Most research has found that nonprofit organizations are no more likely to fall victim to occupational fraud than their for-profit peers. On the other hand, there’s reason to believe that nonprofits underreport fraud incidents and are reluctant to prosecute thieving employees to protect their reputation with donors and the public. The fact is, according to the Association of Certified Fraud Examiners, defrauded nonprofits suffer a median loss of approximately $75,000 — an amount few can afford to lose.
Rigorous internal controls and an ethical culture can mean the difference between a thriving organization and financial ruin. You may be happy to learn that most fraud prevention measures are easy and inexpensive to implement.
It’s often said that fraud prevention starts at the top. This means that your board of directors must acknowledge that fraud can occur in your organization and that it’s their duty to prevent it. When the board insists on a culture of honesty and accountability, this attitude trickles down to executive offices, individual departments, ordinary staffers and volunteers.
It’s also critical to treat employees well. The charity sector isn’t known for paying high salaries to employees. But organizations that allow workers to grow resentful unwittingly promote fraud because occupational thieves often rationalize that they deserve more than they’re getting. Even if your nonprofit’s pay isn’t equal to that of similar for-profit businesses, you can provide a congenial work environment and might offer such perks as flexible working hours and telecommuting.
Internal Control Checklist
An ethical culture alone isn’t enough, however. You also must establish policies and procedures that everyone — including executives — are required to follow. (One of the biggest mistakes an organization can make is to allow managers to routinely override fraud controls.)
You won’t be able to prevent every possible fraud scenario. But when designing controls, identify risks that are most probable and that would lead to the greatest financial, public relations or other consequences. (See “Where the fraud is.”)
Almost all nonprofits should include the following policies:
Perform background checks. How extensively you screen job applicants and volunteers may depend on their prospective duties. For example, ensure that accounting employees have no history of embezzlement and aren’t deeply in debt. At the very least, check all personal references and verify the applicant’s previous employment, education, military service or professional designations.
Segregate duties. This involves separating duties among staffers so that no one person can exploit his or her access. For example, assign one employee to approve invoices, another to prepare checks and a third to sign them. If you don’t have adequate staff to properly segregate duties, enlist the help of board members or consider outsourcing functions such as payroll.
Protect files. Make sure employees have access only to the files, programs and systems required to do their job. Password-protect all sensitive information and require that passwords be changed often.
Check spending. Require preauthorization for spending, limit credit card access and scrutinize staffers’ expense reports. Also, have a board member review your executive director’s purchases.
Count cash. When staffers or volunteers report event ticket sales, make sure they turn in a corresponding amount of cash — and the correct number of unsold tickets. Also compare cash receipts logs to the cash receipts ledger entry and actual bank deposit.
Verify vendors. Periodically audit vendor lists for anything suspicious, such as addresses that match those of employees or regular payments to one vendor that fall just below the amount required for approval.
Review bank statements. Have someone other than the individual who writes your organization’s checks review monthly bank statements. If you require dual signatures on large checks, don’t rely on your bank to notice that one is missing.
Internal control policies should be in writing and posted where they are visible to everyone in your organization. In addition, they should be reviewed and tested regularly for continued efficacy.
Don’t Let Them Get Away With It
Nonprofit employees who commit fraud typically assume that they won’t get caught — and that, even if they do, the consequences will be minimal. Unfortunately, this belief is valid in many nonprofits. If you fail to prosecute fraud and instead quietly fire the offender and suffer the financial losses, you send a message that your nonprofit is an easy mark.
Instead, if you suspect malfeasance, call in a fraud expert to investigate. Forensic accountants can conduct interviews and examine documents (including electronic files) for evidence of theft. This enables you to identify the perpetrator and potentially recover losses in court.