Photo by Vidar Nordli-Mathisen on Unsplash

Fraud Defenses for Small Nonprofits

Strong internal controls are the best defense against fraudsters who target nonprofit organizations.

In the News

It seems like there’s a new headline almost every week: “Little League Treasurer Arrested for Skimming Funds” or “PTA President Pleads Guilty to Embezzlement.” The stories are depressingly similar, and the similarities aren’t coincidental: People entrusted with financial management of a small group, such as a nonprofit, frequently abuse that trust by stealing the organization’s money.

It’s easy to see how it happens: Small, mission-driven nonprofits like parent-teacher associations, sports clubs, or animal shelters need volunteers to step up and help run the organization. For example, parents often find themselves begrudgingly involved in their child’s hockey team, booster club, marching band, or PTA. Fundraising events, membership fees, donations, and other cash-based activities (think concession stands) are the backbone of these organizations’ revenue. And because these groups are run by volunteers, tasks get done when possible, and not usually with an eye toward strong controls or oversight. Far too much trust is placed on individual volunteers with ill-defined roles, just to keep the organizations running. 

While the vast majority of them volunteer their time because of a sense of obligation or the desire to give back, some folks cannot resist the temptation to skim “free money” off the top. And all too often, the perpetrator gets away with it long enough to do real damage.

When a scheme breaks down and it becomes clear that funds are missing, organizations should hire a professional to determine what happened and try to minimize the damage. Groups often look to law enforcement. But in some situations, a forensic accountant, private investigator, or fraud examiner might be a better first call.

Unfortunately, by the time something seems amiss, it may be too late to head off disastrous losses. In this article, I’ll discuss how to minimize the risks to your organization — by closing some of the loopholes that embezzlers tend to exploit. As the adage goes, “an ounce of prevention is worth a pound of cure.” 

The Organization

Nonprofit organizations that collect funds for a stated purpose — such as providing opportunities for students, athletes, or scouts, say — usually operate under bylaws and elect volunteer members to board positions. In small nonprofits, the board might consist of only a president, treasurer, and secretary. Most of these groups are financially unsophisticated, operate on limited funding, and cut corners out of necessity. Furthermore, the boards are made up of non-professionals who are doing their best and trying to help. And the very fact that they are working (usually) for a noble cause often leads to decreased oversight and an assumption of good faith.

In that sense, the organization’s strength — the good cause, trust, and spirit of volunteerism — also contains its weaknesses, which expose a large financial vulnerability. Unlike large, professional companies, these entities don’t usually have the luxury of a sophisticated internal control infrastructure, nor the personnel to manage those controls. This leaves the door open for a motivated insider to exploit weaknesses and embezzle funds.  

The story usually goes like this: Someone inside the organization notices a chance to misappropriate funds, then acts on that opportunity. It doesn’t have to be a sophisticated scheme; it could be as simple as writing checks payable to “cash,” then lying about how the funds are used. If there’s no oversight at all, the perpetrator doesn’t even need to lie. Other common schemes include diverting funds for personal use, paying personal expenses on the organization’s credit cards, or falsifying records to cover missing funds (such as by creating fake invoices).

The stealing usually continues until something happens that causes someone to notice a problem.  

The Transactional and Control Environment

The scammer usually exploits vulnerabilities in one of two ways: either by diverting money destined for the group’s mission (i.e. the cash never makes it to the bank) or by disbursing funds to someone other than the intended recipients. While no solution is foolproof, the goal is to erect roadblocks that make stealing difficult and not worth the risk.

The goal is to erect roadblocks that make stealing difficult and not worth the risk.

So, what are some control measures that can help to minimize the opportunity for misuse of funds and theft, especially when resources are limited? 

Even in small organizations, effective controls start with defining clear, separate duties for each volunteer in a position of responsibility. In a perfect world, organizations have the manpower and means to implement detailed operating procedures and record-keeping. But even entities with limited personnel can implement common-sense measures for managing the group’s finances safely. 

Separate the bookkeeping from the money keeping.

The first rule in any control system is that the bookkeeper (e.g. treasurer) should not handle funds. The treasurer’s job should be to record substantiated transactions and report summaries of those transactions to the board and membership. 

This might require board members to break the bounds of their role. For instance, the recording secretary may also be tasked with preparing and making the bank deposits. The deposit slips are presented to the treasurer, who then records the transaction.

Checks should always require two signatures, and the treasurer should not be one of the signers. This ensures that no one person is responsible for both recording the transaction and spending the money. 

Require authorization for spending.

There should always be proper authorization for disbursement of funds. The organization should require prior approval for any expenditure, and the organization’s bylaws should include a provision that requires additional approval for proposed expenses over a certain amount. 

