Don’t Become a Statistic: Four Tips for Preventing Fraud at Your Organization
The one thing all types of fraud have in common, however, is that they involve a violation of trust. And nowhere is the damage from that violation more acute than in nonprofit organizations, which by their very nature and purpose are part of the public trust.
In this article, we offer four tips for preventing fraud at your organization. These tips are based on the latest research from the Association of Certified Fraud Examiners (ACFE), which publishes a Report to the Nations on Occupational Fraud and Abuse every two years.
1. Implement an anonymous hotline. According to the ACFE, tips have been the most common method of detecting fraud since 2010. This method accounted for detection of 40% of the fraud cases in the 2018 ACFE report.
Providing individuals inside and outside your organization with a means to report suspicious activity, such as through a tip line or hotline, is an impactful anti-fraud control. Organizations with hotlines detected fraud by tip 46% of the time, compared to 30% at organizations without one, and had fraud losses 50% lower.
For maximum effectiveness, a hotline must allow anonymity and confidentiality, be fully supported by top management, and be communicated throughout the organization. Consider an option such as the CapinCrouse Whistleblower Protection Policy and Hotline Monitoring Service, which provides a monitored, anonymous, and confidential 24/7 fraud reporting hotline as well as assistance with creating and implementing policies to protect whistleblowers.
2. Don’t rely on your external audit to detect fraud. External audits provide valuable recommendations and evaluations of your internal controls, including identification of fraud risk, but they are not designed to detect fraud. While 80% of the victim organizations in the ACFE report had external audits, they only revealed fraud in 4% of the cases reported. By comparison, 7% of fraud cases were initially discovered by accident.
CapinCrouse Partner and Executive Vice President Nathan Salsbery, CPA, CFE, is an expert in auditing nonprofit organizations and advising them regarding fraud prevention and detection, as well as providing forensic accounting services. Nathan observes, “It is a common misconception that external audits are designed to detect fraud within an organization. External audits may increase the perception of detection among employees, which can serve as a deterrent and is an important aspect of a nonprofit’s fraud prevention efforts. But in regards to fraud detection, there simply is no substitute for strong internal controls to both reduce the opportunity for fraud and to detect fraud more quickly if it occurs.”
3. Implement fraud training. Nonprofit organizations should train and educate staff members as to what actions constitute fraud, how fraud can harm the organization and its mission, and how to report questionable activity. This training has minimal cost and is highly effective.
As a quick overview, research has continually shown that occupational fraud schemes fall into three categories:
- Asset misappropriation, which occurs when an employee steals or misuses the organization’s resources. Examples include theft of cash (including checks), false billing schemes, vendor fraud, and inflated expense reports. Asset misappropriation was the most common and least costly fraud scheme in the 2018 ACFE report, accounting for 89% of cases and a median loss of $114,000.
- Corruption schemes in which an employee misuses his or her influence in a business transaction in a way that violates his or her duty to the employer, in order to benefit personally. Examples include bribery and conflict of interest transactions. This was the second most common type of fraud in the ACFE study, involving 38% of cases and a median loss of $250,000.
- Financial statement fraud, which occurs when an employee intentionally causes a misstatement or omission of material information in the organization’s financial reports. Recording fictitious revenue, understating expenses, and reporting artificially inflated asset values fall into this category. This is the least common but most expensive type of fraud, at 10% of cases and a median loss of $800,000.
4. Understand your fiduciary duty. Board members are responsible for acting with due care and putting the best interests of the organization first. In some cases, board members have been held liable when it was determined they were negligent in fulfilling their fiduciary duties of care, loyalty, and obedience. It’s also important to note that according to the ACFE report, poor tone at the top and incompetent oversight contributed to 18% of fraud cases.
“While the board of directors is usually not involved in the day-to-day operations of a nonprofit, the board is responsible for monitoring and supervising the organization’s finances and operations,” notes Karen Wu, Partner at Perlman & Perlman LLP, a New York-based law firm that works with nonprofits. “Boards can help prevent fraud by establishing and implementing appropriate internal financial control procedures and policies. In addition, once fraud is detected, the board should act swiftly to investigate the situation and develop a plan of action, which may include taking steps to recover the funds and reporting the incident to governmental authorities.”
Understanding the Threat
Fraud can have a significant impact on nonprofit organizations, both in terms of damaged trust and damaged finances. Median losses for nonprofit organizations in the ACFE report were $75,000 — and most of the time organizations that fall victim to fraud do not recover any of their losses.
So who is committing this fraud? According to the ACFE, males account for 69% of fraud cases, with a median loss of $156,000 compared to a median loss of $89,000 in fraud schemes committed by women.
Executives accounted for 19% of the fraud cases in the 2018 study, but a median loss of $850,000 — almost six times higher than median losses caused by managers and 17 times higher than median losses from non-management employees.
Interestingly, it usually takes twice as long — an average of 24 months — to detect fraud being committed by executives as compared to 18 months for managers and 12 months for non-management employees.
Take Steps to Protect Your Organization
Help protect your organization from becoming a statistic: implement a fraud hotline, don’t over-rely on your external audit, implement fraud training, and understand your fiduciary responsibility. You also can take our free Fraud Risk and Prevention Questionnaire to assess your organization’s fraud health.
Watch a recording of our free Fraud Prevention Best Practices for Nonprofits webcast here.Sign up for e-news and alerts