According to the ACFE’s 2014 Report to the Nations on Occupational Fraud and Abuse, organizations worldwide lose an estimated five percent of their annual revenue to fraud. For nonprofits struggling for every dollar of income to support their missions, the potential for loss to fraud seems unbearable, perhaps even unthinkable. Yet even those with noble intentions are not immune from this global pandemic.
An effective internal control system within your organization is the number one defense against credit card fraud by employees. Here’s our list of the top ten things you can do to protect your precious financial resources:
1. Adopt a code of conduct.
Don’t assume that everyone who chooses to work for a nonprofit shares your values and already knows what’s expected of them. Write it down. Train everybody face-to-face, from your board of directors and upper-level management to employees and contractors. Don’t assume they’ll read the memo! Secure signed statements of agreement.
2. Establish effective hiring practices.
Conduct thorough background checks including educational achievements, work history, and credit references to the extent permitted by law to minimize your exposure to dishonest employees and contractors.
3. Manage the distribution of company credit cards carefully.
Limit the number of credit cards issued. The more cardholders in an organization, the harder it is to control the system. Keep an updated list of all credit cards issued along with notations on where the cardholders keep their cards. Make sure that credit limits are consistent with organization authority for all cardholders.
4. Develop policies specific to credit card usage.
Make sure all cardholders understand when and how the cards may be used, the approval process for payment, and the consequences of credit card abuse. Secure signatures from all cardholders.
5. Institute appropriate controls for approving credit card expenses.
Receipts must accompany expense reports along with the requisite rationale for the outlay. The documentation must conform to requirements to maintain the organization’s tax-exempt status as well as comply with grant funding, if applicable. Approvers should be knowledgeable about the organization’s expense reimbursement and credit card policies as well as the funding sources against which these expenses will be applied.
6. Establish a division of labor on credit card processing.
Separate individuals should open and log the mail, approve expense reports containing credit purchases, and process transactions for payment.
7. Ensure proper oversight.
The Executive Director and Accounting Officer (e.g., CFO, business manager), at a minimum, should have online access to all company credit cards to mitigate the risk of unauthorized cards issued by the bank. Such access also provides oversight of transactions submitted by authorized cardholders to ensure they align with company policies.
8. Protect donor credit card information.
Nonprofit organizations must pay particular attention to personnel who have access to credit card information offered by the general public. If the organization does not have the means to comply with the Payment Card Industry Data Security Standard (PCI DSS) on its own account, it should contract with an organization that maintains a secure environment and has adopted suitable controls.
9. Train employees in fraud detection.
Publicize case studies that highlight the potential for fraud. Keep them informed of the disciplinary action when fraud has occurred.
10. Review your credit card policies, procedures, and cardholder lists periodically.
Make sure your controls are effective to protect your resources and that employees are on board with compliance. Make adjustments as needed and train employees on new and existing protocols.
Credit card fraud can be mitigated easily within an organization that has a watchful eye. Most case studies point to a lack of oversight and approval on credit card expenses by knowledgeable personnel. Don’t fall asleep at the wheel!