{title} icon

Articles From Lumsden McCormick

Take Steps to Prevent Fraud at Your Nonprofit

Most people would likely find the idea of fraud against a nonprofit organization abhorrent. Nonprofits are often treated as sacred cows because they’re dedicated to achieving altruistic goals. But no entity is immune, and all charitable groups should take steps to help deter embezzlement and other types of fraud.

In a recent example, a Society for the Prevention of Cruelty to Animals in the Eastern United States named a new director and announced new safeguards designed to help prevent fraud. Why? Because the former director had recently pleaded guilty to grand larceny, criminal tax fraud and falsifying records in a scheme involving two other employees that defrauded the nonprofit of more than $700,000.

Background Information

Theft and embezzlement pose problems for nonprofits in three primary ways:

    1. It usually results in monetary damage that can be hard to recover from and might lead to the organization’s demise.
    2. It may tarnish the group’s public image, making the nonprofit seem as if it’s dishonest or clueless. This could discourage donors and grant-makers.
    3. Internally, it can shake the faith of the organization down to its core.

Fraudsters can victimize nonprofit in many ways. Among the more common are:

Check tampering. Most organizations have bank checking accounts, but not everyone is authorized to sign checks. Still, an employee could easily forge a signature that could be hard to detect. Sometimes even officers and others in positions of authority sign and cash checks to use the money for personal reasons.

In addition, busy executives or directors might not take the time to scrutinize every check they sign. So someone may try to slip one by and hope that it’s not noticed. To avoid this problem, signers should carefully examine what they’re signing and ensure that a proper invoice accompanies each transaction.

Skimming. In this type of fraud, cash is stolen before it’s reported. For instance, an employee or volunteer could pocket cash donations and underreport the amount given. Or someone could open a personal bank account with the same or a similar name as the organization and deposit donor checks into it. To close the loop, the skimmer might even send thank-you notes to the donors on the organization’s official letterhead. And of course, nonprofit frequently sponsor special events and receive proceeds in cash that may easily be lifted from the cashbox.

Payroll issues. These can include a variety of schemes ranging from payments to nonexistent employees to unauthorized raises or bonuses. Frequently, embezzlement is committed by someone with access to payroll, so make sure you have a system of “checks and balances” in place. Using an outside third party may thwart problems.

Property Theft. While money is most commonly involved in theft, expensive equipment may also be taken from your offices — including computers, cameras, other electronic devices and even works of art. When possible, store valuables in a secure location with limited access.

Steps to Fight Fraud

One of the best ways to discourage fraud is to make it abundantly clear that the organization has zero tolerance for it. If your nonprofit hasn’t already done so, establish that it will aggressively investigate any indication of embezzlement or theft and punish offenders. Typically, an organization can accomplish this with the following steps:

Require double signatures. Several layers of approval make it more difficult to steal from the organization. For expenditures over a predetermined amount, require two signatories on every check and every authorization or payment. If your staff is too small for this, have an officer or director be the second signatory.

All requests for cash or checks should include an invoice or other document indicating the disbursement is appropriate. Don’t sign blank checks. Also, require two individuals to approve in writing the use of credit cards for costs over a certain amount. The person using the card shouldn’t be the same person authorizing its use.

Segregate duties. At the very least, different employees should be responsible for authorizing payments, disbursing funds, reconciling bank statements and reviewing credit card statements. No one individual should be responsible for receiving, depositing, recording and reconciling the receipt of funds. In addition, all contracts should be approved by a manager who isn’t directly involved in the transaction. Contracts should be awarded through transparent bidding.

Background Checks. Investigating new employees and volunteer leaders can reveal undisclosed criminal records, prior fraud, and heavy debt loads — all of which can increase the chances an individual will resort to fraud.

Audits and Oversight. At least once a year, perform a fixed-asset inventory to ensure that no equipment or other goods are missing. Bring in outside CPAs experienced in fraud audits (different from the standard financial statement audits) and attorneys experienced in evaluating and enhancing internal controls. Doing so can not only help find fraud and embezzlement but also may shore up weak controls. Learn more about these types of audits here. 

The best way to prevent fraud and embezzlement and to protect your organization is to have a comprehensive compliance program tailored to your group. Include a written code of ethics, require periodic antifraud training and impose real penalties for policy violations.

No guarantees

There are no absolute guarantees to preventing fraud, but identifying the threat and taking preventative measures can certainly increase the likelihood of success. The worst thing you can do is turn a blind eye to potential problems. Don’t allow your organization to become a victim.

Watch Out for Online Imposters

It’s bad enough that not-for-profit managers have to worry about embezzlement and internal fraud. There’s also a chance that someone on the outside could be masquerading as a representative of your organization.

Notably, only a few not-for-profits have established a presence on social media platforms such as Instagram, Snapchat, Tumblr and Vine. (Many are on Facebook and Twitter.) You may want to check these sites from time to time to ensure no one is impersonating your organization.

To go a step further, you might want to sign up on these and other popular social media sites to protect your interests. Post the organization’s logo on the profile page and add links to websites and social networks where the organization is active. Assign someone to maintain contact (with a backup in case that person is out for an extended period or leaves the organization).

How can you find out whether someone is impersonating your organization? Refer to Namechk and KnowEm for status updates. And make sure that your organization is verified with a checkmark on social media sites that you’re using.



Consult with Professional Advisors


Jill M. Johnson, CPA, CFE, CITP, FHFMA

Jill has been with Lumsden McCormick for nearly 15 years, joining the Firm upon graduating with honors from the University at Buffalo. She is a principal in the auditing and accounting department performing attestation services. While her focus has been in the health care industry, Jill has a broad range of skills applicable to commercial enterprises. She has an understanding of the underlining concerns all businesses face related to technology controls and data security and is certified in fraud prevention, detection, and deterrence.

Her ability to perform audits and risk assessments has only been enhanced with her certification as a Certified Fraud Examiner (CFE) by the Association of Certified Fraud Examiners and as a Certified Information Technology Professional through the American Institute of Certified Public Accountants (AICPA). Jill is a member of the AICPA New York State Society of Certified Public Accountants (NYSSCPA), NYSSCPA Technology Assurance Committee, the Association of Certified Fraud Examiners (CFE) and the Information Systems Audit and Control Association (ISACA).




Sign up to receive articles like this in your inbox via Lumsden McCormick’s eNewsletter Numbers First. To register contact Maria Gambacorta at 716-856-3300 or fill out this short form

Take Steps to Prevent Fraud at Your Nonprofit

for more information

Jill is an expert working with health care and human service organizations including hospitals, nursing homes, diagnostic and treatment centers, mental health service providers, and medical practices; nonprofit organizations; and government-funded entities in the areas of auditing, Single Audit, HUD projects, taxation, information returns, and financial reporting. Jill is integral to our Health Care and Nonprofit services groups managing our larger hospital and human service organization clients. She is the 2020-2021 Regional Executive for the Healthcare Financial Management Association (HFMA) Region 2; she also is a past President of the Western New York Chapter.


Comprehensive. Proactive. Accessible.
How Can We Help?