Best Practices

Whistleblowing

Governments should establish policies and procedures to encourage and facilitate the reporting of fraud, waste or abuse and questionable accounting or auditing practices.

Auditing standards emphasize the need for governments to have a financial reporting system in place that is sufficient to provide reasonable assurance that management can prepare financial statements in conformity with generally accepted accounting principles (GAAP).[1] To meet that objective, a financial reporting system must be designed to detect not only material fraud, waste or abuse, but also any questionable accounting or auditing practices that could jeopardize the integrity of financial reporting. Auditing standards instruct independent auditors that inadequate anti-fraud programs and controls constitute, at a minimum, a significant deficiency that would need to be reported.

In most cases, potential instances of fraud, waste or abuse and questionable accounting or auditing practices (hereafter referred to as “fraud, waste or abuse, etc.”) come to the attention of responsible parties thanks to employees or citizens who become aware of such practices. Governments can and should take practical steps to encourage and facilitate such reporting.

GFOA recommends that every government establish policies and procedures to encourage and facilitate the reporting of fraud, waste or abuse and questionable accounting or auditing practices. At a minimum, a government should do all of the following:

  • Formally approve, and widely distribute and publicize the organization’s ethics policy that can serve as a practical basis for identifying potential instances of fraud, waste or abuse, etc.
  • Establish practical mechanisms (e.g., hot line) to permit the confidential, anonymous reporting of concerns about fraud, waste or abuse etc.[2]
  • A government should regularly publicize the availability, both internally and externally, of these mechanisms and encourage individuals who may have relevant information to provide it to the government.
  • Since ensuring or enhancing confidentiality can significantly increase costs, consider minimizing those costs by providing a separate reporting mechanism for employees, who typically desire greater assurance of confidentiality than do outside parties. In this regard, a government may wish to explore the possibility of engaging the services of an outside vendor to receive complaints from employees. The use of an outside vendor offers a number of potential advantages, including the following:
    • Employees may be more readily persuaded of the confidentiality of their calls if they are made directly to a party outside the government.
    • Vendors may be able to provide extended hours of service, thus avoiding the need to place a call during regular working hours (i.e., while the employee is still at work).
  • Train those answering calls from the general public to recognize calls that are reporting fraud, waste or abuse, etc. and direct them appropriately to ensure that reports of instances of fraud, waste or abuse, etc. by outside parties receive the appropriate confidentiality and disposition as allowed by law even when they are not made through the mechanism established for that purpose.
  • Make internal auditors (or their equivalent) responsible for the mechanisms used to report instances of potential fraud, waste or abuse, etc. Emphasize that they should take whatever steps are necessary to satisfy themselves that a given complaint is without merit before disposing of it. Further, they also should document the disposition of each complaint received so it can be reviewed by the audit committee.
  • Have the audit committee, as part of its evaluation of the government’s internal control framework, examine the documentation of how complaints were handled to satisfy itself that the mechanisms for reporting instances of potential fraud, waste or abuse, etc. are in place and working satisfactorily.
  1. American Institute of Certified Public Accountants (AICPA), Professional Standards, U.S. Auditing Standards (AU-C) (2020), "Communicating Internal Control Related Matters Identified in an Audit"
  2. While providing mechanisms to promote the reporting of fraud is an important element of an overall fraud prevention program, there are other elements necessary for a complete fraud prevention program that are outside the scope of this recommended practice.

This best practice was previously titled Encouraging and Facilitating the Reporting of Fraud and Questionable Accounting and Auditing Practices.

  • Board approval date: Friday, October 1, 2021