Occupational fraud continues to challenge nonprofit organizations.  According to the 2020 Report to the Nations by the Association of Certified Fraud Examiners (ACFE), the median loss to the reported nonprofit organizations was $75,000 and the average loss was $639,000.  The 4 most common types of frauds are corruption, billing schemes, expense reimbursements and theft of cash.

What contributed to these frauds?  A failure in internal controls was a critical factor.  Over ¾ were caused by either lack of internal controls, override of internal controls, lack of management review, or poor tone at the top.

Now, with the sudden challenges presented by the current health environment, historical internal control systems are stretched to the limit by both expected and unexpected new events like:

  • Implementation of major new accounting standards
  • New funding sources with vague or confusing requirements
  • Evolving paper to electronic processes at the same time resources are often severely restricted by challenges with
  • Remote versus onsite work
  • Operating with a reduced budget or part-time staff
  • Succession planning and transition issues
  • Increased financial pressures on many workers

Many smaller organizations may have had outdated or unwritten controls even before 2020.

What can you do to overcome these obstacles?  Here are 5 things to consider:

1. Reevaluate risks-

Consider your current written internal control policies and procedures document.  Evaluate each process, being sure to involve individuals currently performing each task.  Discuss what has changed and look for weak spots and new areas of risk.  Brainstorm possible ‘what if’ scenarios, asking “What could go wrong?” and “What are our weaknesses?”  Make sure segregation of duties remains a constant in an evolving process.

2. Leverage technology-

Identify controls that document a review and approval process with hard copy sign-offs. Technology can provide collaboration tools with additional layers of approval that can help ensure that controls are enforced and appropriate segregation of duties is maintained. Adjust the approval process for those controls to capture digital signature approvals or approval via email. Using a review template to document digital reviews/approvals can help ensure the capture of necessary review steps and consistent application.

3. Add detective controls-

Consider embedding a detective control step into each process to identify any errors or fraud after they have occurred. This can help you identify and correct any weak spots as your business adapts to new processes.

4. Consider controls over accounting estimates-

Management estimates related to asset impairment and going concern evaluations may require significant reassessment, revision and enhancements. Estimate assumptions, methodologies and conclusions should be fully evaluated.

5. Update documentation-

Keep a record of any revisions to processes and include a record of when you have made your changes.

2020 will likely leave a lasting impact on the way we do business. Some businesses that were previously reluctant to accept a remote workforce have adapted.  Some employees have embraced working from home and may wish to continue to do so. Taking the time now to ensure that your internal control processes are responsive to a remote work environment will serve your business well beyond the end of the pandemic.

Red flags

  • Bank reconciliations not performed in a timely manner
  • One individual has control over too much of any one process
  • One individual has control over a little bit (or more) of multiple processes
  • Altered paper or electronic documents
  • Inventory shortages
  • Employees living beyond their means
  • Employees skipping vacations
  • Accounts receivable open for long periods of time
  • Donors not receiving receipts for contributions

Article Submitted by Donna H. Buzby, CPA, RMA, CGMA