In nonprofit organizations, where the mission statement often involves supporting the community and serving it with a high moral purpose, witnessing fraud by managers or executives of the organization is heartbreaking.
As a forensic accounting investigator who reviews whether fraud, including misappropriation of assets or fraudulent financial reporting, happened in a nonprofit organization, one would wonder how to avoid fraudulent transactions and behavior in such organizations.
The most evident recommendation is to establish a proper environment of internal controls to prevent fraudulent financial reporting as well as to design proper processes and procedures to mitigate fraudulent and unethical behaviors, which can be done either with the help of an external consultant or by internal members who are knowledgeable about the best practices in the industry and have specific antifraud training. In addition, there are a variety of broader spectrum suggestions on how to avoid the "recipe for fraud" in nonprofit organizations:
Board responsibilities
The role of board members should be clearly defined for each board member from day one.
It's common to appoint board members with different experiences from a variety of industries. Sometimes a board member has the perfect prior experience of working with nonprofit organizations, but no experience in managing an organization as well as influencing the CEO.
Who should onboard a new board member? What are the responsibilities of each board member? Ideally that should be defined by other independent board members serving the nonprofit organization before a new board member is recruited. However, what if the very first member is "a neighbor" or "a college friend" of a CEO?
Ideally, the recruitment of the first few board members is done by the initial founding members of the organization. If they do not have experience in building proper reporting lines, onboarding as well as reinforcing responsibilities of board members, it's important to seek guidance from someone with such knowledge in the industry or consultant experts. It is crucial to write proper processes and procedures for onboarding new board members, their duties and reporting lines to be followed by executives running a nonprofit organization.
The board should be more engaged with financial documentation review, at least on a quarterly basis.
During a forensic accounting investigation, it's common to hear board members say, "I wish I looked at the financial information earlier, but I had no clue what to look at." Another common perception of people without financial experience: "I am not a finance person."
However, it can be costly for the organization's financial well-being, if the board members do not familiarize themselves regularly with at least quarterly, or even better monthly, financial documentation. If a new board member is not familiar with how to analyze financial information well, there are plenty of short-term courses to study at least the basics.
Alternatively, an external consultant can be hired to educate and guide them on what financial information to request and how to analyze such financial information. It's also beneficial for the nonprofit organization to recruit at least a couple board members with a financial background.
These members could serve on a finance committee that's responsible for having regular discussions with administration regarding the financial projections and outcomes of the organization. These members could also educate the remaining board members and identify specific financial topics to be presented to and discussed with the full board.
Selecting an audit committee
One of the main purposes of the audit committee is to provide oversight and monitoring of the organization's external audit.
Even if the nonprofit organization does not have an external audit, the audit committee is valuable in monitoring the organization's financial reporting process and systems of internal control, and providing oversight of compliance with laws and regulations. It's crucial to select an audit committee from the board members to demonstrate that financial reporting information is analyzed and discussed regularly.
Understand the reporting lines and responsibilities of the board and CEO
Under corporate governance outlines, the board is usually responsible for financial and/or legal oversight of the organization, supporting and/or setting the mission and goals, setting compensation guidelines, and evaluating the CEO. Generally, the board members are not making decisions regarding the day-to-day operations of the nonprofit organization, whereas executives are charged with the daily decision making to further the mission and goals set by the board.
It is surprising the number of times a board member has said during an interview, "The CEO said that or did that, and they know better," or "We had to consult with the CEO on that decision." Although it is reasonable to obtain more information from a CEO, or any other executive member, on any matter that requires the board to make a decision, the focus should always be on proper reporting lines for final decisions.
Although it is common to rely upon CEO decisions on day-to-day operations, questions and clarifications, it's important to remember that the board is responsible for financial and legal oversight of the organization as well as the reporting lines. The CEO reports to the board members of a nonprofit organization and not the other way around.
It's crucial to focus on ensuring appropriate oversight by the board of the CEO's activities, such as reviewing and approving compensation and benefits, reviewing credit card activity, and reviewing any other disbursements to the CEO.
Trust should not be an invisible hand of internal control
As the not-for-profit organization works to establish proper internal controls as well as processes and procedures to prevent possible fraud happening, you may wonder where "I trust this person" fits in. As reasonable as it sounds, it does not fit in any of the organization's internal control best practices. However, during forensic accounting investigation interviews, it's common to hear references to trust, especially from the board members who trust a CEO or junior employee members who trust executives' decision-making results.
An organization's internal control environment to prevent fraud should ensure that trust of employees is not the only fraud prevention tool. There should be adequate segregation of duties, oversight and review throughout all business transactions.
Establish a mechanism for anonymously reporting suspected fraud or ethics violations
Most people do not want to be the "bad person in the room" by being first to report potentially unlawful or fraudulent behavior or transactions. Most will wait until that "circle of trust" is broken by someone else. Unfortunately, the delay in reporting suspected bad behavior may have allowed fraud to continue for months, resulting in significant losses for the nonprofit organization.
It's important for people to be comfortable coming forward to call out something bad they may have seen or heard. Establishing a mechanism for people to anonymously report suspected fraud or ethics violations can help identify any violations early.
Executive compensation structure
It's important to understand how executives are compensated for the job they do and ensure they are paid competitively in the market. If they are significantly undercompensated compared to the market, they may be motivated to explore how to obtain additional benefits with or without appropriate board approval.
If additional perks, benefits or any other type of executive compensation structure requests are discussed at the board meetings, the final outcome must be documented in board meeting minutes and retained in the organization's files. It may also be beneficial to retain a firm to conduct market research analysis of the acceptable ranges of compensation for executives in a similarly sized organization and geography.
Limit access to organization's bank accounts and petty cash
Although in some situations it's impossible to limit access to the organization's cash, in most cases executives should not have unrestricted access to bank accounts and petty cash. If an executive of a nonprofit organization has access to the organization's bank accounts and petty cash, and no extra control is added to review the usage of such funds, it may lead to inappropriate or fraudulent use of the funds.
Unrestricted access to cash can also lead to paying employees under-the-table payments or bribes to incentivize an employee to approve or look the other way with regard to other questionable transactions.
Some examples of processes and procedures to prevent executives from having unrestricted access to bank accounts and gain better control over access to cash and bank accounts could be the following:
- Establish proper segregation of duties.
- Require dual authorization for approval of wires and other electronic payments.
- Ensure someone other than persons with access to the bank accounts is performing bank reconciliations.
- Don't use signature stamps or ensure adequate controls around signature stamps.
- Create a separate internal controls checklist and other written protocols.
- Try to limit the maximum amount of allowed petty cash per executive.
Communication with current auditors
Your current auditor can be an excellent source for executive team members and the board of nonprofit organizations to help identify the possible red flags, areas for concern and steps to make improvements. Although review of and reliance on the internal control environment of the organization is only part of the audit process, it's usually one of the first tasks conducted by the auditor — an assessment of effectiveness of the internal control environment.
If controls are weak, an auditor must select a larger sample of documentation for review as well as recommend improvements to processes to help strengthen the internal control environment for the next year. The executive team of a nonprofit organization should place a high degree of importance on feedback from the auditors and have open conversations with the auditors. Strong internal controls must be supported with well-established processes and procedures to prevent fraud, and timely implementation of the auditor's recommendations can benefit the financial well-being of any nonprofit organization.