Prevention of Fraud in Nonprofits - Oregon Society of CPAs

Sarah was an exemplary employee. She was 53 years old and had served as the accountant for a midsize nonprofit for over 20 years. She worked hard, rarely took time off and was always willing to help. Bryan had been the organization’s executive director for about five years, and he was grateful for Sarah. Bryan did not have an accounting background and really didn’t understand financial reports.

Bryan became concerned about bank balances. Historically, the overall balance would dip and rise over time but always seemed to level out at around $200,000. However, over the past year the balance had steadily declined, despite consistent revenue and typical expenses. Around this time, Sarah reluctantly took a ten-day trip to visit her aging parents in another state. Bryan did not want Sarah’s work to pile up, so he hired a reputable CPA as a temporary accountant. The bank accounts had not been reconciled for several months so the CPA started there. She noticed that the name of the payee on the canceled check images of several checks each month did not match the name of the check payee in the accounting system. When she showed the check images to Bryan, he did not recognize the names. The checks were payable to companies he was not familiar with. The CPA examined previous months that had been reconciled by Sarah. She discovered more payees that did not match the check entries and some of the check images received from the bank were payable to Sarah while the accounting system showed the checks payable to the organization’s regular vendors. Bryan hired an attorney and a forensic accountant to conduct a full investigation, which eventually revealed Sarah stole over $250,000.

This all-too-common scenario affects entities of all sizes in all industries. Fraud leaves a wake of devastation from which some entities never recover. Fraud against not-for-profit organizations (NFPs) is especially destructive. NFPs typically have small operating margins that are often unable to absorb the losses. NFPs also face reputational risk resulting in declining donor confidence and shrinking donation revenue.

Fortunately, there are simple, cost-effective strategies that NFPs of any size can implement to detect, deter, and prevent fraud in their organizations. First, let’s explore several common fraud schemes and red flags.

COMMON FRAUD SCHEMES FACING NONPROFITS

Fraud is most likely to occur when all three sides of the Fraud Triangle are present: 1) pressure; 2) opportunity; and 3) rationalization. Pressure may be financial, social, or related to job performance. Opportunity exists when there is a weakness in controls. And rationalization occurs when the would-be fraudster justifies his behavior.

The greatest fraud threats facing NFPs are within their own organizations. This is commonly referred to as “occupational fraud” and, according to the Association of Certified Fraud Examiners (ACFE), it is most likely the largest, most costly form of financial crime in the world.

The most common occupational frauds facing NFPs involve asset misappropriation (embezzlement) through a variety of creative schemes. This article will focus on four prevalent types of schemes: billing schemes, payroll schemes, expense reimbursement schemes, and check tampering. In one example of a billing scheme, a bookkeeper established shell companies and included payments to her companies in batches of payments to legitimate vendors, making it difficult for others to identify the fraudulent payments. In another type of billing scheme, a pastor of a small church made personal purchases with the church’s credit card, then berated and belittled the bookkeeper when he was asked to provide supporting documentation. In a payroll fraud scheme, a human resource specialist and a payroll clerk colluded to establish and pay fictitious employees. In an expense reimbursement scheme, a Vice President created phony receipts and submitted fraudulent expense reimbursement requests. In one example of check tampering, a trusted custodian took several checks from the Controller’s desk. He “washed” them to erase the ink and changed the payee to the name of a shell company he established.

NFPs face additional challenges due to the very nature and culture of their missions. NFPs experience budgetary restraints that hinder efforts to attract and retain competent employees, particularly in accounting functions. A savvy internal fraudster can avoid detection for months or even years in such environments. Unfortunately, the longer a fraudster works for an organization, the more costly the fraud. Another common challenge for NFPs is the tendency to operate within a culture of trust in which adequate oversight is lacking. Simple internal controls are dismissed as unnecessary due to the mistaken belief that staff and volunteers would never steal from an NFP. Kindness and stated allegiance to an NFP’s mission may be mistaken for integrity.

