April 22, 2010
Protect Your Not-for-Profit Organization’s Credit Cards from Fraud
Fraud has been on the rise over the past decades, and America’s charitable communities have not been immune to these acts. Just a few examples from Philadelphia alone include Rev. Charles Newman, the former president of Archbishop Ryan High School, who pleaded guilty to stealing more than $900,000 from the school; John Carter, former president of the Philadelphia Seaport Museum, who is in prison for diverting $3 million to maintain a lavish lifestyle; and former State Sen. Vincent Fumo, who was convicted of using the resources of Citizens Alliance for Better Neighborhoods.
These examples are from one city and represent only the tip of the iceberg. As reported in 2006 by Independent Sector, an organization that performs research and publishes not-for-profit trends and data, there were more than 1.9 million nonprofit organizations in the United States, employing about 13 million individuals and generating an estimated $1.1 trillion in revenue. Assuming an inflation rate of 3 percent and the Association of Certified Fraud Examiners’ 2008 estimate that organizations lose 7 percent of annual revenue to fraud, the nonprofit sector is a victim of $85 billion in estimated annual losses due to fraud.
The lost revenue is significant, but the impact of fraud will also be felt in the following critical areas:
Damage to the organization’s reputation
- Negative publicity
- Lower employee morale
- Cost of litigation and investigation
- Disruption to business operations
The nonprofit sector, which prides itself on serving the public good, is often more susceptible to fraud and abuse than many for-profit enterprises. The reason why is simple. Their environment of trust is unlike that found in for-profit enterprises:
- Nonprofits often place excessive control in their founder, executive director, or substantial contributor.
- Nonprofits often allocate limited resources to accounting, internal controls, and financial oversight.
- Nonprofits often have many volunteers working in the organization who are privy to confidential information.
- Nonprofits frequently have all-volunteer boards of directors, with little or no financial oversight expertise.
- Nonprofits typically have nonreciprocal transactions, such as charitable contributions, that are easier to steal than other sources of revenue where there is consideration exchanged.
- Nonprofits are highly susceptible to the effects of negative publicity and, therefore, are reluctant to report, or even discuss, fraud when it occurs.
To minimize the opportunity for fraud and abuse in this sector, one must understand the two broad categories of nonprofit fraud: those committed against the nonprofit and those committed by the nonprofit. Typical examples of fraud perpetrated against nonprofit organizations include the following:
- Skimming — Cash is stolen before the funds are recorded in the accounting records.
- Credit card abuse — Perpetrators either use organization-issued credit cards for personal use or use donor credit card numbers.
- Fictitious vendor schemes — Perpetrators set up a company and submit fake invoices for payment.
- Conflicts of interest — Board members or executives have hidden financial interests in vendors.
- Payroll schemes — Continued payment of terminated employees, overstatement of hours, or fictitious expenditure reimbursement.
- Subrecipient fraud — Abuses by a subrecipient entity include intentional charges of unallowable costs to the award, fraudulent reporting of levels of effort, and reporting inaccurate performance statistics and data.
Examples of fraud committed by a nonprofit organization include the following:
- Deceptive fundraising practices — Misrepresentation of the extent of a charitable contribution deduction entitled, misrepresentation of the fair market value of donated assets, and failing to comply with donor-imposed restrictions on a gift.
- Fraudulent financial reporting — Misclassifying restricted donations to mislead donors or charity watchdogs, misclassifying fundraising and administrative expenses to mislead donors regarding funds used for programs, and fraudulent statements of compliance requirements with funding sources.
To minimize the opportunities for fraud and abuse, nonprofits absolutely need strong board leadership and improved independent audits.
The board of directors of a nonprofit organization has a fiduciary responsibility to the organization and its grantees and donors. In addition to its oversight responsibilities for policy making, planning, fiscal management, and public liaison, the board has fraud-related oversight responsibilities. These duties can be fulfilled as follows:
- Ensure that the organization has adequate fraud-prevention and risk-management policies.
- Ensure that the organization has taken appropriate steps to identify fraud risks and adequately protected itself against fraud through insurance and reasonable reserves.
- Oversee senior management’s follow-up actions in response to findings of auditors or investigators.
- Oversee the organization’s budgeting, financial reporting, tax reporting and financial analysis processes.
In addition to boards being more diligent in fulfilling their oversight duties, external auditors also need to be more diligent in their independent auditor role. Although it is virtually impossible to provide auditors with a detailed road map to detect all fraud, an effective audit requires all members of the audit team—from partner to associate—to be educated in the signs of fraud, the unique nature of the specific nonprofit control environment they are auditing, the organization’s internal risk assessment policies and procedures, and the potential effects of an unstable economy. All parties must maintain an enhanced level of skepticism throughout the audit process, from planning and fraud risk assessment to final report issuance and presentation. The days of accepting a client’s responses without self and/or independent corroboration are history.
Therefore, to assure that the environment of trust is working, management and the board must be committed to a control environment complete with clearly defined policies and procedures, and rigorous systems of checks and balances. Otherwise, the public’s trust could be lost... possibly, forever.