The Director's primary role on a nonprofit board is to make strategic decisions that impact the operations of their organization. In addition, they can and should take an active role in protecting their organization from fraud. A proactive board can help reduce fraud risk, guarding the organization against loss of revenue and reputation. However, being proactive is challenging when, as board members, you're not involved in the day-to-day operations of your organization and you rely on staff, management and outside accountants to provide you with accurate financial information. Staff and management are the "front line" when it comes to catching many types of fraud; nevertheless, board members should be vigilant in their quest to weed out financial statement fraud. Although less common than purchasing schemes or employee theft—a 2014 report from the Association for Certified Fraud Examiners (ACFE) shows that financial statement fraud accounts for less than 5 percent of all frauds—financial statement fraud represents the highest loss in US dollars, totaling approximately $4.1 million in 2014. In contrast, the ACFE reports 30 percent of fraud in that year was due to corruption, and asset misappropriation was the most frequent form of fraud at more than 85 percent.
What are board members to do? The annual audit of a nonprofit organization's financial statements and review of internal controls and systems can give board members important clues to the risks the organization faces. To protect themselves and their organization, board members should look for these "red flags" in the annual audit that could signal financial irregularities or, worse, intentional fraud.
- Cash receipts: One of the most common forms of fraud involves "skimming" or intercepting money before it is recorded on the books. Cash is most often the target of this type of theft, but checks and credit card payments are also fairly easy to convert to cash. Regular review of the cash receipts activity and ensuring it is in line with expectations is an important control to provide oversight in this area. If there is any cause for closer scrutiny, review the processes and procedures for how cash and other money coming into the organization is handled. Ensure that one individual does not have the job of receiving, recording and depositing income. Likewise, one person should not be responsible for both reviewing and reconciling bank statements. Without segregation of duties, the opportunity and temptation to commit fraud may be too overwhelming for some to resist.
- Cash disbursements: Segregation of duties is also an important control to have in place for cash disbursements. It is necessary to ensure that one person cannot initiate as well as approve payments. Lists of vendors should regularly be reviewed by management to ensure that fictitious vendors—those with acronym names similar to the organization's or the initials of a staff member, for example, or unapproved vendors —are not receiving payments. If the organization provides credit cards to staff or management for business use, controls should be in place for approval of purchases and an independent party should review the monthly credit card statements to make sure charges are reasonable.
- Highly technical services of offerings: Does one person claim to be the only one who can understand the organization's needs or services? Is there someone who seems to be the only one who knows how certain processes or programs work? If so, that is a red flag that should be addressed. This often occurs in nonprofits where there is limited accounting personnel and much of the financial accounting and reporting responsibilities lie with a single individual.
- Common errors: Human error, whether intentional or accidental, can often lead to issues such as the misclassification of program expenses as management or general fundraising. While this is not considered fraudulent, close scrutiny of expense classification will ensure donor's gifts are being used to support the organization's mission. Other common errors include inaccurate representation of the fair value of donated goods or services, or erroneously netting instead of grossing up certain fundraising revenues and expenses.
How can board members protect themselves and the brand they represent? Being fully engaged as a board member is perhaps the best way to guard yourself and your organization from fraud.
- Establish a risk management policy: Spell out the board's expectations for how management should manage fraud risk. Be detailed and clear about the board's responsibilities in managing fraud risk, as well, and establish a process for identifying risks to the organization. Understand what management is doing or plans to do to prevent risk. How is fraud reported? How is technology being used? Have regular conversations with accounting personnel about potential fraud risk. Review external auditors' assessments of the effectiveness of controls, and implement recommendations to enhance existing controls.
- Carefully and thoroughly review financial statements: Board members without a strong financial background should NOT rely on staff or even other board members to ensure that the organization's financial data is accurate. Organizations such as the Georgia Center for Nonprofits and many public accounting firms offer training programs designed help board members build a better understanding of nonprofit financial statements. And while they are a useful tool in deterring fraud, annual external audits should not be relied on as a primary fraud detection method. Auditors attest that financial statements are free from material misstatements, not that fraud hasn't occurred. While an audit can uncover fraud, it should not be relied on as the organizations sole tool to fight corruption. Ultimately each board member is responsible for understanding and being proactively involved in the financial health of the organization.
- Establish a whistleblower policy: According to the Harvard Law School Forum on Corporate Governance and Financial Regulation, whistleblower tips are consistently the most common method of detecting fraud. Occupational fraud is more likely to be detected by a tip than by any other method. The ACFE recommends that organizations educate their employees to detect fraud and provide a means for individuals inside and outside the organization to report suspicious activity without fear of retaliation. One of the few requirements applicable to nonprofit organizations under Sarbanes Oxley is to establish and maintain a formal whistleblower policy. It has been shown historically that organizations with anonymous hotlines detected fraud 50 percent faster than those without hotlines.
- Leverage independent accountants: Nonprofit organizations engage certified public accountants to perform annual financial audits and provide consulting on nonprofit operational matters. The organization's CPA should be a resource to the board. CPA firms can provide assistance and consultation regarding concerns about financial and other matters that arise during the year, not just during the audit fieldwork. The organization should ensure that its engagement with the CPA includes an expectation that the CPA may be called upon to provide such service. The audit committee, finance committee and the board should communicate regularly with the CPA firm, making it aware of any problems and/or concerns with regard to the management of the organization or its assets.
- Tone at the top: One of the most important fraud deterrents is a strong "zero tolerance" culture. Board members must provide leadership and guidance to create an anti-fraud environment within their organization. Transparency and consistent messaging through written policies and actions are key to setting and reinforcing this tone.
Directors have a legal and often personal stake in ensuring the organizations they lead are responsible stewards of the funds their organization raises and the missions they champion. They may not be in the best position to notice day-to-day fraud, but they can learn to recognize the red flags that indicate potential fraudulent activity and have processes in place to deal with these discoveries quickly and effectively.
To discuss how board members can improve their ability to detect fraud in an organization and its financial statements, please contact the WBL Nonprofit Practice leader, Patricia Yeager, CPA, at 770-512-0500 or [email protected]. Visit our web site at www.wblcpa.com.
Founded in 1982, Williams Benator & Libby, LLP offers audit, accounting, advisory, transaction, family office and tax services for domestic and international middle-market companies, nonprofit organizations and high net-worth individuals. The firm is a member of Russell Bedford International (RBI), a global network of independent accounting firms.
* * * * *