Working to Protect the Public’s Assets

By Scott M. Adair

The controller’s position in Monroe County is responsible for overall internal controls, cash management, fixed assets, and financial reporting. My initial focus was reviewing the county government’s internal controls, with the priority of protecting the public’s assets. Unfortunately, recently publicized incidents have created an increasing level of distrust in governments, as well as in the accounting profession. Strong internal controls may not prevent determined individuals from misappropriating public assets, but they form the basis for management to guide an organization in meeting the overall mission. My part is to ensure that Monroe County’s controls are effective, efficient, compliant with laws and regulations, and to provide financial reports that meet standards of protecting the public’s assets.

My experience in public accounting created opportunities to learn and challenge many internal control frameworks of various levels of government and not-for-profits. When I started working with Monroe County, various New York State elected officials were dealing with how to potentially apply provisions of the Sarbanes-Oxley Act to other entities, such as public authorities, school districts, and not-for-profits. This guided me to what I consider the foundation of protecting the public’s assets for the county: a strong internal control structure adhering to the framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

In October 2004, Monroe County’s 2005 budget was unveiled; it included a “watchdog” of the public authorities associated with Monroe County. This position was created to give public authorities a resource to assist them in developing model governance principles, as developed by the Governor’s Public Authority Governance Advisory Committee. I soon realized that the county’s “tone at the top” was one that anyone in the profession would conclude is favorable to a control environment.

Given my experience as a government auditor, and having the county as a client, I thought that the risk assessment would be a relatively simple task, but it was not. One factor in a risk assessment is changes in the operating environment of the government. This was a new administration with many new employees, including the entire financial management team, and it was in the midst of purchasing and then implementing a new enterprise resource planning (ERP) system.

Another item in the risk assessment was inherent risk. Inherent risk at the county would obviously be high, as protection of public assets must be maintained. The auditor’s concept of materiality in this environment does not necessarily hold true, as any time public funds are misappropriated, misused, or misdirected, the organization handling these funds will be subject to a loss of confidence by the public. In reviewing the risk assessment with other members of the controller’s office and county administration, the internal audit function was identified as an important control in reviewing security roles and other items. The county’s internal audit function was immediately assigned to reviewing security in the new ERP system implementation. In addition, the internal audit function annually performs a risk assessment of a variety of the county functions, and develops its annual audit plan based on this assessment.

Monroe County’s design, implementation, and maintenance of specific control-related policies and procedures are essential to well-defined internal controls. Having the county as an audit client was a significant benefit to me, and I was comfortable in assessing the county’s control activities. This is a critical area that cannot be overlooked or taken for granted by anyone in an accounting role. The county had well-established procedures regarding authorization, security, segregation of duties, and reconciliations and verifications, and has implemented new processes and procedures with the new ERP system.

The communication element in the COSO framework is critical. In a large county government, the lines of communication are essential to well-functioning internal controls. Communication methods can be both formal (e.g., policies and procedures documents) and informal (e.g., phone and e-mail conversations). Monroe County established a board of ethics and a fraud hotline for reports of mismanagement, fraud, or abuse, reported either internally or externally.

The final piece of the COSO framework is the critical step of monitoring internal controls. This is, and will continue to be, a large part of my responsibilities. I work with the county administration, the county’s internal audit function, and the controller’s office to monitor internal controls and protect the public’s assets.

Governments, as well as the private sector, face many challenges on a daily basis in accomplishing their overall objective. In government, the protection of the public’s assets is a primary concern. Strong internal controls will assist in reaching this ultimate goal.

Close