Tips For Deterring Fraud in a Nonprofit Organization
by Eric A. Kreuter, CPA, CGMA, Ph.D.
Fraud prevention efforts such as these can help nonprofits address some of their inherent vulnerabilities.
Fraud is a constant threat to nonprofit organizations, where tight budgets and smaller staffs can hinder prevention measures. The economic fallout from the recent Great Recession exacerbated these problems by forcing more cutbacks and reducing spending on “luxuries” such as an internal auditor or a fraud prevention plan.
Many nonprofits also are based on charity, faith, and a general atmosphere of goodwill. That organizational DNA often fosters a culture of trust that can relax some of the standards of fraud deterrence seen in for-profit enterprises.
The cost of this vulnerability is a high one, with many nonprofit fraud cases reaching into the six figures. Common nonprofit frauds include check tampering, falsification of time sheets and expense reimbursements, and the skimming of cash. The creation of fictitious vendors or ghost employees set up to move funds illegally is another common fraud perpetrated at unsuspecting nonprofits.
The good news is that fraud prevention efforts—such as creating a strong ethical climate, hiring a fraud consultant, and implementing tighter financial controls—can help nonprofits address some of their vulnerabilities.
Fraud prevention often isn’t emphasized enough at nonprofits—in part because of its upfront costs. Instead, some organizations primarily rely on detective controls, which alert management that fraud has occurred, thereby forcing remedial action. So why should nonprofits with tight budgets spend money on fraud prevention instead of relying on existing detection measures?
Deterrence helps organizations prevent losses in the first place, whereas detection may only give the organization a chance to recover funds after a crime is committed. Deterrence also can help prevent the public relations nightmare that fraud causes for an organization. Donors, for example, may be reluctant to maintain annual contributions to an organization with a history of embezzlement.
Internal controls—such as segregation of function, competent approval, and tracking and reporting of transactions—often are a good place to start when it comes to deterrence. Reviewing the procedures in place often shows that improvements are required. For example, if an investigation into a recent fraud reveals that the person initiating the transaction was also the person approving it and receiving money from it, there is a clear lack of segregation of duties and a clear potential for additional fraud.
Another set of eyes can sometimes be helpful in this process. One such option is an outside consultant. Consultants troubleshoot risks and controls, consider weaknesses, and make organization-specific recommendations. They also establish new policies and procedures that create a road map for employees to follow.
What nonprofits should look for in a consultant
Consultants should be skilled professionals credentialed in the area of fraud investigation and deterrence and should have experience in a variety of business settings. (Editor’s note: The AICPA offers the Certified in Financial Forensics credential for CPAs who specialize in forensic accounting.) Consultant costs range from $10,000 to $75,000 or more, depending on the complexities of the various business cycles and the geographic dispersion of the business. The process can take from several weeks to several months.
Fraud deterrence consultants start by examining the organization’s risk-management practices, control environment, and internal control systems. Areas where fraud is most likely to occur receive the most attention. As part of the initial interview process, the consultant asks management where it perceives weaknesses in the system. For example, risks and controls will necessarily be greater in organizations with multiple locations, varied program offerings, greater cash flows, and less external oversight. Organizations with higher employee or managerial turnover are also more vulnerable to fraud.
The consultant must get a full understanding of the organization’s nuances, review the organizational chart, and evaluate the economic environment in which the organization operates. Then he or she is in a good position to question the quality of the existing controls and to suggest changes where weaknesses are perceived. In a completed fraud deterrence plan, unique risks are highlighted, and specific changes or improvements are recommended, such as new or updated fraud prevention policies, procedures, systems, communication standards, and employee manuals.
In addition to controls over cash, an all-encompassing deterrence plan will consider controls over procurement, receipt of goods, inventory, fixed assets, payroll, payment processing, and access to information systems. Development and implementation of a risk-based fraud deterrence plan can give an organization the controls needed to minimize the potential for fraudulent activity.
Finally, in addition to closely examining internal controls and hiring a trained consultant, nonprofit organizations also must emphasize the mantra of fraud prevention. Communicating the importance of fraud-prevention initiatives to employees and volunteers will create a general awareness that all transactions and systems are being carefully monitored, and that any suspected breach of controls will be quickly investigated. Creating that kind of culture is an important step in helping to deter potential fraudsters.
Article from the AICPA Newsletters
Eric A. Kreuter, Ph.D., CPA, CGMA, CFE, is a partner in Litigation and Corporate Financial Advisory Services at Marks Paneth LLP.