The Influx of Money to Nonprofits: Five Ways to Mitigate the Fraud Risks

Following the murder of George Floyd and other incidents of police brutality, there are serious and well warranted discussions across America about shifting resources from traditional policing to community organizations focused on mental health services, conflict resolution, youth engagement, and other areas. Many of these entities operate as nonprofit organizations.  Additionally, in light of the current pandemic, some, but not all, nonprofits are seeing a surge of donations.

Nonprofits have always played a critical role in every aspect of society as they attempt to tackle some of our messiest problems. To do so, they annually collect billions in taxpayer dollars and donations from individuals and private foundations, and employ hundreds of thousands of people.

Nonprofits are entrusted with enormous responsibilities as well as significant public resources and they must proactively address their fraud and other compliance risks. At a minimum, a nonprofit that rests on its heels in these areas could diminish its capacity to accomplish their mission and at worst could face serious going concern issues.

To be most effective, every nonprofit should consider the below measures:

1. Acknowledge Risk. The first thing all nonprofits must do is recognize that there is a possibility that some of their employees, vendors, volunteers, partner agencies, or board members could be actively involved in perpetrating a fraud scheme or could be complacent about fraud or other compliance risks. I’ve interviewed numerous individuals during fraud investigations who have said, “I never imagined [blank] could happen here.” It can.  

Nonprofits must admit that these risks exist and then engage in proactive efforts to prevent or detect them as early as possible. One great place to start is the Association of Fraud Examiners Fraud Prevention Check-Up, available for free here.

2. Increase Transparency. Nonprofits should consider making as much information as possible publicly available on their websites, to include their IRS 990 filings, audit reports, transaction-level spending details in a data friendly format, board meeting minutes and other pertinent decision documents. This type of transparency can serve to prevent and deter misuse of funds and make it harder for individuals and organizations to hide wrongdoing.  

Yes, IRS 990’s are available from various watchdog and other groups who provide a great service to the public, but nonprofits themselves should make this information available as soon as it is filed with the IRS. Additionally, citizens can possibly obtain board meeting minutes and other pertinent governance documents through other processes, but this can be unnecessarily complicated and fraught with delays that can limit the public’s ability to have insights into what the organization is doing with “public” money.    

Spending transparency, something I have written about previously (see this post), is critical to public support and as a way to prevent and deter fraud, waste and abuse. The bottom line: if you collect public dollars, you should openly share what you did with those dollars.   

3. Be Especially Vigilant About Oversight of Credit Cards and Payroll Transactions. In my experience, the majority of nonprofit fraud cases involve the misuse of credit cards and /or the payroll process. Organizations must ensure they have proper segregation of duties when it comes to these and other financial transactions.

Credit card usage requires careful and regular scrutiny by independent third parties to ensure they are being used for appropriate purposes.

Few people “want” to be involved in payroll calculations. It can be a complex and thankless task. When was the last time you contacted your human resources department to express your appreciation when they calculated your paycheck correctly? How many of us have ever tried to independently verify that our pay stub is accurate anyway? Too many quirky withholding rules! This complexity increases the risk that someone manipulating payroll could remain undetected and that organizations might allow one person to perform both entry and approval functions.   

Payroll fraud schemes can include unapproved pay raises, unearned overtime, unauthorized bonuses, illegitimate payout of sick leave, compensatory time or vacation accruals. Paychecks to employees who no longer work for the organization is a concern as well.  

One risk mitigation strategy for both credit card and payroll-related schemes is to have robust independent third party reviews. These reviews, which could be conducted by a board member or even another nonprofit, should rely on data obtained directly from the credit card companies or a third party payroll provider. Reviewers cannot rely on data provided by any employees of the organization as they could be involved in a fraud or other noncompliance scheme.    

4. Actively Engage Board Members and Employees in Anti Fraud and Compliance Matters. Tone at the top matters. This is the concept that essentially says “if the boss cares about it, then everyone cares about it.”  

Nonprofits must clearly and regularly communicate to and engage with their employees, organizational partners, volunteers and others that ethics and compliance are critical elements of the organization's culture and part of their strategy for success. If senior leadership fails to clearly communicate this sentiment, then others are left to determine on their own if they should address internal control weakness, air concerns, or keep quiet to avoid “rocking the boat.”

5. Regularly Review Contracts to Ensure they are Legitimate, Fairly Valued, Well Documented, and Still Appropriate.  Virtually every nonprofit augments its operations with contracts for goods and services from a variety of vendors including individual consultants.  

Nonprofits must ensure each contract is awarded based on a legitimate requirement, is awarded following a fair, transparent, legitimate and well-documented procurement process, has a clear end goal, is properly valued, and is appropriately monitored to ensure payment is only made when goods or services are delivered as promised.  

One way to mitigate this risk is to have an independent third party and/or a board member regularly review all or a random sample of contracts to ensure they meet the organization's standards.  

Now more than ever, society is turning to nonprofits to serve critical roles in every community. However, these organizations must seriously address fraud and other compliance risks to maintain public confidence and provide them with every chance of success in accomplishing their mission. The above list of five steps is a good start...  

This article contains Ken Dieffenbach’s personal opinions, not those of his current employer. (Photo credit: Scott Graham @sctgrhm Source: www.unsplash.com)