How to help prevent common schemes
There’s little evidence that the incidence of occupational fraud is higher for nonprofits. However, nonprofits are less likely to be able to handle financial losses associated with fraud. According to the most recent research by the Association of Certified Fraud Examiners (ACFE), the median fraud loss per occupational fraud incident is $145,000 for all organizations — an amount that could easily shut down a charity. That’s why it’s critical to understand the risks and to implement and adhere to strong internal controls.
Mitigating threats
A general lack of financial and staff resources can make smaller nonprofits particularly vulnerable to fraud. Nonprofit leaders generally place greater trust in their employees than for-profit managers do. Some nonprofit managers may, for example, rubber-stamp expense reimbursement reports, allow unsupervised staffers or volunteers to handle cash donations, and neglect to distribute accounting duties among various employees. This kind of oversight (or lack of oversight) is a mistake.
To mitigate fraud threats, evaluate your organization through the eyes of a criminal. If you intended to steal, where would you focus your efforts? Where are the weak links? These are the primary security gaps you must address with internal controls.
For example, many organizations still receive donations in the mail. If one staffer is responsible for opening envelopes, recording contribution amounts and depositing donations, that person could easily commit fraud. So you need to devise mechanisms to help prevent such skimming. One common antifraud control, segregation of duties, requires that two or more people be involved in the process of collecting, recording and depositing checks. Also recommended: Investigate the backgrounds of anyone who’ll be handling money.
Regular compliance checks
Unfortunately, the existence of controls doesn’t guarantee they’re being followed. Although internal controls provide a deterrent from wrongdoing, they can sometimes be circumvented. Nonprofits, by their nature, are geared toward “doing good,” not making money. So, staffers may not be looking for possible financial irregularities. And when budgets are tight — something common in the nonprofit world — leaders often cut resources dedicated to controls and fraud prevention.
Regular compliance checks can help ensure control procedures are being followed. The key is to find out which rules are routinely ignored — and why. Say, for instance, that your employee handbook mandates two levels of approval for expense reimbursement requests. If staffing shortages make following this rule difficult, ask board members to step in when a second signature is required. Another possible solution is to outsource specific tasks.
How to train stakeholders
Another effective antifraud control is employee training. During your onboarding process, inform staffers and volunteers about typical schemes in the nonprofit sector and teach them how to prevent, identify and report possible fraud. Because fraud perpetrators are constantly finding new ways to steal from their employers, initial training should be updated with annual refresher courses. In fact, you might want to ask employees to sign an annual ethics pledge to keep such issues top-of-mind and reinforce the idea that your organization takes fraud prevention seriously.
The ACFE has found that approximately 43% of nonprofit frauds are revealed by tips from staffers, board members, vendors, clients and the public. To encourage such tips, offer potential whistleblowers an anonymous fraud-reporting mechanism (via web, phone or email) that’s available 24/7. Investigate every tip and report the outcome of tip investigations (withholding the names of whistleblowers and others involved) to your nonprofit’s stakeholders.
Don’t cut these costs
If economic uncertainty or reduced financial support is leading your nonprofit to take cost-cutting measures, be careful not to target critical fraud prevention resources or policies. Make sure you’re able to maintain segregation of duties and supervise staffers and volunteers who perform financial tasks. And though network hacking schemes are more likely to be perpetrated by outside criminals, spend what you must to keep all security software current.