For nonprofit leaders, strong controls for fraud are especially important during this time of year. The unofficial kickoff of the charitable giving season occurs on Giving Tuesday, which takes place the Tuesday following Thanksgiving, Black Friday and Cyber Monday here in the United States. In my state, Minnesota, we have a “Give to the Max Day” to encourage giving to nonprofits and schools before Thanksgiving. A 2015 Charitable Giving Report produced by Blackbaud noted that of the nonprofits surveyed, 17% of their contributions were received in December. Here are five things small organizations can do to protect themselves and ensure that the influx of contributions received this holiday season support programs, not fraudsters:
- Perform a risk assessment before Giving Tuesday. Managing the sudden increase in donations requires careful planning with regard to controls. Employees find themselves working overtime and may feel pressured to compromise internal controls for the sake of expediency. Fraud is often a crime of opportunity; someone makes an honest mistake, and no one notices. So when they embezzle, there is no one to notice that either. In order to protect the financial and physical assets of the organization, directors of nonprofits should consider risks such as working conditions that could lead to staff burnout and lapses in judgment.
- Have a person other than the check-writer receive and open bank statements. This scenario has two independent people reviewing and monitoring all banking activity. Oftentimes, it is disclosed that the perpetrator makes deposits, writes checks, receives bank statements and reconciles the account. There is little or no oversight over this person, and this allows too much responsibility for one individual, leaving the organization vulnerable.
- Separate duties as much as possible. The check writer and the person receiving bank statements should not be the same person. Keep in mind, however, that checks can be manipulated for amounts that don’t seem unusual, thus not raising any red flags. A good risk assessment discussion among directors should address any processes that could contribute to the loss of financial assets. Management and accounting controls should be established to provide optimal protection for the organization.
- Receive copies of cancelled checks. A recent banking trend is to eliminate sending cancelled checks and/or copies of cancelled checks with bank statements and provide them online instead. What used to be a simple task is made more difficult by requiring the person to log onto the bank’s website and click on each individual check image. Since this takes additional time, this step is often skipped. As a result, checks have been forged or manipulated without being caught because nobody reviews the cancelled checks.
- Focus on safeguarding cash. There are many other steps that can be taken to safeguard cash, including setting up an approved vendor list, limiting wire transfers or requiring secondary approval and requiring board approval for certain types of expenditures. Each organization must decide what works for them based on their size and staffing.
Although the biggest threats generally are related to cash, other risks for not-for-profit organizations include misuse of funds by not following donor restrictions, cybersecurity and protection of confidential donor data.
The Association of Certified Fraud Examiners 2016 Global Fraud Study, Report to the Nations on Occupied Fraud and Abuse, analyzed 2,410 occupational fraud cases. The study estimated that a typical organization loses 5% of total revenue to fraud and the median loss was $150,000. The study found that 10% of these losses were applicable to not-for-profit organizations with a median loss of $100,000. It’s worth noting that organizations whose fraud was uncovered through detective methods such as account monitoring and reconciliations sustained less of a loss than those detected through passive methods such as notification from an outside party. The most common weakness that contributed to fraud was lack of internal controls.
The most common detection method was tip-offs. In other words, the organization provides a mechanism whereby individuals with concerns can report problems without fear of retaliation. The AICPA’s Not-for-Profit Section offers a number of resources, including a sample whistleblower policy, exclusive savings on an ethics hotline service and a white paper “An Ounce of Prevention: Combatting Fraud in Not-for-Profit Organizations” available in its resource library.
It’s important for not-for-profit organizations to regularly review their risks and implement policies and controls to ensure they continue to operate effectively and perform their charitable mission. I encourage you to use this giving season as an opportunity to take a fresh look at your organization’s controls.
This entry originally appeared in a blog post on aicpa.org. It is reprinted with permission.