It seems like a new story breaks every week about a charity being exploited by an insider. Charities lose an estimate of 7%-13% percent of their annual profits to theft, embezzlement, or fraud, to the tune of approximately 40 billion dollars a year.
Nonprofit organizations are often hesitant to report these losses to authorities for fear of tarnishing their reputation. Don’t fall prey to this instinct: not reporting these losses jeopardizes insurance coverage and communicates the wrong message to employees and funders. If the individual had substantial influence, the loss may also be an excess benefit transaction reportable on Form 990. Tips to help tighten an organization’s asset control include the following:
- Institute Strong Financial Oversight Policies. An organization should have in place strong, specific financial oversight and financial control policies that are tailored to the specific organization including a strong whistleblower policy. Periodically review finances and finance management to ensure that the Board, as well as employees, is consistently using the policies.
- Ensure Theft is Covered by Insurance Policies. A general liability policy that covers employee theft and embezzlement is a must for nonprofits with significant assets.
- Educate Staff. Educate staff about online fraud scams and other financial concerns. Foster an environment of responsibility.
- Have More Than One Set of Eyes on Finances. Specifically, have someone other than a signer on a transaction review the transaction and regularly balance the books. Audits are good, but are not designed for catching fraud or theft unless you specifically request this type of audit. Require dual authorized users for administrative security changes and for online transactions, as two separate authorized users on separate devices reduces exposure to asset loss. Require that original invoices be reviewed before checks are signed, and that original receipts are used.
- Implement a Signature Authority Policy. Implement a policy that requires progressive authorization (e.g., CEO, CEO plus one board member, Board Resolution) based on the size of the transaction or the duration of a contractual obligation.
- Know your Team. Institute background checks on Board Members, staff, and any key volunteers with access to the organization’s assets. Conduct a criminal background check as well as speak to at least three references. Research shows that most nonprofit embezzlement is perpetrated by trusted insiders and that a surprising percentage (up to 15%) of offenders have been convicted of a similar offense in the past.
- Keep Authorizations Up to Date. When an authorized signor or approver leaves the organization, notify the bank immediately to have that person removed. Shred and destroy any out of date card stock, credit cards, and signatory stamps. Collect any credit cards, keys or other asset-control related items from departing staff or Board Members. Also, keep anti-virus software up to date
- Lock Up Assets. Keep credit cards, check stock and signature stamps under lock and key.
- Set a Schedule to Conduct Fixed Asset Inventories. If the organization owns a significant amount of fixed assets or equipment, conduct fixed asset inventories annually.
- Know the Signs. Often, a person trying to steal from an organization acts in peculiar ways. They may be strangely reluctant to take time off, and may regularly work weekends or evenings after everyone else has left, out of step with the habits of others. Take note of late, erratic, or incomplete financial asset reporting, or frequent excuses blamed on technology, as such behavior is common. Also, in our experience, the perpetrator is most often motivated by a drug habit or a gambling addiction and is often a person in a highly trusted position.
Following these 10 proactive steps to protect your organization’s assets will greatly reduce the odds that your organization will have its reputation and balance sheet stained by theft and embezzlement.