Nonprofit Resources
Forensic Investigation at an INGO
By Sly Atayee, John Shaffer and Rachel Weiner, BDO USA
Copyright © 2022 BDO USA, LLP. All rights reserved. www.bdo.com.
No organization is immune to fraud.
A recent investigation at an international non-governmental organization (INGO) yielded actionable insights into how nonprofits can protect themselves. A convergence of factors — including a lack of oversight, internal controls and segregation of duties — contributed to a failed control environment which persisted over several years and resulted in significant financial loss.
Lessons Learned
There are many steps organizations can take to prevent fraud. These include but are not limited to:
1. Ensuring segregation of duties
Organizations should clearly establish segregation of duties to ensure authority within financial operations does not become over-concentrated for any one individual. Additionally, ensure that individuals in key control areas take leave, thereby having “fresh eyes” involved in the control activity.
2. Prioritizing management oversight
A lack of oversight leaves potential fraud unchecked. Management should always conduct a thorough review of financial transactions to make sure only authorized and accurate transactions are approved.
3. Adhering to policies and internal controls
Leadership should clearly define organization-wide policies and make them known to all locations and personnel. Headquarters (HQ) should consistently monitor operations to ensure compliance through regular internal audits and desk reviews. HQ also should build a culture that emphasizes the importance of adhering to standard procedures.
Communication is Key
The importance of communication cannot be overstated. Leadership should outline roles, responsibilities and internal controls, as well as explain how everyone at the organization can help prevent fraud. A 2020 Association of Certified Fraud Examiners (ACFE) report indicates that 43% of fraud is detected through employee tips. If employees suspect fraudulent activity, there should be processes in place through which they can alert management.
Additional Resources:
Fraud Risk and Prevention Questionnaire