How Good Governance Can Reduce Nonprofit Fraud Risk
I frequently speak to nonprofit governing boards during our audit planning meetings. When I ask about their controls to prevent, deter, and detect fraud at the organization, some boards are unclear on their responsibilities and seem to rely on management for oversight.
But there are actions that the governing bodies of nonprofit organizations can take to help create an ethical culture that establishes an appropriate “tone at the top,” and conveys that integrity is important and fraudulent behavior will not be tolerated. In fact, a governing body can and should share its values with all employees and volunteers.
I’ve come up with five actions that boards can take to help support the development of fraud policies and procedures.
1. Create a code of ethics
A code of ethics specifies what is valued at your organization. It is the set of behavioral rules that individuals should follow to ensure they are doing the right thing. Key components include the values of the organization and how those values influence expectations for employees, volunteers, and governance. It should include personal behavior standards, compliance, stewardship of funds, fundraising, and a process to report violations. It should be more than a document signed by an employee upon hire. Make it the framework for an ongoing discussion, with at least annual reminders about ethical behavior.
2. Develop a clear expense reimbursement policy
Expense reimbursements and credit card transactions can be problematic if specific limits and expectations are not clear. Ensure that your policy details meal reimbursements, air travel, acceptable flight classes, receipt requirements, and types of trips that require pre-approval. This helps guide the employee and the accounting department to discern which expenses should be reimbursed. When there is clarity on what is considered reasonable it is less likely that questionable expenses will get approved.
In addition, a member of the board should oversee and approve the expense reimbursements and credit card transactions of the CEO or executive director. I frequently see these requests being reviewed by an employee who may not be comfortable challenging questionable expenses. Board involvement in this area helps promote accountability in all employees.
3. Create a whistleblower hotline and policy
Studies show that most frauds are initially detected through tips from employees, clients, and outside vendors. An anonymous reporting system, managed by a third party, and available 24/7, can be a key investment in your fraud detection arsenal. Some vendors charge as little as $500 a year for a hotline, so it’s probably not going to break the bank.
A whistleblower hotline is an easy way for employees to report fraudulent activities. Its mere existence shows that ethical behavior matters at your organization. The board should require regular reports of activity on the hotline and a report of any subsequent follow up.
Whistleblower policies should clearly state the process that will be followed when an issue arises and is reported, whether it is on the hotline or by some other means. The written policy must also indicate that there can be no retaliation at the workplace for reporting suspicious activity. Committing to a process for reporting complaints helps to convey the message that suspicious activity should be reported. You should also require reporting to the board on any activities under the whistleblower policy or any suspected retaliation.
4. Don’t forget about volunteers
Volunteers fill important roles at fundraising events, in the collection of in-kind donations, and in other areas where theft can easily occur. Volunteer policies and training should be clear on ethical behavior, expectations, expense reimbursement, supervision, and how to report unethical behavior. This is often overlooked by nonprofits, but volunteers should receive the same emphasis and attention as employees.
5. Establish internal controls
When there aren’t enough employees to properly segregate duties at a nonprofit, board members may need to be more involved in oversight to establish proper internal controls. One example I frequently recommend is that a board member receive the organization’s bank statement and cancelled checks and review the documents for propriety of vendor name, signature, and amount. Board members should also discuss internal controls with management to determine if there are weaknesses where they could help.
How we can help
Preventing fraud can be costly, but it doesn’t have to be unaffordable, and you don’t have to do it all at once. Some of it is simply common sense. Prioritize this list so it makes economic and organizational sense for your nonprofit. Our nonprofit professionals can help you analyze your resources, set goals, and implement fraud policies and procedures that are affordable and effective.