Post Report Highlights Need for Effective Nonprofit Financial Controls
Nonprofits have lost hundreds of millions of dollars since 2008 due to fraud, theft, and embezzlement, according to a Washington Post investigation. One financial expert offers insight on how associations can better protect their finances.
In many cases, organizations would be thrilled to get above-the-fold coverage of their activities in a major national news publication—but not when that story has to do with fraud, embezzlement, and theft.
That’s the situation more than 1,000 nonprofit organizations found themselves in last weekend when the Washington Post released its analysis of Form 990 filings dating back to 2008, the year the Internal Revenue Service began requiring nonprofits to disclose any “significant diversion of assets.” The Post—which assembled a searchable, public database of such reported diversions—found that hundreds of millions of dollars had been reported missing by nonprofits, with little explanation as to where that money went.
In most cases, organizations that fall victim to fraud or theft either have not established adequate internal financial controls or they aren’t properly following the ones that are in place, said Charles Tate, managing partner at Tate & Tryon, CPAs and Consultants, a nonprofit accounting firm.
“There’s a gross disinterest among nonprofits and associations in good, effective controls,” he said. “But associations need to have policies in place for how money is spent, what contracts are approved, and so forth.”
Tate offered a few tips for associations looking to establish proper financial controls.
To begin building a solid internal-control system, Tate suggested following the Committee of Sponsoring Organizations’ (COSO) framework, which is based on five elements: a controlled environment; risk assessment; control activities; information and communication; and monitoring the effectiveness of the controls in place.
“Controlling the environment starts with the tone you set at the top, your HR policies, hiring qualified employees, and completing thorough background checks,” Tate said. “Next is your risk assessment—take a step back, and look at where the risks of fraud occur. Then design your procedures based on those identified risks, and communicate them throughout the organization. Continue to monitor the policies, the procedures, and the controls that you have, and update them as needed.”
In the case of the American Legacy Foundation, an organization the Post focused on in its article, the failure to monitor spending by a trusted employee in the IT department resulted in a $3.4 million fraud loss.
“It’s all about who has the approval authority to make purchases,” Tate said. “If that IT person at Legacy had sole discretion to make purchases, there’s no control there. It’s imperative to have a procurement policy that talks about approvals and thresholds, the vendor selection, the vendor monitoring, and then it’s monitoring the inventory after the fact.”
Mapping out where money will be appropriated in each department is another way to keep a lock on your organization’s finances, Tate said.
“With IT, for example, ask yourself, ‘What is our IT budget, what is it comprised of, who are our vendors, and what’s our long-term strategy?’” he said. “Those kinds of questions help you put into perspective where your money will be going and should help you quickly identify when illegal activity might be occurring.”
If a situation arises where you do suspect that an employee is stealing from your organization, swift, precise action is a must, said Tate.
“You want to be careful not to accuse someone before a proper investigation is done, but as soon as you expect fraud, start working through your outside counsel and the board to come in and look at the evidence and determine the proper course of action.”
And although no penalty exists for nonprofits that fail to follow the instructions for disclosing significant asset diversions on Form 990, Tate recommends abiding by the rule.
“It might be difficult in some cases to figure out precisely how much was stolen, but you ought to at least try to be transparent. It can go a long way toward helping your public image moving forward,” he said.