If you’re a not-for-profit organization that depends upon the audit process to catch a dishonest employee or fraud that is occurring in your workplace, you may be setting up your organization for potentially disastrous consequences.
Mary O’Connor, partner-in-charge of Sikich’s Forensic & Valuation Services, presented at the Not-for-Profit Leaders Forum in Akron, Ohio recently. She provided some insight and perspective on how and why fraud happens, specifically targeted to NFPs.
NFPs are often vulnerable to fraud and loss due to:
- Trust Culture
- Limited Staff – weak internal controls, lack of separation duties
- Many part-time and volunteers
- Volunteer Board Of Directors
- Donor implications and disclosure risk
- Budget constraints
The ease to which fraud happens is alarming. Employee dishonesty and other acts of fraud can be significant, and the books can still balance; it often exists even when bank accounts are reconciled.
It can be as simple as this: you go into a meeting while important papers sit on your desk. Paperwork also sits on desks overnight, vulnerable to workers or unsuspecting cleaning crews. There have even been instances of nail polish remover and lighter fluid to remove blackout and type from bad checks thrown away in the garbage. The point is, sometimes it can be as simple as implementing a policy for locking up important documents and shredding vital documents. Other times, the crimes are not so obvious – fraudulent disbursements, false procurements, skimming, voids and restarts, refunds, bid rigging…and the list goes on. And on.
Special concerns for NFPs
- Very small business staff; often volunteer or part-time
- Lack of separation of duties
- Large budgets and poor controls
- Large grants from multiple agencies
- Fraud by users of services
- Lax Board oversight
- Reliance on a few senior managers
There are several protective measures organizations should instate as best practices to help deter and detect fraud.
Top 5 ways NFP organizations can bolster security against fraud:
- Establish the tone at the top: Clear policies which are frequently and formally communicated to employees, management, Board and vendors
- Establish a whistleblower system that is absolutely confidential and where the reporting person can be safe from reprisals and know that their tip will be considered and, if credible, will be pursued.
- Construct a system to separate business duties to every extent possible, and institute compensating controls responsibility where necessary.
- Review all sensitive areas where fraud may occur – consider rotation of staff, fidelity bonding, surprise audit, movement of part time employees etc.
- Review and create a clean desk policy and security of assets – from blank check stock to donor’ information, to cash registers, to loading docks. Purchase and install locks, smart key card systems and video surveillance.
The best defense is a good offense. Sikich provides fraud training to management and staff in compliance with GATA requirements. If you would like more information on how to develop of a fraud protection program or incident management plan for your not-for-profit organization, please contact Mary O’Connor, partner-in-charge of Forensic & Valuation Services, at firstname.lastname@example.org or 312.648.6652.