Nonprofit Fraud: Its a People Problem, So Combat It with Governance
Skimming cash, purchasing schemes and financial statement fraud—three very different types of fraud that nonprofits must prevent, detect and insure against. Still, behind each of them—and every variety of deliberate, deceptive acts against nonprofits—there’s a fundamental and shared dynamic at play.
Fraud isn’t just an operational or financial risk. It’s inherently a human risk, meaning it often crosscuts numerous functions and departments within a nonprofit organization. Not only that, but the people behind these acts are complex. They are pressured by varying circumstances, motivated by different opportunities and self-assured by their own unique rationale. Making matters more complicated, fraud is not always a solo act. In fact, a 2014 ACFE report
found that 46 percent of fraud cases involve multiple perpetrators, meaning that when fraud does occur, the web of nefarious activity often extends to surprising depths within an organization.
To combat this complex threat, nonprofits face a critical need to address fraud from the top—starting with more guidance and engagement from leaders and Boards to create an anti-fraud environment and oversee a fraud risk management function. Realistically, though, due to their mission-driven focus and more limited operating budgets, nonprofit leaders are often left with less time and fewer resources at their disposal to proactively develop anti-fraud governance measures. One of the most important deterrents of fraud is knowing that the organization has no tolerance for it and will act accordingly to detect it and take appropriate action if identified.
Given these challenges, how can nonprofits’ leaders and Boards better mitigate their fraud risks? First and foremost, they should focus on governance, including these four key areas:
: Nonprofits need a high-ranking sponsor to get fraud risk management off the ground. This leader and his/her team’s first order of business should be deciding whether their organization’s fraud risk management will be integrated into the existing risk management function (which typically focuses on strategic, operational, reporting and compliance risks)—or whether it will be separate. Either way, the goal is the same: embed a risk management element into the daily activities of all your personnel.
Responsibilities and structures:
With your management process in place, establish a governance structure for it, including designated oversight responsibilities at the board level, such as an audit committee. Keep in mind, this framework and the tools your organization uses should be scaled to fit both your size and your available resources. It’s impossible to completely “fraud-proof” any organization, so understand the weak points in your infrastructure and organization, and then work backwards to execute. Also, while fraud prevention is ideal, many nonprofits have to weigh the costs and practicality of preventive processes versus detective measures.
Engage and educate:
Especially when faced with resource constraints, nonprofits should utilize all their personnel in an ongoing system of fraud deterrence. Above all, engage with your employees through workshops and trainings in which you educate them on why people perpetrate fraud, which red flags to watch for and what resources are available to them, such as whistleblower policies, reporting systems and hotlines. Awareness throughout your organization can be the single most effective fraud deterrent and vehicle for detection, but it has to start from the top.
Dynamic risk assessments:
People are dynamic, so your risk assessments must keep pace. With roles and responsibilities identified, use your team to pinpoint which inherent risks exist, and then prioritize them based on their impact, likelihood and speed they occur. Finally, use those priority rankings to map the risks to the best preventive and detective controls.
How does your nonprofit organization approach its fraud risk management?