusts officials and public servants with not only their tax dollars but their communal well being. In a perfect city with perfect citizens, trust could be our default setting. However, almost every week, we hear about a government entity betrayed by fraud. This persistent issue begs two questions: Why does this happen, and what can local governments do to prevent it?

Why fraud happens

As I explored in my book, "Fool Me Once," there are three types of perpetrators: 

• Accidental: An accidental perpetrator is someone who is just following the boss's orders; they may make an entry or do something without reading it or fully understanding it, and they do it because they trust the person they report to.  And that can still land you in jail.
• Intentional: Righteous perpetrators are similar to accidental ones in that they don't steal for personal gain but they tend to steal to help somebody. For example, I'm trying to help my friend's business and I'm a senior leader at a bank, so I can just massage the loan requirements to help them get this loan.
• Righteous: somebody who sets out to do fraud. Like, Rita Crundwell, the former comptroller of Dixon, Illinois

Lessons from Dixon, IL

‍

In "All the Queen's Horses," I explore the shocking embezzlement of $53 million by Rita Crundwell.. The events serve as a potent example of the perils of ignored checks and balances. From the documentary: 

“Rita picked up the mail, made deposits, updated the journals and ledgers, prepared and signed checks, moved investment monies, and reconciled the bank accounts.
There was very little segregation of duties.
Rita literally did it all.”
-All The Queen’s Horses

This breach of basic control principles in Dixon’s financial operations showcases how critical clearly defined roles and automated controls are in maintaining trust through the financial systems. 

One way to prevent fraud

Segregation of duties is a critical principle that can simply eliminate the possibility for accidental, intentional, or righteous perpetrators to commit fraud.

Understanding ERP Systems

‍

Enterprise Resource Planning (ERP) systems are crucial in this context as they integrate various functions into one comprehensive system to streamline processes and information across an organization. For governments, where the stakes are high and the scope is vast, these systems' efficiency and transparency depend on the clear definition of roles, permissions, and the segregation of duties. These components ensure that no single individual has control over every aspect of a financial operation, thus mitigating the risk of fraud and error. 

As an example, an employee should not be able to create a Vendor in the system, and pay that vendor. 

With governments often distributing hundreds of ERP licenses, there are four areas that can be a starting point for managing the spider web of users, roles, and permissions.

Best Practices for Roles and Permissions checks in Government ERP systems:

1. Routinely check for terminated employees that still have an “Active” User license to the ERP system.
2. Understand Segregation of Duties: Essential processes should be divided among different individuals. 
   1. Check for specific ERP Roles that have inherent Permissions with conflicts. 
   2. Check for Users with multiple ERP Roles that have Permissions causing problems because of multiple ERP Roles.
3. Think thought the Principle of Least Privilege Access: an individual should have the minimum access needed to do their job.
4. Super-user permissions: know which kind of permissions give lots of important access, and know who has those. As an example, a permissions that allows for super user payroll access.

Due to budgets and lack of staff, many government employees are forced to wear many hats. In this case, there is one other pivotal way to prevent fraud: Transaction Monitoring (but I’ll save this for another blog post).

Unfortunately, for many local governments the time and effort to routinely assess Roles and Permissions is an enormous task. That’s why technology tools, like ThirdLine, can step in to make this much simpler than what a spreadsheet can do. 

Conclusion

The unfortunate events in Dixon, IL, are not just a warning but a directive for the necessity to enhance and fortify our approach to financial management in government. 

By enhancing your system with segregation of duties, you not only stop intentional perpetrators, you give accidental perpetrators the freedom to say to a crooked boss, “I simply don't have access to do that.”

By implementing technology tools that adhere to best practices and ensuring rigorous internal controls, governments can defend themselves against similar vulnerabilities. More importantly, these measures are crucial in rebuilding and maintaining the public's trust, ensuring that their resources are managed responsibly and ethically.

In the realm of government finance, trust is both the beginning and the end goal. It starts with the establishment of reliable systems and culminates in the secure and transparent handling of public funds, solidifying a legacy of integrity and responsibility in government operations.

‍