For example, a simple vote by the executive board may be acceptable for routine expenses, while larger purchases should be brought before members at a special meeting (and made part of that meeting’s minutes) before incurred. This simple measure promotes additional transparency in the organization’s finances.

Finally, documentation of every expenditure, no matter how small, in the form of receipts or invoices, should be an absolute requirement.

Report and reconcile transactions periodically.

Periodic financial reporting by the treasurer to the board and membership is also a hallmark of good fiscal control. This provides additional oversight and hopefully, serves as a deterrent for potential fund-skimmers. 

Monthly account reconciliation by the treasurer and review by the board should be routine. For that matter, have bank statements sent to another board member directly from the bank to review for unusual transactions or activity before giving them to the treasurer.

Even with strong and ongoing fiscal controls, organizations should consider having their books reviewed annually by an independent party. This could be an audit committee made up of several non-board members, or ideally an independent CPA, if possible. 

Some organizations, such as parent-teacher associations, are subsidiaries of a national entity. In those cases, local chapters have a duty to report activities, including financial affairs, to the parent organization. This heightens the obligation of the organization to ensure strong financial controls.

Finally, in the case of nonprofit entities, there are certain governmental filing requirements.  While these regulations may not deter a motivated scammer from committing fraud against the organization, they certainly make theft a much riskier proposition.

Prevention and Mitigation

With a little professional guidance and creative thinking, any organization can decrease the risk of embezzlement by minimizing opportunities and temptations for potential fraudsters. These internal controls can be tailored to each entity. The controls don’t have to be perfect; what matters is that they are implemented, and that they work.

The best recipe for strong internal controls includes separation of financial duties, frequent reviews and audits, and a sensible process for authorizing expenditures — layers of transparency that add security to your nonprofit’s accounting.

Takeaways

Even for resource-conscious groups, there are plenty of ways to add security and peace of mind without having to spend funds on expensive consultants. Besides tapping members and volunteers who may have skills in accounting or finance, the organization can seek help from local professionals who may be willing to offer pro bono services (provided there are no ethical restrictions).

Here are a few suggestions:

Hire a Certified Public Accountant.

Ideally, an independent CPA would audit the organization’s financial records annually. Of course, this could be a costly proposition. But it may be a necessity if there’s any suspicion of malfeasance. 

As an alternative, an independent professional accountant or bookkeeper may be able to provide more limited and affordable services .

Appoint a finance committee.

If the organization’s board is too small to allow adequate separation of roles, they should seek members to serve on a committee that oversees the treasurer and all financial operations. While financial reporting should happen at regular meetings of the general membership anyway, a finance committee should monitor and review the details of transactions during the year.

Use an audit committee.

As with the finance committee, the organization should appoint volunteer members to review all transactions at year’s end. This review would include a detailed, line-by-line examination of all transactions, deposits, checks and disbursements, and a comparison to supporting documentation. It could also include reviewing transaction approvals and reconciling records and reports. 

The committee would then create a written report of their findings and include it in the organization’s records. And since the audit committee members are presumably not professional accountants or auditors per se, their job would simply be to make sure that transactions seem reasonable and are properly documented. 

Do monthly reporting.

Periodic reporting to the board and membership should be a regular part of operations. A summary of financial activity, account balances, budgeting, and anticipated expenditures should be reported regularly by the treasurer at scheduled meetings.

The mere knowledge that there’s frequent oversight can serve as a powerful deterrent. 

The Inevitable

Understand that if someone is determined to embezzle funds, they will probably find a way. But at the very least, the measures I’ve outlined above will most likely uncover discrepancies and malfeasance sooner rather than later.

Should the suspicion of malfeasance rise to the point of an investigation, the case should be handled like any other fraud matter. Hire a professional to conduct a thorough and well-documented investigation, and report the findings to the organization’s legal counsel, parent organization, and other regulatory bodies, including to law enforcement, where appropriate. 

The one thing a small organization should never do is sweep a theft under the rug. Damage control requires transparency, not secrecy. Even a minor theft can be damaging to small-budget nonprofits, and perpetrators may go on to victimize other groups. The best solution is always strong oversight and prevention, but quick and decisive detection and action run a close second — and are vital to safeguard your organization’s worthy mission.


About the Author:

Dr. Charles Rabeno is a forensic accountant, instructor, and Certified Fraud Examiner. He holds a doctorate in education from Seton Hall University and a bachelor’s degree in accounting from Rutgers University. Prior to joining the private sector, he spent 22 years as a criminal investigator with a large federal law enforcement agency. He was a digital forensic examiner and participated in various criminal investigations involving the internet and dark web. He was detailed to headquarters in Washington, DC to oversee the development of the training curriculum and content for the changeover to the agency’s modern investigative software platform. His expertise is in white collar crime, including cybercrimes, fraud, and money laundering. Charles currently works in the financial sector, with a focus on litigation support and due diligence engagements.