3 Ways to Reduce a Nonprofit’s Fraud Risk
/Charles Ameer, chief financial officer (CFO) of Indeco North America, a manufacturer of hydraulic hammers, and volunteer treasurer of Weston Soccer Club (WSC) in Weston, Massachusetts, pleaded guilty to wire fraud in March. He stole $890,000 from Indeco and faces up to 20 years in prison. During his time as Indeco’s CFO, he misappropriated at least $38,500 from WSC for personal use. Ameer then created a $40,000 check, drafted from Indeco’s bank account and made payable to WSC. He used the check to reimburse the WSC for the funds he’d taken. He subsequently opened a line of credit in WSC’s name without authorization, transferring funds into the WSC account he had stolen from to further conceal his theft. From 2018 to 2022, Ameer created 14 additional checks totaling $850,000, drafted from Indeco’s bank account and made payable to him.
Nonprofit Fraud and Internal Controls
This classic case of embezzlement is one of many case studies of nonprofit fraud schemes presented by Rollie Dimos, CFE, CIA, CISA, during the 35th Annual ACFE Global Fraud Conference. Dimos, director of Internal Audit and the Center for Leadership and Stewardship Excellence at the Assemblies of God national office, said Ameer’s scheme illustrates the convergence of the three elements of the Fraud Triangle: pressure, opportunity and rationalization.
“His scheme ramped up quickly,” Dimos said. “From the nonprofit’s perspective, I know they were pleased as punch to have a CFO come volunteer at their organization. He was given free reign of the financials without anyone looking over his shoulder. You have to have controls and processes to vet and approve volunteers and ensure they’re doing exactly what they’ve been asked to do.”
By studying real-life fraud schemes, Dimos aimed to instill lessons that would help to reduce the risk of fraud in nonprofit organizations.
“The average fraud scheme lasts 12 to 24 months. When you have controls in place, the median duration of fraud and the loss go down to eight to 12 months,” he explained.
Lessons Learned from Nonprofit Frauds
Dimos urged nonprofits’ boards of directors to learn from the fraud schemes examined in his selected case studies and to implement these three key practices to reduce fraud risk:
Embrace accountability and transparency. Make it part of your organization’s DNA and model it.
Document your policies and procedures. Put it in writing, clarify your expectations and create policies for accountable reimbursement, conflicts of interest and whistleblowers.
Minimize exceptions. Everyone should play by the same rules
The nonprofit fraud cases Dimos reviewed offered valuable insight and advice for nonprofits focused on preventing and detecting fraud. Dimos encouraged nonprofits to conduct background checks on volunteers and employees and to repeat them every few years. He also urged nonprofits to speak up when they suspect fraudulent activity among employees, volunteers or vendors.
“I call it the culture of silence. We see something, but we don’t say something. In the nonprofit world, we don’t want to speak against the leader. They’re doing good deeds, but we need to have a culture of accountability and transparency,” he said. “Create a conflict-of-interest policy and a whistleblower policy. Let’s get rid of the culture of silence and allow people to talk.”
In his summaries of nonprofit fraud case studies, Dimos highlighted instances of credit card abuse, payroll fraud and tax fraud. Based on his experience as an internal auditor, he described most of the schemes as unsophisticated and easy to detect.
“Lack of internal controls is the biggest weakness in nonprofits,” he said. “Four controls would help reduce the amount and duration of fraud: financial statement audits, hotlines, proactive data analysis and surprise audits.”
Preventing Nonprofit Fraud
When investigating and responding to fraud in a nonprofit, Dimos advised organizations to suspend the suspected employee without pay, issue a “preserve evidence” order to all staff, secure the employee’s digital assets (laptop and storage drives), contact a lawyer and a public relations firm, and contact the insurance company.
“After the investigation is complete, you can terminate the employee,” Dimos said.
He also encouraged nonprofits to conduct board reviews; segregate duties; set up a tip line; provide fraud awareness training; and pay attention to red flags, such as unexplained credit card purchases and irregularities in accounts and budget variances.
“The board needs to be really involved. They have to encourage segregation of duties. Smaller nonprofits may not be able to pay another person to oversee compensating controls. But you can implement additional internal controls with the help of the board,” Dimos explained.