How to Fraud Proof Your Nonprofit

A Guest Post By GrowthForce

Nonprofit organizations are more susceptible to fraud than for-profit organizations.

There are several reasons why these organizations are at risk. For example, nonprofit leaders can be so highly focused on their missions that they fail to protect their organizations from fraud, while some give their trust too easily to individuals who claim to care about the mission and share the organization's values. Other nonprofit leaders simply believe their organizations are too small to be targeted.

However, every nonprofit organization is at risk of fraud – both internal and external – and their leaders should take measures to protect their organizations and their missions from these risks.

How Common is Nonprofit Fraud? Nonprofit Fraud Cases and Statistics

Every two years, the Association of Certified Fraud Examiners (ACFE) publishes its Report to the Nations, an extensive study on occupational fraud in a variety of businesses and organizations, including nonprofits. According to the ACFE's most recent 2022 report, of the fraud cases studied in the report, 9% occurred in nonprofit organizations and resulted in median losses of $60,000. The study also found that the smaller the organization is, the more likely that organization was to fall victim to fraud [1].

Depending on the size of your organization, $60,000 in median losses may or may not seem like a major loss. However, it's important to remember that any loss to fraud extends beyond the monetary impact by also hurting the organization's reputation which can have a lasting effect on donor perception and donations.

What's in ACFE's Nonprofit Fraud Prevention Checklist?

ACFE concludes its report with a checklist for all types of organizations to use in order to better prevent, detect, and stop fraud. The list asks a variety of questions that are designed to help you better implement strategies for fraud prevention. These questions include:

• Employee Education - Do you implement regular fraud prevention training? Do employees know what fraud is? Are the risks of fraud clear to employees? Do employees know what to do if they suspect fraud? Has your zero-tolerance policy been clearly communicated?
• Employee Education - Do you implement regular fraud prevention training? Do employees know what fraud is? Are the risks of fraud clear to employees? Do employees know what to do if they suspect fraud? Has your zero-tolerance policy been clearly communicated?
• Fraud Reporting - Do you have a reporting mechanism in place for individuals to report their suspicions? Do employees trust that tips are anonymous? Do all constituents have access to reporting channels?
• Fraud Detection - Is fraud snuffed out visible or quietly behind closed doors? Do employees witness regular fraud detection practices being carried out? Are surprised audits performed? Does leadership actively and routinely review controls and policies?
• Culture - Are the management culture and workplace culture focused on integrity and honesty? Are controls in place to check culture perception? Are policies in place that reward honesty and integrity?
• Risk Assessment - Does your organization regularly perform fraud risk assessments? Are the findings shared throughout the organization?
• Fraud Controls - Do you have sound fraud prevention controls in place and operating smoothly? These controls include separation of duties, physical safeguards, use of authorizations, job rotations, and mandatory vacations.
• Internal Audits - Do you perform internal audits? Does this department have adequate resources, training, and tools available to perform effective audits?
• Hiring Policy - How do you vet potential employees? Do you perform criminal and civil background checks, previous employment verification, credit checks, education verification, drug tests, and reference checks?
• Employee Support - Do you or how do you support employees that might be struggling with financial problems, addiction, mental illness, health problems, or family concerns?
• Clear Communication - Does your organization promote free, transparent, and safe communication so that employees feel free to communicate with management about any pressures they might be experiencing professionally or personally before they result in a more serious issue?
• Workplace Morale - What measures do you have in place to measure and track employee morale? What steps are you taking to improve morale in the workplace?

5 Nonprofit Best Practices for Preventing Fraud

Regular review of the questions presented by the ACFE can help your organization identify areas where it can improve in order to reduce its risk of fraud. As you review their checklist, you can also consider these five best practices for preventing fraud in a nonprofit organization.

1. Nonprofit Fraud Risk Identification

Part of your organization's risk assessment should be to identify areas of potential risk. Whether this is a lack of internal controls, the potential for billing fraud, or outdated cybersecurity on your online presence, you should pay careful attention to these areas and work improvement strategies into your budget.

2. Establish Nonprofit Internal Fraud Controls

If your nonprofit is operating with as few staff members as possible, then you've likely forgone essential eternal controls, such as separation of duties, which are putting you at risk. Your internal fraud controls should include proper separation of duties. For example, at least three people should carry out separate steps in every financial transaction that occurs: one to manage billing, one to manage payments, and one to reconcile accounts.

Additionally, you should have systems in place that help to improve security such as physical controls (lock away personal information and financial records), password training and requirements (routine password changes, education on creating strong passwords, and two-factor authentication), and job rotations to prevent employees from having the ability to manipulate their duties in order to perform fraud or prevent its detection.

3. Stay Current With Cybersecurity

Hire an IT consultant to help your organization keep its cybersecurity and technology up to date. Your website, internal network, and all technology should be secure to protect your donors' personal information and your organization.

4. Know How to Detect Fraud in an Organization

Fraud detection in a nonprofit can often be challenging for the same reason that establishing sound internal fraud controls can be challenging: a lack of resources. However, even nonprofits that are operating with few employees can and must implement measures designed to help the organization's leaders detect signs of fraud.

5. Educate Your Staff and Constituents About Fraud Risks

Implement regular training on fraud prevention, fraud risk, fraud detection, and fraud reporting to ensure all of your employees are aware of the risks and signs. Additionally, they should know what their responsibility is in protecting your organization and know how to report signs of fraud they might detect.

Protect Your Organization From Fraud With An Outsourced Accounting Department

If your organization does not have enough individuals available with enough free time and know-how to properly separate financial responsibilities, implement and maintain cybersecurity systems, and carry out routine audits to detect fraud, then your nonprofit is at an incredibly high risk of incurring losses as a result of fraud.

While you might not be able to afford another employee, your organization – even if it's small – can still enlist additional help by outsourcing some or all of your back-office duties to a third-party accounting and controller services provider. With a third-party provider, your nonprofit will be sheltered from internal fraud with the implementation of sound internal controls, separation of duty, secure systems, and routine audits designed to detect signs of potential fraud just as soon as it occurs.

If you do not have strong controls currently in place to prevent your organization and all of its constituents from the risk of fraud, then you're putting your organization, its reputation, and its future at risk. To prepare your organization for the upcoming new financial year, we recommend revisiting your fraud prevention strategy to ensure your nonprofit is adequately protected, so you can rest easy and refocus on building your impact and accomplishing your mission.

Watch our YouTube video with Stephen King of GrowthForce on Fraud Prevention.