According to the Association of Certified Fraud Examiners (ACFE), not-for-profit organizations make up 9% of all defrauded organizations. Such attacks — and losses — can be enough to destroy a not-for-profit. Although the best defense against fraud is a strong offense in the form of internal controls, you should also have a recovery plan should fraud occur. Here are some best practices to consider.
Let’s say you discover that a trusted staffer has embezzled money from your not-for-profit. Act quickly and contact an attorney and forensic accountant. Although there’s no guarantee that the stolen funds will be recovered, a forensic accountant can dig into the matter, interview staffers and preserve any evidence that might be used in court. Your advisors can also help you decide whether to pursue legal action against the perpetrator.
To help mitigate reputational damage, address any significant incident head-on with a press release and formal apology. If you try to bury the incident, you could encourage rumors that turn off donors and other supporters. And to show you’re taking the incident seriously, engage an auditor to perform a complete audit and upgrade any weak internal controls.
Also, depending on the size of the loss, consider terminating your executive director or other members of management who could be considered responsible because they allowed lax oversight or didn’t promote an antifraud culture. Although weak internal controls are the No. 1 factor that enables not-for-profit fraud to occur, lack of management review and internal control overrides are second and third.
Improving board oversight is critical, too. To signal improved board oversight to stakeholders, start requiring members to be completely independent from your not-for-profit’s management (if they aren’t already) and bar employees from serving on the board. You might also increase the number of voting members and mandate that at least one member have a financial or accounting background. The board should review financial statements at least monthly.
Comply with Regulations
If your not-for-profit loses funds to fraud, it must comply with federal and state reporting obligations. You’re generally required to report any “significant diversion” of assets on IRS Form 990. A significant diversion happens when the gross amount of all diversions discovered during the tax year exceeds the lesser of:
- 5% of gross receipts for the year,
- 5% of total assets at year end, or
Check with your state (or ask your CPA) for other required reporting.
Most not-for-profit fraud is discovered because an employee or other person submits a tip or complaint. So if your organization doesn’t already provide an anonymous tipline or webform, put one in place as soon as possible. Study after study has found that the earlier a fraud scheme is discovered, the less the defrauded organization loses. Contact us for help preventing or investigating fraud.
To learn more about how PKF Texas serves not-for-profit organizations, visit www.PKFTexas.com/NotForProfit.