Don’t Become a Statistic: Four Tips for Preventing Fraud at Your Organization
The one thing all types of fraud have in common, however, is that they involve a violation of trust. And nowhere is the damage from that violation more acute than in nonprofit organizations, which by their very nature and purpose are part of the public trust.
In this article, we offer four tips for preventing fraud at your organization. These tips are based on the latest research from the Association of Certified Fraud Examiners (ACFE), which publishes a Report to the Nations on Occupational Fraud and Abuse every two years.
1. Implement an anonymous hotline. According to the ACFE, tips have been the most common method of detecting fraud since 2010. This method accounted for detection of 43% of the fraud cases in the 2020 ACFE report.
Providing individuals inside and outside your organization with a means to report suspicious activity, such as through a tip line or hotline, is an impactful anti-fraud control. Organizations with hotlines detected fraud by tip 49% of the time, compared to 31% at organizations without one, and had fraud losses nearly 50% lower.
For maximum effectiveness, a hotline must allow anonymity and confidentiality, be fully supported by top management, and be communicated throughout the organization. Consider an option such as the CapinCrouse Whistleblower Protection Policy and Hotline Monitoring Service, which provides a monitored, anonymous, and confidential 24/7 fraud reporting hotline as well as assistance with creating and implementing policies to protect whistleblowers.
2. Don’t rely on your external audit to detect fraud. External audits provide valuable recommendations and evaluations of your internal controls, including identification of fraud risk, but they are not designed to detect fraud. While 83% of the victim organizations in the ACFE report had external audits, they only revealed fraud in 4% of the cases reported. By comparison, 7% of fraud cases in the U.S. and Canada were initially discovered by accident.
CapinCrouse Partner and Executive Vice President Nathan Salsbery, CPA, CFE, is an expert in auditing nonprofit organizations and advising them regarding fraud prevention and detection, as well as providing forensic accounting services. Nathan observes, “It is a common misconception that external audits are designed to detect fraud within an organization. External audits may increase the perception of detection among employees, which can serve as a deterrent and is an important aspect of a nonprofit’s fraud prevention efforts. But in regards to fraud detection, there simply is no substitute for strong internal controls to both reduce the opportunity for fraud and to detect fraud more quickly if it occurs.”
3. Implement fraud training. Nonprofit organizations should train and educate staff members as to what actions constitute fraud, how fraud can harm the organization and its mission, and how to report questionable activity. This training has minimal cost and is highly effective.
As a quick overview, research has continually shown that occupational fraud schemes fall into three categories:
- Asset misappropriation, which occurs when an employee steals or misuses the organization’s resources. Examples include theft of cash (including checks), false billing schemes, vendor fraud, and inflated expense reports. Asset misappropriation was the most common and least costly fraud scheme in the 2020 ACFE report, accounting for 86% of cases and a median loss of $100,000.
- Corruption schemes in which an employee misuses his or her influence in a business transaction in a way that violates his or her duty to the employer, in order to benefit personally. Examples include bribery and conflict of interest transactions. Corruption occurred in 43% of the cases in the ACFE report, with a median loss of $200,000.
- Financial statement fraud, which occurs when an employee intentionally causes a misstatement or omission of material information in the organization’s financial reports. Recording fictitious revenue, understating expenses, and reporting artificially inflated asset values fall into this category. This is the least common but most expensive type of fraud, at 10% of cases in the ACFE report and a median loss of $954,000.
4. Understand your fiduciary duty. Board members are responsible for acting with due care and putting the best interests of the organization first. In some cases, board members have been held liable when it was determined they were negligent in fulfilling their fiduciary duties of care, loyalty, and obedience. It’s also important to note that according to the ACFE report, poor tone at the top and incompetent oversight contributed to 16% of fraud cases.
“While the board of directors is usually not involved in the day-to-day operations of a nonprofit, the board is responsible for monitoring and supervising the organization’s finances and operations,” notes Karen Wu, Partner at Perlman & Perlman LLP, a New York-based law firm that works with nonprofits. “Boards can help prevent fraud by establishing and implementing appropriate internal financial control procedures and policies. In addition, once fraud is detected, the board should act swiftly to investigate the situation and develop a plan of action, which may include taking steps to recover the funds and reporting the incident to governmental authorities.”
Understanding the Threat
Fraud can have a significant impact on nonprofit organizations, both in terms of damaged trust and damaged finances. Median losses for nonprofit organizations in the ACFE report were $75,000 — and most of the time organizations that fall victim to fraud do not recover any of their losses.
So who is committing this fraud? Males accounted for 70% of fraud cases in the ACFE report, with a median loss of $150,000 compared to a median loss of $85,000 in fraud schemes committed by women.
Executives accounted for 39% of the fraud cases at nonprofits in the 2020 study, with a median loss of $250,000 — compared to a median loss of $95,000 from managers and $21,000 from non-management employees.
Interestingly, it usually takes twice as long — an average of 24 months — to detect fraud being committed by executives as compared to 18 months for managers (35% of cases) and $21,000 (23% of cases) for non-management employees.
Take Steps to Protect Your Organization
Help protect your organization from becoming a statistic: implement a fraud hotline, don’t over-rely on your external audit, implement fraud training, and understand your fiduciary responsibility. You also can take our free Fraud Risk and Prevention Questionnaire to assess your organization’s fraud health.
Watch a recording of our free Fraud Prevention Best Practices for Nonprofits webcast here.
This post has been updated.Sign up for e-news and alerts