Hopefully that headline gets your attention. Sadly in our experience as auditors this statement is true. We are yet to find the perfectly protected organisation when it comes to fraud risk. However there are some basic things any organisation can do to help protect itself.

This article looks at some expensive fraud lessons that other organisations have “paid for” so that your organisation may learn, benefit and hence stay safer.

Anecdotally the incidence of fraud is often greater in not-for-profit entities than in commercial entities.  In commercial entities there is usually a critical focus on the financial results of the entity.  This is usually the key measure of the entity’s success. Accordingly financial results and position receive very close monitoring and attention. In many not-for-profit entities, which exist for reasons other than purely financial success, there is often a lack of similar critical focus on financial results.  This situation creates a greater opportunity for fraud to occur undetected.

New Zealanders are also guilty of some head in the sand behaviour on the topic of fraud.  More than one survey on this topic in New Zealand has found that many New Zealand not-for-profit organisations believe there is perceived fraud problem in the sector…but then did not believe this to be the case in their organisations!

Sadly fraud also often occurs because of ignorance.  The all too common “It couldn’t happen here” attitude means that the risk of fraud is not always proactively managed.  Also, too common is the thinking that “it is someone else’s responsibility”.  As a result the proper safeguards are not put in place making it easier than it should be for your organisation to be ripped off.  Studies have shown that internal controls are generally the most successful method of detecting fraud.

While having a competent audit of your organisation is one part of the solution, you also need to be proactive in order to stay safe.  A brutal reality of auditors as part of your control toolbox is that we come in after the event.  Hence if auditors do detect fraud it will often be some time after it occurred; the ambulance at the bottom of the cliff.  Whereas your internal controls are the fence at the top of the cliff.

You need to make sure it is a strong fence.

Some facts about fraud

Getting conclusive facts about fraud is difficult.  While there are annual surveys, many people do not want to report fraud in their organisation due to embarrassment or concerns about teaching others.  However the following are some key facts which we believe may be useful information for your organization:

Cash theft, diverting entity resources for personal use or gain, kickbacks, financial statement fraud and payroll fraud seem to be the most common types of fraud.

  • In not-for-profit organisations fraud is usually committed by paid employees and seldom by volunteers.  However it does occur.
  • Abuse of trust and positions of responsibility are common methods of perpetuating frauds.  Collusion is also involved in a reasonable proportion of higher value fraud cases.
  • The most common motivator for fraud is financial pressure, often due to gambling or other expensive vices.
  • In discovering fraud, internal controls is usually the most successful means of discovery, followed by employee or volunteer tip-offs, followed by some form of internal or external audit procedures.
  • Discovered frauds are often carried out for periods of more than 12 months before being discovered.
  • Surveys have shown that many organisations that suffer fraud do not report it to the Police.

While many frauds are relatively simple in their methods we have noted a worrying increase in cyber-fraud emanating from overseas.   Larger NFP organisations appear to be specifically targeted.

Helpful tips to protect your organisation against fraud

Remain sceptical – Think the worst and prove the best!

There is no single “silver bullet” to protect your organisation.  Strong fraud protection comes from understanding the risk and the fact that successful protection is the result of many measures working together.   A comprehensive risk management framework, that includes consideration of fraud, should be a key part of any successful organisation.

  • Seek best practice in your systems and controls  – Sadly frauds are often easier to perpetuate in the NFP sector as due to a lack of focus on systems and controls.  Many NFP organisations claim they cannot afford to implement best practice…but fraud can prove this argument to be a false economy.
  • Educate all concerned of the risk of fraud and it’s negative impact on your organisation; trustees, employees, especially admin staff, subcontractors, suppliers, volunteers etc.  The more people who are aware of the risk, the harder most frauds become.
  • Review and revise your financial controls – particularly whenever changes occur.  Ensure the controls surrounding finances and operations in place in your organisation are appropriate to the loss you could suffer.  Where possible make sure there is more one person involved in any financial process.
  • Seek independent assistance – A review of your systems and controls by an independent, expert third party can be highly beneficial.  Often it takes a fresh set of eyes with experience in the field to see the opportunities and threats clearly.  Your auditors should be a valuable resource in this area.
  • If you do find fraud…take action!  If you don’t, all that happens is that you unleash this person on some other unsuspecting organisation. Sadly there’s plenty of evidence of some fraudsters “practicing” on a number of NFPs before finally getting hauled before the Police and the Courts.
  • If you do suspect fraud in your organisation it’s essential that you immediately seek appropriate advice from an expert such as an auditor or forensic accountant with fraud investigation experience, or a solicitor who has taken fraud cases.  It is unfortunately easy to destroy your chances of recovery of funds if the correct process is not followed.  It is also ridiculously easy to finish up on the end of a personal grievance claim from the fraudster – costing your organisation even more money!