According to the Association of Certified Fraud Examiners (ACFE), not-for-profit organizations make up 9% of all defrauded organizations. Such attacks — and losses — can be enough to destroy a nonprofit. Although the best defense against fraud is a strong offense in the form of internal controls, you should also have a recovery plan should fraud occur. Here are some best practices to consider.

Quick action

Let’s say you discover that a trusted staffer has embezzled money from your nonprofit. Act quickly and contact an attorney and forensic accountant. Although there’s no guarantee that the stolen funds will be recovered, a forensic accountant can dig into the matter, interview staffers and preserve any evidence that might be used in court. Your advisors can also help you decide whether to pursue legal action against the perpetrator.

To help mitigate reputational damage, address any significant incident head-on with a press release and formal apology. If you try to bury the incident, you could encourage rumors that turn off donors and other supporters. And to show you’re taking the incident seriously, engage an auditor to perform a complete audit and upgrade any weak internal controls.

Management matters

Also, depending on the size of the loss, consider terminating your executive director or other members of management who could be considered responsible because they allowed lax oversight or didn’t promote an antifraud culture. Although weak internal controls are the No. 1 factor that enables nonprofit fraud to occur, lack of management review and internal control overrides are second and third.

Improving board oversight is critical, too. To signal improved board oversight to stakeholders, start requiring members to be completely independent from your nonprofit’s management (if they aren’t already) and bar employees from serving on the board. You might also increase the number of voting members and mandate that at least one member have a financial or accounting background. The board should review financial statements at least monthly.

Comply with regulations

If your nonprofit loses funds to fraud, it must comply with federal and state reporting obligations. You’re generally required to report any “significant diversion” of assets on IRS Form 990. A significant diversion happens when the gross amount of all diversions discovered during the tax year exceeds the lesser of:

  • 5% of gross receipts for the year,
  • 5% of total assets at year end, or
  • $250,000.

Check with your state (or ask your CPA) for other required reporting.

Tiplines help

Most nonprofit fraud is discovered because an employee or other person submits a tip or complaint. So if your organization doesn’t already provide an anonymous tipline or webform, put one in place as soon as possible. Study after study has found that the earlier a fraud scheme is discovered, the less the defrauded organization loses.

© 2023

 

---

The information contained in the Knowledge Center is intended solely to provide general guidance on matters of interest for the personal use of the reader, who accepts full responsibility for its use. In no event will CST or its partners, employees or agents, be liable to you or anyone else for any decision made or action taken in reliance on the information in this Knowledge Center or for any consequential, special or similar damages, even if advised of the possibility of such damages.