Warding off fraud at your nonprofit

Some simple measures can protect you

You might read about cases of corporate fraud and think, “That could never happen at my nonprofit.” But you’d be wrong. Case after case shows that fraud is often committed by the most trusted or tenured nonprofit employees. So to protect the donations and grants entrusted to you, take steps to thwart potential fraudsters.

Is yours a culture of accountability?

It’s often said that fraud prevention starts at the top. This means that your board of directors must acknowledge that fraud can happen in your organization and that it’s their duty to prevent it. When the board insists on a culture of honesty and accountability, this attitude trickles down to executive offices, ordinary staffers and volunteers.

It’s also critical to treat employees well. The charity sector isn’t known for paying high salaries to employees. But organizations that allow workers to grow resentful may unwittingly promote fraud, because occupational thieves often rationalize that they deserve more than they’re getting. Even if your nonprofit’s pay isn’t equal to that of similar for-profit businesses, you can provide a congenial work environment that offers perks, such as flexible working hours and telecommuting.

What are your biggest risks?

However, an ethical culture alone isn’t enough. You also must establish policies and procedures that everyone — including executives — is required to follow. One of the biggest mistakes an organization can make is to allow managers to routinely override fraud controls.

You won’t be able to prevent every possible fraud scenario. But when designing controls, identify risks that are most probable and that would lead to the greatest financial, public relations or other consequences. Almost all nonprofits should include the following policies:

Perform background checks. How extensively you screen job applicants and volunteers may depend on their prospective duties. For example, ensure that accounting employees have no history of embezzlement or theft and aren’t deeply in debt. At the very least, check all references and verify the applicant’s previous employment, education, military service or professional designations.

Segregate duties. This involves separating duties among staffers so that no one person can exploit his or her access. For example, assign one employee to approve invoices, another to prepare checks and a third to sign them. If you don’t have adequate staff to properly segregate duties, enlist the help of board members or consider outsourcing functions such as payroll.

Protect files. Make sure employees have access only to the files, programs and systems required to do their jobs. Password-protect all sensitive information and require passwords to be changed often.

Check spending. Require preauthorization for spending, limit credit card access and scrutinize staffers’ expense reports. Also, have a board member review your executive director’s purchases.

Count cash. When staffers or volunteers report event ticket sales, make sure they turn in a corresponding amount of cash — and the correct number of unsold tickets. Also compare cash receipts logs to the cash receipts ledger entry and actual bank deposit.

Verify vendors. Periodically audit vendor lists for anything suspicious, such as addresses that match those of employees or regular payments to one vendor that fall just below the amount required for approval.

Review bank statements. Have someone other than the individual who writes your organization’s checks review monthly bank statements. And if you require dual signatures on large checks, don’t rely on your bank to notice that one is missing.

Internal control policies should be in writing and posted where they’re visible to everyone in your organization. In addition, they should be reviewed and tested regularly for continued efficacy.

Common frauds, effective controls

Common frauds that take place in nonprofits include skimming funds by unsupervised staff or volunteers, credit card abuse and expense reimbursement schemes. Also frequent are theft of supplies and other physical assets, phony invoices and payments to fictitious vendors. Your CPA can assist you in setting up internal controls to deter these and other frauds.