5 Low-Cost Ways to Protect Your FundsPatricia Yeager
Nonprofits may be more susceptible to fraud than other businesses, but yours doesn’t have to be. CPA Patricia Yeager provides five easy, low-cost fraud-fighting policies suitable for any organization—even those with a tiny staff and no idea where to start.
With missions serving the public at large, most people think no one would steal from a nonprofit organization. The bad news is that nonprofits may be more susceptible than many other organizations: their limited budgets and staff can lead to inadequate or nonexistent internal controls, making them a tempting target for fraud. The good news is that, even with those constraints, there are easy steps organizations of any size can take to provide additional protection, without committing anything more than a little extra time. The following are five such simple internal control mechanisms:
This may be the most important control a nonprofit can implement. In its most basic form, segregation of duties simply means that more than one individual is responsible for initiating, approving, and recording every disbursement or receivable transaction. When just one person is responsible for all of these activities, it presents an opportunity to perpetrate and conceal fraud. For instance, a woman recently stole more than half a million dollars from a small nonprofit over the course of several years by using the company credit card for personal expenses. Because this one employee was responsible for paying the credit card bill, recording expenses in the general ledger, and reconciling the bank statements, her fraud was not detected until the organization began experiencing significant financial difficulties.
A limited budget or small staff should not stand in the way of effective business practices that protect against fraud.
Segregating duties does not require a large staff. An employee uninvolved in accounting, or a long-serving, trusted volunteer can prepare the check log and take deposits to the bank. Another option is to involve board members: for example, the board treasurer can function as a check signer.
Review financial information, such as budget-to-actual comparisons, each month
Another key oversight control is a monthly review of financial information by management and the board. At one worldwide charitable organization, a woman stole nearly $60,000 by writing checks to herself, signing the checks and forging the second signature. When recording the checks in the organization’s books, she would change the payee to a regular vendor, so system reports listed only legitimate vendors. Had the organization been reviewing monthly financial statements alongside budgeting forecasts, they would have noticed expenses were exceeding expectations, and uncovered this fraud sooner.
Review third-party financial reports each month
Reports like bank statements, credit card statements, and monthly payroll should be received and reviewed carefully on a monthly basis by someone in addition to the individual formally responsible for reconciling these statements. In smaller organizations, that second set of eyes could a member of the board. This practice would have prevented fraud at a nonprofit whose executive director stole more than $150,000 in funds by using a company debit card for his daily expenses: had a member of management or the board been receiving and reviewing those monthly bank statements, they would have been able to detect this fraudulent activity.
When just one person is responsible for all [financial] activities, it presents an opportunity to perpetrate and conceal fraud.
Segregate responsibilities for large disbursements
A best practice in a good system of internal controls is to require authorization by two employees for larger disbursements, such as salaries, cash outlays, and investments. For example, salaries should be approved by the president or executive director, and the president’s salary should be approved by the board. As noted above, it is still possible to forge a second authorization, so this control cannot stand alone, but should be part of an overall system of internal controls.
Set the tone with a code of ethics
It is important that strong controls fit into an overall culture of organizational ethics. Creating a code of ethics to be followed by all the organization’s staff and volunteers, including management and board members, helps set a responsible tone for the organization. Your code should include a whistleblower policy that allows employees to report suspected fraud anonymously—more than half of all fraud cases are brought to light through tips.
A limited budget or small staff should not stand in the way of effective business practices that protect against fraud. Leverage the time and energy donated by your board members and other volunteers to augment what management and staff do to safeguard the organization. The system of controls outlined above can go a long way toward protecting your organization’s money, as well as an asset even more valuable: its reputation.