Every month, Chief Financial Officers (CFOs) and their finance teams in local governments and school districts should perform key control checks to keep finances on track and safeguard against fraud. Proactive monthly oversight helps catch issues early before they grow into major problems. This is especially critical in the public sector, where fraud cases can cost a median of $150,000 each and even small municipalities have suffered devastating losses due to weak controls.

Scroll down to the bottom to download the full 10 page guide!

As highlighted in a recent article from American City & County,

"Without safeguards in place, fraud becomes easier to commit, and harder to catch." American City & County

This underscores the importance of implementing robust internal controls to prevent financial mismanagement and maintain public trust. The following guide you can download below outlines ten essential financial control activities for CFOs to conduct monthly. These steps, aligned with best practices and ThirdLine’s continuous monitoring approach, will help detect fraud, reduce waste, ensure compliance, improve overall financial oversight, and make the year-end reporting much smoother. 

What Is Internal Control?

Internal control refers to the system of policies, procedures, and practices that organizations use to safeguard assets, ensure accurate financial reporting, promote operational efficiency, and maintain compliance with laws and regulations. These controls help detect and prevent fraud, errors, and misuse of public funds. In essence, internal control is how an organization makes sure it does what it says it’s going to do—safely, reliably, and responsibly.

The concept gained prominence in the mid-20th century, but it was the 1977 Foreign Corrupt Practices Act (FCPA) and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) that standardized the framework most used today. COSO’s Internal Control—Integrated Framework (1992, updated in 2013) defined five components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring activities. Public sector agencies have adapted these principles to their own financial and operational landscapes, often under added scrutiny from elected officials, auditors, and the public.

Internal controls are not just a compliance tool—they’re a foundation of good governance. For CFOs, understanding and strengthening internal controls is critical for preventing fraud, maintaining trust, and ensuring accountability.

The Principles of Internal Control Include:

• Control Environment: The culture and tone set by leadership that promotes integrity, ethical values, and accountability.
• Risk Assessment: Identifying and analyzing risks that could prevent the organization from meeting its objectives.
• Control Activities: Policies and procedures put in place to mitigate risks and ensure directives are carried out (e.g., approvals, authorizations, reconciliations).
• Information and Communication: Ensuring relevant information is captured and communicated timely and effectively across the organization.
• Monitoring Activities: Ongoing evaluations to ensure that internal controls are present and functioning as intended, with issues identified and addressed promptly.

Why Internal Controls Matters

Internal control failures are often invisible—until they’re not. Fraud, compliance violations, and financial misstatements rarely begin as large, obvious events. They start small: a terminated employee left with ERP access, a vendor payment pushed through without review, a purchasing card used improperly. When these signals go unchecked for months or years, the consequences can be severe.

Municipalities and special districts have lost hundreds of thousands of dollars due to fraud schemes that went unnoticed for years. A 2024 report from American City & County showed that smaller governments—especially those with lean finance teams—are especially vulnerable to fraud due to gaps in monitoring, outdated systems, and under-resourced internal audit functions. In one high-profile case, a finance manager in a small town stole over $1 million by exploiting lax oversight in payroll and vendor payments.

By implementing a monthly cadence of control checks, CFOs gain the visibility and assurance needed to prevent those stories from repeating. These checks act as a force multiplier for financial oversight—bridging the gap between annual audits and day-to-day operations. They empower finance leaders to detect irregularities early, ensure compliance with procurement and spending policies, and continuously reinforce trust with their boards, councils, and constituents.

Best of all, the vast majority of these checks can be automated.

Internal Control Checks you can Automate

Download the full guide for all 10 internal control checks with full detail and descriptions. The following 3 checks are not just accounting best practices—they are strategic leadership tools. Done monthly, they position your finance team to stay one step ahead of fraud, reduce waste, and elevate accountability across your organization.

1. Review User Access and Permissions
   1. Check SoD Conflicts: Use reports or analytics to flag users with conflicting roles or excessive capabilities (e.g. a user who can both initiate and approve payments). Restructure duties or adjust roles to resolve these conflicts and strengthen oversight.
   2. Deactivate Dormant Accounts: Immediately revoke access for terminated or inactive users and set any unused roles to “inactive” This reduces clutter and misuse risk.
   3. Enforce Least Privilege: Regularly review who has high-level permissions (such as system admin rights) and ensure their access aligns with current job duties Remove excessive privileges to minimize security gaps.
2. Cleanse and Update Vendor Master Records
   1. Purge Duplicates: Identify any duplicate vendor names or EIN/Tax IDs in the system. Merge or eliminate duplicates to prevent double payments and confusion.
   2. Verify Vendor Changes: Monitor changes to vendor banking details or addresses. Sudden requests to switch a vendor’s bank account or payment method should raise a flag for possible vendor impersonation fraudAlways verify such changes directly with the vendor before the next payment.
3. Analyze Payroll for Fraud and Errors
   1. Overtime and Leave Analytics: Review overtime hours and leave payouts. Excessive overtime that significantly inflates pay may indicate timecard fraud or abuse. Ensure leave payouts or buyouts are properly approved to catch any unauthorized self-payments (as seen in past fraud cases).
   2. Ghost & Duplicate Checks: Run a report for any payments made to employees who have separated (after termination date). Also, scan for multiple employees sharing the same bank account or SSN which is a major red flag for payroll fraud.

For the rest of this list, please download the guide below!

Conclusion & Call to Action: Embrace Monitoring and Continuous Auditing

Performing these 10 control checks monthly will significantly strengthen your organization’s financial oversight and integrity. They are an antidote to the complacency that fraud relies on. By reviewing user access, vendor data, payroll, approvals, budgets, close processes, procurement, payments, p-cards, and vendor changes on a regular basis, CFOs can detect errors and irregularities early, improve compliance, and save money that would otherwise be lost to fraud or waste.

The key is to make these activities part of a continuous monitoring strategy rather than one-off annual checkups. Continuous auditing and montiring uses automated tools and data analytics to test 100% of transactions in near real-time, providing early warnings of issues. It leads to swift detection of errors or fraud, increased efficiency through automation, improved compliance, and proactive decision-making based on actionable insights.

ThirdLine’s analytics platform is purpose-built to help finance teams implement these monthly control checks—seamlessly aligned with the five principles of internal control:

• We help establish a strong control environment through transparent reporting and role clarity.
• Our risk-scored analytics support proactive risk assessment across ERP functions.
• Automation of policy enforcement and approvals tied to analytics ensures high-integrity control activities.
• Tailored alerts and department-level reporting enhance information and communication.
• And real-time dashboards and exception monitoring drive continuous monitoring activities.

By aligning with the COSO framework, ThirdLine helps government CFOs strengthen their control posture, reduce exposure, and create a lasting culture of accountability.

Call to Action: Commit to implementing these monthly financial control checks in your organization. If you already do some of them, evaluate how to enhance them. If some are new, develop a plan to phase them in. By moving toward a culture of continuous auditing and improvement, CFOs can ensure that they protect public funds, uphold transparency, and stay one step ahead of fraud.