In the Dr. Seuss classic, the Grinch dresses like Santa, slinks down chimneys and makes off with all the gifts under all the trees and fireplace mantles in Whoville. This story came to mind last week with the news that the Salvation Army has allegedly been the victim of internal fraud, with more than $2 million in toys, food and other donations disappearing from its warehouse over the past two years.
After an employee raised concerns this summer about “irregularities” alerting the Salvation Army to theft “that would have evaded their usual security procedures,” the organization first suspended and then last week fired the executive director of the warehouse facility. A few days earlier, another investigation revealed that $250,000 disappeared from the Salvation Army operation in the nation’s capital, resulting in the sacking of the Ottawa executive director.
While we may never know why people defraud the charity they work for – it’s not as simple as the Grinch’s heart being "two sizes too small” after all – we can more clearly understand how to minimize the risks associated with potential fraud.
Nine tips for avoiding fraud
1. Take the threat seriously. Nonprofits and charities are trust-based organizations designed to bring out the best in staff and volunteers, but “fraud happens, and charities are as vulnerable or even more vulnerable than for-profit businesses,” says Cathy Barr, senior vice president of Imagine Canada. In fact, some researchers have speculated that “an atmosphere of trust, the difficulty in verifying certain revenue streams, weaker internal controls, a lack of business and financial expertise, and a reliance on volunteer boards all contribute to increased nonprofit vulnerability.”
2. Put operating systems in place to decrease the risk of fraud. Barr suggests presenting systems to staff and volunteers “simply as how we operate, that these systems protect you as well as the organization.”
Jane Garthson, president and principal consultant of the Garthson Leadership Centre says boards and senior staff need to make sure their organization is “both rewarding ethical behaviour and reducing temptation.” Systems can include proper supervision and controls, segregation of duties, having second signatures on cheques be more than rubber stamps, etc. Garthson adds, “Make sure you have also implemented risk management practices in related areas such as facilities (e.g., key controls, access cards, checklists for employee terminations), information technology (e.g., open ports, firewalls, password controls, restrictions on data on laptops and smart phones) and privacy (e.g., data access, retention and disposal).”
Barr notes that “you don’t want to go too far into an atmosphere of mistrust,” citing parallels with the volunteer police check requirements that sometimes deter volunteers, but says that there are kind ways to demonstrate effective boundaries. She also suggests balancing these safeguards with genuine expressions of appreciation for staff and volunteers. Barr also cautions that organizations get in trouble when some staff or volunteers are treated differently from others.
Note: Imagine Canada’s Standards Program offers accreditation to charities and nonprofits that demonstrate excellence in key operating areas.
3. Hire well. Seek out employees with demonstrated high ethical standards. Screen all employees and volunteers carefully – in the Salvation Army case, potential employees had their references checked and had criminal checks done, but no bankruptcy checks were done, something that may have alerted the organization to an employee’s vulnerability to commit fraud. Familiarize yourself with the profiles of people who typically commit fraud.
4. Provide proper supervision. Research says that fraud happens as a result of need and opportunity. Don’t put staff or volunteers in tempting positions, such as those created by having an excess of cash on hand, or having one person solely responsible for balancing cash. Effective managers or board members also know their staff and volunteers, and are alert to changes in an individual’s circumstances that could make them more vulnerable to commiting fraud (ie family problems, addiction, gambling).
Barr notes that someone who refuses to take vacation can look dedicated but actually be hiding a pattern of fraud – a mandatory vacation policy, says Barr, is good for many reasons. Barr also says that setting performance targets so high that they can’t be met can actually encourage fraud. She suggests watching out for employees who are disgruntled, especially about pay, promotion or recognition: employees who feel undervalued can rationalize taking from their organization.
