Fraud doesn’t just hurt a nonprofit’s bottom line — it also could do devastating damage to its reputation.
It’s easy to think that fraud won’t happen in your organization. You know and trust the people you work with and believe you’re all working towards the same cause.
In reality, the average business loses 5% of revenues to fraud every year, according to the Association of Certified Fraud Examiners. The ACFE’s most recent report on occupational fraud and abuse revealed that the median loss caused by fraud was $145,000. Smaller companies were particularly vulnerable, suffering higher median losses than their larger peers.
One of the things that put small companies at greater risk is a lack of adequate antifraud controls, such as anonymous tip lines, segregation of duties and background checks. By implementing some simple controls, your organization can help protect itself from these risks.
1. Screen employees.
When you hire anyone, perform credit and criminal background checks and verify résumé items related to past employment, education, military service and professional certification. Background checks aren’t foolproof, but they are capable of revealing many things about potential hires that could raise red flags, such as resume inaccuracies, personal financial difficulties and criminal charges.
Keep in mind that, according to the federal Fair Credit Reporting Act, you generally need a person’s permission to run a credit check, and in some states credit checks are allowed only for positions with certain financial responsibilities.
2. Segregate duties.
One of the most important preventive measures is the segregation of accounting duties, especially those related to executing outgoing payments. You should assign different employees to approve, record and report transactions. And the employee who generates checks for payment or approves invoices shouldn’t also be responsible for signing checks or initiating online payments.
Similarly, the staffer who makes bank deposits shouldn’t be charged with reconciling the organization’s bank statements. If the nonprofit is too small to segregate duties fully, consider rotating staff through the various duties regularly, or involving a board member to oversee the process.
You also can adopt a mandatory vacation policy to make it more difficult for fraudster employees to conceal their schemes or catch fraud sooner. The median amount of time from when the fraud was initiated until it was detected was 18 months, according to the ACFE.
3. Reconcile regularly.
Periodically reconcile overlapping financial records. For example, compare receipts that are recorded in your billing system to revenues recorded in your accounting system and then cross-check those numbers with your bank deposits. Review paper and online bank statements regularly, looking for inappropriate transactions.
4. Don’t make assumptions.
If you think you’d know an occupational thief if you saw him or her, think again. Fraud perpetrators often are long-tenured employees who are trusted and well-liked by their colleagues and supervisors.
In fact, most perpetrators have no criminal record. What they do have is motive — commonly financial pressures due to gambling addiction, substance abuse, divorce, illness or simply living beyond their means. And they have the opportunity. The majority of frauds occur in accounting, operations, sales, customer service and purchasing departments.
Nonprofit Quarterly describes the common perpetrators of nonprofit fraud in this article.
5. Provide training.
Research conducted by the Association of Certified Fraud Examiners (ACFE) shows that organizations with antifraud training programs experience lower losses, and frauds of shorter duration than those without. Nonprofits should provide targeted fraud awareness training not just for managers but also for employees.
At a minimum, the ACFE recommends explaining which actions constitute fraud, how fraud harms everyone in the organization and how to report suspicious activity. Managers and employees also should be educated on the behavioral red flags of perpetrators and encouraged to keep an eye out for them. Red flags include an employee who appears to be living beyond his means or one who refuses to take time off. Additionally, some insurance providers offer discounts if certain antifraud training is attended by a majority of staff members.
6. Set up a hotline.
Fraud hotlines are one of the most effective strategies for uncovering fraud. More than 40% of fraud cases are detected by a tip – more than double the rate of any other detection method. Organizations with hotlines were much more likely to catch fraud.
Management should encourage employees to report any suspicious activity and enforce an anti-retaliation policy so employees aren’t reluctant to speak up. Ideally, the hotline should be anonymous, or at least confidential.
7. Assess and address risks.
In their 2013 audit risk report, the AICPA urged not-for-profits to develop a formal fraud risk management program, including a fraud risk assessment.
According to the AICPA, a fraud risk assessment should identify:
- Potential fraud schemes
- Possible concealment strategies that a fraudster can use to avoid detection
- Individuals within or outside the organization who pose the highest risk of committing fraud, such as accounting or information technology personnel
- Controls currently in place to deter or detect fraud
- Warning signals or red flags that can be used to educate the organization, including both employees and board members
The goal of the assessment is to identify any vulnerabilities and gaps in internal controls that could leave your nonprofit susceptible to financial and reputational damage. Knowing where you’re most at risk will allow you to develop internal controls to lower the chances of fraud and embezzlement in your organization.
This article from Nonprofit Quarterly provides more information about the three most common types of fraud in nonprofits – skimming, purchasing and financial reporting – and how to prevent them.
8. Look out for red flags.
People who commit occupational fraud often live beyond their means, are heavily in debt, or have gambling or substance abuse problems. They may exhibit:
- Control issues, such as an unwillingness to share duties, files or billing records
- Irritability or defensiveness when confronted about irregularities
- A reluctance to take vacation or sick days
- Unusually close associations with vendors
9. Take a top-down approach.
The phrase “tone at the top” often is invoked when talking about fraud prevention. In a nutshell, it refers to how the attitude and actions of owners and managers “trickle down” the ladder and affect employees.
If your executives talk about the need to act with integrity but don’t follow through with their actions, employees will notice and may cut corners or commit fraud when an opportunity presents itself.
10. Make it a joint effort.
Cutting the risks of fraud requires the board of directors and management to be aware of your nonprofit’s vulnerabilities. Staff also must pitch in, staying on the lookout for red flags, conflicts of interest and other potential issues — and they must be comfortable reporting any concerns.
Your financial advisor can help, too, by conducting a fraud risk assessment and suggesting ways to establish appropriate controls. Keep in mind that while independent audits may prevent potential fraud, they are not a guarantee that the organization is free from fraud. The National Council of Nonprofits explains the myth that audits detect fraud in this article.
Nonprofits are often cited as having more opportunities for fraud and embezzlement because of the trusting nature of their work. No matter how trusting your organization is, internal controls are a must for every nonprofit organization. By conducting a risk assessment, creating policies and procedures to address risks, and enforcing the rules, you can prevent significant financial losses and public embarrassment.