According to the Association of Certified Fraud Examiners (ACFE’s) Occupational Fraud 2024: A Report to the Nations, not-for-profits suffer roughly half the median loss per fraud scheme of for-profit businesses and government entities — $76,000 vs. $150,000. That may sound like good news, except for the fact that most nonprofits are on tight budgets and can’t afford to lose anything. To help keep your nonprofit’s losses at $0, you need to establish and enforce compliance with internal controls that directly address your organization’s risks.
Stakeholder training
The 2024 ACFE report contains what should be an alarming stat for nonprofits: Nonprofits have the lowest implementation rate of fraud awareness training — 52% for staffers and 49% for management (vs. 82% and 81%, respectively, for public companies). According to the ACFE, organizations without fraud awareness training suffer two times the financial losses of organizations with it.
So, make sure you include fraud prevention and reporting instructions in your orientation of new staffers, executives, and volunteers with financial responsibilities. Also, provide periodic refreshers for existing employees. Tips that fraud may be occurring are twice as likely to come from trained staffers than untrained staffers.
To boost potential reporting, ensure that all stakeholders — including clients and vendors — know how to report fraud suspicions. The existence of an anonymous tipline or web portal is associated with a 50% reduction in the cost and duration of fraud schemes.
Financial statement reviews
Nonprofit boards or audit committees typically review financial statements annually or semi-annually. However, the longer fraud goes undetected, the greater the financial loss for the victim organization. Therefore, your organization’s leaders should review financial statements at least quarterly, if not monthly.
Board members should also receive regular budget reports that show variances between budget and actual figures because significant variations can indicate potential fraud. Indeed, with strong management reviews in place, organizations reduce financial losses from fraud by a median 60%, says the ACFE.
Segregation of duties
Almost all types of organizations benefit from a segregation of duties. This means that no individual should have control over more than one phase of a financial transaction or function. Staffers or board members with access to assets shouldn’t be responsible for accounting for those assets. Nor should an individual have the ability to both initiate and approve a transaction, such as paying a vendor invoice. Don’t let individuals who receive checks also deposit them. Finally, don’t allow anyone who writes checks to also reconcile monthly bank statements.
Segregation of duties can be challenging for nonprofits with few staff or those that have shifted to remote work arrangements. If accounting staffers primarily fulfill these roles, try assigning some duties to board members or consider outsourcing functions such as payroll and accounts payable. Also, consider using cloud solutions to overcome hurdles related to employees working remotely.
Other controls
Credit cards have become increasingly common in nonprofits — but they come with the risk of unauthorized usage. If you give credit cards to staffers, board members or volunteers, limit the number of cards in use. Also require a receipt for each purchase (along with documentation of the business purpose). Someone who isn’t an authorized card user should scrutinize card statements and supporting documentation every month for unusual or questionable activity.
Another internal control that can reap real benefits is a mandatory vacation policy (generally associated with a 23% reduction in losses). Required time off helps prevent would-be fraudsters from hiding their schemes from colleagues. Not surprisingly, an unwillingness to share duties or take vacations are some of the most common red flags for fraud.
Evolving threats
Depending on your organization’s size, mission and other factors, you may have other or new threats that should be addressed by internal controls. For example, have you recently reduced your workforce and turned more tasks over to volunteers? Do you have a big fundraising event coming up? These can increase fraud risk. Contact us to discuss your needs.
