Nonprofit Risk Management: How to Defend Against Fraud

March 03, 2015

When you operate a nonprofit, it’s natural to assume that the people who work for you share your goals and dedication to the organization’s mission. But when someone betrays that trust and commits fraud against the organization, the results can be devastating – and you don’t have to look far to find examples:

  • A former official of the New York-based Hereditary Disease Foundation was charged with embezzling more than $1.8 million.
  •  A California man and his wife were charged with embezzling more than $460,000 from a taxpayer-funded nonprofit agency hired by Los Angeles County to help neglected and abused foster children.
  • A Maryland woman was charged with embezzling $5.1 million from the Association of American Medical Colleges, a D.C. nonprofit group that represents accredited medical schools and major teaching hospitals.

These examples don’t even scratch the surface, and the statistics are sobering. Here are just a few facts from the “2014 Report to the Nation on Occupational Fraud and Abuse” by the Association of Certified Fraud Examiners (ACFE):

  • The typical organization loses 5% of revenues each year to fraud.
  • While only 9% of study cases involved financial statement fraud, those cases had the biggest financial impact, with a median loss of $1 million.
  • The higher the perpetrator’s level of authority, the greater fraud losses tend to be. Owners/executives only accounted for 19% of all cases, but they caused a median loss of $500,000.

Nonprofits face just as much risk as for-profit organizations.

Fraud doesn’t discriminate. Nonprofit employees are just as susceptible to stresses and temptations as anyone else. When one of them embezzles money or commits other fraud against your organization, it can be disastrous on many levels. First, there’s the heartbreak of the betrayal. Then, there are the financial consequences, the legal issues and the loss of integrity and reputation. Worst of all is the lasting impact on future fundraising and your ability to carry out the organizational mission.

Many victimized organizations make the situation worse by failing to respond to fraud events. They feel sorry for the long-time employee, they’re convinced everything will be made right by the employee, or they’re simply too embarrassed to inform law enforcement, their insurance company or their donors.

How can you protect your organization?

While internal controls may not be 100% failsafe, they can significantly reduce the likelihood and potential impact of fraud. Here are a few tips:

  • Create a culture of awareness. Have a written code of ethics and regular training. Invite the D&O liability insurance carrier, bank personnel, or even local law enforcement to educate your staff about fraud.
  • Encourage whistleblowers. Encourage the reporting of suspected wrongdoing to management or board members, and assure anonymity and confidentiality.
  • Require multiple layers of approval. For expenditures over a predetermined amount, require double signatures and/or multiple authorizations for checks, and back-up documentation of every transaction.
  • Segregate duties. To ensure proper checks and balances, don’t have one person handle all financial matters such as preparing payment records, authorizing payments, disbursing funds, reconciling bank statements, or receiving, depositing, and recording incoming funds.
  • Pursue all instances of fraud, including reporting, pressing charges, and making an attempt to recover the funds. Your insurance coverage might be dependent on involving law enforcement.
  • Have the right insurance. Consider coverage such as fidelity or “employee dishonesty” insurance to protect from theft, and depositor’s forgery coverage.

To protect your nonprofit from this growing threat, Heffernan's Nonprofit Practice offers a wide range of insurance products to fit your needs and budget so you can continue your vital mission.