They are, if you will excuse me, a dime a dozen—or perhaps in these economic times, a penny a dozen. The headlines publicizing new found fraud at nonprofits. No doubt the stories are read, a shudder felt and then a huge sigh of relief and the thought: “Thank goodness it isn’t us!”
Or is it and it just hasn’t been discovered yet? The reality is that none of us is immune from this possibility. Thus, all of us should be doing everything we possibly can—even if it is “inconvenient”—to protect our organizations, their reputations, their credibility, their ability to continue to deliver their missions. And yet, so many organizations appear anything but vigilant and almost glib in their efforts to safeguard themselves from fraud.
As I was listening to the Webinar we offered last week on “financial red flags,” and presented on our behalf by Easy Office, I was reminded how foolish most nonprofits are when it comes to financial integrity. There really are very simple principles to follow that increase protection and make it more difficult—I would never say impossible—to defraud an organization. And yet, far too many nonprofits spend more time complaining about the difficulties of good internal controls than doing them.
Easy Office provided some data with which I was not familiar, so I read the 2006 survey from the Hauser Center at Harvard University that looked at 58 cases of “occupational fraud” in nonprofit organizations as reported by members of the Association of Certified Fraud Examiners. Occupational fraud, as defined by the study authors and putting it into lay words, is using one’s professional position to use the organization’s assets for one’s own personal benefit.” You know what it is; think of your own examples!
Here are some of the findings that I’m hoping will be a wake up call.
§ The total loss from fraud in these 58 cases was over $30 million, with a range of $200 to $17 million.
§ There was no relationship between the size, as measured by number of employees, or age of a nonprofit. Thus, occupational fraud is an equal opportunity for nonprofits of any size or age.
§ But fraud is sexist—no surprise there! The typical fraud—a loss of less than $50,000—was committed by a female employee, with no criminal record, employed by the organization for at least three years and who earned less than $50,000. Male managers and executives who earned between $100,000 and $149,000, however, engaged in the most costly frauds—a median (meaning 50% were above and %50 were below) of $150,000.
§ The median age of the perpetrator was 41, media length of employment was seven years and most had never been charged with or convicted for a criminal act prior to the disclosure of the fraud.
§ Nearly 2/3 of the fraud was discovered through tips or by accident! Internal controls, and audits, internal or external, revealed only 1/3 of the fraud cases.
So, what should a nonprofit do to protect itself? There are so many ways, I’ll just highlight the “easy” ones and the “cheap” ones—as those address the two biggest stumbling blocks nonprofits like to put up. All of these recommendations are doable, though organizations may need to be more creative in achieving some, and it may complicate some people’s lives. But, what do you want: convenience or, to steal a line from a sponsor of the Philadelphia Phillies (may they still be in the chase for national champions as you read this), safe and secure assets. (That would be Travelers Insurance.)
1. Boards: Create strong financial policies that make sense for the organization at this point in its evolution. Regularly and carefully review them all and, if needed, update them.
2. Boards and executive directors: Hire carefully and well—and then monitor. Everyone in the world of finance will tell you that while solid policies, procedures and good internal controls s are essential, it all rests on the people hired to execute them.
3. Executive directors: Periodically rotate duties. Here’s where I hear the whine of inconvenience, particularly in organizations with a small staff. But there are options—board members, well-vetted volunteers, be creative.
4. Boards and executive directors: Be observant, listen carefully: watch for collusion, “special” exemptions and privileges granted some but not others.
5. Boards (as this should be a policy): Provide a mechanism for the receipt of anonymous tips and a procedure for investigating all tips.
6. Boards and executive directors: Remember that providing solid oversight does not equate with being suspicious or impugning another’s integrity; rather it equates with doing your job!
As noted above, this list is, in actuality, much, much longer if we were to cover all of the dos and don’ts for protecting our organizational assets. But here is good place to begin to review your own current situation. To do less is to risk becoming a statistic—or worse, tomorrow’s headline.