Does Your Nonprofit Have an Internal Controls Gap?

According to the Association of Certified Fraud Examiners, the typical defrauded not-for-profit loses on average $75,000 per fraud incident. And that amount doesn’t account for the negative publicity and subsequent lost donations and support that often follow fraud. Although no preventive measure is 100% effective, strong internal controls can greatly reduce the risk that a crooked staffer or outside criminal will find gaps in your fortress.

Special vulnerabilities

Internal controls are policies and procedures that govern everything from accepting cash to signing checks to training staff to keeping your IT network secure. Most nonprofits have at least a rudimentary set of internal controls. Still, dishonest employees and other criminals can usually find gaps in environments where controls are only somewhat effective or inadequately followed.

Why might nonprofits skimp on controls or enforcement? Typically, they devote the largest chunk of their budgets to programming and may not allocate enough dollars to fraud prevention. This can be especially problematic in organizations where executives or board members indicate that fraud prevention is low on their priority list. Nonprofit boards may also inadvertently enable fraud when they place too much trust in the executive director and fail to challenge that person’s financial representations. Unlike their for-profit counterparts, nonprofit board members may lack financial oversight experience.

Trust is another potential Achilles’ heel. Nonprofits often consider their staff and dedicated volunteers as family. As a result, they may allow managers to override internal controls and volunteers to accept cash donations without oversight — both risky activities.

Don’t let your guard down

Some of the most common types of employee theft in nonprofit organizations are check tampering, expense reimbursement fraud and billing schemes. But proper segregation of duties — for example, assigning account reconciliation and fund depositing to two different staff members — is a relatively easy and quite effective method of preventing such fraud. In addition, strong management oversight and confidential fraud hotlines open to all stakeholders can also reduce employee theft.

Indeed, although you should trust staffers, you should also verify what they tell you. Conduct background checks on all prospective hires, as well as volunteers who’ll be handling money or financial records. Also, provide an orientation to new board members to ensure they clearly understand their fiduciary role.

Finally, handle fraud incidents seriously. Many nonprofits choose to quietly fire thieves and sweep their actions under the rug. However, this tends to encourage fraud by telling potential thieves that the consequences of getting caught are relatively minor. If an incident is hushed up, rumors could do more reputational damage than publicly addressing the issue head-on. It’s better to file a police report, consult an attorney, and inform major stakeholders about the incident.

Prioritizing risks

Contact us if you’re unsure where vulnerabilities lie or how your budget can be stretched to allocate more resources to fraud prevention. We can help you prioritize the most serious risks and find affordable solutions for closing control gaps.

How can we help?

DISCLAIMER: This blog is provided for informational purposes only and is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant. Presentation of the information in this article does not create nor constitute an accountant-client relationship. While we use reasonable efforts to furnish accurate and up-to-date information, the evolving landscape surrounding these topics is supported by regulations or guidance that are subject to change.

We Value Your Privacy

This site may use cookies to store information on your computer. Some are essential to make our site work and others to improve the user experience. By using this site, you consent to the placement of these cookies and accept our privacy policy.