Anti-Fraud Controls

February 2015, Joan M. Renner, CPA, CGMA, Renner and Company, CPA, P.C.

Download the article e

Introduction

An association loses $900k from unauthorized disbursements…a housing agency loses $30k from diverted income…another association loses $5 million in fake vendor scheme…  These news stories about nonprofits victimized by embezzlement are enough to cause a nonprofit Executive or Board member to lose sleep.  No nonprofit leader ever wants to read that their organization has become the next victim.   Sadly, the Association of Certified Fraud Examiners (ACFE) says the typical organization loses 5% of revenues each year to fraud.  If you’re a $1 million nonprofit, that’s an estimated $50,000 each year.  In its 2014 Report to the Nations, the ACFE used survey results to paint a clear picture of a typical fraud.

  • The median loss from a fraud is $145,000,
  • the fraud usually lasts 18 months,
  • it’s usually an embezzlement, and
  • the smallest organizations suffer disproportionately large losses from embezzlement.

The survey went on to state that having anti-fraud controls can reduce fraud losses and shorten fraud duration.  In this article, we will explore some recent frauds ripped from the headlines, and discuss steps you can take to develop the right anti-fraud controls for your organization.

Here are a few frauds where perpetrators exploited their job duties for personal gain:

$900k lost from unauthorized disbursements:  In November 2014, a former association CFO pleaded guilty to embezzling more than $928,000 from a San Francisco trade association from 2007 to 2014.

How did he do it?  The CFO used the access to the association’s bank accounts and books that his employer gave him.  As CFO, he had complete control over all aspects of the association’s finance function including keeping the books, authorizing payroll, and paying bills.  He wrote checks payable to himself and payable to “cash” totaling more than $550,000.  He made unauthorized purchases of more than $250,000 on the association’s credit cards, and he put an overpaid acquaintance on the payroll.

How did he conceal it?  He just omitted the fraudulent transactions from the books and the financial statements he sent to the Board.  He made false entries on the books to cover up his personal charges.

$30k lost from diverted income:  In December 2011, a former director of a nonprofit housing agency pleaded guilty to diverting more than $30,000 of rent money from tenants of the nonprofit into his own bank account during 2008 and 2009.

How did he do it?  The housing director used the access to tenant rent collections that his employer gave him.  As director of property management, he collected rent money from tenants, but instead of handing it in to the agency, he deposited it into his personal bank account.  He even moved an unauthorized tenant into a vacant unit and set up a post office box to collect that rent as well.

$5 million lost in fake vendor scheme:  In November 2013, a former administrative assistant pleaded guilty to embezzling more than $5 million from her association employer from 2005 through 2013.    

How did she do it?  The administrative assistant’s duties included processing vendor invoices, even approving some invoices.  In addition to the valid invoices she processed, she submitted false invoices from real organizations.  Because signed checks were returned to her after signing, the administrative assistant made sure that the checks from the fake invoices went to her own bank accounts that she had set up using names similar to the real vendors.

She also submitted invoices to the organization from her own business, called FCI, which did no work for the organization.  She left these payments off her budget reports.  FCI turned out to be the bridal shop she owned, Fabulous Concepts, Inc.

Eventually, after a call from the perpetrator’s bank, her employer discovered her fraud.  The association said they were “truly stunned” and referred to the perpetrator as a “long-time, trusted employee” who had “exploited every gap in their system” using “deception and coverup”.  The association further said they would “apply the lessons we have learned from this experienced, as well as share them with others in the nonprofit community.”

With headlines like these, nonprofit leaders know they can’t rely on good intentions to protect their organizations.  However, small organizations may not know how to address fraud risks with limited budgets and small staff size.  It is clear that nonprofit managers and Board members need to take action to get ahead of the curve with appropriate anti-fraud controls.

Developing Anti-Fraud Controls

Anti-fraud controls are procedures an organization implements to prevent or find and correct fraudulent transactions.  Anti-fraud procedures are not one-size-fits-all.  In designing the right policy, management and Board members must balance the cost and restrictions related to internal controls with the protection and accountability they offer.

Here are some concepts and steps that will help nonprofit managers and Board members design and evaluate anti-fraud procedures that are right for an organization:

  • Understand that anti-fraud controls are the responsibility of management and the Board.   It is their fiduciary duty to safeguard the assets of their organization.
  • Understand that anti-fraud controls may be more important in the nonprofit environment than they are in a Board member’s own business. Business owners may take risks with their own money, but in the nonprofit environment, the general public expects a high degree of accountability.
  • Make controls a Board priority. Some Boards dismiss anti-fraud procedures as unattainable or inefficient, presuming that organizations should just do the best they can when it comes to internal control. This approach can leave the organization open to fraud. Remember that all Boards are expected to carry out their fiduciary duty, even in situations where resources and/or staffing is limited.
  • Implement an annual assessment of anti-fraud controls. Management will inspect the organization’s transaction processes annually, identifying any new risks and updating anti-fraud controls. Read and update your policies and procedures document for each area such as disbursements, receipts and payroll. Ask “how could someone steal money in this area, and if they did, how would we find out?” Enlist the assistance of outside accountants to help with this review as needed. Management will report the results of this process to the Board.
  • Look for new ways of doing things that offer increased anti-fraud controls. For example, instead of allowing someone to pay bills electronically on a system that requires no further approval to release disbursements, switch to paying bills using an online banking platform that requires a second level of approval.
  • Small organizations may need to enlist Board members to help with anti-fraud controls. If a second employee is not available to review and approve a transaction, a Board member may need to step in to review and approve. Online processes make it easier to log in and oversee transactions.

With frauds like these in the headlines, nonprofit leaders are aware that no organization is immune.  Smaller organizations may not know how to address the risk of fraud given their limited resources.  Using the points above, nonprofit managers and Board members can develop anti-fraud controls that address fraud risks in a way that is best for the organization.

©2015 Renner and Company, CPA, P.C., all rights reserved.