Fraudulent activity — whether it's check tampering, skimming from the till or billing schemes — has always been a concern for nonprofit organizations, and this problem is not going away anytime soon. The Association of Certified Fraud Examiners (ACFE) reports that the median loss for nonprofits in 2014 was $108,000.

Weak internal controls often make nonprofits ripe for the picking. Revenue typically flows from voluntary contributions, grants and other "nonreciprocal transfers" (i.e., the donor receives no goods or services in return). With no corresponding payout to match against, incoming checks or cash contributions can easily "disappear." Neither management nor an auditor would have any way to determine that the contribution was recorded. In the case of a check, the donor would still have a canceled check, but no one at the organization would be the wiser.

Beware the "Shoestring Effect"

Another problem that plagues nonprofits results from what some have called the "shoestring effect." Operating lean and with low-paid staff, nonprofits often can't effectively segregate duties. The result is that the person opening the mail may also be responsible for depositing the donations — and may even be the one receiving and reconciling the organization's bank statement!

Here, the three classic elements of the "fraud triangle" can easily converge.

Consider the following scenario: Struggling with crushing credit card debt and a spouse who has been laid off, a front-office staffer in a university's art museum feels the squeeze of economic pressure. Low pay and long hours can lead to the rationalization he or she needs to perpetrate the fraud ("They don't pay me enough ... I deserve this money.") All that's needed now is an opportunity for the fraudster to act. If that staffer is responsible for receiving and depositing funds, then the nonprofit has effectively served up that opportunity on a silver platter.

It's Probably Not Who You Think

According to fraud examiners, the perpetrator is typically a trusted member of the organization — someone with long-term tenure who may have a high degree of authority. If the data holds true, he or she will be able to commit the fraud because of one or more of these lapses:

  • No segregation of duties
  • Little management oversight
  • A culture of indifference

The good news is that with solid internal controls — the checks and balances you incorporate into the everyday management of your organization — you can eliminate many of the opportunities for fraud to occur. Here's how:

  1. Segregate duties. Simply put, this means that no single individual should have both custody of assets (money, inventory, etc.) and responsibility for maintaining the related records (e.g., reconciling funds, approving invoices, etc.). So, in a typical nonprofit setting, a staffer who enters the proceeds from a weekend fundraising event should not be the same one creating the deposit ticket and updating donor accounts.

    At the same time, it's important to utilize processes and procedures that provide an audit trail. The goal is to be able to track who is doing what, see when they are doing it and retrace the process from invoice or receipt entry through approval, posting and payment. This could be a paper log/ledger or a software solution that provides log files.
  2. Improve monitoring. According to the ACFE, management review and internal audits are one of the most effective methods for uncovering fraudulent activity. Management (and your board) should receive timely financial statements each month and review them thoroughly. Of course, it's important to promptly investigate any delays in financial reporting. One deceptively simple — and effective — monitoring technique is to have unopened bank statements and cancelled checks sent directly to your treasurer or a designated board member for review.
  3. Create a culture of vigilance. Make sure employees are fully aware of internal controls, their purpose and their value. That means providing anti-fraud training to all employees and volunteers, top to bottom. Philosophically, the message to send is, "We trust you, but we will verify." Incorporate regular fraud assessments as well as surprise audits into your management processes. Finally, make sure that an effective fraud reporting mechanism is in place. The ACFE notes that tips from employees and vendors are the most common method for uncovering fraud. The organization strongly suggests implementing an anonymous outside fraud hotline.

Establishing good internal controls is a vital defense against fraud. And it typically requires more investment of attention than money.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.