You’ve heard the reports on the local news. A Pennsylvania church worker is accused of stealing at least $340,000 from the church’s charitable donations fund. A fire department treasurer is accused of stealing more than $250,000 from the fire company over a period of seven years.

So how can you keep this from happening to your nonprofit?

One of the best ways to help prevent fraud — in any size organization — is through implementation of strong internal controls. You may think your organization is too small to have strong internal controls. However, there are several ways to strengthen internal controls in even the smallest nonprofit.

Set the Tone at the Top

One of the most important factors in establishing an organization’s internal control framework is the control environment, or “tone at the top.” This control environment, which is displayed by management and your nonprofit’s board of directors, affects the employees’ behavior and attitudes. Sometimes, it is thought that since it is a nonprofit organization, ethics are just “understood” or “implied” and don’t need to be discussed.

However, an emphasis should be placed on the importance of ethics and controls at staff meetings or in the employee handbook, and it should be impressed upon every staff member and volunteer that the rules of the organization need to be followed. Since employee tips account for the most common method of initial detection of fraud, educating staff on fraud and setting the appropriate “tone at the top” is of critical importance.

Institute Checks and Balances

Two particularly high-risk areas for fraud are in the receipts and disbursements of an organization. Following are some specific suggestions your nonprofit may want to consider for these two areas if they are not already included in your internal controls.

Receipts

• An individual outside of the accounting function should open the mail, if possible.
• In cases where the organization is holding an event where a large amount of cash is collected, there should always be two people at each site to collect and count the cash received.
• A “For Deposit” stamp should be used on every check received prior to being deposited.
• Cash and checks received should be reconciled against deposit slips and bank statements.

Disbursements

• An individual outside of the accounting function should open the mail, if possible.
• Establish authority levels and documentation requirements for placing orders and approving payments.
• Invoices should be checked for accuracy to ensure they add and they match the contract price or purchase order.
• Invoices should be approved by an authorized individual.
• Invoices should be coded by department and type of account by the individual who ordered the service and/or has the responsibility for the budget line item being charged.
• Use pre-numbered checks.
• Keep all unused checks in a locked cabinet.
• Limit the number of individuals with access to the checks.
• Check signers should be board members or management and should be different than the individual who is writing the checks.
• Consider requiring two signatures on checks for amounts above a specific threshold.
• Establish rules for using the organization’s credit card, if applicable. Restrict access to the credit card to certain individuals and require copies of statements and documentation for purchases be given to the finance team. Documentation should be provided for each purchase and should be matched to the credit card statement before the credit card payment is processed.

Reconciling the Bank Statement

Ideally, someone other than the bookkeeper or the individual who handles the money should reconcile the bank account from an unopened statement. Since this may not be possible in a small organization where one person handles everything, a suggestion is to have an “outside” person, like a board member, receive the unopened bank statement. This individual would open the bank statement and look it over before giving the statement to the bookkeeper to reconcile.

Given the public trust invested in nonprofits, any amount of fraud can be devastating to the organization. Incorporating internal controls such as those outlined above will help ensure your funds go where they are needed most, and not into the pockets of fraudsters.

_________________

Karin Honeybone is a Manager with the Audit Services team at DunlapSLK, a CPA and business advisory firm based in Chalfont. She has more than 20 years of audit experience, performing audits of not-for-profit organizations, local governments, and commercial entities. Honeybone is also one of the firm’s specialists in ERISA/Department of Labor audits, where she performs audits of employee benefit plans, including 403(b)s.