If your not-for-profit became a victim of fraud, it wouldn’t just hurt your organization’s bottom line—the infraction also could do devastating damage to your reputation. By implementing some simple controls, though, your organization can help protect itself from these risks.
One of the most important preventive measures is the segregation of accounting duties, especially those related to executing outgoing payments. You should assign different employees to approve, record and report transactions. And the employee who generates checks for payment or approves invoices shouldn’t also be responsible for signing checks or initiating online payments.
Similarly, the staffer who makes bank deposits shouldn’t be charged with reconciling the organization’s bank statements. If the not-for-profit is too small to segregate duties fully, consider rotating staff through the various duties regularly, or involving a board member to oversee the process. You also can adopt a mandatory vacation policy to make it more difficult for fraudster employees to conceal their schemes.
Research conducted by the Association of Certified Fraud Examiners ("ACFE") shows that organizations with antifraud training programs experience lower losses, and frauds of shorter duration, than those without. Not-for-profits should provide targeted fraud awareness training not just for managers but also for employees.
At a minimum, the ACFE recommends explaining which actions constitute fraud, how fraud harms everyone in the organization and how to report suspicious activity. Managers and employees also should be educated on the behavioral red flags of perpetrators and encouraged to keep an eye out for them. Red flags include an employee who appears to be living beyond his means or one who refuses to take time off. Additionally, some insurance providers offer discounts if certain antifraud training is attended by a majority of staff members.
Set Up a Hotline
Fraud hotlines are one of the most effective strategies for uncovering fraud. The ACFE has consistently found that tips are the most common means of detecting fraud. The majority of tips come from employees, but the hotline also should be available and publicized to vendors and constituents.
Management should encourage employees to report any suspicious activity and enforce an anti-retaliation policy so employees aren’t reluctant to speak up. Ideally, the hotline should be anonymous, or at least confidential.
In 2013, the AICPA published its Audit Risk Alert: Not-for-Profit Entities Industry Developments. The alert urges not-for-profits to develop a formal fraud risk management program, including a fraud risk assessment.
According to the AICPA, a fraud risk assessment should identify:
- The fraud schemes that could potentially happen,
- The possible concealment strategies that a fraudster can use to avoid detection,
- The individuals within or outside the organization who pose the highest risk of committing fraud, such as accounting or information technology personnel,
- The controls currently in place to deter or detect fraud, and
- A list of warning signals or red flags that can be used to educate the organization, including both employees and board members.
The goal of the assessment is to identify any vulnerabilities and gaps in internal controls that could leave your not-for-profit susceptible to financial and reputational damage.
Make It a Joint Effort
Cutting the risks of fraud requires the board of directors and management to be aware of your not-for-profit’s vulnerabilities. Staff also must pitch in, staying on the lookout for red flags, conflicts of interest and other potential issues—and they must be comfortable reporting any concerns. As financial advisors, we can help, too, by conducting a fraud risk assessment and suggesting ways to establish appropriate controls. Contact us today to learn how we can help to you to avoid fraud risk.
Seek the services of a legal or tax adviser before implementing any ideas contained in this blog. To reach a financial advisor at Lane Gorman Trubitt PLLC, call (214) 871.7500 or email firstname.lastname@example.org.