Skip to content

OPINION: Fraud: beware!

You must be aware of the risks and be prepared to recognize weaknesses and take action to prevent, detect and respond to fraud.

I tend to write my articles about matters that we become aware of – somewhere. Unfortunately, the topic of defrauding both for-profit and non-for-profit organizations (NFP) tends to rear its ugly head all too often.

Those who have defrauded may have been long-term employees, in a position of trust. Therefore, you must be extra diligent in your oversight and set the tone from the top with proper governance.  

  • I’ve heard the following:
  • I know the employee has a lot of control, but we’re small – we have to trust someone!
  • The employee has been with us forever – they are like part of the family.
  • Who would ever do that? It would take a devious mind!

Let’s consider this:

The opportunity

Small business and NFPs face unique and significant challenges which put them at greater risk of suffering from fraud. In efforts to minimize administrative costs, many are minimally staffed and a lot of unilateral power is given to the bookkeeper or the controller with, oftentimes, insufficient or no internal controls in place and very limited board of directors or owner/shareholder oversight. This can lead to many issues, including fraud and improper spending.

Common schemes of misuse

The most common ways employees defraud include:

  • writing unauthorized cheques or electronically transferring funds to themselves or family members;
  • changing banking information for online payments to personal banking information;
  • claiming for reimbursement of personal items including travel via expense reports or directly charging credit cards; and
  • awarding vendor contracts to relatives or friends and paying prices that exceed fair market value.

Preventative measures

Oversight is very important in the fight against fraud. To reduce the risk of fraudulent activities, you could consider the following:

  • written policies and procedures – including conflict of interest, and guidance addressing personal versus business expenses and travel reimbursement policies;
  • implementing strong internal controls over disbursements including:
    • segregation of duties (ordering, receiving, invoice approval, and payment);
    • control electronic fund transfers (EFTs) so that two electronic approvals are required. This includes the ability to set up a payee or change banking information for a supplier;
    • proper authorization of transactions (including escalation and review of adequate supporting documentation); and
    • control over credit cards to ensure all credit card statements are submitted with accompanying itemized receipts for review and approval even if the expenses are incurred by the boss or other high ranking employees 
  • implementing strong internal controls over fund receipts including:
    • segregate duties between those recording receipts, depositing funds, and reconciling the bank accounts;
    • issue pre-numbered receipts and ensuring the continuity of the receipt number sequence in the collection records; and 
    • ensure supervision of cash collections and maintenance of detailed supporting records including sign-off by each person involved.

Recovery measures

The expense of civil litigation in an attempt to recover losses from the fraudster may be costly, lengthy and take time away from the organization. Therefore, even if an organization has controls in place to prevent and/or detect fraudulent activity, it would still be prudent to purchase fidelity insurance that may cover not only the loss from the fraud but the forensic accounting fees required to investigate and quantify the loss. The resulting forensic report can be used for both civil and criminal purposes. In some criminal proceedings the court may also order restitution be made.

The implications of fraudulent acts at NFPs reach far beyond the financial losses. They can result in damage to the reputation of the NFP, a loss of trust among donors, and they disrupt the NFP’s business operations and ability to perform its mission.

You must be aware of the risks and be prepared to recognize weaknesses and take action to prevent, detect and respond to fraud.