Audit Services is an independent appraisal function within the office of the Hernando County Clerk of Circuit Court and Comptroller. The internal auditors report directly to the Clerk and Comptroller and provide independent, objective assurance and consulting services designed to add value and improve the operations of County Departments and the Clerk’s Office itself. Additional information regarding the Audit Services Department and its procedures can be found in this brochure. The Hernando County Audit Services Department Charter can be found Audit Services section of the Forms and Documents page. You may also find the Peer Review Opinion Letter here.
If you need further information regarding audit services, please contact the Audit Services Department at (352)540-6235 or email here.
NOTE: Per Florida Statute 119.0713(2)(b), Audit Services Department work papers, draft reports, etc. are not public record until the final report is issued.
Report Government Fraud & Abuse
Allegations of fraud, waste and abuse of the Clerk of Circuit Court’s and Board or County Commissioner’s property and resources are taken seriously.
Citizens and employees may report suspected instances of fraud, waste, or abuse by completing the Fraud, Waste and Abuse reporting form and then submitting it to the Audit Services Director via mail, or email.
Please see the Clerk of Circuit Court’s or Board of County Commissioner’s Fraud Policies for additional information.
Increasing Internal Control and Fraud Awareness
Internal Controls
Internal controls are the processes and procedures which are designed to help a governmental entity achieve its objectives. A big part of Audit Services’ and the external auditors’ work involves testing to see if internal controls are operating as they should be. Well-functioning internal controls:
- Help management serves customers better.
- Help safeguard against fraud.
- Support financial transparency.
Internal Control Process
It is management’s responsibility to maintain efficient and effective internal controls. The internal control process that should be used to develop and implement appropriate internal controls is as follows:
- Identify the risks that are pertinent to your department.
- Document policies that outline directive controls intended to mitigate the identified risks.
- Document detailed procedures for staff members to follow which include both preventive and detective controls.
- Communicate policies & procedures to staff members.
- Monitor department activities for compliance with established and communicated policies and procedures.
Control Activities
Control activities are actions that help ensure that risks to the achievement of objectives are mitigated. These activities are performed at all levels of the County, at various stages within business processes and include the information technology environment.
Control activities include both manual and automated activities, which may be either preventive or detective in nature and are designed to achieve control objectives. Here are three examples of control activities that most County department managers know about first-hand and can appreciate helping keep within budget:
- Control objective: Employees are paid only for actual hours worked and/or actual time off.
- Control activity: Employees, supervisors, and department heads digitally sign and approve employee hours every pay period in the timekeeping system.
- Control objective: Employee’s actual pay rates are the authorized pay rates.
- Control activity: Payroll changes are documented on a form and approved by the department director and Human Resources Director. The Clerk of Court & Comptroller Payroll Department personnel enter changes into the system and the change is reviewed by a different staff member of the Payroll Department.
- Control objective: Purchases are properly approved prior to purchase.
- Control Activity: Levels of management approval for purchase requisitions, based on dollar levels, are set forth in Purchasing policies. Approvals are recorded in the eFinance Plus computer system.
Monitoring Activities
In order to know whether or not all components of internal controls are present and functioning, an organization must perform monitoring activities. These activities may be ongoing, separate, or some combination of the two. Ongoing evaluations are built into business processes at different levels of the entity and provide timely information. Separate evaluations are conducted periodically and vary in scope and frequency. Findings from monitoring activities are evaluated against management’s criteria, with deficiencies communicated to management.
One example of ongoing evaluations within a County business process is found within the Purchasing & Contracts Department Policies and Procedures Manual. Procedure 140F, section VIII – Management of Large Scale Projects, addresses bids’ and quotations’ processing evaluation. Contract review teams, representing multiple departments, may be appointed by Purchasing & Contracts to monitor large scale projects, and the team’s monitoring could include the following:
- Purchasing & Contracts schedules team members from multiple departments to meet as a group and approve or suggest changes for project items related to their respective areas. Team meetings may be held throughout the life of the contract.
