Fraud takes many different forms in today’s culture, from health care fraud to identity theft to the focus of this article: occupational fraud. There are many ways fraud can be committed at a not-for-profit organization, including payroll or billing schemes, check tampering, unrecorded or understated funds, mischaracterized or fictitious expenses, undisclosed conflict of interest transactions, and larceny, to name just a few. The one thing all types of fraud have in common, however, is that they involve a violation of trust. And nowhere is the damage from that violation more acute than in not-for-profit organizations, which by their very nature and purpose are part of the public trust.
In this article, we offer four tips for preventing fraud at your not-for-profit organization. These tips are based on the latest research.
1. Implement an anonymous hotline
Providing individuals inside and outside your organization with a means to report suspicious activity, such as through a “tip line” or “hotline,” is the single most impactful anti-fraud control. According to the Report to the Nations on Occupational Fraud and Abuse published every two years by the Association of Certified Fraud Examiners (ACFE), hotlines have been the most common method of detecting fraud since 2002. This method accounted for detection of 42% of the cases in the 2014 ACFE report.
For maximum effectiveness, a hotline must allow anonymity and confidentiality, be fully supported by top management, and be communicated throughout the organization. There are service providers who offer this service and provide independent documentation of all communications and their proper reporting within the organization.
2. Don’t rely on your external audit to detect fraud
External audits provide valuable recommendations and evaluations of your internal controls, including identification of fraud risk, but they are not designed to detect fraud. Nearly 80% of the victim organizations in the ACFE report had external audits, yet external audits only revealed fraud in 3% of the cases reported. In fact, you are twice as likely to find fraud by accident than as a result of your external audit.
Nathan Salsbery, CPA, CFE, is a partner at CapinCrouse and an expert in both auditing not-for-profit organizations and advising them regarding fraud prevention and detection, as well as providing forensic accounting services. Nathan observes, “It is a common misconception that external audits are designed to detect fraud within an organization. External audits may increase the perception of detection among employees, which can serve as a deterrent and is an important aspect of a not-for-profit’s fraud prevention efforts. But in regards to fraud detection, there simply is no substitute for strong internal controls to both reduce the opportunity for fraud and to detect fraud more quickly if it occurs.”
3. Implement fraud training
Not-for-profit organizations should train and educate staff members as to what actions constitute fraud, how fraud can harm the organization and its mission, and how to report questionable activity. This training has minimal cost and is highly effective.
As a quick overview, research has continually shown that occupational fraud schemes fall into three categories:
- Asset misappropriation, which occurs when an employee steals or misuses the organization’s resources. Examples include theft of cash (including checks), false billing schemes, vendor fraud, and inflated expense reports. Asset misappropriation accounted for 85% of the fraud cases in the ACFE report, with a median loss of $130,000.
- Corruption schemes in which an employee misuses his or her influence in a business transaction in a way that violates his or her duty to the employer, in order to benefit personally. Examples include bribery and conflict of interest transactions.
- Financial statement fraud, which occurs when an employee intentionally causes a misstatement or omission of material information in the organization’s financial reports. Recording fictitious revenue, understating expenses, and reporting artificially inflated asset values fall into this category.
4. Understand your fiduciary duty
Board members are responsible for acting with due care and putting the best interests of the organization first. In some cases, board members have been held liable when it was determined they were negligent in fulfilling their fiduciary duties of care, loyalty, and obedience. It’s also important to note that according to the ACFE report, poor tone at the top and incompetent oversight contributed to 15% of fraud cases.
“While the board of directors is usually not involved in the day-to-day operations of a nonprofit, the board is responsible for monitoring and supervising the organization’s finances and operations,” notes Karen Wu, Partner at Perlman & Perlman LLP, a New York-based law firm that works with nonprofits. “Boards can help prevent fraud by establishing and implementing appropriate internal financial control procedures and policies. In addition, once fraud is detected, the board should act swiftly to investigate the situation and develop a plan of action, which may include taking steps to recover the funds and reporting the incident to governmental authorities.”
Understanding the Threat
Fraud can have a significant impact on not-for-profit organizations, both in terms of damaged trust and damaged finances. Median losses for not-for-profit organizations in the ACFE report were $108,000—and most of the time organizations that fall victim to fraud do not recover any of their losses.
So who is committing this fraud? According to a report by The Hauser Center, the most common perpetrators of occupational fraud are females with a median age of 41 who have been with the organization for at least three years, have no criminal record, and earn less than $50,000 a year.
The most costly cases of fraud are committed by males at the executive or manager level who earn $100,000 to $149,000 a year. Interestingly, it usually takes twice as long—an average of 24 months—to detect fraud being committed by managers or executives as compared to non-management employees.
Take Steps to Protect Your Organization
Help protect your organization from becoming a statistic—implement a fraud hotline, don’t over-rely on your external audit, implement fraud training, and understand your fiduciary responsibility. CapinCrouse offers a wide range of consulting and advisory services to help you establish a fraud risk assessment and management program, respond to detected fraud, and more.