Because their cultures are oriented toward helping others, nonprofits often find it impossible to imagine that anyone working for them would steal. As a result, too many charities neglect to put proper internal controls in place and, if they’re defrauded, refuse to seek prosecution of the perpetrator. Such attitudes can lead to heavy financial losses.
Cultural vulnerability
Many nonprofits inadvertently foster the perfect environment for fraud: They don’t pay high salaries compared with for-profit employers, and they rely heavily on volunteers. This makes it easy for thieves to rationalize stealing. In all types of workplaces, workers who believe they deserve more than they’re receiving are more likely to help themselves.
Nonprofit staffers also typically think that the consequences of getting caught stealing are minimal. In many charitable organizations this belief is justified. Even when they catch perpetrators, nonprofits usually quietly fire the offenders and suffer the financial losses rather than risk damaging their reputations with donors and the public.
Depending on your organization’s policies, it may be particularly vulnerable to certain types of schemes. For example, if you don’t require volunteers to provide receipts for cash donations, they can easily skim the donations for personal use. And without a system of checks and balances, staffers of small organizations are free to invent fictitious vendors, submit fake invoices and write checks to themselves with little fear of exposure.
Essential controls
At a minimum, nonprofits should have the following internal controls in place:
Background checks. Perform them for all prospective paid staffers and for volunteers who will be trusted with financial tasks or network access.
Cash counts. If a volunteer reports the sale of 100 event tickets, make sure he or she turns in a corresponding amount of cash and the correct number of unsold tickets. Also compare cash receipts logs to the cash receipts ledger entry and actual bank deposit.
Vendor addresses. Periodically compare vendor addresses to those of employees and volunteers.
Check authorization. Require dual signatures for all disbursements.
Bank statements. Have someone other than the individual writing checks (preferably a board member) receive paper or electronic monthly bank statements and review them.
Beyond the basics
These suggestions are only basic controls. For more information on establishing a comprehensive fraud prevention program, contact us.