January can be a period of significant transition for local governments across New York State. Newly elected Town Supervisors sworn in, re-elected board members set priorities for the year ahead, and long-tenured staff begin a fiscal year while closing out the last. While this period is often busy, it also presents a valuable opportunity to step back and assess the overall health of the municipality itself and how effectively it is positioned to serve its community in the new year.
Regulatory Oversight & Its Limitations
Local governments throughout New York are required to prepare a range of regulatory items, be it a Village or Fire District preparing and filing their Annual Financial Report (AFR), a County or Town undergoing a Financial Statement or Single Audit by a third party, or a School District engaging with its State-obligated Internal Audit function. These processes provide important accountability and help the Office of the State Comptroller (OSC) identify potential areas of concern. However, OSC audits and similar external reviews, regardless of scope, can be time-consuming and are often focused on specific compliance or reporting objectives. While always conducted in the public’s best interest, they may not address broader operational risks or provide timely insight into areas where improvements would most immediately benefit the municipality.
Operational Risk in Small Municipal Environments
Consider a town business office staffed by one or two full- or part-time employees responsible for accounts payable, payroll, accounts receivable, banking, and other financial functions. From the perspective of an elected official, it can be challenging to know whether risks are being adequately mitigated, oversight is sufficient and public funds are being managed effectively all while minimizing the risk of fraud or error. These challenges can be compounded by looming retirements or staff turnover, where the loss of institutional knowledge itself becomes a significant operational risk if secession planning and documentation are limited.
Key Questions Municipal Leaders Must Address
This naturally raises important questions: What constitutes a risk within the municipality, and how is it identified? Are duties appropriately segregated? Is financial information being presented to the governing board timely, accurate, and in a way that clearly reflects the municipality’s fiscal position? Do the board members fully understand the reports they receive, and are departments operating in compliance with New York General Municipal Law and other applicable regulations? While these are critical questions, many municipalities lack the internal resources to evaluate these questions comprehensively. As a result, towns and villages may benefit from engaging an independent third-party to conduct a high-level risk assessment focused on identifying vulnerabilities, strengthening oversight and improving operations.
The Value of an Independent Risk Assessment
A risk assessment would allow the municipality to engage an impartial third party to work directly with the business office, elected officials, appointed officials, and civil service staff. This approach provides a holistic view of current operations and a clear understanding of the municipality’s overall operation and financial condition. These engagements are performed by teams of professionals who specialize in risk management and process review. By evaluating standard operating practices within the organization, they are able to identify genuine financial or operational risks while also offering practical recommendations to strengthen controls, improve efficiency and better serve residents and constituents.
Tailoring the Risk Assessment to Municipal Needs
Selecting the type of risk assessment that best suits the municipality’s needs is just as important as deciding to perform one at all. While the Office of the State Comptroller follows standardized procedures in its audits, often a direct engagement with an independent firm can provide greater long-term value. An independent risk assessment allows the municipality to tailor the scope and depth of the review across multiple departments evaluated, and specific risks addressed. It also creates opportunities for hands-on assistance with implementing recommendations and where appropriate, follow-up to reviews to assess whether corrective actions have been implemented.
From High-Level Review to Targeted Analysis
Through higher-level reviews, areas of elevated risk often become apparent. Yet, in many cases, a risk assessment alone is not sufficient to fully understand complex processes or potential risks they present. Instead, it may highlight the need for a targeted, in-depth review of certain functions or departments. For example, reoccurring issues related to overtime practices may warrant a focused payroll review, while inconsistencies in vendor support documentation could indicate the need for a procurement or accounts payable audit. The transparency and impartiality of a risk assessment would allow these concerns to be raised, tested, and then reviewed to see if there are genuine risks or potential improvements to be made.
Expanding Risk Assessment Beyond Financial Controls
Risk assessments in government often focus on financial operations, as financial activity is one of the most common areas where fraud risks, misappropriation, and threats to resident services can occur. However, effective risk assessment frequently extends beyond finances alone. A comprehensive approach may also include fixed assets and infrastructure oversight, human resources practices and compliance, and information technology (IT) controls. IT, in particular, has become one of the most targeted and potentially vulnerable areas of local government. A focused review of cybersecurity, system access, and IT governance can be just as critical to mitigating risk as traditional accounting controls, such as segregation of duties.
Taking a Proactive Approach to Risk Management
While it is never too late to start a risk assessment, the most effective engagements are those that identify and address potential risks before they result in operational disruption or financial harm. Taking a proactive mindset, forward-looking approach allows municipalities to strengthen controls and processes before issues escalate. Successful risk assessments rely on openness, collaboration, and a willingness to acknowledge areas for improvement. When recommendations are thoughtfully implemented, these engagements help create a more resilient and secure government. Municipalities that believe a risk assessment may be beneficial are encouraged to contact us to discuss whether this approach is the right fit for their organization.
If you have any questions or are interested in learning more, we are here to help. Please do not hesitate to reach out to discuss your specific situation.
This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.