INTERNAL FRAUD RED FLAGS

The biggest red flag for occupational fraud is living beyond one’s means. In fact, it has been the #1 red flag reported every year since the ACFE began compiling fraud findings in 2008. Other common red flags for occupational fraud include:

Financial difficulties
Unusually close relationship with a vendor
Control issues or an unwillingness to share duties or take vacation
Irritability, defensiveness, intimidation
“Wheeler-dealer” attitude
Complaints about inadequate pay, lack of opportunity, or feeling unappreciated
Addiction problems

EXTERNAL FRAUD THREATS

Although occupational fraud is a significant concern to NFPs, two external frauds also pose threats worth discussing: email spoofing and investment fraud schemes. Email spoofing occurs when a fraudster sends an email that appears to come from a trusted source. For example, a church bookkeeper receives an email that appears to come from the senior pastor requesting his payroll direct deposit be sent to a new account, effective immediately. The new account, however, does not belong to the pastor but is controlled by the fraudsters.

Churches and faith-based ministries are especially susceptible to investment fraud, also known as Ponzi schemes. Investment fraudsters often target churches and other faith communities because the members regard one another with unconditional trust. Once the fraudster gains the trust of one member (often by providing high returns on an initial investment), the member recruits other members. Red flags of a possible Ponzi scheme include:

A promise of guaranteed high returns
Investments with little to no risk
Investment returns that do not mirror market returns
Unlicensed sellers
Vague replies to inquiries about how the underlying business operates

SIMPLE, COST-EFFECTIVE WAYS FOR NFPs TO PROTECT THEMSELVES

While devastating frauds can cost NFPs hundreds of thousands (or even millions) of dollars of loss, there are practical, budget-friendly strategies NFPs of any size can implement to reduce the risk of fraud without adding a heavy administrative burden. Fraud detection, deterrence, and prevention begin with a strong tone at the top. NFP leaders should demonstrate integrity, honesty, excellence, and ethical behavior. NFPs can further strengthen themselves against fraud by creating and living by a strong code of conduct. Additionally, ethical behavior should be celebrated throughout the organization.

Another cost-effective tool for NFPs is annual fraud awareness training. Annual training equips directors, managers, employees, and volunteers with the knowledge and encouragement they need to identify red flags and to know how to report concerns. Tips are twice as likely to come from employees who received fraud awareness training than from employees that did not. According to the ACFE, NFPs have the lowest implementation rate of fraud awareness training. However, NFPs that provided fraud awareness training uncovered frauds within their organization more than 2 ½ times faster than NFPs that did not.

Simple policies and internal control strategies can further strengthen fraud deterrence, detection, and prevention. Common strategies include:

Maintaining up-to-date policies and procedures, including accounting and finance, HR, and whistleblower policies
Establishing a culture where any employee feels comfortable calling those in authority to verify email requests that appear to come from a leader
Providing detailed procedures for reporting tips and escalating concerns
Ensuring the competency of personnel in oversight roles and accounting functions, including a basic financial understanding
Mandating vacations and regular time off
Providing robust segregation of duties with monthly account reconciliations, management review, and surprise audits
- The same person should not authorize transactions, record transactions, and reconcile transactions
- Crosstrain employees to perform key functions of other positions and/or minor internal audit procedures
- When a complete separation of duties isn't feasible, implement compensating controls, such as having employees share or periodically rotate job duties
Utilizing accounting software with effective access controls to automate transactions and ensure adherence to segregation of duties policies
Establishing an automated system for review and approval of credit card charges and expense reimbursement requests
Processing payments via secure online bill payment solutions and Automated Clearing House (ACH) payments
Utilizing positive pay (a service provided by many financial institutions that verifies transactions against a list of anticipated transactions) for outgoing ACH payments and checks
Maintaining a list of approved vendors
Creating a culture of accountability by investigating and disciplining wrongdoers

CONCLUSION

NFPs of any size can increase their awareness of fraud risk and strengthen controls to detect, deter, and prevent fraud without significant cost or added burden. By establishing effective policies and practices before fraud is suspected, an NFP is able to protect its assets and ability to accomplish its mission.

Joan O’Dowd, CPA/CFF, CFE, MBA is a former FBI forensic accountant and the owner of Fathom Forensic Accounting LLC. Joan specializes in fraud investigations, complex financial analysis, and asset tracing. She is a member of the Fraud and Forensic Services Advisory Council for the Georgia Society of CPAs. She can be reached at joan@fathomforensic.com.

This article is republished with permission from the Georgia Society of CPAs'Current Accounts 2026 March/April issue.