Every now and again you’ll read a story or hear about it. Someone at a local nonprofit was caught embezzling money. No one ever expected this person to do that! They’re so nice and have volunteered for years! The truth is, it happens more frequently than you’d expect, and in most cases the scheme isn’t particularly complicated and could have easily been avoided.
In many small nonprofits there’s only one person responsible for all the finances of the organization. This person pays the bills, deposits money, processes and approves payroll, and keep the books and records. That’s an efficient way to run things, but in an environment like this no one really knows what’s happening with the organization’s money other than that one person. In many cases, doing some of these simple things can help minimize the risk of fraud:
- Segregate the access to process and/or approve cash transactions (approve payroll, write checks, submit electronic payments, etc.) from the bookkeeping and reconciliation function. It’s far easier to commit and cover up a fraud if you have access to transfer assets out of the organization and the ability to obfuscate it in the books and records. Separating those basic duties will go a long way to minimizing fraud risk, and do so in a way that prevents them rather than just detecting them after they’ve happened.
- Have someone other than the accounting recordkeeper review credit card statements, bank statements, bank reconciliations, and copies of cleared checks. If someone uninvolved in the day to day bookkeeping takes the time to scan credit card and bank statements for unusual transactions, does a quick comparison to the books and records, and is willing to ask questions about the details, simple frauds can be detected fairly easily. Even documenting a process like this without doing it every month with the same vigor can act as a powerful deterrent.
- Require two signatures on checks. If your bank won’t cash a check with only one signature, then it’s going to require collusion between two people or forgery to pull of this type of fraud. That’s far riskier to your potential fraudster and likely to dissuade them from doing it at all.
- Maximize the use of non-cash payment methods for donations or other receipts. It’s much more difficult for someone to steal a donation made by credit card that goes directly into the organization’s bank account than it is for someone to stick some cash or checks in their pocket. It also cuts down on administrative work (who wants to run to the bank!) and provides a better audit trail for both you and the person making the payment.
- If you have to collect cash, have at least two people collecting it. People are less likely to skim if they’re worried another person is going to see them, and they’re probably going to be hesitant to ask that second person to be their partner in crime.
- Segregate the responsibilities of preparing the budget from bookkeeping and reconciliation. If an independent budget is prepared and then compared to actual results, unusual unfavorable variances like income below budget or expenses above budget when reviewing reports (more on that below) could scare out fraud.
- Lock up blank checks and limit access to them. If you have to have blank checks around, make sure they’re locked up in a place that not everyone can access.
- Have someone other than the bookkeeper review financial reports on a regular basis. It’s a good idea for the board of smaller nonprofits to review financial information on a monthly basis, but not less frequently than quarterly. Some reports to review include vendor disbursement registers, vendor and donor aging reports, income statements and balance sheets. In a perfect world those reports could be run by someone other than the person doing the bookkeeping to help ensure they’re not doctored. Again, even if the board isn’t going through everything with a fine-toothed comb every month, just the fact that this information is available for review can act as a deterrent to fraud.
Of course, you can never completely eliminate fraud risks with these practices, but all or some combination of them can do a lot to mitigate the risk. If you need any help evaluating your specific situation, please feel free to contact us.