Within a period of just a month, a Minnesota woman was charged with skimming more than $300,000 from her animal rescue charity, a Florida man was charged with multiple felonies for running several charities for his personal benefit, and a New York man was sentenced to 18 months in prison for defrauding his trade association employer. Not-for-profit organizations have about a 9% chance of being defrauded, according to the Association of Certified Fraud Examiners. Think of it this way: That’s almost one in 10.
Fortunately, strong internal controls can reduce your nonprofit’s risk. You may not think you need them, particularly if your leaders, staffers, volunteers and clients consider themselves to be one big happy family. But controls and trust can coexist.
Are your controls effective?
Internal controls are policies and procedures that govern everything from accepting cash to signing checks to training staff to keeping your IT network secure. Most nonprofits have at least a rudimentary set of internal controls, but dishonest employees and other criminals can usually find gaps in environments where controls aren’t thorough or adequately followed.
Why might nonprofits skimp on controls or enforcement? They may be so focused on programming that they don’t allocate enough budget dollars and other resources to fraud prevention. It’s not uncommon for executives or board members to indicate that fraud prevention is low on their priority list — probably because they underestimate their fraud risk.
Nonprofit boards may inadvertently enable fraud when they place too much trust in the executive director and fail to challenge that person’s financial representations. Unlike their for-profit counterparts, nonprofit board members may lack financial oversight experience.
Which controls are critical?
Some of the most common types of employee theft in nonprofit organizations are check tampering, expense reimbursement fraud and billing schemes. But proper segregation of duties — for example, assigning account reconciliation and fund depositing to different staff members — is a relatively easy and quite effective method of preventing such fraud. Strong management oversight and confidential fraud hotlines open to all stakeholders also have been proven to reduce employee theft.
Indeed, although you should trust staffers, you should also verify what they tell you. Conduct background checks on all prospective hires, as well as volunteers who’ll be handling money or financial records. Also, provide an orientation to new board members to ensure they have a clear understanding of their fiduciary role and the potential consequences of committing fraud.
Finally, handle fraud incidents seriously. Many nonprofits choose to quietly fire thieves and sweep their actions under the rug. But if an incident is hushed up, rumors could do more reputational damage than publicly addressing the issue head-on. It’s better to file a police report, consult an attorney and inform major stakeholders about the incident.
Do you trust too much?
Trust tends to be the biggest potential fraud weakness for nonprofits. Although it’s fine to regard your staff, volunteers and other stakeholders like family, you need to set guardrails. Contact our nonprofit team for help determining which controls you might lack and how to implement them.