Sean S. McNeil, CPA
Accounting & Auditing Manager

Fraud awareness training and strong controls help nonprofits fight fraud, and the need for diligence is growing in the nonprofit sector. Nonprofit organizations suffer roughly half the median loss per incidence of fraud, compared to for-profit businesses and government entities — $76,000 vs. $150,000 — according to the Association of Certified Fraud Examiners’ (ACFE’s) Occupational Fraud 2024: A Report to the Nations.   

That may sound like good news, but most nonprofits are on tight budgets and can’t afford to lose anything. Establishing and enforcing compliance with internal controls that directly address the organization’s risk is the best way to keep your nonprofit’s losses at zero.

The ACFE report, released in March 2024, was based on a survey of nearly 2,000 nonprofits, businesses and government entities in 138 countries.

Alarming statistic – training is lacking at nonprofits

The 2024 ACFE report contains an alarming statistic: nonprofits have the lowest implementation rate of fraud awareness training among the organizations that were surveyed — 52% for staffers and 49% for management. By comparison, fraud awareness training at public companies was reported as 82% for staffers and 81% for management. According to the ACFE, organizations without fraud awareness training suffer twice the financial losses of organizations with it.

So make sure you include fraud prevention and reporting instruction in your orientation of new staffers and executives, as well as volunteers with financial responsibilities. Also, provide periodic refreshers for existing employees. Tips that fraud may be occurring are twice as likely to come from trained staffers than untrained staffers.

To boost potential reporting, ensure that all stakeholders — including clients and vendors — know how to report fraud suspicions. The existence of an anonymous tipline or web portal is associated with a 50% reduction in the cost and duration of fraud schemes.

Financial statement reviews

Nonprofit boards or audit committees typically review financial statements annually or semi-annually. However, the longer fraud goes undetected, the greater the financial loss for the victim organization. Therefore, your organization’s leaders should review financial statements at least quarterly, if not monthly.

Board members should also receive regular budget reports that show variances between budget and actual figures, because significant variations can indicate potential fraud. Indeed, with strong management reviews in place, organizations reduce financial losses from fraud by a median 60%, according to the ACFE.

Segregation of duties

Almost all types of organizations benefit from a segregation of duties. This means that no individual should have control over more than one phase of a financial transaction or function. Staffers or board members with access to assets shouldn’t be responsible for accounting for those assets. Nor should an individual have the ability to both initiate and approve a transaction, such as paying a vendor invoice. Don’t let individuals who receive checks also deposit them. Many organizations require at least two signatures on checks over a certain amount. Finally, don’t allow anyone who writes checks to also reconcile monthly bank statements.

Segregation of duties can be challenging for nonprofits with small staffs or those that have shifted to remote work arrangements. If accounting staffers primarily fulfill these roles, try assigning some duties to board members or consider outsourcing functions such as payroll and accounts payable. Also, consider using cloud solutions to overcome hurdles related to employees working remotely.

Additional controls

Credit cards have become increasingly common in nonprofits — but they come with the risk of unauthorized usage. If you give credit cards to staffers, board members or volunteers, limit the number of cards in use. Also, require a receipt for each purchase (along with documentation of the business purpose). Someone who isn’t an authorized card user should scrutinize card statements and supporting documentation every month for unusual or questionable activity.

Another internal control that can reap real benefits is a mandatory vacation policy (generally associated with a 23% reduction in losses). Required time off helps prevent would-be fraudsters from hiding their schemes from colleagues. Not surprisingly, an unwillingness to share duties or take vacation are some of the most common red flags for fraud.

Evolving threats

Depending on your organization’s size, mission and other factors, you may have other or new threats that should be addressed by internal controls. For example, have you recently reduced your workforce and turned more tasks over to volunteers? Do you have a big fundraising event coming up? These can increase fraud risk.

Contact your GT Reilly advisor to discuss how your organization can strengthen its fraud awareness and prevention.