The Nonprofit Case for Internal Controls
The core of any organization’s fraud-prevention program is strong internal controls. Yet too many nonprofits either fail to develop controls that address common risks or, if they establish controls, neglect to enforce them. Your nonprofit must do both if it wants to help prevent occupational theft and fraud perpetrated by outsiders.
Charities at Risk
According to the Association of Certified Fraud Examiners (ACFE), billing fraud, check tampering and expense reimbursement fraud are the three most common types of employee theft found in religious, charitable and social service organizations. But proper segregation of duties — for example, assigning account reconciliation and fund depositing to two different staff members — is a relatively easy and effective method of preventing such fraud.
For all types of organizations, such controls as strong management oversight, regular audits and confidential fraud hotlines are associated with decreases in financial losses. The ACFE has found that proactive data monitoring and analysis is the most effective means of limiting the duration and cost of fraud schemes — 50% shorter and 60% smaller than organizations that don’t monitor data.
Getting Priorities Straight
Most nonprofits have at least a rudimentary set of controls, but employees bent on fraud can usually find gaps in the fence. For example, charities tend to devote the lion’s share of their budgets to programming and can be stingy about allocating dollars to enforcing internal controls. This can be especially problematic when the “tone at the top” is lax and executive directors or board members indicate that preventing fraud is low on their priority list.
Nonprofit boards may also inadvertently enable fraud when they place too much trust in the executive director and fail to challenge that person’s financial representations. Unlike for-profit companies, nonprofit boards may lack members with financial oversight experience, which means they may miss important warning signs that something is amiss.
Trust is an Achilles’ heel throughout many nonprofits. Organizations often regard their staff members as family and skip such important fraud-prevention measures as conducting background checks. In some cases, managers are allowed to override internal controls without recourse and volunteers are trusted to accept cash donations or keep the books without the oversight of a staff member — both very risky activities.
Send the Right Message
How nonprofits deal with perpetrators can also increase their fraud risk. A reputation for honesty and fiscal responsibility is any charity’s bedrock. So it’s not surprising that many organizations choose to quietly fire fraud perpetrators and sweep such incidents under the rug.
Unfortunately, such actions encourage fraud by telling potential thieves that the consequences of getting caught are relatively minor. And even if an incident is hushed up, it could fuel insidious rumors that do more reputational damage than publicly addressing the issue head-on would. It’s better, therefore, to file a police report, consult an attorney and inform major stakeholders about the incident and what you’re doing to prevent it from happening again.
Cover All Bases
Internal control policies should address both common fraud risks and those specific to your organization, its mission and constituents. To ensure you cover all the bases, work with knowledgeable advisors.
Please contact MFA’s Nonprofit Team to discuss strategies for implementing sound internal controls at your organization.
Material discussed in this communication is meant to provide general information and should not be acted on without obtaining professional advice tailored to you or your company’s individual and specific needs. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used by any person or entity, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. This information is for general guidance only and is not a substitute for professional advice.
The information contained herein should not be construed as personalized investment advice. Investment in securities involves the risk of loss, and past performance is no guarantee of future results. There is no guarantee that the views and opinions expressed in this document will come to pass. Historical performance results for investment indexes and/or categories generally do not reflect the deduction of transaction and/or custodial charges or the deduction of an investment-management fee, the incurrence of which would have the effect of decreasing historical performance results. There can be no assurances that your portfolio will match or outperform any particular benchmark.
Information presented is believed to be factual and up-to-date; however, MFA makes no guarantee as to accuracy, completeness, suitability, or validity of any information within this communication and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages from its display or use. Any forward-looking statements are believed to be reasonable; however, MFA gives no assurance that such expectations will prove to be correct.