Cathy Carter’s last job title before she retired from the City of Tulsa in 2011 after more than 20 years of service was Chief Risk Officer. She advocated for a replacement, but no one was hired to fill the position after she left—or even two years later when Carter was elected City Auditor.
“So I decided to try a new route...finding an automated way to monitor financial risk,” she said.
Cathy implemented ThirdLine to detect fraud, waste, and abuse before it leaves the City’s door. Hundreds of data analytics integrate with the Tyler Munis Enterprise Resource Planning (ERP) system to flag high-risk transactions across financial processes, and the results refresh in interactive dashboards.
“What we're doing here is revolutionary, we haven't ever done this before,” Carter said.
Automated detection of fraud, waste, and abuse was an exciting prospect for Carter and the City of Tulsa. However, there were many roadblocks standing in the way:
Like in most municipalities, the IT department was the gatekeeper Carter and her team needed to work with in order to access the necessary data for analysis. For many auditing teams, it can be difficult to know what data to ask for and get the right information in a timely manner.
Even though Carter and her team had an idea of what they wanted to audit, it would have been incredibly complex and time-consuming to wade through the thousands of data tables IT provided and identify which ones they needed for an audit.
Like most municipal leaders, Carter deals with budget cuts, obsolete technology, and administration turnover, which can affect her team’s plans and priorities. Plus, data analysts are hard to find—and keep—when jobs and salaries in the tech industry are competitive.
Even with the resources and the data, without a continuous analytics solution like ThirdLine, Carter’s team would have to perform manual spot-checks, analyzing pieces of data at a time to extrapolate answers.
These roadblocks make automation seem impossible and drag out the auditing process even further for municipalities large and small. As a result, many internal auditing departments (if the municipality has one) can complete only one or two thorough audits per year.
A person outside the City of Tulsa changed a vendor’s bank account number, initiated a deposit of over $600,000 to that account, and then changed the account back to the vendor’s previous number. The internal audit team was able to intercept the deposit, saving the City time and money.
The ThirdLine team served as the translator between the City’s internal audit and IT departments and made it clear: ThirdLine was not a new ERP system; it was an analytics layer on top of existing Munis data. The only thing IT had to do was use ThirdLine's SQL scripts to get the correct data to the ThirdLine team.
With every refresh of the City’s Munis data, ThirdLine analytics updated across dashboards, showing Carter and the internal auditing team:
They had the answers to create their audit plan, reduce risks and inefficiencies associated with weak processes, and test data-driven controls.
After the Internal Audit Department implemented ThirdLine, they shared analytic dashboards with other departments including Finance.
The City of Tulsa identified behavior that led to a revised policy. The analytics found that employees used purchasing cards to make purchases from an employee-owned business, which is against City code.
“This is one of the more helpful analytics that’s been developed as part of the dashboards created by the Auditor’s office. Once this has been made available for managers to use, we can monitor this regularly [...We] will follow up with HR to see if this could be explored as a personnel policy to ensure that we have a registry of employee-owned businesses.”
—City of Tulsa Finance Department.
With ThirdLine, many departments at the City of Tulsa found an automated way to monitor financial risk. Overcoming the common roadblocks to automation was just part of the City’s larger accomplishment.
Undetected financial risk can escalate into harmful fraud schemes, which can last more than a year and cost organizations 5% of their annual revenue, according to the Association of Certified Fraud Examiners. For municipalities, lost revenue translates to mishandled taxpayer dollars and results in diminished public trust.
Now, Carter and her team have the assurance of 400 data analytics running continuously to detect fraud, waste, abuse, and inefficiency across these 10 financial processes at the City of Tulsa:
Note: Cathy Carter did not receive compensation from ThirdLine for her participation in this article.
Download the PDF version →