We found weaknesses in key controls around approvals, segregation of duties, and checking of invoices at the 8 LGs. This exposes LGs to unnecessary procurement risks, such as improper use of funds or paying for goods and services not received.
Controls over raising and approving purchase orders could be improved
We saw a range of control weaknesses over purchase orders across all LGs, these included:
- 5 purchase orders across 4 LGs that were approved by staff without the appropriate authority to do so. All LGs maintained lists of the role, position and dollar value limits of staff that are authorised to approve purchase orders. However, these approval limits were not always complied with, which increases the risk that goods or services are procured by someone without the proper experience or authority to determine the best value purchase for the LG.
- 13 instances across 5 LGs where purchase orders were raised after invoices were received. Purchase orders act as an internal approval and control mechanism to proceed with a purchase. These controls are ineffective if purchase orders are raised after goods and services have been received. It is not possible for the LG to determine who approved the initial request for the goods or services, and if they had the proper authority to do so.
- We found a small number of purchase orders at 3 LGs that were raised for $0 or for a nominal value (e.g. $0.91) that did not reflect the expected spend. This was despite there being a known budget, quote or existing contracts for many of these items. Purchase orders should be raised for the full, expected amount prior to the purchase being made and approved by someone with appropriate delegation. This increases the likelihood that expenditure will be capped or monitored.
LGs should strengthen processes for checking goods and services when receiving them
We identified 36 invoices across 8 LGs that could not be verified against purchase orders, quotes or contracts. The invoices contained insufficient detail to reconcile them against agreed contract milestones and price schedules, but had still been approved for payment by the LG. The invoices included instances of LGs being overcharged and undercharged. Verifying invoices for payment is an important control to ensure that LGs have received the expected goods and services and that they have been correctly charged.
It is important that even small variances are checked as these are more likely to go undetected for long periods of time. The CCC Report identified supervisors not checking payment processes and work actually done on contracts as common risks to procurement related misconduct.
Sound practice is to ensure that there is evidence to support all transactions and that a clear audit trail exists. This includes documentation for contract payments, any variations, and reviewing supplier invoices for accuracy.
LGs had weaknesses in their segregation of duties
Five of 8 LGs had not effectively segregated key steps in the procurement process or had insufficient records to show controls had been followed. For example:
- In 9 of the 20 purchases we reviewed at 1 LG, the same person had approved purchase orders, checked that goods and services had been received, and approved invoices to progress for payment. The 9 purchases totalled less than $150,000.
Four LGs captured insufficient information for us to independently verify who was receiving goods and services and approving invoices to progress to payment. Without clear records the risk of inappropriate payments is increased and the effectiveness of monitoring controls is reduced.
Stronger controls would include, where possible, the implementation of automated systems that require segregation across the different procurement functions.
Segregation of duties is a key internal control which assumes the risk of two or more people making the same error or colluding to defraud is less than an individual acting alone. The CCC Report identified failure to separate duties as a risk common to procurement related misconduct. The report cited the example of one person being able to be involved in various stages of organising contracts and authorising payments. Segregating duties is one key way LGs can reduce this risk.
In smaller LGs, where resources are limited and full segregation is more difficult, the increased involvement of other senior staff in checking purchases and controls can mitigate this risk.
While we identified weaknesses in individual segregations, we did not identify any purchases where one person was the sole approver for all steps in the process, including payment.
 Western Australian Local Government Accounting Manual, Section 7 – Internal Control Framework, p 27.