Is there an absolute failure of internal control?
Reward Money Saga
The reward money saga highlights the need for strong internal controls over public funds in government departments, including the police
By Prakash Neerohoo
Of all the financial scandals the country has known in the last 10 years, the reward money saga, which is playing out thanks to the investigation initiated by the Financial Crimes Commission (FCC), will stand out as a major case of embezzlement of public funds. Public money reserved for civil informers who provide tips to the police leading to drug seizures landed in third party bank accounts with no accountability for its use. In every business entity, government department or public organisation, there should be a mechanism in place to ensure that money dedicated to a particular project or purpose is spent in the most cost-effective way. This mechanism is called Internal Control, which is subject to ex post audits by professional auditors to uncover any deficiency in the system.
The way the reward money, involving Rs 250 million over three years, has been managed so far raises questions on the reliability and operability of management processes in the police department. Is there a lack of Internal Control over expenditure in general? Or is there a complete failure of Internal Control over that specific component of expenditure (reward money) in the police department? Since the police are the guardians of law and order and the public authority invested with the right to arrest and prosecute wrongdoers, we would have expected a rigorous control over how it rewards informers and manages money reserved for them. Given its intrinsic role of law enforcer, the police had a higher responsibility to be very prudent with the use of public money and show results for actions undertaken.
Over the years, the National Audit Office (NAO) has published reports about the mismanagement of public funds in many ministries and government departments. Year in year out, the NAO reveals cases of over-expenditure, flaws in financial procedures and unauthorised cost overruns in project implementation. All those financial irregularities could have been minimized (at worst) or avoided (at best) if there were proper Internal Control systems in the public sector in general, which are supervised by an Internal Audit Unit in each department accountable to a higher-level Audit Committee at ministry or organizational level.
Context
To better understand the importance of internal control in any organization (public or private), we must refer to prescribed rules in the accounting profession.
Internal Control is defined in section 5200 of the Canadian Institute of Chartered Accountants (CICA) Handbook on Assurance, as follows:
“Internal control consists of the policies and procedures established and maintained by management to assist in achieving its objective of ensuring, as far as practical, the orderly and efficient conduct of the entity’s business. The responsibility for ensuring internal control is part of management’s overall responsibility for the ongoing activities of the entity. […] Management discharges its internal control responsibilities through actions such as those directed to optimizing the use of resources, preventing and detecting error and fraud, safeguarding assets and maintaining reliable control systems.”
An Internal Control system is composed of three elements:
(a) Control Environment: with sub-elements as:
(i) Management philosophy
(ii) Audit committee
(iii) Methods of assigning authority and responsibility
(iv) Management control methods
(v) Internal Audit
(b) Accounting System: to record transactions according to the criteria of existence, completeness, accuracy, timing, and posting.
(c) Control Procedures:
(i) Adequate separation of duties
(ii) Proper authorization of transactions and activities
(iii) Adequate documents and records
(iv) Physical control over assets and records
(v) Independent checks on performance
Existing system
Let us examine whether the above control processes exist in the police department with regards to reward money. According to the former commissioner of police, there was an Internal Control Unit (ICU) that prepared the paperwork for supporting the payments of reward money and he only authorized the requests for payment submitted to him after due validation. We understand that the FCC is now looking into how the ICU handled the authorization, approval and disbursement processes for reward money. This enquiry will be quite complex as there are so many actors involved and multiple levels of responsibility.
In theory, the ICU was expected to take actions to:
(a) optimize the use of resources by approving disbursements of reward money only when they are justified,
(b) prevent and detect error and fraud by making sure that reward money goes directly to informers and does not land in third-party bank accounts that have nothing to with informers,
(c) safeguard assets by ensuring that the budget for reward money is managed in a cost-effective way, i.e., making payouts in proportion to the volume of drugs seized and the level of risks incurred by informers, and
(d) maintain a reliable control system by keeping a detailed and up-to-date accounting system for payment transactions.
Control Environment
The Control Environment in any organization is of paramount importance. The essence of an effectively controlled organization lies in the attitude of its top management. If top management believes control is important, others in the organization will sense that and respond by observing the policies and procedures established. If it is clear to subordinate staff that control is not an important concern to management, it is certain that control objectives will not be effectively achieved.
The management philosophy guiding the Control Environment should be highly ethical with a concern for using public money in the most cost-effective way. There are doubts now about the ethics of top management in the police. The methods of assigning responsibility and authority for payments are not clear-cut. We don’t know whether there has been an internal audit on reward money conducted by the Internal Audit Division of the Ministry of Finance. Nor do we know whether the police ICU’s work was ever scrutinised by an Audit Committee at a higher level. When was the last time the police department was audited by an external auditor, i.e., the National Audit Office?
Accounting System
Since we know that Rs 250 million has been disbursed as reward money in three years, there should be an accounting system that recorded the payouts. Whether all criteria for recording disbursement transactions (existence, completeness, accuracy, timing and posting) were met is another question. If the accounting system is computerized, examining it closely by looking at the chart of accounts would not be difficult. If the system was paper-based, there would be a lot of documentation to review from source documents (initial requests for payment, authorizations and approvals) to final output (payments by cheques).
Control Procedures
The success of any internal control system lies in the Control Procedures. The first line of control is to ensure adequate separation of duties between (a) the person making the request for payment of reward money, (b) the person examining the request according to set criteria (reasonableness of amount, frequency of requests from one source), (c) the person approving the request, and (d) the person authorizing the payment. The fourth person would only act if the first three persons had done their duty diligently. He would have some executive control over the decision to pay to the extent that he can ask questions about the informer’s identity and measure of collaboration with the police.
According to information revealed so far, the payments to informers were made not from a corporate police account but from the personal bank accounts of some officers who were entrusted with adequate funds. Since the reward money was paid directly by those officers from their bank accounts to informers, the ICU would not have a payee list. This is a major deficiency in the internal control system because all recipients of public money should be known to government (e.g., beneficiaries of social allowances are known to the ministry of Social Security).
Without a payee list, the ICU would not be able to do any ex-post verification of payment with any payee (informer). As payers refuse to disclose a payee’s name under the Official Secrets Act, it would be hard to trace a payment to anybody outside the police, unless the FCC gets an exemption from the Act through a Court order compelling the payors to reveal the names of payees (informers) in all confidentiality to a government body, in this case the FCC.
The reward money saga has brought a new focus on the need for a strong internal control over payments from public funds, whether in the police department or any other government department. The Internal Audit Division of every department should review their control systems to ensure that public money is spent as originally intended under the law.
Mauritius Times ePaper Friday 29 August 2025
An Appeal
Dear Reader
65 years ago Mauritius Times was founded with a resolve to fight for justice and fairness and the advancement of the public good. It has never deviated from this principle no matter how daunting the challenges and how costly the price it has had to pay at different times of our history.
With print journalism struggling to keep afloat due to falling advertising revenues and the wide availability of free sources of information, it is crucially important for the Mauritius Times to survive and prosper. We can only continue doing it with the support of our readers.
The best way you can support our efforts is to take a subscription or by making a recurring donation through a Standing Order to our non-profit Foundation.
Thank you.
