Almost every month news articles are published about an employee at a nonprofit that was caught in fraudulent behavior. Unfortunately, the “do good” missions of nonprofits and their staffs do not necessarily make them less susceptible to incidences of internal fraud. According to the 2012 Report to the Nations on Occupational Fraud and Abuse by the Association of Certified Fraud Examiners, the median loss related to fraud for a nonprofit is $100,000 per occurrence. When it happens, it not only depletes the organization of precious financial resources but also damages the nonprofit’s reputation among its donor community.
There is something nonprofits can do, however. A 2010 study of nonprofits by BDO, LLP, attributes a four-year decrease in the incidence of fraud and in severity of the frauds to an increased awareness in the nonprofit sector about internal controls.
So, what exactly are internal controls, and why are they so important?
Internal controls are an organization’s plans, methods, and procedures implemented for the purpose of achieving its missions, goals, and objectives. In addition, internal controls are important to put in place within any organization, for-profit or nonprofit, because they serve as the first line of defense in safeguarding assets and detecting and preventing errors, fraud, and impropriety.
Fraud occurs when you have 1) opportunity, 2) need, and 3) rationale. While you cannot directly safeguard against an employee's need and rationale, internal controls focus on minimizing opportunities for fraud.
A critical component of designing and implementing internal controls are control activities, which include but are not limited to: separation of duties, authorizations, documentation, and audits.
1. Create a clear separation of duties and responsibilities within your organization
Assign different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of the related asset. A few examples:
- If you have a store front or record sales transaction, a different individual than the sales agent/cashier should count the end-of-day cash drawer and create the deposit slip.
- A different individual than the individual who handles petty cash, bank deposits, and signs checks should open bank statements and perform your monthly reconciliations.
While it may not be possible to eliminate the opportunity for theft, separation of duties and responsibilities can minimize opportunities for temptation and ease of access to theft. In addition, by increasing the chances that an individual engaging in fraudulent behavior will be caught, the incidence of fraud will decrease.
2. Require the authorization of certain transactions
A few best practice examples:
- Implement an approval process for the payment of invoices.
- Require two signatures for all organizational checks.
3. Maintain documentation and records
Documentation provides evidence of the underlying transactions and establishes the responsibility for the execution and recording of the transaction.
4. Conduct audits
Implementing separation of duties, approvals, and maintaining documentation and records are only the beginning. Once they are in place, you should conduct scheduled and random internal audits as an additional safeguard against fraud.
Sometimes the best defense is a good offence. Protecting against fraud requires proactive implementation of a system of separate duties. It’s a nonprofit’s responsibility to its donors, program recipients, and itself to protect against fraud.
Jon Osterburg has spent the last eight years helping more than 100 nonprofits around the world with their finances as a leader at Jitasa.