- Significant project change orders, substantial project completion, and final pay requests from the contractor may necessitate further meetings of the contract review team. Team members will review and approve the changes or project status before the project is considered to be completed.
Types of Internal Controls
Preventive Controls
Preventive controls are defined as those controls that are designed to prevent invalid/fraudulent transactions from being processed and assets from being misappropriated. Examples of preventive controls include:
- Segregation of Duties – Segregation of duties reduces the risk of error or inappropriate actions because no one person has control over all aspects of a transaction.
- Pre-approval of actions or transactions – Management should ensure that all expenditures have a clear business purpose.
- Passwords and access controls – Maintaining the confidentiality of passwords is key. Passwords should not be written down and stored in plain sight.
- Employee screening and training – Employees should be provided appropriate training so as to enable them to effectively carry out their job responsibilities.
- Physical controls over assets – Access to equipment, inventories, and cash is restricted.
Detective Controls
Detective controls are designed to identify errors or fraud in transactions that have already been processed and identify missing assets. Examples of detective controls include:
- Reconciliations – Daily cash drawer balancing by staff members and supervisory review. Compare different sets of data to one another, identifying & investigating differences.
- Periodic inventories – Physical count of assets compared to system documentation.
- Verification – Comparing expenditures to source documentation.
- Review of operating performance – Analyzing actual expenditures versus budget estimates.
- Reviews/monitoring of processes and activities – Management review of projects.
- Audits – Audits performed by Audit Services and/or the External Auditors.
Directive Controls
Directive controls are higher-level controls designed to establish desired outcomes. Examples of directive controls include:
- County policies and departmental policies/procedures.
- Job descriptions.
- Spending limits on budgets.
- Governmental laws and regulations.
Fraud
Fraud is defined as any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services, or to secure personal or business advantage. (Source: Institute for Internal Auditors)
Examples of fraud:
- Asset misappropriation – stealing cash or assets (supplies, equipment, scrap).
- Skimming – accepting cash, but not recording the payment/donation.
- Disbursements for fictitious goods or services, inflated invoices, or invoices for personal purchases.
- Expense reimbursement for fictitious or inflated expenses.
- Corruption – the misuse of entrusted power for personal gain.
Red Flags of Fraud
According to the ACFE 2014 Report to the Nations in 92% of cases that they analyzed, the fraudster displayed at least one of the behavioral red flags, and in 64% of the cases, multiple red flags were observed. These behavioral clues included the following:
- Living Beyond Means
- Financial Difficulties
- Unusually Close Association with Vendor/Customer
- Control Issues, Unwillingness to Share Duties
- “Wheeler-Dealer” Attitude
- Divorce/Family Problems
- Irritability, Suspiciousness, or Defensiveness
- Addiction Problems
- Complained About Inadequate Pay
- Past Employment – Related Problems
- Refusal to Take Vacations
- Excessive Pressure from Within Organization
- Social Isolation
- Complained About Lack of Authority
- Excessive Family/Peer Pressure for Success
- Instability in Life Circumstances
- Past Legal Problems
Some other workplace red flags that may be an indication that fraud is occurring include:
- Unusual shortages in cash or inventories
- Missing or altered documents
- Circumventions of the approval process
- Conflicts of Interest
- Accounts not reconciling and/or not reviewed in a timely manner
- Unexplained variances
Accepting Gifts
Employees must not give or receive gifts in exchange for special consideration or favors. Although most gifts come with no strings attached, there is always the chance that something is expected or perceived to be expected in return.
The Clerk’s Employee Manual, Section One, states:
“An employee shall not solicit or accept any gift, favor, or anything of value-based upon any material understanding, either explicit or implicit, that the official actions, decisions, or judgment of any employee would be influenced thereby. Any gift, including meals or entertainment, when carrying a minimal value ($20 or less), may be accepted with the Director’s approval, if it cannot be construed that it was offered to influence the employee’s judgment or action.”
County Purchasing Procedure No. 0108, section VI, 1, states:
“Acceptance of gifts at any time, other than advertising novelties, is prohibited. Employees must not become obligated to any suppliers and shall not conclude any County transaction from which they may personally benefit.”