by Marc Courey, Marc W. Courey, CPA/CFF, JD, LLM, CFE, CICA, CCEP, CIA, Director – Forensic & Litigation Services, Wipfli CPAs & Consultants
Despite the market-jarring headlines of fraud within publicly traded companies, nonprofits also face significant exposure to internal fraud. The Association of Certified Fraud Examiners estimated that in 2002, $600 billion was lost in the United States due to workplace fraud , defined as “the use of one’s occupation for personal gain through the deliberate misuse or theft of the employing organization’s resources or assets” and which typically involves the diversion of cash or other assets by dishonest workers.
Small organizations – nonprofit or for-profit – are among the most vulnerable to workplace fraud due to their frequent lack of established policies and procedures aimed at avoiding internal losses. Nonprofits may be even more susceptible than small businesses and corporations to workplace fraud, given their budgetary constraints, frequently informal organizational structure, and reliance upon volunteers. Recognition of these challenges and adoption of the strategies outlined in this article can greatly reduce nonprofits’ exposure to fraud.
The process of preventing workplace fraud begins with the development of the organizational culture or ethic. Not to be confused with an employment policy, the organizational ethic is much more, functioning as the cornerstone in establishing the ethical expectations for the entire organization. Vital components of the ethic are:
- Clearly defined expectations of workers’ behavior, providing workers with a clear understanding of behavior which is acceptable and unacceptable;
- Formal establishment of an anonymous reporting system and encouragement for workers to report potential violations;
- The requirement that all workers cooperate with internal investigations of suspected ethic violations; and
- Policies and procedures by which the organization effectively implements and monitors adherence to the ethic, thereby safeguarding the organization’s assets.
In addition to being responsible for development of the organization’s ethic, management is also responsible for development of internal controls, those policies and procedures utilized in day-to-day operation of the organization. Such controls are necessary to both implement and enforce compliance to the ethic. To be effective, internal controls must:
- Encompass all facets of the organization’s operations;
- Control access to the organization’s assets;
- Insure the accuracy and reliability of financial reporting systems (including segregation of custody, authorization and record keeping duties, and independent checks on performance); and
- Integrate methods for anonymously reporting suspected abuses.
Having developed and implemented the organizational ethic, little will be gained if potential violations are ignored. Suspected or reported violations must be investigated on a timely basis. Appropriate discipline – including reprimands, termination or criminal reporting – must be meted out for substantiated violations of the ethic itself and other acts of misconduct, including refusal to cooperate with investigations.
Workplace fraud is a serious problem affecting all organizations, including nonprofits. Although reasonable levels of preventive measures may not successfully deter all fraud, development, implementation and enforcement of a strong organizational ethic offers significant protection for nonprofits’ assets and greatly lessens the impact of dishonest employees and volunteers.