Does fraud happen in not for profits?
Surely not, we hear you say. Surely nobody would try and steal funds from a good-hearted charity or member-focused association?
Well unfortunately, they sure would. There have been many examples of fraud in Australian not for profits over time – from the National Safety Council of Australia in the late 1980s to a number that have received some publicity in the past year or so, including the Immigrant Women’s Health Service, Non-English Speaking Housing Women’s Scheme, RSL NSW and Surf Lifesaving NSW.
The ACNC hosted a webinar on the topic last month and noted that while fraud certainly occurs in charities, it doesn’t seem to be more prevalent in charities than in commercial organisations.
Look out for red flags
Whether an organisation is a charity, association or a commercial entity, nobody wants to see funds diverted for nefarious purposes. In order to avoid being ‘That Organisation’, it might be useful to understand the circumstances in which fraud can occur and the red flags to look out for that might signify a potential problem. Note: we will look at internal fraud in this article – that is, fraud committed by someone within or connected to the organisation.
The ACNC says – as did Myles McGregor-Lowndes in a 1991 article on the National Safety Council fraud – that the generally high level of public trust in charities is one of the conditions that allows fraud to slip under the radar.
Coupled with this is a culture of trust within NFP organisations, whereby there isn’t an onerous level of scrutiny applied by the governing body to employees and volunteers because everyone is in it for the cause.
This high-trust environment is further complicated by the difficulty in achieving segregation of duties in small organisations. In large organisations it is possible to have a different person looking after each aspect of the finance or fundraising function but in a small organisation, where the limited number of employees have a broad remit to their roles, it isn’t uncommon for one person to have end-to-end control of a process. This lack of oversight is where an opportunity for fraud can be created.
Typical fraud perpetrator
According to the ACNC, the typical fraud perpetrator is a paid employee and the most common types of fraud suffered are cash theft, and payroll and credit card fraud. They say that having strong internal financial controls is one of the most effective ways to prevent and uncover fraud.
The ACNC nominates an individual with sole control of a financial process as a red flag, along with reluctance by that key person to take holidays or accept help. Poor or slow responses to requests for information and delays in preparing information – especially for audit or other review – can also be indicators of a potential problem.
Other red flags that might be encountered in the financial accounts include reconciliations not being completed regularly and there being no oversight of those reconciliations to ensure they do actually reconcile. Altered or deleted records along with unusual transactions and variances from budget can also alert you to a problem. That said, a smart fraudster will work within the parameters of the budget – you will see from the recent examples cited above that the frauds haven’t been one-off opportunistic thefts, they have been complex and over a period of time.
Processes and culture
Many years ago, one of our favourite clients (not a client at the time) was defrauded by their finance manager who helped himself to some hundreds of thousands of dollars via fake salary sacrifice accounts.
When we helped investigate the matter, we discovered that a number of salary sacrifice accounts in the name of various employees were in fact paid to bank accounts held by the finance manager. No other employees were disadvantaged as they were ‘ghost’ accounts set up to be a vehicle for his fraud.
In our view, processes and culture are the two key means an organisation has to control and reduce the opportunities for fraud.
One is to ensure that there are multiple sets of eyes/hands on the financial accounts – our client achieved this by outsourcing their financial management to Accounting For Good. You can also achieve this by implementing a regular review process and segregating duties wherever possible. Supporting the transactional process side should be a regular review of financial performance and position – a Profit & Loss against budget and Balance Sheet showing movement from the last-audited figures. We recommend you take a look at s968 about the case against National Safety Council’s John Friedrich to see how balance sheet accounts can be misused to make the Profit & Loss appear rosy!
The other – complementary – approach is to have a culture that makes it easy to talk about fraud. This might mean that you have a policy that considers what fraud the organisation may potentially be exposed to and how to respond in the event of fraud… as well as a clearly-articulated process that makes it safe and easy for someone to ask a question.
The ACNC says it seems that charities tend not to report fraud to avoid reputational risk but it is important to note that there is a legal obligation to report to police if you think a crime has been committed – this includes fraud or theft. If you are an ACNC registered charity, you also have an obligation to notify the ACNC within 28 days of a breach of the Act.
Further obligations for charities operating outside of Australia are the ACNC’s External Conduct Standards which are intended to promote transparency and provide confidence that resources sent, or services provided, overseas reach intended beneficiaries and are used for legitimate charitable purposes.
Standard 3 requires charity organisations to “take reasonable steps to minimise the risk of corruption, fraud, bribery or other financial impropriety by persons working with the charity.”
There are a number of resources available to help organisations protect themselves from fraud, including the ACNC’s fraud prevention guide and the UK’s Fraud Advisory Panel, and if you suspect there might be an issue, a chat with your auditor or friendly accounting professional is a good first port of call.