It’s no secret that nonprofits have had to weather challenging circumstances in the past two years. Building strategies and tactics that remain flexible are basic guiding tenants for any organization, especially for nonprofit groups. Incorporating a higher level of agility into operations and finances help prepare nonprofit groups to face unknown hurdles yet to come. Creating a tailored plan based on appropriate preventive and detective controls helps guard against future issues such as fraud.
The past two years saw an increase in reported cases of fraud for nonprofit organizations. Learning lessons from these unfortunate events is important, but applying those lessons is even more critical. Fraud risk grew as people sensed increased threats to their health and finances, and even if those insecurities improve in the coming months and years, there are still considerations regarding security to make. Issues such as altered internal controls and segregation of duties are still impacted by staff absences and reductions. The natural tendency of nonprofit organizations s to be more trusting of employees and volunteers has historically been a factor, and added strain from the pandemic means that background checks and security checkpoints may be limited. Additionally, many organizations are subject to more extreme budget constraints and efforts to maximize resources to the detriment of critical administrative support, accounting, and technology.
These factors, along with limited administrative, accounting, and finance functions, may hinder internal controls and increase fraud risk. Implementing and customizing best practices such as these below can greatly reduce the risk of fraud.
Consider the following examples that you can do to reduce the risk of fraud:
Implement a more dedicated method of segregating duties and monitoring. This is a good time to see if there are gaps in the ways that you are currently structuring tasks and roles, as well as examine if your current system of monitoring daily functions is up-to-date. Reviewing account actions daily is a best practice as is checking payroll and bank statements. Additional actions include sending automated emails from your bank offsite to the CEO, CFO, or other trusted leader for review prior to reconciliation. Banks can also send an email to someone outside of the payables and accounting process after each electronic payment showing the amount and recipient.
Safeguard assets. Make sure that you’ve provided your bank with a list of vendors that are authorized to withdraw funds electronically and dedicate a set time to review those transactions. Other suggestions include physically securing assets such as inventory and equipment as well as keeping any banking supplies under lock and key. You can bond all employees who handle cash and checks and consider increasing the frequency and level of background checks. Make sure you use bank lockbox services and shredding services–two actions that are relatively low-cost and offer security that your information is not being copied or stolen.
Update policies and procedures. Implement a vetting and approval process for new contractors and vendors, and maintain consistency regardless of previous relationships. Prohibit the use of acronyms when writing checks or endorsements, and don’t allow anyone to write checks to “cash.” Similarly, encourage donors and supporters to write out your full name instead of using acronyms. And one of the most important actions is to make sure you assess technology and data security needs frequently and even consider an outside cyber-security contractor that has been vetted and proven as an extra safeguard.
A commitment to methods of avoiding fraud doesn’t mean that nonprofit organizations have to lose their faith in the good they do. In fact, employees, volunteers, and donors will appreciate the efforts you make to ensure their hard work and selfless support are well protected.