« Change is Scary, but Can Inspire Progress | Main | 5 Ways CPAs Can Add Value in the Event of a Cybersecurity Attack »

5 Ways Not-for-Profits Can Detect and Prevent Fraud

Internal controlsThroughout my career, I have worked with small businesses and not-for-profits, auditing their financial statements and helping them improve their internal controls. On one hand, I love working with nonprofits and discovering their mission and how they are working to improve society. On the other hand, I do not love discovering one or two people taking advantage of poor internal controls to steal from the organization. Many of my clients conduct their work with limited funding, and some rely on volunteers to perform key roles. When I discuss internal controls with my clients, they are often surprised to learn that small improvements can go a long way in preventing theft of assets and unsubstantiated spending, two of the most common types of fraud in not-for-profits.

These small steps can make a big difference:  

1. Send the unopened bank statement to a manager who does not have check signing authority, and make sure they know how to properly review it. One of my audit clients was a small organization with poor internal controls. We discovered the bookkeeper had been using the organization's funds for personal purposes for months, rationalizing that he would pay them back at some point. Meanwhile, at another organization, checks to a vendor were intercepted and manipulated by an outside party who changed the payee name and amount. If the bank statements and disbursements, along with the cleared checks, had been reviewed, these issues would have been detected immediately.

2. Increase controls over credit cards to prevent unauthorized spending. In my experience, inappropriate spending on company-issued credit cards is a common type of fraud at not-for-profits. At one organization, the financial assistant was responsible for closing corporate credit cards - however, she neglected to do so. Instead, she used the cards for personal purchases, racking up tens of thousands of dollars in debt before the issue was detected. This issue could have been prevented if the credit card statements had been reviewed and the supervisor approved and signed off on all purchases. To prevent this type of fraud, it is important to ensure that terminated employees no longer have access to corporate credit cards. As a solution, retrieve credit cards during the exit interview and promptly close them. Then, have two individuals verify the card’s closure. 

3. Enlist one member of upper management to hold the organization accountable for its spending. One of my clients had a lot of turnover in key positions. With no one to scrutinize the profit and loss statement, a 500% increase in office supplies went unquestioned until the bookkeeper had spent over $10,000 on herself! In this instance, the board reviewed the financial statements, but no one asked questions, and no one reviewed the details. Board members and managers should carefully oversee the budget and investigate significant variances and fluctuations.

4. Prevent mishandling of donations. If your not-for-profit receives significant numbers of unsolicited contributions, have two employees retrieve and open mail together. Another option is to use a lock box at a bank where mail is sent directly to the bank, bank employees deposit your funds and your not-for-profit receives copies of the checks. 

5. If possible, require a mandatory one week vacation for those involved in financial functions. Cross-train staff to ensure that others can fulfill absent employees duties while they are away. Oftentimes, fraud is uncovered when an individual is unable to cover his or her tracks. This recommendation is not an HR policy but rather an internal control that allows for detection of fraudulent activity in the absence of the employee. For example, I have heard of fraud uncovered when another employee assumes the task of reconciling bank statements and finds unauthorized, fraudulent disbursements.

The best way to mitigate fraud risk is to create a strong internal control system. As auditors and internal accountants, it is crucial that we exercise professional skepticism in our day-to-day work. We must carefully observe and question financial information to strengthen controls at not-for-profits so that the missions of these organizations are what make the headlines, not the fraudulent activity taking place behind closed doors.

To learn more about managing fraud risks, register for an upcoming webcast “Managing Risks Through Internal Controls for Not-for-Profit Organizations” taking place on October 25 at 1-3 pm EST.                   

Dawn Dees, CPA, Senior Auditor, Stancil & Company. She specializes in audits of not-for-profits and closely held businesses. 

Locked credit cards image courtesy of Shutterstock



Comments are moderated. Please review our Comment Policy before posting.


Subscribe in a reader

Enter your Email:

CPA Letter Daily