How to protect your nonprofit organization from fraud

By Jim Simpson, president, Financial Technologies & Management (FTM)

Four years ago when officials from a local cultural and arts volunteer organization discovered that more than $380,000 had been embezzled from its account, it was shocked. Over a nine-month period, an officer supported his gambling addiction with money from the organization’s bank account.

But according to a 2014 Association of Certified Fraud Examiners study, that is not all that unusual. In fact last year, The Washington Post analyzed nonprofits’ 990 filings from 2008 to 2012 and found more than 1,000 nonprofit organizations had checked the box indicating they had discovered diversion of assets due to theft, investment fraud or embezzlement.  

The Association of Certified Fraud Examiners (ACFE) reported the average loss is $108,000. But along with the loss of funds there is an even greater potential cost  -- damage to an organization’s reputation. 

External audits are of little help. According to the ACFE, they detect just over 3 percent of the fraud cases.  Instead, 42 percent of cases are discovered as a result of tips from employees, customers, vendors or anonymous whistleblowers.  Other top methods are management reviews (16 percent) and internal audits (14 percent). Seven percent of cases are uncovered simply by accident.

Relying on tips and happenstance to discover more than half of existing fraud cases is not good business practice. Despite having limited time and resources that make nonprofits vulnerable to fraud either internally or externally, organizations must be able to discover more cases on their own. 

Nonprofits typically have many checks and cash from numerous sources making them vulnerable to skimming and cash larceny schemes. Billing schemes are most common, and typically involve billing an organization for personal items or excessively marking up goods or services.

One step that all nonprofits should take is to develop anti-fraud controls that help decrease the cost and duration of fraud schemes.

Some anti-fraud controls include:

• Create an independent board committee to provide management independence and professional skepticism.
• Develop a process to report suspicious behavior.
• Document when compliance at all levels occurs and when it does not.
• Develop a response plan when fraud does occur.

Keep in mind that the tone from the top is important to promote an ethical environment throughout the organization to encourage self-policing.

But most importantly, nonprofit organizations need to make sure they don’t ignore fraud issues because they aren’t prepared to deal with them openly and honestly.

Nonprofits are typically most vulnerable to the following types of fraud schemes: billing, check tampering, expense reimbursements, skimming, corruption and cash larceny.

• Skimming is when an employee accepts payment but does not record the revenue and steals the money.
• Cash larceny is when an employee steals cash and checks from daily receipts before they are deposited in the bank. 
• In billing schemes, a person may set up a fake entity that bills for goods or services that the organization did not receive. Sometimes, the goods or services may be received but are marked up excessively with proceeds diverted. Another common billing scheme is to charge personal items to the organization. 
• Expense reimbursement schemes generate fraudulent disbursements. The four most common types of expense reimbursement schemes are mischaracterized expenses, overstated expenses, fictitious expenses and multiple reimbursements. 
• Check tampering is when a person physically prepares a fraudulent check. 
• Corruption is the wrongful use of influence including bribery, kickbacks, illegal gratuities, economic extortion and collusion.
  

Jim Simpson, CPA and president of Financial Technologies and Management, is a financial leader and trainer, CFO advisor, and forensic accountant to nonprofit organizations since 1999, serving over 350 nonprofit clients. He has worked as a financial advisor for over 20 years.