Protecting your organization from fraud
Fraud can jeopardize a nonprofit organization's all-important reputation and raise questions about its fiduciary duties for funds provided by donors.
To ensure that the organization is adequately preventing and responding to potential fraud, an organization should establish a positive "tone at the top" that includes directors and senior administrators modeling good behavior.
Also, publicized codes or policies should be in place for ethics, whistle-blower protection and conflict of interest.
Here are more steps an organization can take:
» Communicate regularly with all stakeholders about the importance of high standards for conduct.
» Conduct background checks on new hires involved in financial transactions.
» Conduct regular fraud-risk assessments, looking at and prioritizing possible fraud schemes and determining whether mitigating controls exist and are effective.
» Establish effective internal controls for prevention. These include thorough training of personnel on policies and procedures.
Organizations also should:
» Separate functional responsibility for authorization, custodianship and record keeping.
» Limit and monitor access to assets or data.
» Reconcile assets with the appropriate records.
» Properly authorize transactions.
» Supervise employees.
The red flags
The typical perpetrator of fraud may not fit the image of a hardened criminal, but can be a trusted employee or manager who understands the organization's systems and is able to find weaknesses that allow the fraud to occur.
The "fraud triangle" focuses on three factors that typically present when fraud occurs: opportunity, pressure and rationalization.
» Signs of opportunity include inadequate internal controls, a close relationship with vendors, vacations and sick days not taken, excessive turnover or no rotation of duties among staff.
Opportunity is the easiest element of the fraud triangle for an organization to monitor.
» Signs of pressure include high personal debts, living beyond one's means or job frustration.
» Signs of rationalization include statements such as, "I am not paid what I deserve," or, "I need the money and intend to pay it back."
When fraud is alleged, suspected or discovered, act swiftly and follow these steps:
» Immediately alert the audit committee, in-house or external legal counsel and the external auditors.
» Conduct an investigation. Investigate not only the specific fraud but also whether a similar fraud is possible in other parts of the organization.
» Report the findings to all of those alerted plus any regulatory authority that may have an interest.
Forensic accountants are used to conduct fraud investigations because of their expertise and independence.
They bring a combination of useful skills: accounting and auditing knowledge, fraud expertise, knowledge of law and the rules of evidence, and understanding of the psychological and motivational factors for fraud.
The costs of fraud
The direct and indirect costs of fraud can be staggering. Directors should be on the lookout for red flags that indicate a possibility of fraud and should encourage the organization to conduct regular fraud-risk assessments.
With the organization's integrity at stake, preventing fraud -- or, at worst, promptly addressing it to minimize damage -- is of utmost importance.
Vivian Lai is an audit manager for Grant Thornton LLP in Honolulu. She can be reached at Vivian.Lai@gt.com