5. Cultivate transparency. Framework, a nonprofit that connects people with causes, has as its goal to “share 95% of all our non-confidential information (e.g. performance reviews) with the entire world, in real time.” This means that financial data, organizational policy and direction is maintained on a regular basis on their website so that stakeholders can, at any time, get a clear picture of the organization’s operations. Imagine Canada’s new web-based tool, Charity Focus allows organizations to share financial information from Canada Revenue Agency (CRA) T3010 forms with stakeholders, and also to give detailed information about programs. Managing these profiles promotes accountability and transparency.
6. Embrace the audit. Barr notes that charities and nonprofits often resist external audits because of the associated costs. She says media and donor attention on administrative costs mean that often, above all else, “charities want to keep their administrative costs low” but fraud prevention (whether through audits or supervision or internal controls) means administrative cost. “Low administrative costs can be part of the problem. If the Salvation Army had been so worried about administrative costs that they hadn’t developed policies, maybe the recent frauds would not have come to light.” Not paying for an audit can mean organizations miss big losses.
Barr says “charities have to be willing and able to explain their administrative costs – and fraud prevention is one of those reasons. ” Garthson adds that organizations can “ask other respected organizations for copies of their financial control documents to see if yours measures up.”
7. Develop a whistleblower policy. In some ways, the Salvation Army story is a good news story: an employee raised concerns and the fraud was caught. In fact, according to a 2005 study by the Association of Certified Fraud Examiners, “More than 43% of the [nonprofit] frauds were detected by tips, with half of these tips coming from employees, while only a quarter of the frauds were detected by the internal audit department.” In its Standards program, Imagine Canada shares this example of a good whistleblower policy with participants in its Standards program. Some nonprofit organizations also make use of online whistleblower services that offer confidential opportunities for staff to report concerns. Examples of such services include The Listening Post and Ethics Point.
8. Confess inadvertent mistakes. Cathy Hawara, Director General of CRA’s Charities Directorate acknowledges that charities are responsible to follow complex and changing rules. She says, “Overall, the level of compliance in the charitable sector is strong. However, it is understandable that we encounter a significant amount of minor, unintentional non-compliance I know that it may seem daunting for a charity to come forward to the regulator after having unintentionally run afoul of the rules. But we are committed to working closely with charities to find ways to help them resolve their concerns and meet their obligations under the Income Tax Act, so that Canadian charities can continue to provide their valuable contribution to our communities.”
9. Be well prepared to respond to a crisis. Gayle Goossen, principal of Barefoot Creative, marketing specialists who help nonprofits develop solid fund development plans and brands, says it’s helpful to develop strong press relationships long before a crisis, and to make sure senior people have good media training. She says, “As soon as you say ‘no comment’, people assume you have something to hide.” She says that a crisis public relations plan can be simple – with a designated well-spoken spokesperson. If faced with a situation, she suggests carefully developing a simple written statement that acknowledges the problem, how it is being addressed and puts it in the context of the organization’s mission. She also adds, “If it doesn’t hit the news, don’t say anything.” Following any kind of crisis, Goossen suggests organizations should take extra time to survey Twitter feeds and social media and to respond accordingly.
“He HADN'T stopped Christmas from coming! It came! Somehow or other, it came just the same!” Immediately after news of the theft of toys and donations broke, the Salvation Army was overwhelmed by people and organizations offering to help as news spread of the theft of toys and donations. Further good news came late last week as police recovered many of the stolen toys. However, the incident draws attention to the unfortunate reality of such frauds and the need, as Garthson says, for each organization to “safeguard its financial assets...[and] an even more critical asset - its reputation.”
Barr offers a final reminder, “When is it ever urgent to focus on implementing great internal controls? Never. People focus on delivering the mission of their organization and are often ‘too busy’ to work on such policies and controls, but these are important. We need to take time to get these things into place.”
Susan Fish is a writer/editor at Storywell, a company that helps individuals and organization tell their story well. She has written for the nonprofit sector for almost two decades and loves a good story.
Photos (from top) via iStock.com. All photos used with permission.
Please note: While we ensure that all links and email addresses are accurate at their publishing date, the quick-changing nature of the web means that some links to other websites and email addresses may no longer be accurate.