Sean McNeil, CPA
Accounting & Auditing Manager

No one wants to think of a nonprofit organization being defrauded. But it happens, and your nonprofit board should create a fraud recovery plan now in case your organization is victimized.

Nonprofit organizations make up 9% of all defrauded organizations, according to the Association of Certified Fraud Examiners (ADFE). Although the best defense against fraud is a strong offense in the form of internal controls, you should also have a recovery plan should fraud occur. Here are some best practices to consider.

Quick action

Let’s say you discover that a trusted staffer has embezzled money from your nonprofit. Act quickly and contact an attorney and forensic accountant. Although there’s no guarantee that the stolen funds will be recovered, a forensic accountant can dig into the matter, interview staffers and preserve any evidence that might be used in court. Your advisors can also help you decide whether to pursue legal action against the perpetrator.

To mitigate reputational damage and quell rumors, address any significant incident with a letter to all stakeholders, including donors, members and other supporters. The letter should contain a brief statement about how the diversion was discovered and a clear plan of action. Resist the temptation to “keep it quiet,” which would likely encourage rumors. Also, show you’re taking the incident seriously by engaging an independent auditor to perform a complete audit and upgrade any weak internal controls.

Management matters

Immediate termination of the fraud perpetrator and a report to local police are obvious first steps. But as the investigation unfolds, you may find other members of management staff who should be held to account, even if they didn’t participate directly in the fraud or have knowledge of it. An executive director or CFO who failed to put internal controls in place or to create an antifraud culture may need to receive training on the matter, or may need to be terminated, depending on the circumstances. Although weak internal controls are the No. 1 factor that enables nonprofit fraud to occur, lack of management review and internal control overrides are second and third.

Improving board oversight is critical, too. To signal improved board oversight to stakeholders, start requiring members to be completely independent from your nonprofit’s management (if they aren’t already) and bar employees from serving on the board. You might also increase the number of voting members and mandate that at least one member has a financial or accounting background. The board should review financial statements at least monthly.

Comply with regulations

If your nonprofit loses funds to fraud, it must comply with federal and state reporting obligations. You’re generally required to report any “significant diversion” of assets on IRS Form 990. A significant diversion happens when the gross amount of all diversions discovered during the tax year exceeds the lesser of:

• 5% of gross receipts for the year,
• 5% of total assets at year end, or
• $250,000.

Ask your accountant or your attorney for other required reporting.

Tiplines help

Most nonprofit fraud is discovered because an employee or other person submits a tip or complaint. So, if your organization doesn’t already provide an anonymous tipline or webform, put one in place as soon as possible. Study after study has found that the earlier a fraud scheme is discovered, the less the defrauded organization loses.

Contact us for help preventing or investigating fraud.