The typical defrauded nonprofit loses $75,000 per fraud incident, according to the Association of Certified Fraud Examiners - and that does not account for the negative publicity and subsequent lost donations and support that often follow fraud. Although no preventive measure is 100% effective, strong internal controls can greatly reduce the risk that a gap in processes will be taken advantage of.
Internal controls are policies and procedures that govern everything from accepting cash to signing checks to training staff to keeping your information technology network secure. Most nonprofits have at least a rudimentary set of internal controls, but dishonest employees and other criminals can usually find gaps in environments where controls are only somewhat effective or inadequately followed.
Why might nonprofits skimp on controls or enforcement? Typically, the largest chunk of a nonprofits’ budget is devoted to programming and may not allocate enough dollars to fraud prevention. This can be especially problematic in organizations where executives or board members indicate that fraud prevention is low on their priority list. Nonprofit boards may also inadvertently enable fraud when they place too much trust in the executive director and fail to challenge that person’s financial representations. Another reason is that nonprofit board members may lack financial oversight experience.
Trust is another potential Achilles’ heel. Nonprofits often regard the organization’s staff and dedicated volunteers as family. This environment may allow managers to override internal controls and volunteers to accept cash donations without oversight — both risky activities.
Don’t let your guard down
Some of the most common types of employee theft in nonprofit organizations are check tampering, expense reimbursement fraud, and billing schemes. But proper segregation of duties — for example, assigning account reconciliation and fund depositing to two different staff members — is a relatively easy and quite effective method of preventing such fraud. Strong management oversight and confidential fraud hotlines open to all stakeholders can also reduce employee theft.
Additionally, conduct background checks on all prospective hires, as well as volunteers who will be handling money or financial records. Also, provide an orientation to new board members to ensure new members have a clear understanding of their fiduciary role.
Finally, handle fraud incidents seriously. Many nonprofits choose to quietly fire thieves and sweep their actions under the rug. However, this tends to encourage fraud by telling potential thieves that the consequences of getting caught are relatively minor. If an incident is hushed up, rumors could do more reputational damage than publicly addressing the issue head-on. It is better to file a police report, consult an attorney, and inform major stakeholders about the incident.
For help with determining where vulnerabilities lie or how a budget can be stretched to allocate more resources to fraud prevention, contact us. We can help prioritize the most serious risks and find affordable solutions for closing control gaps.