Why Internal Controls Should Matter to Your Nonprofit
Every month the news details yet another nonprofit employee caught committing fraudulent behavior. Unfortunately, the culture and willingness to help others and ‘do good’ mission of nonprofits does not make them less susceptible to internal fraud. When it happens, it not only depletes the organization of precious financial resources, but also damages the nonprofit’s reputation among its donor community. In addition, the median loss of funds related to fraud for a nonprofit is $150,000 PER OCCURANCE, that’s per a 2016 study Report to the Nations on Occupational Fraud & Abuse completed by the Association of Certified Fraud Examiners.
So how do you protect your nonprofit from possible fraud? While there is no absolute, fool proof way to prevent fraud, internal controls continually reduce the risk. Study after study finds that the use of a culture that supports internal controls, as well as strict adherence to the controls themselves, reduce the risk. A 2014 study completed by BDO, LLP analyzed 436 responses from nonprofits located in Australia and New Zealand, they found that "28% of respondents see fraud as a problem for their [organization]. This is up 20% from the previous survey completed, which indicates the sector is becoming increasingly aware of fraud threats and vulnerabilities." Not surprisingly, this same study found that the "Respondents who did not see fraud as a problem for their [organization] rely on robust internal controls, [organizational] culture, trustworthy staff and external audits to manage their fraud risk."
If you’re wondering where to start or what the heck internal controls refer to, internal controls are an organization’s plans, methods, and procedures implemented for achieving its missions, goals, and objectives. Internal controls are important to put in place within any organization or business because they serve as the first line of defense in safeguarding assets and detecting and preventing errors, fraud, and impropriety.
Fraud occurs when you have 1) opportunity, 2) need, and 3) rationale. While you can’t directly safeguard against an employee's need and rationale, internal controls focus on minimizing opportunities for fraud. A critical component of designing and implementing internal controls, are control activities, which include but are not limited to: separation of duties, authorizations, documentation, and audits. To diminish your chance of fraud risk you need to:
Create a separation of duties: For example, the person who requisitions the purchase of goods or services should not be the person who approves the purchase. The person who approves the purchase of goods or services should not be the person who reconciles the monthly financial reports. The person who approves the purchase of goods or services should not be able to obtain custody of checks. The person who maintains and reconciles the accounting records should not be able to obtain custody of checks. The person who opens the mail and prepares a listing of checks received should not be the person who makes the deposit. The person who opens the mail and prepares a listing of checks received should not be the person who maintains the accounts receivable accounting records.
Maintain Best Practices: Once you’ve initiated best practices, review and maintain your policies to ensure that they keep your organization’s best interests at heart, and that they leave no loopholes for fraud.
Establish Policies: This includes hiring policies, whistle blower policies, conflict of interest policies, and record retention and destruction policies.
Educate: Provide an environment that involves open communication, and encourage your employees and volunteers to come to you with concerns. By having management set the tone and create a positive work environment, employees are more likely to report fraudulent activities.
Also, establish yearly fraud and ethics training. This will educate employees as well as remind them that the organization takes fraud matter seriously. As mentioned above, having a Whistleblower Policy will let employees know retaliation is not allowed if they do come forward with findings. Have at least quarterly communication regarding fraud, to keep it at the forefront of everyone’s mind.
Oftentimes, simply knowing that they will be caught is enough to deter a person from committing fraud. Proper controls give everyone peace of mind, guaranteeing fraud will be swiftly discovered while removing the temptation to commit it.