|It’s a people problem, so combat it with governance.
Purchasing schemes, cash skimming, and financial statement fraud are three very different types of fraud that nonprofits must prevent, detect, and insure against. Still, behind each of them – and every variety of deliberate, deceptive act against nonprofits – there’s a fundamental and shared dynamic at play.
Fraud isn’t just an operational or financial risk. It’s inherently a human risk, meaning it often crosscuts numerous functions and departments within a nonprofit organization. Not only that, but the people behind these acts are complex. They’re pressured by varying circumstances, motivated by different opportunities, and self-assured by their own unique rationales. Making matters more complicated, fraud isn’t always a solo act. In fact, a report by the Association of Certified Fraud Examiners (ACFE) found that 46% of fraud cases involve multiple perpetrators. When fraud occurs, the web of nefarious activity often extends to surprising depths within an organization.
To combat this threat, nonprofits face a critical need to address fraud, starting with more guidance and engagement from leaders and boards to create an anti-fraud environment and oversee a fraud risk management function. One of the most important deterrents of fraud is knowing that the organization’s leaders have no tolerance for it, will act accordingly to detect it, and will take appropriate action if they find it. Begin by focusing on these four steps:
1. Find a Catalyst
You need a high-ranking sponsor to get fraud risk management off the ground. This leader’s first order of business should be deciding whether the organization’s fraud risk management will be integrated into the existing risk management function (which typically focuses on strategic, operational, reporting, and compliance risks) – or whether it will be separate. Either way, the goal is the same: Embed a risk management element into the daily activities of all your personnel.
2. Create Responsibilities & Structures
With your management process in place, establish a governance structure for it, including designated oversight responsibilities at the board level, such as an audit committee. Keep in mind, this framework and the tools your organization uses should be scaled to fit both your size and your available resources. It’s impossible to completely “fraud-proof” any organization, so understand the weak points in your infrastructure and organization, and then work backwards to execute your anti-fraud processes. Also, while fraud prevention is ideal, many nonprofits have to weigh the costs and practicality of preventive processes versus detective measures.
3. Engage & Educate
Especially when faced with resource constraints, nonprofits should engage all their staff in an ongoing system of fraud deterrence. Above all, provide your employees with workshops and trainings in which you educate them on why people perpetrate fraud, which red f lags to watch for, and what resources – such as whistleblower policies, reporting systems, and hotlines – are available to them. Awareness throughout your organization can be the single most effective fraud deterrent and vehicle for detection, but it has to start from the top.
4. Craft Dynamic Risk Assessments
People are dynamic, so your risk assessments must keep pace. With roles and responsibilities identified, use your team to pinpoint which inherent risks exist. Then prioritize these risky situations based on their impact, likelihood, and the speed at which they’re apt to occur. Finally, use those priority rankings to map the best preventive and detective controls.
Source: “Assess Your Organization’s Vulnerability to Fraud”. Nonprofit World. October/November/December 2017. Vol. 35, No. 4: 20 – 21. Print.