I frequently come accross and like to muse about incidents in nonprofits where fraud or general impropriety has occurred as a source of "lessons" for boards in the "what not to do" or "what happens when you do" category. For sure, "fraud" is a risk in any business but for nonprofits it can mean the difference between pursuing mission and failure.
I received the following short article authored by accountant Keith Jennings which may be helpful to nonprofit boards and managers when considering the development and implementation of anti-fraud policies. A particular focus of this article: prevention while understanding the impact on employee morale.
Mr. Jennings begins by suggesting that "even the most trusted employees can become perpetrators of fraud. A number of factors can contribute to an employee’s transgression, such as financial problems, mental health, substance abuse, or simply a feeling of being undercompensated for their time."
Toward this end then, Mr. Jennings offers that the focus should be on reducing the likelihood of fraud occurring and this includes: "having Human resources should perform background, credit, and reference checks to increase the chances that trustworthy employees are hired. All employees should be subject to reasonable IT and employee-monitoring systems. Finally, financial responsibilities should be segregated so that each employee’s work is subject to review and no one person has too much responsibility.
You may not think it is possible, but there are controls that can work for a one or two person nonprofit organization, or even an all-volunteer organization.: All this would appear relatively fundamental but I would not be surprised to learn that nonprofits, particularly those with annual revenues of less than $1 million don't have all these steps in place and thus put themselves at risk of fraud.
Mr. Jennings goes on to offer that "Once the proper systems and policies are in place, a nonprofit (should seek to) strike a balance between maintaining internal control and a fostering a welcoming environment? Without managing the perception of your internal controls, it’s possible that an organization’s culture will suffer – creating a perceived division between staff and management, damaging employee morale, and dampening the entrepreneurial spirit that sustains your nonprofit.
To avoid harming a well-established nonprofit culture, organizations should follow these practices:
First, be transparent about fraud prevention and detection systems. Provide information to all new hires about the function of internal controls. Each employee should be able to confidently answer the following questions: What is the goal of the program? What specific data do monitoring systems collect? Why are financial responsibilities segregated in specific ways? Why preventing fraud is a priority for our nonprofit? Be up-front about the purpose of internal controls, explaining that fraud can quickly throw an organization off-course and lead to massive, long-term setbacks, such as a loss of funding.
Second, set the tone at the top. Employees will look to the nonprofit’s leadership for cues as they form their perception of the organization’s culture. Nonprofit leadership should not only be consistent in their messages about internal controls, but should also publically demonstrate their compliance. For example, if an organization requires employees to wear badges for access to secure areas, the leadership should visibly display their badges as well. Leadership should also share with employees how high-level functions are dispersed to ensure accuracy and appropriate oversight.
Third, create a channel for questions and concerns. It’s estimated that 40% of fraud is uncovered because of an employee tip, but without a proper outlet for questions about internal controls or concerns about potential fraud, employees will head straight to the rumor mill. Establishing appropriate pathways for expression – a secure forum, an online equivalent to a suggestion box, or even an anonymous email function – will help employees feel like they’re a critical component of the solution, not the target of the system.
By carefully monitoring the perception of internal controls and crafting clear communication to keep employees informed, nonprofits will be able to lessen the chance of fraud while continuing to encourage employees to share big ideas, work as a team, and produce results that will propel the organization to future successes.
Thanks to Mr. Jennings for sharing. He can be reached at JenningsK@snydercohn.com.