Prevent Fraud by Envisioning How it Could Occur at Your Organization

Copyright 2021

Every year, millions of dollars are donated to not-for-profit organizations. But in some cases, the money intended for an organization's charitable causes are diverted by thieves. The fact is that nonprofits aren't immune to the threat of occupational fraud, or fraud involving employees.

Preventing occupational fraud within a not-for-profit requires many of the same approaches that for-profit companies use. However, there are unique issues to consider. The following are best practices for nonprofits:

1. Follow the money. To prevent fraud, you must first envision how it could happen in your organization. Take a look at the donation process through the eyes of an employee intent on embezzling funds. Where are the points of weakness? Are your organization's policies or procedures strong enough to prevent fraud? In some nonprofit fraud cases, only one employee is responsible for opening the mail and processing donations. To prevent similar frauds, consider the following approach to opening mail that includes donation checks:

      • Assign two employees to the process. The first employee should open the mail; the second employee should log the amount of the donation. Both employees should sign off on the log once all mail has been opened. 
      • Open mail in a common area, not at an employee's desk. Unopened mail should be delivered to one container, opened, logged, and placed in a second container.
      • Have a  third employee or manager  who isn't involved in the mail opening process retrieve the deposits placed in the second basket, review the log prepared during the process, verify that all donations are accounted for and prepare the bank deposit.
      • Make bank deposits on a daily basis to prevent theft of checks from within the office. While waiting to be deposited, checks should be placed in a safe that requires two unique access codes to open.
      • Ensure that a manager-level employee reviews the logs, bank deposit information and entries made in your organization's financial records.

2. Require employees to take time off. In most embezzlement schemes, the perpetrator performs regular "maintenance" to ensure that the theft remains hidden from coworkers and management.

Employees  who refuse to use their allotted vacation may be overly dedicated. But they also may be committing fraud. If you see employees  who are obviously sick refusing to go home, there may be cause for concern. Not only will sick employees potentially infect others, they may also be working to ensure that their schemes remain hidden. It's hard to determine a hard worker from  an embezzler without further investigation. So require that all employees, regardless of function, use their vacation time and, when appropriate, their sick time.

If  your organization has concerns that an employee may be committing fraud, conduct a review of their work while they're on vacation. Consider hiring a forensic accounting specialist to ensure that the employee and the department are complying with your organization's anti-fraud policies — as well as the law.

3. Engage your donors. From time to time, contact donors to verify how much  they've donated during the year. If your organization uses an accountant to prepare financial statements, the verification of donations can be included in that process. If a  donor disagrees with the amount of the donations shown in your organization's records, this may be an innocent mistake or it may be a sign of fraud. In either event, discrepancies  should be investigated. 

4. Employ data analytics. Use analytics to keep track of the amount and frequency of donor contributions over time. Pay particular attention to donors who contribute on a monthly basis and suddenly cease doing so. If the number of checks or the amount of donations changes drastically over the course of a quarter or six-month period, consider contacting the donor to confirm the amounts donated to date.

5. Minimize employee intervention. It's easy for crooked employees to steal when they're directly involved in processing physical checks. If you don't already do so, encourage online donations. Not only does it limit staffers' ability to commit fraud, online donation processing is also more efficient than processing donations manually.

6. Don't trust too much. The spirit with which many not-for-profits operate can produce a culture that erroneously assumes employees and volunteers would never commit fraud. You should apply the same rigor to preventing fraud as for-profit companies.

7. Make sure you know where money is located. It's not unusual for organizations to lose track of how many bank accounts they have. Make sure there is a centralized list of accounts, their purpose, the signatories, and the name of the account officer at the bank. All bank accounts should be reconciled at least every two days to prevent fraud and bank errors from slipping through the cracks. Also, ensure that the bank statements are mailed to your organization's offices and not to an employee's home. Leave explicit instructions with your bank that the mailing address for each bank statement can't be changed from your office address.

8. Don't go it alone. Periodically,  your board should commission reviews of your internal controls or anti-fraud program. A targeted review of your efforts helps ensure that potential gaps are uncovered and shows employees your organization is serious about preventing fraud. It raises the workplace "perception of detection" that if  employees try to steal, they'll be caught.