Fraud in the Non-Profit World

Those of us who work for non-profits like to think we’re immune from the rash of corruption that seems to have overtaken the for-profit world. We see convicted felon Bernie Ebbers who perpetrated an $11 billion accounting fraud at WorldCom. There’s Jeffrey Skilling and Kenneth Lay of Enron who were sentenced to decades in jail for their corruption. And Bernie Madoff sits in jail today for his $65 billion Ponzi scheme.

We charities like to think we could never be corrupted in quite the same way. Unfortunately, recent headlines show that simply is not the case. An employee of a senior citizen organization in Seattle was charged with theft of nearly $100,000. A clerk in New York was charged with stealing more than $1 million from his church. The charities of Northeast Wisconsin may be small, but we’re not immune from this problem either.

There’s the Green Bay mom who stole $5,000 from her local parent-teacher organization. And even in Door County, the business manager of a local childcare facility was recently convicted of stealing nearly $5,000.

It is hard to deny that the deadly sin of greed can corrupt any of us, even those who dedicate themselves to a life of service and charity. So we should take reasonable precautions to keep everyone honest.

The most common recommendation of auditors is separate duties when it comes to handling money. The idea is that most folks are honest. If we can design internal controls which require that two people are always involved in financial transactions, it’s less likely that both of them will be so dishonest as to collude and commit fraud.

The challenge in Door County is that our charities typically have few employees. As a result, it’s difficult to separate financial duties when there are so few people to do the work. But there are some basic things you should remember when setting up the internal controls to protect the assets of your favorite charity.

Two’s a couple when it comes to cash

Without exception, the greatest potential for theft is in the handling of cash. It’s the hardest kind of fraud to discover because there is often no paper trail to follow.

The simplest internal control with cash is to require that counting cash is always done by two people. Always. Whether it be selling brats or raffle tickets, two people should work together to tally up the day’s take. This protects everyone involved. It helps the organization by making it difficult for any one person to sweep a little off the top. It also protects the volunteers and staff members by ensuring that they can’t be falsely accused of theft because of an accounting error.

Thankfully, while cash is usually the most vulnerable spot in the internal controls, it typically involves the least amount of money. Far greater sums are at risk in the accounts of the organizations itself. So charities often require multiple signatures on their checking and other types of deposit accounts as an internal control.

Even if you require two signatures, one is usually enough

Unfortunately, just because a non-profit has a policy requiring two signatures on every check, most banks won’t enforce it. The bankers tell us that when checks were manually processed, it was relatively simple for them to verify two signatures on a check. But in today’s world of electronic transfers, many banks will not accept the responsibility or liability of monitoring for two signatures.

Check with your bank to see what their rules are. If you’re using a two-signature requirement to protect your organization’s assets, you might find that you are far more vulnerable to fraud than you realize.

Remember that board members can steal too

One charity told us they were fine because the paid staff can’t access the checks and aren’t signatories on any account. Their financial responsibilities were completely entrusted to the volunteer treasurer on their board of directors. What this organization is essentially saying is that while the paid staff could be corrupted with greed, the board members are pure and could never be so tempted.

Of course, that is a silly – and possibly costly – assumption. A volunteer board member with sole access to the organization’s finances is just as likely to commit fraud as a paid staff person. No single person should ever be entrusted with all of a charity’s financial transactions.

Write or reconcile, but you can’t do both

An auditor once gave our organization some really good advice. She said that in a small charity with few people, it’s hard to design internal controls that guarantee that fraud won’t occur. But it’s easy to design a system which guarantees that the thief will be caught shortly after the crime is committed.

The simplest and most powerful fraud prevention tool is to assign one person (or more) the responsibility of administering an organization’s accounts and another to reconcile those accounts. In other words, you either write the checks or you reconcile the account. But you absolutely, positively should never do both. You either have the authority to execute investment transactions or you review and reconcile the investment statement.

There are many simple ways to divide this work. Perhaps the charity’s president, vice president and secretary each have individual signatory authority on the accounts, but the treasurer does not. Instead, the treasurer is the person who receives all the statements and reconciles them to ensure that every transaction was legitimate.

Or maybe the executive director signs the checks, but a bookkeeper gets the bank and investment statements and reconciles them under the supervision of the treasurer.

It doesn’t matter much whether a board member, volunteer or paid staff person play any particular role. The key is to separate the responsibilities and reconcile everything in a timely manner. This internal control is based on deterrence. At a small charity, the signatory on an account might have the ability to commit fraud, but it will be only a matter of weeks before the person reconciling the accounts discovers the illegal act and can identify the criminal.

The wonderful thing about robust internal controls is that if you use them effectively, fraud is never an issue because they keep us all honest.