What are the chances of someone embezzling funds from your nonprofit?
Most board and staff members think the possibility is remote for their 
organization. “Our people are so committed to our mission and work so hard, they would never take funds that don’t belong to them,” is a common thought process. The actual truth may surprise you.
The reality is that embezzlement and fraud within nonprofit organizations has reached epidemic proportions. According to an investigation by the Washington Post, between 2008 and 2012 over 1,000 nonprofits reported a “significant diversion of assets” in their IRS Form 990 disclosure forms.
It’s hard to imagine someone would embezzle from our nonprofit.
Embezzlement — fraud committed by employees and volunteers — is especially painful in community nonprofits. Not only is real damage done to our organization, but we feel that our cause has been betrayed by someone we trusted and liked. We worry that donors and grantmakers will be less likely to give us money if they hear about it. And because embezzlement is so often kept quiet in nonprofits, we might think that we are the only ones to experience it.
Because of their charitable mission, nonprofits tend to attract employees with a humanitarian outlook, and managers often assume that their employees are working there to promote a common, charitable vision. A sense of camaraderie and mutual reliance is common. In that kind of atmosphere, the possibility of illegal theft may seem implausible, and genuine trust may lead managers to overlook the need to have robust compliance programs to scrutinize financial transactions and employee behavior — especially with respect to low-level employees and small financial transactions — as would be typical at a for-profit firm.
Recovery from this type of theft can be fraught with challenges.
Not surprisingly, the consequences to nonprofits of such illicit activity can be grave. Recovery of funds is often difficult, if not impossible. Not only that, to the extent the theft is covered by an insurance policy, the policy may not reimburse the full amount of the stolen funds. Put simply, if funds are stolen, more often than not, they are gone forever. Apart from the financial loss directly related to the theft, reputational damage can be even more serious. If the theft — or the organization — is high profile, it may draw unwanted negative media scrutiny that tarnishes the image of the institution in the public eye well into the future. And such reputational damage can lead to dire financial consequences.
Embezzlement can call into question the competence of the organization’s staff and may even raise questions regarding the organization’s ability to accomplish its stated mission. In such circumstances, an organization may be disqualified from participating in government programs if it has not sufficiently protected government funds. Moreover, private donors, already choosy about the places they give their money, may simply walk away.
How do fraudsters steal from nonprofits?
The frequency with which low-level employees have been able to embezzle large amounts of money from nonprofits using relatively simple schemes is surprising. For example, one common embezzlement scheme that has resulted in enormous losses to nonprofits involves the submission of phony invoices. An employee submits an invoice on behalf of either a fictitious vendor or a real vendor for services never performed and then intercepts the check and deposits it in a personal bank account. And if enough transactions are completed over a long enough time period, they can be difficult to detect and yet result in large losses.
This type of scheme can also involve the employee endorsing checks made out to the organization and then depositing the funds in his or her own account. An organization is particularly vulnerable to this type of fraud when it receives donations that are not specifically expected, as it is not likely to realize the money is missing. Finally, employees also steal from nonprofits by abusing business expense reimbursement systems. This can be accomplished by paying for personal expenses and submitting the cost to the organization or by submitting reimbursement requests for fictitious or inflated expenses. A former secretary stole $86,000 from a nonprofit organization in Baltimore, in part by misusing the organization’s credit card. She also created fake audit reports to cover up her theft.
It is imperative that nonprofits be vigilant in protecting against and investigating allegations of embezzlement and fraud.
Detecting fraud can be very difficult. However, here are some best practices that nonprofits can use to protect against embezzlement.
>>1. Board members and executive-level employees must set the right tone. The board and organization executives must communicate, both explicitly and implicitly, that behavior inconsistent with the mission of the organization will not be tolerated. In financial matters, the board is responsible for setting an attitude of compliance and respect for procedure. The board, executives and other organization leaders need to make it clear that financial controls and procedures are not obstacles or irrelevant paperwork; rather, they are an important component of making sure the organization stays focused on its goals.
>>2. The organization must advocate strongly with its donors that adequate funding to implement basic financial controls, including funding for associated staff time, is essential to safeguarding the donor’s contribution. It is important for donors to understand that they can play a role, inadvertently, in the proliferation of fraud and abuse if they require large donations to be used without minimum necessary administrative support for financial controls.
>>3. Board members and executive-level employees must properly exercise oversight of the organization. Major transactions should be subject to board approval, and the board should also conduct regular reviews of the financial data of the organization and assessments of financial controls. Every board member should understand that it is their job to ensure that the organization has adequate anti-fraud policies and procedures. If possible, the board should establish a separate finance committee consisting of individuals experienced in finance and accounting. A finance committee should make sure that all data presented to the board is verified and should review budgets closely to ensure that they are reasonable in light of past actual expenses of the related program.
>>4. Nonprofits should develop policies that create a culture of compliance and ensure that all employees are aware of the possibility of fraud. A code of ethics should be created that includes fraud policies and how to respond to hints of wrongdoing. A hotline should be established so that anonymous tips can be made, even if it is only a separate mailing address for board members overseeing finances.
>>5. It is important to shape operational procedures regarding disbursements and the receipt of funds with compliance controls in mind. Of course, these procedures must be scaled to the size of the organization, but any size nonprofit can utilize financial controls. There should be as much diversification of authority and roles of employees as possible so that financial transactions are reviewed by more than one party. For example, if an executive has an organization credit card that is used to pay for business expenses, someone else should review the charges to ensure that it is not being used for personal expenses. It is also advisable that monthly statements be sent directly to the board’s finance committee by those preparing them so that the status of financial accounts can be assessed apart from what organizational leaders may be reporting.
>>6. Organizations should conduct a regular review of their insurance policies so that if a fraud does occur, the organization and its directors and officers are adequately protected.
A final warning.
While external audits are necessary and helpful in ensuring that financial controls and fraud prevention measures are being followed and are effective, the standard audit is not designed and should not be relied upon to detect fraud. The Association of Certified Fraud Examiners reports that less than 4% of frauds are discovered as a result of an audit of external financial statements by an independent accounting firm.
Most importantly, organizations and donors need to take the threat of fraud and embezzlement seriously. Fraud is a real danger for every organization, and proactive steps must be taken to minimize its risk.