Every organization, whether for-profit or nonprofit, is at risk of falling victim to costly acts of fraud. Nonprofits, though, have some common characteristics that make them particularly susceptible to such schemes. Fortunately, you can help combat the risks at your nonprofit by implementing some simple controls.

Weak spots

Nonprofits tend to operate in a culture of trust and rapport, and that is one reason that they are attractive targets for fraud perpetrators. Organizations are often founded by a handful of passionate and idealistic volunteers and develop over time into a team with tighter relationships than typically seen in many for-profit businesses. As a result, management may not feel the need for antifraud controls, or they find it hard to ask tough questions when confronted with possible signs of fraud.

Similarly, many nonprofits place significant control in the hands of a limited number of people. This is a risk even in an organization with some internal controls, because more powerful individuals within an organization can simply override the controls, with lower-level staff too intimidated to intervene.

Nonprofits that have a lot of cash on hand, either in the office or at remote events, also can run into fraud problems. Cash has a way of disappearing into people’s pockets, especially at events held without proper accounting procedures. Creating a paper trail, with numbered tickets or receipts and multiple people involved every time cash is handled, helps mitigate the risk.

These are not the only factors that make nonprofits so vulnerable to fraud. High turnover among staff, volunteers and board members, as well as limited resources, also may contribute.

Suggested controls

Internal controls in the form of strong policies, procedures and governance are a must for every nonprofit, regardless of size. Controls can help deter and detect fraud.

Perhaps the most critical control is segregation of duties. A single employee should never be responsible for all the steps in any accounting process — for example, collecting, recording, reconciling and depositing cash receipts. Segregating duties can be a challenge for smaller nonprofits. But, at the very least, the duties of handling and reconciling funds should involve more than one individual. And a separate individual should receive and review bank statements. If your nonprofit lacks the manpower, consider including board members or outside advisors to segregate duties.

Nonprofits also should conduct background checks on board members, employees, volunteers and anyone else who might handle cash. The checks should encompass credit history, references and criminal history and be updated periodically.

Governance plays a role in deterring and detecting fraud, too. Your board of directors must perform proper oversight by, for example, naming qualified individuals to independent finance and audit committees. It also should set an antifraud tone by developing — and enforcing — policies on matters such as conflicts of interest and the treatment of whistleblowers.

The Association of Certified Fraud Examiners has consistently found that tips are the most common (and low-cost) detection method for occupational fraud. It is best if tips are reported to the board or one of its committees, rather than management. The organization should make an anonymous fraud hotline available to employees, volunteers, vendors and clients.

Finally, you will need to formally educate your employees about fraud. You should provide training on the organization’s antifraud policies, red flags that could signal fraud and how the hotline works. Board members and volunteers with financial responsibilities should receive training, as well.

An ounce of prevention …

You can not prevent all fraud — no organization can. But you can reduce the risk of substantial fraud losses by recognizing your vulnerabilities and taking appropriate steps to mitigate them and to investigate thoroughly when fraud is suspected. Choosing to ignore fraud and hope for the best may result in suffering both financial and reputational damage.

  1. Get Educated. Educate yourself about the types of scams, malware, phishing, spyware and other common and emerging threats that exist on the internet and how to avert them.
  2. Install Protective Software. Install a firewall and antivirus software, with automatic updates, on all computers and networks (including wireless) to avoid hackers, malware and viruses.
  3. Enable two-factor authentication (passwords and PINS) on devices, apps and on-line accounts, including e-mail accounts, whenever possible–one of the strongest cybersecurity measures available. Most on-line banking, finance, e-commerce and social media sites, as well as many e-mail providers, allow two-factor authentication.
  4. Use strong passwords with a combination of 10 to 15 upper and lower case letters, numbers and special characters. 
  5. Change Passwords Frequently. Passwords should be changed every 90 days and should be different for each account.  
  6. Click with caution.  Don’t open emails, download files or click links received from people or organizations that you don’t recognize. Even if the message is from someone you know, be cautious and look for information that indicates that the message is legitimate.
  7. Use Alerts. Add alerts to your on-line bank and credit card accounts so that you’ll know about unusual transactions immediately.
  8. Be Vigilant. Check your on-line bank and credit card account balances and transactions for fraudulent activity every day.
  9. Surf safely.  Use a search engine to navigate to the correct web-address to avoid phony web-sites. 
  10. Practice safe shopping.  Before you enter any payment information look for the following items on the web-site:  look in the address bar to see if the site starts with “https://; look for a trustmark to make sure the site is safe; when you’re on a payment page, look for the lock symbol in your browser, indicating that the site uses encryption or scrambling to keep your information safe.