Nonprofits depend on trust. Donors trust their contributions are going to the cause they want to support. Executives trust their board members and employees believe in the cause enough to do their jobs well—sometimes with minimal or no pay. Employees trust their executives are making the best decisions in support of the cause, not in support of themselves.
In an environment so dependent on trust and the good nature of volunteers, fraud can hurt even more when it happens at a nonprofit.
With today’s increased emphasis on transparency and the rise of charity watchdog groups, nonprofit fraud can be particularly damaging. Avoiding it, however, can be especially hard for nonprofits, where trust, dedication to a cause, and the volunteering of time and resources are so central. In a trusting environment, solid internal controls are critical to protect the nonprofit’s assets, employees, and reputation.
Good Prevention Practices
Setting up an effective system of internal controls and paying close attention to your financial affairs ensures good fraud-prevention practices are in place. Here are a few prevention tips that can save you a lot of time and money later on:
- Adopt a code of conduct that includes a fraud policy. Educate your employees on out-of-bounds behavior, including but not limited to: stealing, falsifying time sheets or expense reports, and appropriating company assets for personal use – e.g., telephone, postage, office supplies, etc. Set a good example by tending to your personal affairs outside the office. Make sure everyone knows how to report suspicious behavior.
- Tips from whistle-blowers are the most common way fraud is discovered. Make sure employees, vendors and others who work with your nonprofit have an easy and confidential way to report suspected abuses.
- Require extra oversight. Measures such as requiring two different signatures on each check and that invoices accompany each payment are easy ways to add a layer of security.
- Background checks should be required of every person involved with finances and accounting, particularly of their work at past nonprofits.
- Separate your money management duties across two or more employees so they can monitor and cross-check each other’s work. For example:
- The person who handles patient payments should not be the same as the person who updates patient records.
- The person who orders goods and services should not be the same as the person who manages payment for them.
- The person who prepares checks should not have the ability to sign them. Ideally, you should sign all checks upon careful review of the associated documentation (invoices, packing slips, payroll sheets). Never sign blank checks!
- The person who receives or disperses cash should not be the same as the person who reconciles the bank statement.
- This arrangement enables employees to catch one another’s possible mistakes. It also reduces the likelihood that an employee could manipulate circumstances for personal advantage. If the size of your office staff makes it impractical to separate duties among employees, consider using a part-time bookkeeper for certain functions.
- Cross-train employees and shift responsibilities periodically. This practice adds to your checks and balances while affording coverage for sick, personal, and vacation days. With that in mind, make sure employees use their vacation time – at least one full week annually when someone else covers their responsibilities.
- Both internal and external audits should be conducted regularly. Having a CPA or someone else with financial expertise review the books frequently is a critical step.
- Lastly, talk to your advisor about the possibility of property insurance, including employee dishonesty coverage. Incidentally, in order to get this coverage, insurers may require the above—or more—steps to be taken, thus ensuring you have good fraud-prevention measures in place and insuring you against the possibility of those measures failing if a determined thief gets around them.
If fraud still takes place, it will need to be disclosed on your organization’s form 990 if it is more than $250,000 or over 5 percent of the organization’s gross revenue or total assets. That means it will be publicly available, so it’s best to create an environment and system to prevent fraud from occurring in the first place. It is for cheaper to spend money preventing fraud than to deal with fraud after it happens.
Nonprofits are often cited as having more opportunities for fraud and embezzlement because of the trusting nature of their work. No matter how trusting your organization is, internal controls are a must for every nonprofit organization. By conducting a risk assessment, creating policies and procedures to address risks, and enforcing the rules, you can prevent significant financial losses and public embarrassment.