Managing Risk: Avoid the Pitfalls of Fraud
By Robin D. Kelley, CPA
While you may think fraud will never strike your nonprofit, it happens, and for organizations with fewer than 100 employees the cost of each incident averages $150,000, not including the indirect costs related to diminished credibility with funders and other key stakeholders.
Fraud has a familiar face. According to the Association of Certified Fraud Examiners, 42% of fraud perpetrators had worked with their organizations for one to five years. Offenders ranged from age 31 to 50 and had never committed a crime before. This points to a higher risk of fraud among those employees organizations often trust the most.
During difficult economic times, protecting your nonprofit from fraud is critical. Finding new sources of revenue, managing costs, and expanding outreach may be top priorities, but refusing to acknowledge the possibility of fraud can prove costly.
Avoiding these potentially damaging situations involves deploying a strategy that includes implementing a risk management policy, instituting internal controls, and detecting fraudulent behaviors. These steps are possible, even with limited resources.
Financial Risk Management Policy
The first step is to deploy a risk management policy. Five key components to reduce overall financial risk and fraud include:
A risk management policy can be extensive, but some simple ways to prevent fraud through risk management include informing your employees of your policy, performing background checks, and instituting anti-fraud and risk reduction training. Incorporate the annual review of your policy into your organizations procedures and engage board members to acknowledge and take steps to address any remaining uncovered risks.
- A written policy detailing the expectations of management regarding risk.
- Risk measurement requirements to identify schemes, new risks, and events the organization must address.
- Prevention policies to assign specific responsibilities for day-to-day business operations and developing and implementing controls.
- Detection techniques to uncover instances where preventative measures fail.
- A reporting process to investigate potential risks and develop a corrective action plan.
Recording fictitious transactions, paying for personal expenses with company funds, billing for services not rendered, then collecting the cash, and seizing checks payable to vendors are common types of fraud that strong internal controls can prevent. Segregating duties of dedicated personnel is critical to maintaining strong internal controls.
Review your organizations key internal controls and take these related actions to improve them:
If one person performs all these tasks, you should seek the help of your CEO, executive director, or a consultant to divide these duties and manage your internal control process.
- Cash disbursements: Require dual-signatures on checks, review of cancelled checks, and one-level-up approval of credit card invoices and reimbursements.
- Bank statements and payroll journals: Have them periodically reviewed by executives and senior management.
- Payroll: Separate functions such as employment changes, payroll processing, distributions, and review them all.
- Cash receipts: Establish lock boxes, cash receipt logs, and maintain proper records on daily deposits.
- Bank accounts: Establish controls for wire transfers, ATM and debit cards, and monitor closed accounts.
To improve detection techniques through risk management, organizations can create a whistleblower hotline, perform physical inspection and spot tests, and create an internal audit function.
Here are some red flags of employee fraud:
- Unreasonable responses to simple questions
- Appearing annoyed at reasonable questions
- Excessive drinking or carrying large sums of cash.
Managing risk and preventing fraud offer numerous benefits for your organization. Your risk assessment may find that you are spending too much to address areas of low risk, and not enough where it could make a significant difference. For example, you may dedicate most of your fraud prevention dollars to protecting physical assets, but your assessment may reveal that your insurance coverage and the use of encrypted data prevent most loss risks. In these circumstances, you may be able to redirect those dollars to preventing financial risk in other areas of higher risk at little to no increased cost.
In addition to the financial benefits, youll increase internal and external integrity within your organization, create a positive public image, and shield your board members from unnecessary scrutiny.
Many organizations have limited resources, but can still manage high-risk instances of fraud with proper internal controls. Managing risk may take time and investment, but the benefits will not only help prevent fraud but also promote organizational growth, and foster and maintain healthy community relationships.
Robin D. Kelley is vice president of Alexander, Aronson, Finning & Co., PC, Certified Public Accountants. Contact her at www.aafcpa.com or call 508-366-9100.