10 ways to prevent fraud in charities
It’s sad to see so many reports of fraud in charities in the press – I suppose the only good thing is that the fraud has been detected. The incidence of fraud has been increasing and charities are no exception. Charities are a target for fraudsters in a number of ways.
Large charities report regular cyber attacks and other sophisticated methods involving hacking, credit cards, stealing bank details and more. Some of these attempts are really not so sophisticated though. Take the example of the would-be thief who created a standing order form using the bank details he found on a charity’s website. His attempt to pay himself a regular amount was thwarted because he forgot to complete the payee details.
Charities want to make it easy for volunteer fundraisers to give them funds, but make sure you publish only the details of an account that is not used for expenditure. That way, it will be obvious if unauthorised withdrawals are being made.
Advertisement
Some frauds are quite audacious and yet quite simple. It is common for the building company undertaking work on your premises to put up advertising hoarding to announce their presence. Fraudsters have been contacting the client (often a school or university) to advise them of a change in bank details for the building company. A neat way to divert funds that would probably not be detected for some months.
More often, however, fraud committed in charities is internal, just as it is for any other organisation. The most common fraud is to create a bogus supplier (or two) and then slip a few invoices in for payment. This is most commonly perpetrated by finance staff and it is apparently possible for this to go undetected for years. It is a simple fraud that depends on managers not actually checking invoices when they approve them but signing them off anyway.
So how strong are the controls in your organisation? Authorisation feels like it ought to be a strong control but in practice it depends on the time and energy of the individual charged with the responsibility. Ironically, this duty is likely to be discharged more diligently by a more junior member of staff.
Here are the top ten things to consider in terms of preventing fraud in your charity:
1. There is a lot of fraud in charities so don’t imagine your charity is immune – it isn’t. You can reduce the risk of fraud, but you cannot eliminate it.
2. Most fraud is not very sophisticated – it is often simple, and can be simply prevented with good old-fashioned controls.
3. The thing about controls is that you have to implement them! For example, getting blank cheques signed is bypassing the control – you are asking for fraud.
4. A common fraud in charities is internal and perpetrated by finance staff – false purchase invoices slipped into the system and paid as part of the batch.
5. Note that this fraud relies on a lack of attention by the manager authorising the purchase invoice for payment. This is a good example of a control (authorising) being ineffective because it is not implemented as it was designed. If implemented properly, this should be a strong control.
6. Don’t publish details of your normal bank current account on your website – if you want donors to pay funds direct into your account, use a different account such as a deposit account as that can only receive funds, not be used to pay expenditure.
7. Don’t publish reports or accounts with scanned signatures – this can make forgery easy
8. Do check if you receive notice from a supplier that their bank details have changed – there is a well-known scam used to divert funds to the thief’s bank account. Just phone them to check that the change is genuine.
9. Establish the principle that it is OK to report any suspicious activity. Staff and volunteers need to feel confident that this will be handled appropriately and that they are doing the right thing. It requires a considerable effort by individuals to overcome the sense that they are telling tales.
10. The most important control your organisation can introduce is a strong culture that fraud is not acceptable. A strong sense of values and commitment to the cause will create the right culture. It is also important thought that the leadership of the charity sets the right tone – trustees and senior staff must follow the rules when it comes to claiming expenses and getting purchases authorised. If the leaders of the charity go round the system, why shouldn’t others too?
The most important control your organisation can introduce is a strong culture that fraud is not acceptable and that it is OK to report any suspicious activity. Charities can play a strong hand here – stealing from the charity means that the money is not going to a good cause. A strong sense of values and commitment to the cause will create the right culture. It is also important thought that the leadership of the charity sets the right tone – trustees and senior staff must follow the rules when it comes to claiming expenses and getting purchases authorised. If the leaders of the charity go round the system, why shouldn’t others too?
Sayer Vincent is leading a one-day training course for CFG on “Good controls and preventing fraud” – check the websites for dates and venues.
Kate Sayer is a partner at Sayer Vincent, specialist auditors and advisors to the charity and not-for-profit sector. She has in-depth knowledge of the legal and financial frameworks within which charities and social enterprises have to work, including taxation and VAT. She works to improve the effectiveness of organisations through better ways of working, improved risk management processes and better support functions.
As well as being a qualified chartered accountant, Kate is a certified NLP master practitioner, lecturer at Cass Business School on the charity MSc and other courses, and a non-executive director of Charity Bank and Development Initiatives Poverty Research. She is the author of a number of publications and guides on charity finance, taxation and management.