Fraud can have devastating direct and indirect financial consequences for all types of businesses, governmental entities, and not-for-profit organizations alike. Direct financial consequences are generally the direct financial losses attributable to a fraud and may include unrecovered cash, investments, inventory, equipment and other assets, as well as the costs to investigate and resolve the fraud itself. Indirect financial consequences can arise from a damaged reputation and may include lost revenues, higher borrowing and insurance costs, and strained relationships with vendors, customers, industry partners and other stakeholders.
Not-for-profit organizations, in particular, are extremely vulnerable to indirect financial consequences resulting from a damaged reputation, which in some cases may have a greater impact than direct financial losses. As such, it is imperative that not-for-profit organizations take the necessary steps to prevent fraud. By implementing a few simple controls and policies, your organization can help protect itself from fraud risks.
One of the most important preventive measures is the segregation of accounting duties, especially those related to executing outgoing payments. You should assign different employees to approve, record and report transactions. Further, the employee who generates checks for payment or approves invoices should not have the authority to sign checks or initiate online payments.
Similarly, the staffer who makes bank deposits should not be charged with reconciling the organization’s bank statements. If the not-for-profit is too small to segregate duties fully, consider rotating staff through the various duties regularly, or involving a board member to oversee the process. You also can adopt a mandatory vacation policy to make it more difficult for fraudster employees to conceal their schemes.
Research conducted by the Association of Certified Fraud Examiners (ACFE) shows that organizations with anti-fraud training programs experience lower losses, and frauds of shorter duration, than those without. Not-for-profit organizations should provide targeted fraud awareness training not just for managers, but also for employees.
At a minimum, the ACFE recommends explaining which actions constitute fraud, how fraud harms everyone in the organization and how to report suspicious activity. Managers and employees also should be educated on the behavioral red flags of perpetrators and encouraged to keep an eye out for them. Red flags include an employee who appears to be living beyond his means or one who refuses to take time off. Additionally, some insurance providers offer discounts if certain anti-fraud training is attended by a majority of staff members.
Set Up a Hotline
Fraud hotlines are one of the most effective strategies for uncovering fraud. The ACFE has consistently found that tips are the most common means of detecting fraud. The majority of tips come from employees, but the hotline also should be available and publicized to vendors and constituents.
Management should encourage employees to report any suspicious activity and enforce an anti-retaliation policy so employees are not reluctant to speak up. Ideally, the hotline should be anonymous, or at least confidential.
Last year, the AICPA published its 2013 Audit Risk Alert: Not-for-Profit Entities Industry Developments. The alert urges not-for-profits to develop a formal fraud risk management program, including a fraud risk assessment.
According to the AICPA, a fraud risk assessment should identify:
- The fraud schemes that could potentially happen;
- The possible concealment strategies that a fraudster can use to avoid detection;
- The individuals, within or outside the organization, who pose the highest risk of committing fraud, such as accounting or information technology personnel;
- The controls currently in place to deter or detect fraud; and
- A list of warning signals or red flags that can be used to educate the organization, including both employees and board members.
The goal of the assessment is to identify any vulnerabilities and gaps in internal controls that could leave your not-for-profit susceptible to financial and reputational damage.
Make it a Joint Effort
Cutting the risks of fraud requires the board of directors and management to be aware of your not-for-profit organization’s vulnerabilities. Staff also must pitch in, staying on the lookout for red flags, conflicts of interest and other potential issues — and they must be comfortable reporting any concerns. Your advisor can help, too, by conducting a fraud risk assessment and suggesting ways to establish appropriate controls. For more information on how to put controls in place to avoid fraud, please contact Charlie Burke at [email protected] or call him at 312.670.7444.