According to the Association of Certified Fraud Examiners’ 2018 report, when looking at 2,690 cases of occupational fraud across 125 countries, there were $7 billion in total losses with a median loss of $130,000 per case. The two largest categories of fraud are asset misappropriation (i.e. theft) and financial statement fraud (i.e. lying). Asset misappropriation is the more common type, accounting for 89% of the cases viewed and creating a median loss of $114,000.
The fraud environment
The perfect environment for fraud is formed when three things are present: an employee has the opportunity to commit fraud due to a lack of internal controls, feels pressure from unrealistic expectations, and can rationalize their behavior. When an employee commits fraud there are typically red flags that should cause concern regarding their behavior and actions:
- Living beyond their means
- Financial difficulties
- Unusually close association with vendors or customers
- Excessive control issues or unwillingness to share duties
- Lack of vacation time used
- Divorce or other family problems
- Shrewd or unscrupulous behavior
- Overly defensive when questioned about their work
Will an audit detect fraud?
A common misconception is that an external audit will detect fraud. However, auditors are not looking at every single transaction that has occurred in the period under audit, and it is, therefore, more difficult for auditors to actually detect fraud. Per the Association of Certified Fraud Examiners’ 2018 report, inside tips are the most common initial detection method, and internal control weaknesses were responsible for almost 50% of detected frauds. The strength of internal controls often varies depending on the number of employees, a multitude of transactions, and the complexity of transactions. Organizations of all sizes should consider implementing a few basic, highly recommended internal controls:
- A board member, preferably the treasurer, should review and approve the executive director’s credit card transactions and ensure that receipts are provided for all transactions.
- Bank statements should be reviewed and approved by an individual that is not entering information into the accounting system or performing the account reconciliation.
- If checks are manually signed, check images should be reviewed for authenticity.
- Check signors should be provided with the applicable supporting documentation to review prior to signing the check.
- Individuals responsible for review and approval should not have the ability to edit information in the accounting/payroll/donor software.
- The payroll register should be reviewed and approved prior to paying employees by ensuring hours match timesheets and approved wages are accurate.
- Timesheets should be reviewed and approved by the employee’s direct supervisor.
- Journal entries should be reviewed and approved by an individual that is not preparing them.
- Blank checks should be kept in a secure location and only accessible to appropriate personnel.
- Mail should be opened by two people and a log should be kept for all cash and checks received. The log should then be matched against the data entered into the accounting software and the bank deposit by the individual reviewing the bank statement.
- Grant expense reports should be reviewed and approved prior to submission by someone other than the individual preparing them.
Finally, a key factor typically overlooked in fraud cases is trust. It does not matter how long an employee has been with the organization or even if they are considered “family,” there may still be circumstances where the three items discussed above create an environment that could cause those individuals to commit fraud. Therefore, identifying how the organization is susceptible to fraud, cautiously watching for red flags, and implementing strong internal controls can all help an organization to prevent or detect fraud.
Want more like this?
Subscribe to get our latest resources and events just for non-profits in your inbox.