Keep your municipality safe: Identify fraud before it’s too late

Three common types of municipal fraud

Municipal fraud can take many forms, but some of the most common schemes fall into three major categories: procurement fraud, payroll fraud, and misappropriation of assets. Let’s take a deeper look at each:

Procurement fraud

Procurement fraud involves the manipulation of a procurement process to obtain financial benefits unethically. Some examples include:

Bid-rigging: Manipulating the bidding process to favour a specific vendor.

Kickbacks: Employees receive bribes or other incentives in exchange for awarding contracts.

Overbilling: Vendors submit inflated invoices or charge for services not rendered.

Conflict of interest: Staff involved in procurement have personal or financial ties to vendors.

Here’s an example: A municipality in Canada hired an engineer who managed their procurement process for engineering projects. The municipality didn’t know that he had an ownership stake in two companies that bid for an engineering services contract. As a member of the bid approval team, he played a role in awarding the contract to one of his companies, while the other came in third.

The municipality contracted more than $1 million in engineering services to the first company and are now concerned with the quality of the work and its price. The engineer did not disclose his conflict of interest. Comprehensive due diligence and oversight could have deterred the fraudster and mitigated the damages.

Payroll fraud

Payroll fraud involves manipulation of employee compensation systems for financial gain. Some examples include:

Ghost employees: Creating fictitious employees and diverting their pay.

Falsified timesheets: Employees claiming pay for hours not worked.

Unauthorized payroll payments or adjustments: Increasing salaries or benefits without approval.

Duplicate payroll payments:  Duplicating payroll payments by creating a secondary employee account.

Here’s an example: A CAO in a rural municipality defrauded her employer of 33 extra payments through their payroll system totaling more than $500,000. She alleged that the municipality had been the victim of a cyber fraud and convinced her employers that she had hired a cyber investigator to conduct the investigation. The cyber investigation was never conducted, the cyber team did not exist, and she continued to defraud her employers for overtime and vacation time for more than $25,000. 

The lack of segregation of duties, trust in the CAO, and the lack of experience of the governing council led to significant financial losses.

Misappropriation of assets

Theft or misuse of municipal resources can occur in various ways, including:

Theft of funds: Cash payments, utility fees, or parking fines being pocketed by employees.

Inventory theft: Equipment, tools, or materials being stolen for personal use or resale.

Improper use of municipal vehicles or property: Employees using municipal resources for personal purposes.

Here’s an example: A CAO in a Canadian city used his authority to engage the services and pay his spouse to provide bookkeeping services which were never provided. The CAO manipulated the payroll system to pay himself additional salary and then deposited a payment to the CRA into his personal account (the financial institution caught this transaction.)

He also changed the signing authority over bank accounts and municipal corporations into his own name so that the municipality did not have any control or access to them when he left the organization. He further directed more than $6,000 to himself each month after his employment ended for consulting services, which hadn’t been authorized by the council. He did not provide these consulting services to the municipality.

The council was left struggling to gain back their accounts and corporations in the wake of his fraudulent activity. 

How your municipality can prevent fraud

Fraud prevention isn’t about catching fraudsters in the act. It’s about putting the right systems and controls in place to prevent it from happening in the first place — and detecting it quickly if it does.

Here’s how municipalities can protect themselves:

Establish clear policies and procedures

• Create and implement a code of conduct that sets ethical standards for all employees, elected officials, and contractors.
• Develop a fraud prevention policy that clearly defines fraud, outlines prohibited behaviours, and details the consequences of fraudulent activity.
• Establish and enforce robust procurement policies to prevent conflicts of interest.
• Encourage training of employees on policies and procedures.

Implement strong internal controls

• Ensure critical tasks, like authorizing, recording, and reconciling transactions, are assigned to different employees.
• Use multi-level approvals for financial transactions, vendor payments, and budgetary changes.
• Perform regular reconciliations of bank accounts, cash receipts, and procurement records.
• Be diligent to ensure access controls to systems are appropriate.

Conduct regular audits

• Engage external auditors to conduct annual reviews of financial statements and compliance.
• Perform internal audits to make sure policies are being followed and identify red flags early.
• Identify areas of control weakness and engage auditors to examine them.

Promote a culture of integrity

• Provide ethics training for all staff and council members to raise awareness about fraud risks.
• Ensure management leads by example and demonstrates a commitment to ethical behaviour.
• Encourage transparency and accountability at all levels of the organization.

Establish whistleblower mechanisms

• Implement a confidential reporting system — like a hotline or online platform — for employees, contractors, or the public to anonymously report suspected fraud.
• Protect whistleblowers from retaliation to foster trust in the system.
• Publicize how employees and the public can report fraud.

Conduct risk assessments

• Regularly assess and identify areas most vulnerable to fraud, such as cash handling, procurement, and payroll.
• Update controls and monitoring practices based on the results of these assessments.

Enforce consequences for fraud

• Investigate all allegations of fraud thoroughly and impartially.
• Take disciplinary action or pursue legal proceedings when fraud is confirmed.
• Publicize enforcement actions (without compromising privacy or legal constraints) to demonstrate a zero-tolerance policy.