Fraud can happen in any organization. It doesn't matter if you are small or large, if your employees have been there for 20 years or 2 months, or if your external auditors are some of the best in the industry, fraud may impact your organization.
The integrity of your programs and your nonprofit's good name can be severely compromised if fraud occurs. According to the Association of Certified Fraud Examiners, a typical organization can lose 5% of its annual revenue to fraud. Just think what you could do with that 5%. To avoid losing that revenue, consider the following ideas for detecting and preventing fraud:
Be proactive. Set up mechanisms to detect fraud. In order to do this, management should be aware of what the major fraud risks are in their organization. Openly discuss potential fraud risks at board and management meetings. Follow up that discussion with a call to your external auditors. Your auditors may be able to help you identify some additional areas you did not consider.
Consider procedures in light of your assessment of fraud risks. Train your employees to take a step back and review information objectively. They should be asking themselves, "Does the transaction, request, or data make sense? Does it seem reasonable?" Make sure you have appropriate segregation of duties. If your organization is small and one person handles most transactions, management should be reviewing that employee's work. Management can also take additional steps by performing background checks on individuals handling money and comparing employee addresses against vendor addresses. Additionally, cross-training employees to handle such transactions can help segregate these duties. Also, mandatory vacation policies ensure employees step away from their job duties and tasks for at least one week per year. This can help bring issues to light.
Create an environment that allows your employees to come forward if they suspect something. If you don't have a whistleblower policy, create one. Allow your employees to report their concerns without fear of repercussions. Consider having an anonymous hotline so that employees can voice fraud concerns.
Know that the tone at the top of your organization really does make a difference. The ethical and legal practices of upper management and the Board of Directors will directly influence employee perception of what the organization is willing to allow or tolerate. Make sure your employees know that both management and the Board want to make sure that the organization is complying with all ethical and legal requirements.
The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. If fraud is detected, some organizations engage separate fraud auditors to dig further into the situation and circumstances of the fraud.
Nineteen partners and professionals at Legacy have earned their Certified Fraud Examiner (CFE) designation. The designation denotes proven expertise in fraud prevention, detection, and deterrence. CFEs are trained to identify the warning signs and red flags that indicate evidence of fraud and fraud risk.
By Megan Mulherin, CPA, Supervising Senior Accountant, mmulherin@legacycpas.com