Fraud comes with a significant monetary impact. The Association of Certified Fraud Examiners (ACFE) Report to the Nations on Occupational Fraud and Abuse 2016 Global Fraud Study estimates that fraudulent activity costs $6.3 billion in losses, with the average loss per case coming in at $2.7 million. Nearly one in three of the cases in the study occurred in the not-for-profit and governmental arena.
Entities carry different types of fraud risks. Corruption occurred more frequently in large organizations, while check tampering, skimming, payroll and cash larceny schemes were twice as common in small organizations. For educational institutions, the study found that fraudulent activity most frequently took the form of billing, corruption and skimming schemes. Top fraud schemes affecting religious, charitable and social services organizations include corruption, check tampering, expense reimbursements and billing.
Not-for-profit organizations can help protect their organization from financial abuse and mismanagement by understanding what form fraud may take. They can also shore up their fraud defense through internal controls and anti-fraud processes.
Case Studies in Not-for-Profit Fraud
The following fraud case studies may help organizations understand how fraud can affect them.
Case Study 1: Medical School
A financial analyst for the University of Massachusetts Medical School siphoned money from the medical school's payments to Medicaid, which accumulated to nearly $3.4 million over a five-year span. The scheme took his co-workers by surprise. The Boston Globe reported that one employee described the perpetrator as "the kind of person you could never forget, and every thought of him put a smile on my face."
Case Study 2: Civic Organization
An executive director of a social services agency in New York City perpetuated a 20-year scheme where he colluded with an insurance company to skim off cash from the organization's insurance policies. New York's attorney general alleged that the total loss from the scheme was close to $9 million. The executive director had been a prominent figure in the community prior to the discovery of the scheme, hosting events attended by then Mayor Michael Bloomberg and Senator Charles Schumer.
Case Study 3: Large Foundation
A Washington D.C.-based organization that funds research on the effects of smoking lost an estimated $3.4 million in a scheme involving fraudulent purchases from a "business." The investigation revealed that the organization did not have the adequate financial controls, and as a result, an information technology employee could order electronic equipment and log that it had been received which is how the scam was conducted. The employee had been with the Legacy foundation for a long period of time and was well-admired by his co-workers.
What Not-for-Profits Can Do to Detect Fraud
According to the ACFE, most perpetrators show warning signs of fraud, including living beyond their means (as was the case with the perpetrator in the University of Massachusetts incident), unusually close relationships with vendors (as in the Metropolitan Council on Jewish Poverty matter), excessive control issues or recent family problems. On the other hand, the culprits of fraud may not be obvious to the organization. The ACFE also notes in its global fraud study that most offenders are first time offenders.
Because identifying who might be responsible for fraud can be a challenge, organizations may want to focus their efforts on other signs of fraudulent activity. Certain types of fraud exhibit tell-tale patterns.
- Payroll Fraud
Organizations may have payroll inconsistencies if they see little withholding and no voluntary deductions, P.O. boxes and lapses in job history in the payroll reports. Usually fraudulent payroll schemes involve "ghost" employees who are part-time and have common names. Organizations can prevent payroll fraud by ensuring employment applications are complete, Social Security cards are on file and verified, reference checks and credit checks are conducted, time is approved and that employees are using direct deposit for their pay stubs.
- Vendor Fraud
As the case studies above demonstrate, vendor relationships are a common source of fraud for not-for-profits. Warning signs that your organization has a fraudulent vendor include a P.O. box as a main address, calls to the entity go straight to an answering machine, and the vendor uses consecutive invoice numbers. Organizations can vet their vendor list by visiting new vendors in person, researching public records and asking for endorsements.
Organizations may be victims of skimming if they notice missing transaction records, unusual cash receipts or deposits, shortage of inventory, unusual journal entries or unusual bank reconciliations. To prevent skimming, not-for-profits will want to compare bank deposits to cash receipts, reconcile inventory and examine support for suspicious journal entries.
Steps to Minimize Fraud
Not-for-profits can also take a number of steps to reduce their fraud risk, including:
- Ensure a strong anti-corruption commitment from senior management
Senior management has a responsibility to set the tone when it comes to fraud, and create a culture of ethical behavior.
- Establish a written policy concerning fraud and ethics
All not-for-profits should have a formal written policy concerning fraud and ethics. New hires should be required to review and sign a copy of the policy.
- Ensure proper oversight
Depending on the size of the organization, a committee or individual(s) should be tasked with ensuring that all aspects of a written policy concerning fraud and ethics are followed.
- Implement strong internal controls
Many organizations lack the proper segregation of duties, especially when it comes to the flow of money. Strong internal controls and proper segregation of duties lower the risk of fraud.
- Create a comprehensive vendor policy
A strong policy that scrutinizes vendors is recommended. It should use data analytics in highlighting similarities among questionable vendor invoices.
- Implement an expense reimbursement policy
A written policy should outline the types of reimbursable expenses and the documentation required to support a reimbursement request. Purchase cards and company credit card policies should clearly define when and for what purposes the cards should be used.
- Require annual training
In order to increase the awareness of potential fraud and ethical issues, employees should receive mandatory, annual training.
- Establish a hotline
The vast majority of fraudulent schemes are discovered as a result of a tip. A program built on confidentiality to protect whistleblowers will encourage them to report these matters to senior management.
- Conduct a risk-based audit
If senior management suspects fraud or abuse is being committed, it may be prudent to hire an independent forensic accountant to conduct a risk-based audit. A professional trained in forensic accounting is better equipped with the skills to uncover evidence of fraud in a timely and cost-effective manner.
- Regularly review written policies
Each year an organization should undergo a review of its written policies to ensure they properly address the risks associated with the organization. Such a review allows the organization to assess the strengths and weaknesses of existing policies and make any needed changes.
For More Information
The key to fraud prevention is to ensure proper oversight over financial assets and engage in continued monitoring. Annual training should be a requirement, particularly for employees who facilitate vendor payments and billing.
For more information on how your organization can protect itself from fraud risks, please contact us.
John E. Mulvaney, Jr. is the Practice Leader of the Forensic, Litigation and Valuation Services Group at CBIZ Tofias. He specializes in government and internal investigations, as well as complex civil and criminal matters. He can be reached at 617.761.0569 or JMulvaney@cbiztofias.com.