If your nonprofit became a victim of fraud, it wouldn’t just hurt your organization’s bottom line — the infraction also could do devastating damage to your reputation. By implementing some simple controls, though, your organization can help protect itself from these risks.
One of the most important preventive measures is the segregation of accounting duties, especially those related to executing outgoing payments. You should assign different employees to approve, record and report transactions. And the employee who generates checks for payment or approves invoices shouldn’t also be responsible for signing checks or initiating online payments.
Similarly, the staffer who makes bank deposits shouldn’t be charged with reconciling the organization’s bank statements. If the nonprofit is too small to segregate duties fully, consider rotating staff through the various duties regularly, or involving a board member to oversee the process. You also can adopt a mandatory vacation policy to make it more difficult for fraudster employees to conceal their schemes.
Research conducted by the Association of Certified Fraud Examiners (ACFE) shows that organizations with antifraud training programs experience lower losses, and frauds of shorter duration, than those without. Nonprofits should provide targeted fraud awareness training not just for managers but also for employees.
At a minimum, the ACFE recommends explaining which actions constitute fraud, how fraud harms everyone in the organization and how to report suspicious activity. Managers and employees also should be educated on the behavioral red flags of perpetrators and encouraged to keep an eye out for them. Red flags include an employee who appears to be living beyond his means or one who refuses to take time off. Additionally, some insurance providers offer discounts if certain antifraud training is attended by a majority of staff members.
Set up a hotline
Fraud hotlines are one of the most effective strategies for uncovering fraud. The ACFE has consistently found that tips are the most common means of detecting fraud. The majority of tips come from employees, but the hotline also should be available and publicized to vendors and constituents.
Management should encourage employees to report any suspicious activity and enforce an anti-retaliation policy so employees aren’t reluctant to speak up. Ideally, the hotline should be anonymous, or at least confidential.
Last year, the AICPA published its 2014 Audit Risk Alert: Not-for-Profit Entities Industry Developments. The alert urges not-for-profits to develop a formal fraud risk management program, including a fraud risk assessment. According to the AICPA, a fraud risk assessment should identify:
- The fraud schemes that could potentially happen,
- The possible concealment strategies that a fraudster can use to avoid detection,
- The individuals within or outside the organization who pose the highest risk of committing fraud, such as accounting or information technology personnel,
- The controls currently in place to deter or detect fraud, and
- A list of warning signals or red flags that can be used to educate the organization, including both employees and board members.
The goal of the assessment is to identify any vulnerabilities and gaps in internal controls that could leave your nonprofit susceptible to financial and reputational damage.
Make it a joint effort
Cutting the risks of fraud requires the board of directors and management to be aware of your nonprofit’s vulnerabilities. Staff also must pitch in, staying on the lookout for red flags, conflicts of interest and other potential issues — and they must be comfortable reporting any concerns. Your financial advisor can help, too, by conducting a fraud risk assessment and suggesting ways to establish appropriate controls. •