Nonprofit fraud: Focus on segregation of duties and good reporting procedure

About this article

Text Size: A A

MOST FRAUD investigators would agree that the elements required for fraud to occur are motivation on the part of the perpetrator combined with opportunity. Opportunity generally arises through an organization's non-existent or ineffective internal controls. The more checks and balances an organization has the fewer the opportunities for the fraudster to take advantage. The main objectives of internal control in any organization include safeguarding assets, promoting efficiency in operations, enhancing the reliability and completeness of financial reporting and minimizing the risk of misuse or abuse of the organization's resources. Obviously, the risk of fraud and other dishonest or unethical behaviour exists in all organizations, however, many nonprofits have certain characteristics which may increase the risk of fraud.

Easier in a nonprofit

In What are the Key Indicators?, Stuart Douglas & Kim Mills described some of the reasons why fraud may occur more easily in nonprofits, among them:

  • an atmosphere of trust;
  • many cash donations, which are difficult to control;
  • financial restraints, resulting in limited availability of qualified staffing resources;
  • a mixture of volunteers and employees with a lack of business/financial experience involved in operations; and
  • volunteer boards of directors.

Any internal control system, whether in an nonprofit or a for-profit enterprise, has certain limitations, including:

  • reliance on the judgement of management and employees;
  • the possibility of management override of otherwise effective controls; and
  • the possibility of collusion between employees to circumvent the internal control system.

Good internal control systems

The main features of good internal control systems include:

  • authorization for transactions;
  • completeness and accuracy of financial information;
  • the physical safeguarding of assets; and
  • segregation of duties.

These features are often set out in the organization's policies, such as policies concerning the ability of employees to enter into contracts on behalf of the organization. Similarly, the organization may set policies around cash handling and may segregate duties, e.g. one person receives contributions and issues receipts while another deposits the money and keeps the records. A further control might be to have two persons open the mail to ensure that, unless there was collusion between the two employees, all cash received was deposited and recorded properly.

Employees in all organizations often compromise internal controls, but this problem may be worse in smaller nonprofits due to limited staffing resources. A couple of examples will illustrate this.

The Phantom Supplier Fraud

Many organizations have been victimized by the Phantom Supplier Fraud. In a scam involving the supposed purchase of stationery supplies, its accounts payable/purchasing manager defrauded one nonprofit. In this particular case, other employees became suspicious about the stationery supplier. The employees recognized several oddities about this particular supplier including:

  • Never having seen a salesperson, catalogue or price list;
  • Invoices that lacked a full address, except for a post office box
  • All invoices were for amounts under $500, which under the nonprofit's policy ruled out the need for additional quotations;
  • No cheque issued to this supplier ever exceeded $1,000. This cap meant that the cheques could be processed through a cheque-signing machine under the accounts payable/purchasing manager's direct control rather than requiring two Board members to sign the cheques; and
  • The cheques were never mailed to this supplier but were always hand-delivered by the manager.

The employees reported their concerns to the accounts payable/purchasing manager, but no action was taken. They eventually reported their suspicions to the treasurer, who launched an investigation. The investigation revealed that no stationery had ever been provided by this supplier, and that it was merely a vehicle set up by the accounts payable/purchasing manager to defraud their employer.

Segregate the duties

This crime happened because of a breakdown in the fundamental internal control related to segregation of duties. The lesson: all organizations, including nonprofits, should segregate the purchasing function from the payables function. This of course is often particularly difficult in small organizations, where limited staff numbers may mean that one person performs two or more incompatible functions, providing them with an ideal opportunity to defraud.

It is also important to remember that fraud often occurs at levels just below an employee's transaction authority level. In this case, the dishonest employee was careful to keep the individual invoices under $500 and the cheques under $1,000 to avoid scrutiny.

Diversion of cash

Lack of segregation of duties is also often a problem on the cash-handling side. For example, an nonprofit used a volunteer who organized fundraising events in conjunction with an association that sponsored such events. At the end of each fundraiser, the volunteer and an association representative would agree on the revenues earned during the event and sign a report that indicated this. The volunteer then deposited the funds raised into the nonprofit's bank account and submitted a copy of the event report to the accounting office.

The volunteer, however, was not depositing all of the funds raised. Rather, he provided a 'doctored' version of the event report to his accounting staff that exactly matched the money that he deposited into the nonprofit's bank account. Eventually, the nonprofit's accounting personnel became suspicious when they learned through conversations with other nonprofits that the amount of money raised through similar fundraisers was greater than in their events. When they asked to see the event reports filed with the fundraising association and matched them against the reports provided by their own volunteer, they discovered the fraud.

Arrange for independent records

This fraud also occurred through a simple breakdown in fundamental internal controls, again involving segregation of duties. The required control in this instance is the separation of the receipt and deposit function from the record keeping. The nonprofit now ensures that it receives directly from the fundraising association a copy of the event report that has been jointly agreed to by the association and the nonprofit's volunteer. Therefore, they have an independent record that they check against the funds actually being deposited into their bank account.

These case examples illustrate why fraud occurs and is difficult to detect in many nonprofits. A lack of resources to segregate duties and ensure that transactions are properly authorized and recorded, combined with placing trust in dishonest employees can facilitate fraud. As in any other organization, when employees in a nonprofit organization are offered the opportunity provided through inadequate internal controls, a variety of personal financial problems may motivate them to commit fraud.

Especially when cash is involved

Internal controls are vital in protecting a nonprofit's assets, reputation and integrity. Although limited budgets may make the implementation of controls difficult, they should not be overlooked. Especially where cash is concerned, all efforts should be made to segregate the handling and recording functions.

Clearly, the cost of any internal control system must be weighed against the benefit of minimizing the exposure to the risk of fraud. Not all controls have to be prohibitively expensive or time-consuming, however, and sometimes the addition of a simple procedure can make all the difference. As an example, timely preparation of transaction records that are subject to review by other members of the organization, including the board of directors, can help enhance the control environment.

Gary Moulton,CA, is a Partner and Kevin Wilson, CA, is a Senior Manager in Deloitte & Touche's Investigative and Forensic Accounting practice in Toronto. The Investigative and Forensic Accounting Group focuses on economic damages, financial investigations and forensic accounting matters in the civil, criminal and corporate areas. For more information call either of them at 416-601-6150.

Go To Top