Fraud is a risk in all types of businesses. Unfortunately, charitable organizations and not-for-profits (NFPs) are not immune.
Why are NFPs likely to be victims of fraud? Due to their charitable or mission focus, NFP leaders are often more trusting of employees and volunteers. Further, many NFPs are subject to budget constraints and misguided incentives to maximize resources spent directly on mission achievement to the detriment of critical administrative support, accounting, internal controls and technology. Typically, employees of NFPs are paid less than their counterparts in the private sector. This may be especially true for administrative positions, which are frequently understaffed compared to private sector entities. These factors, along with limited administrative and accounting and finance functions, may hinder internal controls and increase fraud risk.
The key to maximizing the effectiveness of internal controls in a cost-effective manner is tailoring them to address the risks within your organization, that is, those that make you the most vulnerable to fraud.
Consider the following examples of appropriate preventive and detective controls that you could implement to reduce the risk of a fraud.
- Physically secure assets such as inventories and equipment
- Conduct thorough background checks on employees, especially accounting staff
- Bond all employees who handle cash and checks
- Consider the use of non-scannable check stock
- Keep check supplies under lock and key
- Log and restrictively endorse checks received by mail
- Use bank lockbox services or scanners whenever possible
- Use positive pay systems
- Provide the bank with a list of vendors that are authorized to withdraw funds electronically
Segregation of Duties/Monitoring
- Monitor daily account activity
- Review payroll including names and pay rates
- Reconcile bank statements in a timely manner
- Have bank and credit card statements sent offsite to the CEO, CFO or Treasurer for review prior to reconciliation
- Have the bank send an automated email to someone outside of the payables and accounting process after each electronic payment showing the amount and recipient
- Have someone outside of accounting review and approve invoices
- Compare logged cash receipts to actual deposits
Policies and Procedures
- Prohibit use of acronyms when writing checks or on check endorsements
- Prohibit writing of checks to “cash”
- Implement an approval process for new contractors and vendors
- Establish dollar limitations on ACH/EFT transactions
- Encourage supporters to use the full name of the organization rather than an acronym
- Require dual signatures for approval of checks and expenses over designated limits and for unbudgeted items
- Prohibit accounting personnel from signing checks or transferring funds
- Require separate approvals for initiating and authorizing electronic payments
- Require all employees, but especially accounting and finance employees, to take at least one uninterrupted week of vacation a year
- Minimize carryover vacation time
- Assess technology and data security needs on a regular basis
A widely distributed and rigorously followed Whistleblower Policy that indicates a procedure for reporting concerns of fraud without fear of retaliation is an essential tool in fraud detection. According to the Association of Certified Fraud Examiners (ACFE), Report to the Nations on Occupational Fraud and Abuse, tips are consistently and by far the most common fraud detection method. Over 40 percent of all cases were detected by a tip — more than twice the rate of any other detection method. Employees accounted for over half of all tips that led to the discovery of fraud. Organizations with fraud reporting hotlines are more likely to catch fraud by a tip. These organizations also experienced frauds that were 50 percent less costly.
Although no system of internal control can provide absolute protection against fraud, you can implement a system that reduces the opportunity to commit fraud and encourages employees to do the right thing by reporting suspicious activity.
The AICPA Not-for-Profit Section offers a number of resources to assist NFPs with fraud prevention, ethics programs and internal controls.
Example Whistleblower Policy (Word)
Example Conflict of Interest Policy (Word)
Not-for-Profit Reputation Risk Management (PDF)
Segregation of Duties Reference Charts for Small NFPs
Organizations with 4+ employees (PDF)
Organizations with 3 employees (PDF)
Organizations with 2 employees (PDF)
CPE-eligible on-demand courses (20% off for Section members)
Fraud Overview and Prevention for Not-for-Profits
Ethical Issues in Not-for-Profits
In addition, NFP Section members receive a 10% discount off Ethical Advocate's ethics hotline service. The hotline is available 24/7/365, online and by phone. Services include online report management for report tracking and anonymous reporter and administrator communication.
This symbol identifies tools and resources available exclusively for Not-for-Profit Section members. When accessing premium member-only content within the Not-for-Profit Resource Library, you will be prompted to enter your user ID and password to validate your Not-for-Profit Section membership. Not a member? Learn more about these premium resources along with the many other benefits of membership in the AICPA Not-for-Profit Section Membership area.