The invisible threat: Protecting your not-for-profit against fraud
The invisible threat: Protecting your not-for-profit against fraud
Fraud can be particularly damaging to not-for-profit organisations, regardless of their size, as it leads to both financial losses and significant reputational risks through a breakdown of trust.
Increasingly sophisticated fraudulent activity coupled with rising costs and the growing challenges of fundraising and securing funding, proactively reviewing controls and implementing strategies to mitigate risk and exposure to fraud is more crucial than ever.
Sector spotlight: Credit cards
Fraud in a not-for-profit organisation can quickly occur in areas where formal and robust controls are vulnerable to being bypassed.
A practical example is using credit cards, which can circumvent the usual accounts payable and banking controls for making payments. Without proper oversight or regular reviews of credit card statements and expense approvals, unauthorised and inappropriate expenditures can arise due to a weakened control environment.
The Board or Audit Committee must play an active role in maintaining these controls, especially when the executive management team uses credit cards.
Understanding fraud risks
Not-for-profits face unique fraud risks, including:
- Belief that fraud won't happen here: management may be overly trusting due to their commitment to the organisation's mission, leading to relaxed financial safeguards.
- Low rate of fraud awareness training: many not-for-profits do not implement adequate fraud awareness training, especially for volunteers in key roles or encountering deficiencies due to staff turnover.
- High volume of cash transactions: even though organisations handle less cash than in the past, donations and fundraising still make not-for-profits vulnerable to fraud.
- Lack of internal controls: limited resources can result in insufficient internal controls and segregation of duties, making fraud easier.
- Manipulation of accounting policies: not-for-profits face unique and complex accounting standards that require professional judgement and occasional estimates. These areas of judgement or estimation can create opportunities for fraud within the organisation.
Best practices for fraud prevention
- Perform a review of internal controls: the first step in reducing opportunities for fraud is to establish comprehensive policies and procedures. These should include segregation of duties, regular reconciliations, and transaction approval processes. However, it is crucial to conduct regular reviews to ensure these policies and procedures remain effective and fit for purpose.
- Conduct regular audits and reviews: regular internal and external audits can help detect and prevent fraud.
- Provide ongoing training and education: ensuring that all staff and volunteers receive regular fraud awareness and prevention training. This training should cover common fraud schemes and how to report and respond to suspicious activities.
- Establish whistleblower policies: creating a safe and confidential way for employees and volunteers to report suspected fraud and misconduct.
- Create a fraud and risk governance plan: develop a comprehensive plan that outlines the organisation's approach to fraud prevention, detection, and response. This plan should be reviewed and updated regularly.
- Implement IT security measures: protect sensitive information by implementing robust IT security practices. This includes using secure payment systems, encrypting data, regularly updating software and educating staff about scams and cyber safe practices to prevent cyber related fraud.
How BDO can help
While an external audit is not primarily designed to identify fraud, having an auditor who understands your industry, organisation, and its key risks and vulnerabilities is crucial for receiving quality audit services and building a relationship of trust. BDO’s not-for-profit sector team is uniquely positioned to deliver valuable audit services.
For a formal fraud review, BDO's fraud and corruption risk management team can assist in preventing, detecting, and responding to fraud and corruption. We help organisations identify key risks, evaluate internal and external controls, and develop and test robust risk frameworks.
Our services include:
- Fraud and corruption risk assessment
- Awareness training
- Policy development, implementation, and benchmarking
If you would like to learn more about our services, contact us today.