Keeping Your Nonprofit Safe from Fraud

Print Share on LinkedIn More

November 8, 2013; Venable LLP

The recent series by the Washington Post concerning disclosures of asset diversions and other instances of “theft, fraud, embezzlement, and other unauthorized uses of funds” has provoked no few responses from those invested in the health of the nonprofit sector. (You can read our feature series on the matter by starting here.) Venable, an American Lawyer 100–law firm with more than 600 attorneys in nine offices across the country, has proposed several steps to prevent such acts from taking place. The list is presented in excerpted form below.

  • Use Double Signatures, Authorizations and Backup Documentation. “Multiple layers of approval will make it far more difficult for embezzlers to steal from the organization.”
  • Segregation of Duties. “At a minimum, different employees should be responsible for authorizing payments, disbursing funds, and reconciling bank statements and reviewing credit card statements. […]No single individual should be responsible for receiving, depositing, recording, and reconciling the receipt of funds.”
  •  Fixed Asset Inventories. Performed “at least annually… to ensure that no equipment or other goods are missing.”
  •  Automated Controls. “Use electronic notifications to alert more than one senior member of the organization of bank account activity, balance thresholds, positive pay exceptions, and wire notifications.”
  • Background Checks on New Employees and Volunteer Leaders. “The Association of Certified Fraud Examiners reports that six percent of embezzlers have been convicted of a previous fraud-related offense.”
  • Audits and Board-Level Oversight. “Nonprofits…should undertake regular external audits to ensure that these measures are effective. Organizations should establish audit committees on their boards of directors, containing at least one person familiar with finance and accounting, who would serve as the primary monitor of these anti-fraud measures.”
  • Encourage Whistleblowers. “Employees must have a means of anonymous communication if they do not feel comfortable reporting to their supervisor or management. Employees may not report theft or mismanagement if they believe that their job is in jeopardy.”
  • Strong Compliance Programs. “An effective compliance program must be tailored to the specific organization, include a written code of ethics, be effectively implemented through periodic training, have real consequences for violations of the policy, have an effective reporting mechanism, and be periodically audited to ensure its effectiveness.”
  • Self-Audits. “Outside expertise—such as CPAs experienced in conducting fraud audits (different from the standard annual financial statement audit) and attorneys experienced in evaluating and enhancing internal controls as well as training staff on best practices—can be a critical tool in both identifying fraud and embezzlement that may be occurring and in shoring up weak controls and other process deficiencies that may make the organization more susceptible to theft.”

As we at the Nonprofit Quarterly have reported, and the post in the Venable blog confirms, it’s no longer sufficient to rely on restitution and codes of silence to handle these matters. “Many nonprofits had previously elected to handle instances of fraud or embezzlement quietly in order to avoid unwanted attention and embarrassment. That is no longer an option.”—Jason Schneiderman

  • Josh Hannum

    Although the above 10 points are indeed good best practices, I believe that they are not the full answer, For example, background checks are necessary but rarely prevent fraud based on the 6% number reported by the ACFE. And gaps and lapses in the execution of policies and procedures (e.g. double signatures, segregation of duties, compliance programs) are absolutely going to happen.

    We have created SentryFS to be the rest of the answer by combining a systematic approach involving technology, fraud detection expertise and on-going third party visibility. (