Reducing Fraud Risk for Not-For-Profits

Fraud exists when a person faces three factors – pressure, opportunity, and rationalization. The existence and motivations behind these three factors together are known as the Fraud Triangle.  Here’s a common example: An employee has access to cash (opportunity), suffers financial hardship (pressure), and has a belief that cash can be borrowed and returned with no consequence to either party (rationalization). Unfortunately, with real-life concerns including constraints on time and resources and needs for often unvetted volunteers, not-for-profit organizations are a likely fraud target. But there are ways to limit exposure.  

First, an organization can’t prevent all outside pressures, but having a knowledge of employees’ social environments and providing assistance to employees in distress can reduce their incentive to commit fraud. It is especially important to make purposeful connections in remote/hybrid work environments, as relationships are less likely to form organically. Leadership should make a point to outwardly exhibit the ideals that the non-profit represents, which can help reduce any rationalization in its employees’ minds. This type of leadership can be cemented by the formalization of ethics policies, as it gives employees a clear understanding of the organizational business model, acceptable behavior, and consequences, leaving little room for interpretation. 

We hope, of course, that individuals associated with an organization are not motivated to defraud it, but it is not possible to get buy-in from all employees. Two popular methods of perpetration are manipulation of cash receipts and disbursements — so an organization’s last line of defense is to reduce opportunity. Opportunity reduction is achievable with internal controls, like creating a budget for expected revenues and then performing analytical procedures comparing the budget to actual funds received. Let’s look at cash receipts first. 

Most organizations have two types of cash receipts: on-site and off-site. For receipt of day-to-day contributions on-site, using a lockbox can provide security for cash and a shorter time frame between human handling and depositing at the bank. With prompt monthly bank reconciliations, issues with cash receipts can be found and addressed in a timely manner, whether for error or fraud. Both of these controls can reduce cash discrepancies in the near future, reducing overall exposure. 

For offsite events with cash entrance fees or purchase options, multiple parties counting cash at same time can reduce susceptibility of miscounting or skimming. Multiple counts and signs-offs throughout the day can also make it more difficult for a large amount to be skimmed after a previous counter has verified the amounts available in the till. For both on- and off-site donations, consider use of electronic resources -to minimize cash on hand, which includes better tracking methods that are more difficult to tamper with than written records.  

On the other side of the coin (pun not intended), electronic resources can also be effective in preventing fraudulent disbursements. However, it is imperative with electronic resources that cybersecurity is considered. Preventing fraudulent wire disbursements due to phishing attacks or fake charities is possible with firewalls, employee training, and dual authorization apps. 

Preventative cash disbursement controls include limiting check-signing authorizations and distribution of checks off-site. Instead, if possible, plan for checks and wires to vendors and others to be distributed within organization’s standard practice prior to the event, when overview is higher. Also, with events and conferences reemerging after Covid-19, organizations should update and modernize expense report policies to consider electronic methods such as company credit cards or apps that track expenses, specific documentation criteria, and deadlines. 

As with cash receipts, timely bank reconciliations, as well as review of systems and internal financial statements can reveal discrepancies in cash disbursements. These discrepancies can include inflated business expenses or unrelated business charges included in disbursement logs. Running system change reports such as changes in addresses or payment information for established vendors and employees can uncover employee schemes to divert funds to personal locations. 

It is important to note that collusion —two employees conspiring to defraud the organization together—can change the effectiveness of segregation of duties, dual counts, and other preventative measures. In those cases, oversight is essential. Board oversight can include comparing budget to actual while reviewing timely financials and having thorough discussions and understanding of variances with management as well as accounting staff. Organizations should confirm that understanding across levels is consistent, and it can also be helpful for a board member or appropriately designated individual(s) to have read-only access to disbursement activity to review transactions. 

In summation, risks exist in almost anything we do, but relatively simple processes can be put into place to mitigate these risks.  Policies and procedures can be implemented that can scale accordingly to best fit your organization.  Staying diligent and monitoring your individual risk environment can help you best address your weak points and shore up your defense against potential fraud opportunities.