The typical defrauded not-for-profit loses $75,000 per fraud incident, according to the Association of Certified Fraud Examiners. And that doesn’t account for the negative publicity and subsequent lost donations and support that often follow fraud. Although no preventive measure is 100% effective, strong internal controls can greatly reduce the risk that a crooked staffer or outside criminal will find gaps in your fortress.
Internal controls are policies and procedures that govern everything from accepting cash to signing checks to training staff to keeping your IT network secure. Most nonprofits have at least a rudimentary set of internal controls, but dishonest employees and other criminals can usually find gaps in environments where controls are only somewhat effective or inadequately followed.
Why might nonprofits skimp on controls or enforcement? Typically, they devote the largest chunk of their budgets to programming and may not allocate enough dollars to fraud prevention. This can be especially problematic in organizations where executives or board members indicate that fraud prevention is low on their priority list. Nonprofit boards may also inadvertently enable fraud when they place too much trust in the executive director and fail to challenge that person’s financial representations. Unlike their for-profit counterparts, nonprofit board members may lack financial oversight experience.
Trust is another potential Achilles’ heel. Nonprofits often regard their staff and dedicated volunteers as family. They may allow managers to override internal controls and volunteers to accept cash donations without oversight — both risky activities.
Don’t let your guard down
Some of the most common types of employee theft in nonprofit organizations are check tampering, expense reimbursement fraud and billing schemes. But proper segregation of duties — for example, assigning account reconciliation and fund depositing to two different staff members — is a relatively easy and quite effective method of preventing such fraud. Strong management oversight and confidential fraud hotlines open to all stakeholders can also reduce employee theft.
Indeed, although you should trust staffers, you should also verify what they tell you. Conduct background checks on all prospective hires, as well as volunteers who’ll be handling money or financial records. Also, provide an orientation to new board members to ensure they have a clear understanding of their fiduciary role.
Finally, handle fraud incidents seriously. Many nonprofits choose to quietly fire thieves and sweep their actions under the rug. However, this tends to encourage fraud by telling potential thieves that the consequences of getting caught are relatively minor. If an incident is hushed up, rumors could do more reputational damage than publicly addressing the issue head-on. It’s better to file a police report, consult an attorney and inform major stakeholders about the incident.
If you’re not sure where vulnerabilities lie or how your budget can be stretched to allocate more resources to fraud prevention, contact our risk management team. We can help you prioritize the most serious risks and find affordable solutions for closing control gaps.