From volunteers to public donors, not-for-profit organizations are vulnerable to fraud for many reasons. Incidents of fraud, even on a small scale, can be devastating to an organization’s bottom line. In its 2016 Report to the Nations on Occupational Fraud and Abuse, the Association of Certified Fraud Examiners (ACFE) found that 10.1 percent of fraud cases affected not-for-profit organizations, with an average loss of $100,000 per case. The report serves as a reminder that although private and public companies have higher rates of fraud (37.7 percent and 28.6 percent respectively), not-for-profits should nonetheless have fraud prevention measures in place. Creating an adequate control environment can be challenging for not-for-profit organizations. Many nonprofits operate on small budgets that may make budgeting for fraud prevention challenging. Others may not have systems in place to detect and report fraud, including internal controls and whistleblowing policies. However, any organization, big or small, can improve its control environment simply by increasing its “fraud awareness” among employees.
Not-for-profits that adjust for fraud activity trends and take into consideration the lessons learned from organizations that were victims of fraud can enhance their prevention strategy and protect their financial resources from abuse.
Put Controls Over Cash-Related Activities
Asset misappropriation continues to be the most common form of fraud according to the ACFE report. Educational institutions were the most likely to have skimming asset misappropriation out of any institution surveyed for the report. Skimming can be difficult to detect because it can occur before funds are recorded by the organization. For example, an employee could take money received as part of a donation and record the donation received as an amount less than the money the employee pocketed.Religious, charitable and social services organizations’ most common forms of asset misappropriation included billing, check tampering and expense reimbursements.
Not-for-profits should ensure they have adequate controls over cash-related activities, including separation of duties, review of expense reimbursements, review and reconciliation of cash and bank statements. Reviews of bank statements may be able to detect unusual patterns in billing, check tampering and missing petty cash. Systems should also be in place to strictly monitor the processing of donations to ensure the full amount the donor intended to donate makes it to the organization.
Enhance Anti-Fraud Internal Controls
Anti-fraud controls should also be built into the internal control environment. The ACFE found that organizations with robust anti-fraud controls had less severe cases of fraud with faster detection times.
Audits of financial statements rarely detect fraud and account for only 3 percent of reported frauds. To truly examine your organization’s risk of fraud, you may want to consider enlisting the help of a third party experienced with fraud examinations. Third parties who are trained in the prevention and detection of fraud can help organizations by conducting fraud risk assessments and/or preliminary investigations to determine the strengths and weaknesses of an organization’s internal controls. An experienced fraud professional can also verify the existence of any suspected fraudulent activity.
Code of conduct and fraud prevention training is also essential for all organizations and could help encourage employees understand their role in fraud prevention. Raising fraud awareness within an organization can greatly assist in the detection of fraud.
Monitor for Corruption
Corruption within an organization can take many forms, including conflicts of interest, bribery, extortion and illegal payouts, and they are typically the most difficult to detect. Loss for corruption cases also tends to be higher than fraud involving asset misappropriation, registering a median loss of $200,000 compared to asset misappropriation’s median loss of $125,000, according to the 2016 ACFE report. Not-for-profit organizations noted their share of corruption cases as well. Nearly 1 in 3 cases of fraud reported in the education sector involved fraud, and nearly 30 percent of cases reported by religious, charitable or social services institutions involved corruption.
Organizations should pay particular attention to their board of directors and potential conflicts of interest. If your organization has vendors, grant recipients or other transactions involving parties with relationships to your board of directors, there should be records to indicate the transactions do not constitute conflicts of interest. For example, relationships between vendors and members of an organization’s board are usually fertile areas for corruption. Oftentimes, individuals inside an organization conspire with vendors in agreeing to inflate invoices, allowing for kickbacks to be made to those participating in the scheme. These sophisticated schemes often go undetected for years and can cause an organization great financial loss and embarrassment when detected.
More importantly, those monitoring an anti-corruption program must be able to interpret any red flags that may arise. Most cases have multiple red flags, however, many times the warning signs are misinterpreted or ignored. This lack of understanding can allow schemes to continue for many months, and in some instances, many years, thus causing the loss to the organization to grow significantly.
Internal controls for detecting corruption are critical for an organization. Many not-for-profits, however, fail to take the extra step and institute an effective oversight program, which involvesre-evaluating internal controls on a semi or annual basis and being willing to take the necessary corrective actions to strengthen their control structure.
Establish a Whistleblowing Policy
If not already in place, not-for-profits should have a clear policy for reporting tips of alleged misconduct within the company. The ACFE report found that tips received from internal and/or external sources were the most effective means of detecting fraud, accounting for 39 percent of all reported cases and far outweighing any other method of fraud detection. Online forms and emails are also becoming an increasingly common way to report fraud.
Whistleblower protection policies are a requirement for SEC registrants as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act, but they’re also good practice for not-for-profit organizations looking to reduce their risk of fraud. Whistleblowers are key to an organization’s anti-fraud program and can significantly help an organization in detecting fraud. Their participation will largely depend on an organization’s demonstrated ability to treat their situation with the utmost confidentiality and professionalism. Any instances of retaliation or adverse consequences demonstrated by the organization toward a whistleblower can lead to penalties and sanctions from regulatory agencies.
It’s Never Too Late to Enhance Fraud Prevention
The hallmarks of an effective anti-corruption program are strong internal controls designed to prevent and detect fraud in any organization. Combining an anti-corruption program with an effective monitoring program, routine training for all employees and a whistleblower program that ensures employees complete confidentiality and protects them from any retaliation, can greatly reduce an organization’s chances of being victimized by a costly fraudulent scheme. When presented with the possibility of an ongoing scheme within one’s own organization, senior executives should always enlist the assistance of experienced professionals for purposes of conducting a fraud risk assessment and/or preliminary investigation.
For More Information
For more information on the risk mitigation steps your nonprofit can take, please contact us
John E. Mulvaney, Jr. is the Practice Leader of the Forensic, Litigation and Valuation Services Group at CBIZ Tofias. He specializes in government and internal investigations, as well as complex civil and criminal matters. He can be reached at 617.761.0569 or JMulvaney@cbiztofias.com.