Steps Nonprofits Can Take to Prevent Fraud
By John E. Mulvaney, Jr.

John Mulvaney
John Mulvaney
Since it takes an average of two years to detect fraud, ample time for an organization to suffer a significant loss, greater vigilance is necessary in order to detect fraud in its early stages. Here are steps nonprofits can take to detect and prevent fraud.

Common Signs of Fraud
Little or no segregation of duties #147; Duties such as the handling of cash, authorization of invoice payments, and the custody of physical assets are handled by one or few individuals.

Inadequate physical security #147; Failure to provide proper levels of physical security for premises during and after work hours; access to sensitive areas by all employees.

Insufficient IT security #147; Failure to provide an adequate level of security for an organization’s IT network, including network servers, computers, and all telecommunication systems.

Unusual cash transactions #147; Cash transactions that appear unusual and lack proper authorization; and transactions that lack supporting documentation.

Unexplained increase in expenses #147; Unusual or unsupported increases in expenses compared to financial budgets and industry norms.

Questionable documents #147; Documents that lack authentic characteristics and appear altered or duplicative.

Steps to Minimize Your Organization’s Exposure to Fraud
Ensure a strong commitment from senior management #147; Senior management has a responsibility to set the tone when it comes to fraud, and create a culture of ethical behavior. Without it, employees will feel that fraud is effectively condoned by the organization.

Written policy concerning fraud and ethics #147; All nonprofits should have a formal written policy concerning fraud and ethics. All newly hired employees should be required to review and sign a copy of the policy.

Ensure proper oversight #147; A committee or individual(s), depending on the size of the organization, should be tasked with ensuring that all aspects of a written policy concerning fraud and ethics are followed.

Implement strong internal controls #147; Analyses of frauds committed at nonprofits usually point to the same cause #147; poor internal controls. Many organizations lack the proper segregation of duties, especially when it comes to the flow of money. Strong internal controls and proper segregation of duties lower the risk of fraud.

Create a comprehensive vendor policy #147; The majority of frauds committed by employees of nonprofits involve some variation of vendor fraud. An employee can create a fictitious company and submit invoices for services never performed or inflate invoices for goods and services. Many times an employee will collude with an individual outside of the company. A strong policy that scrutinizes vendors is recommended. It should use data analytics in highlighting similarities among questionable vendor invoices. Look for identical or similar tax identification numbers, addresses, and vendor names.

Implement an expense reimbursement policy #147; Schemes involving expense reports submitted by employees often involve inflated expenses, expenses incurred for personal reasons, or expenses that an employee never incurred. A written policy should outline the types of reimbursable expenses, as well as the documentation required to support a reimbursement request. Further, a nonprofit that issues purchase cards or company credit cards to its employees must be extra vigilant in monitoring the use of the cards. Often employees abuse the cards by using them for personal reasons or for purposes unrelated to their official duties.

Require annual training #147; In order to increase the awareness of potential fraud and ethical issues employees should receive mandatory, annual training. Organizations committed to preventing fraud and creating a culture of ethical behavior must rely on their employees to accomplish this goal. Without buy-in from their employees, organizations will fail to attain the desired ethical environment.

Establish a hotline #147; The vast majority of fraudulent schemes are discovered as a result of a tip. Employees who have knowledge of a fraudulent scheme or unethical behavior are reluctant to get involved due to fear of losing their job, peer pressure, or retribution from the company or fellow employees. A program built on confidentiality which protects all employees will encourage them to report these matters to senior management. Protecting the identity of the reporting employee is paramount to any successful program.

Conduct a risk-based audit #147; If senior management suspects fraud or abuse is being committed it may be prudent to hire an independent forensic accountant to conduct a risk-based audit. Many times management relies on audits conducted by their internal or outside auditors. These audits often fail to uncover evidence of wrongdoing. A professional trained in forensic accounting is better equipped with the skills to uncover evidence of fraud in a timely and cost-effective manner.

Regularly review written policies #147; Each year an organization should undergo a review of its written policies to ensure they properly address the risks associated with a nonprofit organization. Such a review allows the organization to assess the strengths and weaknesses of existing policies and make any needed changes.

John E. Mulvaney, Jr. leads CBIZ Tofias’ Forensic, Litigation and Valuation Services Group. Email him at

December 2013