- Nonprofit organizations are no strangers to fraud risk, and findings from a global study detail the potential impact.
- A financial statement audit is not designed to uncover fraud, and you may need to take additional steps to help protect your organization.
- Review these steps your organization can take to help mitigate fraud risk.
Need a second opinion on your organization’s financial health?
Could your nonprofit afford to lose $639,000? According to a recent study, that amount of loss due to fraud is not out of the question. Occupational fraud is a real threat to nonprofits and it could be committed by anyone from an employee to an executive.
The recently issued 2020 Report to the Nations, copyright 2020 by the Association of Certified Fraud Examiners, Inc. (ACFE), is a biennial study examining more than 2,500 cases of occupational fraud investigated between January 2018 and September 2019. This study was designed to examine the costs, methods, victims, and perpetrators of occupational fraud, and includes 23 major industries and data from 125 countries.
Review the key takeaways for the nonprofit industry and consider proactive measures your organization can implement to help mitigate the risk of fraud.
Takeaways for nonprofits
1. The study found that nonprofits represented 9% of the fraud cases and suffered a median loss of $75,000. Of the nonprofit cases, the average loss was $639,000.
2. The top three control weaknesses facing the industry were:
a. Lack of internal controls — 35%
b. Lack of management review — 19%
c. Override of existing internal controls — 14%
3. The top detection methods:
a. Tip or complaint — 40%
b. Internal audit (not external audits like your financial statement audit) — 17%
c. Management review — 13%
d. By accident — 7%
e. Examination of documents — 6%
4. The top five schemes facing the industry were:
a. Corruption — 41%
b. Billing — 30%
c. Expense reimbursements — 23%
d. Cash on hand — 17%
e. Noncash — 16%
5. The common perpetrator at nonprofit organizations:
a. Executive — 39% of cases with a median loss of $250,000
b. Manager or supervisor — 35% of cases with a median loss of $95,000
c. Employee — 23% of cases with a median loss of $21,000
What fraud means for nonprofits
Overall, nonprofits may be more susceptible to fraud due to their smaller size and having fewer resources available to help mitigate the risks. Inadequate segregation of duties — less oversight, lack of certain internal controls, and fewer anti-fraud measures, leaves them more vulnerable to fraud.
Six steps that could help protect your organization from fraud
1. Encourage employees to speak up if unusual activity is noticed
Cultivate a positive, transparent work environment by developing an anti-fraud policy and implementing a fraud hotline. An anti-fraud policy provides the foundation for the ethical behavior expected within the organization, and a fraud hotline provides a mechanism for reporting questionable activity. These measures may help employees be more vocal if and when matters are noticed.
Of all the cases in the study, occupational fraud was initially detected the most by tips (43%), and those tips mainly came from employees (50% of the time). Make sure your employees are equipped with the tools to help keep your nonprofit safe.
2. Review your current control environment
Segregate duties as much as possible. The goal should be to have at least two people involved in every transaction, and the person performing reconciliations should not have access to the assets being reconciled.
Additionally, if the executive director has little to no review over their transactions, consider having someone from the board of directors or the audit or finance committee tasked with this oversight. Subordinate-level employees may be hesitant to bring up any concerns of inappropriate activity related to an executive’s expense reports, credit cards, and other transactions.
3. Create or update monitoring procedures
Establish monitoring procedures for critical or high-risk business processes, such as performing a monthly review of a payroll change report or credit card refunds processed. Monitoring activities can help identify suspicious activity early on and are critical when there is limited segregation of duties.
Additionally, conduct surprise audits on employees and their work in areas such as petty cash, inventory, and cash deposits. Performing random spot checks can help keep employees accountable to your policies and procedures, which can help in identifying variances that may require additional inquiry.
The perception of detection is a great deterrent to fraud, so make your employees aware of the monitoring activities being performed without providing the details of when. If your nonprofit is large enough, consider creating an internal audit function or department that can help in performing some of these activities.
4. Develop vacation policies and enforce them
Require employees take at least five to 10 days of consecutive paid time off or vacation — particularly employees in sensitive positions — and assign their work to someone else. Disruption is sometimes a good thing as it forces someone else within the organization to take over in their absence and provides an opportunity to detect malicious activity.
5. Invest in training your employees on fraud awareness
Many employers provide some form of technical training when employees first start, but that often doesn’t include fraud awareness training. Your employees will be better positioned to help prevent and detect fraud if they understand your organization’s fraud risks, both internally and externally. Perform fraud awareness training at least annually.
6. Don’t go at it alone
Reach out to professional advisors for help. There are services available to help you mitigate and deter fraud from occurring at your organization. And in the event your organization is the victim of fraud, a forensic accountant can help you tailor a response plan to suit your situation, including assistance in recovery efforts.
What about your external audit?
An external financial statement audit is not designed to catch fraud and is unlikely to do so. In fact, in the ACFE study, only 4% of all fraud cases were found through an external audit.
Most fraud schemes are perpetrated over time using multiple lower-dollar transactions to avoid suspicion, and the fraudster often takes steps to cover their tracks, making it harder for the external auditor to detect. See our article “Uncover Insights You Can’t Get From Your Audit” for further review and appreciation.
How we can help
At CLA, we promise to know you and help you. Our professionals can come alongside your organization to help create a safer and more secure environment in a number of ways:
- Financial Department and Internal Control Assessment
- Forensic Data Analysis
- Forensic Accounting and Investigations
- Data Analytic Integration and Implementation
- Cybersecurity and Awareness Training