Nonprofit Resources
Don’t Become a Statistic: Four Tips for Preventing Fraud at Your Organization
The one thing all types of fraud have in common, however, is that they involve a violation of trust. And nowhere is the damage from that violation more acute than in nonprofit organizations, which by their very nature and purpose are part of the public trust.
In this article, we offer four tips for preventing fraud at your organization. These tips are based on the latest research from the Association of Certified Fraud Examiners (ACFE), which publishes a report on occupational fraud every two years.
1. Implement an anonymous reporting mechanism.
Tips accounted for detection in 43% of the fraud cases in the ACFE’s Occupational Fraud 2024: A Report to the Nations. This is more than three times as many cases as the next most common method of detection.
Providing individuals inside and outside your organization with a means to report suspicious activity, such as through a telephone hotline, online response form, or email or text messaging, is an impactful anti-fraud control. More than half (53%) of the tips in the 2024 ACFE study were provided through a formal reporting mechanism, such as a hotline. Organizations with a hotline also detected fraud an average of 50% faster and had median losses that were 50% lower than at organizations without a hotline.
For maximum effectiveness, a fraud reporting mechanism must allow anonymity and confidentiality, be fully supported by top management, and be communicated throughout the organization.
2. Don’t rely on your external audit to detect fraud.
External audits provide valuable recommendations and evaluations of your internal controls, including the identification of fraud risk, but they are not designed to detect fraud. The 2024 ACFE report found that while 84% of victim organizations had external audits of their financial statements, external audits only revealed fraud in 3% of the cases reported. By comparison, 5% of fraud cases were initially discovered by accident.
CapinCrouse Partner and Executive Vice President Nathan Salsbery, CPA, CFE, is experienced at auditing nonprofit organizations and advising them on fraud prevention and detection, as well as providing forensic accounting services. Nathan observes, “It is a common misconception that external audits are designed to detect fraud within an organization. External audits may increase the perception of detection among employees, which can serve as a deterrent and is an important aspect of a nonprofit’s fraud prevention efforts. But in regards to fraud detection, there simply is no substitute for strong internal controls to both reduce the opportunity for fraud and to detect fraud more quickly if it occurs.”
3. Implement fraud training.
Nonprofit organizations should train and educate staff members about what actions constitute fraud, how fraud can harm the organization and its mission, and how to report questionable activity. This training has minimal cost and is highly effective.
As a quick overview, research has continually shown that occupational fraud schemes fall into three categories:
- Asset misappropriation, which occurs when an employee steals or misuses the organization’s resources. Examples include theft of cash (including checks), false billing schemes, vendor fraud, and inflated expense reports. Asset misappropriation schemes were the most common but least costly fraud schemes in the 2024 ACFE report, accounting for 89% of cases and a median loss of $120,000.
- Corruption schemes in which an employee misuses his or her influence in a business transaction in a way that violates his or her duty to the employer, in order to benefit personally. Examples include bribery and conflict of interest transactions. This was the second most common type of fraud in the ACFE report, involving 48% of cases and a median loss of $200,000.
- Financial statement fraud, which occurs when an employee intentionally causes a misstatement or omission of material information in the organization’s financial reports. Recording fictitious revenue, understating expenses, and reporting artificially inflated asset values fall into this category. This is the least common but most expensive type of fraud, at 5% of cases in the ACFE report and a median loss of $766,000.
4. Understand your fiduciary duty.
Board members are responsible for acting with due care and putting the best interests of the organization first. In some cases, board members have been held liable when it was determined they were negligent in fulfilling their fiduciary duties of care, loyalty, and obedience. It’s also important to note that according to the ACFE report, poor tone at the top and incompetent oversight contributed to 17% of fraud cases.
“While the board of directors is usually not involved in the day-to-day operations of a nonprofit, the board is responsible for monitoring and supervising the organization’s finances and operations,” notes Karen Wu, Partner at Perlman & Perlman LLP, a New York-based law firm that works with nonprofits. “Boards can help prevent fraud by establishing and implementing appropriate internal financial control procedures and policies. In addition, once fraud is detected, the board should act swiftly to investigate the situation and develop a plan of action, which may include taking steps to recover the funds and reporting the incident to governmental authorities.”
Understanding the Threat
Fraud can have a significant impact on nonprofit organizations, both in terms of damaged trust and damaged finances. Median losses for nonprofit organizations in the ACFE report were $76,000 — and 57% of the organizations that fell victim to fraud did not recover any of their fraud losses.
Who is committing this fraud? According to the ACFE, males account for 74% of occupational fraud cases, with a median loss of $158,000 compared to a median loss of $100,000 in fraud schemes committed by women.
Owners/executives accounted for 19% of the fraud cases in the 2024 study, but a median loss of $500,000, which is significantly higher than the median losses of $184,000 caused by managers and $60,000 caused by non-management employees.
It also takes an average of 24 months to detect fraud being committed by owners/executives as compared to 18 months for managers and eight months for non-management employees, according to the ACFE.
Take Steps to Protect Your Organization
Help protect your organization from becoming a statistic: implement a fraud reporting mechanism, don’t over-rely on your external audit, implement fraud training, and understand your fiduciary responsibility. You also can take our free Fraud Risk and Prevention Questionnaire to assess your organization’s fraud health.
CapinCrouse offers a range of fraud and forensic accounting services to help your organization protect against fraud, including the CapinCrouse Fraud Checkup™ and fraud awareness training. Please contact us to learn more.
This article has been updated.
