Times of crisis bring out the best — and worst — in people. Some individuals respond by reaching into their pocketbooks to help those in need. On the flip side, fraudsters may try to profit from that generosity. For example, dishonest workers might try to siphon funds from legitimate charitable organizations, or a perpetrator might set up bogus organizations that misappropriate donations for personal gain.
During the COVID-19 pandemic, it’s critical for not-for-profit organizations to remain diligent in their efforts to combat fraud. But to prevent illicit financial activities, your nonprofit clients must strike a balance between a culture that values trust with the need for strong internal controls.
Implement strong controls
A general lack of financial and staff resources — in addition to less vigorous oversight and enforcement of internal controls — can make not-for-profits vulnerable to fraud. Executives and managers may, for example, override internal controls, allow unproven staffers to accept cash donations, rubber-stamp expense reimbursement reports or neglect to segregate accounting duties.
To mitigate this threat, management should evaluate the organization through the eyes of a fraudster. If you intended to steal, where would you focus your efforts? If security gaps are uncovered, the client should devise a control that will close them.
For example, many organizations still receive some donations in the mail. If one person is responsible for opening envelopes, recording contribution amounts, and depositing cash or checks, it would be easy for that person to commit fraud. So, management needs to devise mechanisms that could prevent a staffer or volunteer from skimming donations. A common anti-fraud control stipulates that two or more people be involved in the process of collecting, recording and depositing checks. This is known as segregation of duties. Nonprofits also should perform background checks on anyone who’ll be handling money.
Stress test safeguards
Unfortunately, the existence of controls doesn’t guarantee they’re being followed. While internal controls provide a deterrent from wrongdoing, they can sometimes be circumvented by fraudsters. Nonprofits, by their nature, are geared toward “doing good,” not making money. So, staffers may not be attentive to financial irregularities. And in non-hierarchical or “flat” organizations, managers may not prioritize enforcing controls, which means staffers who want to bypass them usually can.
Regular control compliance checks can help ensure that internal control procedures are being followed. The key is to find out which rules are routinely ignored — and why. Say, for instance, that the employee handbook calls for two levels of approval for expense reimbursement requests. If staffing shortages are causing employees to sidestep this rule, consider asking board members to step in when a second signature is required to make a large disbursement. Another possible solution is to use an outside accounting firm for certain booking tasks, including expense report approvals. In general, independent external accountants tend to be more likely to refuse to process requests that lack proper authorization.
Educate employees and volunteers
Another effective anti-fraud control is training. During orientation, employees and volunteers should be taught about common fraud ploys in the not-for-profit sector, along with methods of prevention and detection. They should learn how to report any suspicious activity they encounter while working at the organization. Nonprofits should follow up with annual “refresher” courses for existing employees, because fraudsters are always finding new ways to steal or hide their wrongdoing.
Approximately 40% of nonprofit frauds are revealed by tips from staffers, board members, vendors, clients and the public, according to Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse. The Association of Certified Fraud Examiners’ report recommends offering an anonymous fraud-reporting mechanism that whistleblowers can use via phone, online and email.
Seek outside expertise
The ultimate goal of an internal controls system is to protect an organization and its assets from thieves. If nothing else, fraud prevents nonprofits from fulfilling their missions. For more information about not-for-profit fraud schemes, contact us here. We'll help. you create awareness within a client’s organization, as well as help strengthen internal controls and investigate suspected wrongdoing.