According to the Association of Certified Fraud Examiners (ACFE), not-for-profit organizations make up 9% of all defrauded organizations. Although the best defense against fraud is a strong offense in the form of internal controls, you should also have a fraud recovery plan in place. Here are some best practices to consider before such attacks — and losses — could possibly destroy your nonprofit.
Quick Action
Let’s say you discover that a trusted staffer has embezzled money from your nonprofit. Act quickly and contact an attorney and forensic accountant. Although there’s no guarantee that the stolen funds will be recovered, a forensic accountant can dig into the matter, interview staffers and preserve any evidence that might be used in court. Your advisors can also help you decide whether to pursue legal action against the perpetrator.
To help mitigate reputational damage, address any significant incident head-on with a press release and formal apology. If you try to bury the incident, you could encourage rumors that turn off donors and other supporters. And to show you’re taking the incident seriously, engage an auditor to perform a complete audit and upgrade any weak internal controls.
Management Matters
Also, depending on the size of the loss, consider terminating your executive director or other members of management who could be considered responsible because they allowed lax oversight or didn’t promote an antifraud culture. Although weak internal controls are the No. 1 factor that enables nonprofit fraud to occur, lack of management review and internal control overrides are second and third.
Improving board oversight is critical, too. To signal improved board oversight to stakeholders, start requiring members to be completely independent from your nonprofit’s management (if they aren’t already) and bar employees from serving on the board. You might also increase the number of voting members and mandate that at least one member have a financial or accounting background. The board should review financial statements at least monthly.
Comply with Regulations
If your nonprofit loses funds to fraud, it must comply with federal and state reporting obligations. You’re generally required to report any “significant diversion” of assets on IRS Form 990. A significant diversion happens when the gross amount of all diversions discovered during the tax year exceeds the lesser of:
- 5% of gross receipts for the year,
- 5% of total assets at year end, or
- $250,000.
Check with your state (or ask your CPA) for other required reporting.
Tiplines Can Help
Most nonprofit fraud is discovered because an employee or other person submits a tip or complaint. So if your organization doesn’t already provide an anonymous tipline or webform, put one in place as soon as possible. Study after study has found that the earlier a fraud scheme is discovered, the less the defrauded organization loses. Contact one of our Nonprofit specialists and start a discussion on how to set up a fraud recovery plan.