Not-for-profit organisations are an important part of our society, carrying out work that can truly make a difference. So it’s sad to realise that not-for-profit organisations – like any organisation – can be victims of crime. For not-for-profit (NFP) organisations, the ramifications can be particularly severe. Suffering a significant fraud for NFPs may jeopardise future funding sources, and even threaten the organisation’s very existence. That’s because the act of fraud can severely damage their reputation which impacts on their ability to attract staff, volunteers and most importantly – endowments.

To help protect against the repeated threat of fraud it’s vital that NFPs understand their susceptibility and are educated in the ways they can protect themselves.

It’s important to note that fraudulent activities in the NFP sector don’t just involve the theft of cash. It takes many forms including misappropriation of assets (financial, fixed and intellectual property), false accounting (financial statements, contracts and acquittals), falsifying of documents (qualifications, experience and identification) and corruption (bribery, kickbacks and conflict of interest). Whatever its form, fraudulent activity within an organisation can have serious consequences.

Vishal Modi, Director of Audit and Assurance at Hill Rogers explains, “Whilst fraud is a risk organisations cannot totally remove, it is possible to put in place strategies and procedures which will lessen the likelihood of it occurring and if not, help reduce its impact”.

“Be open about the possibility (risk) of fraud, even if it is only a small risk, if you don’t acknowledge that fraud happens, you are not going to find it”.

“The three key factors in reducing fraud are: an ethical organisational culture, strong internal controls and effective policies and procedures.”

Here, Vishal shares 10 ways in which NFPs can help protect themselves from fraud:

Implement a Code of Conduct.
Be clear about the ethical values of your organisation and the behaviour you expect from your people. A way to do this is by establishing a Code of Conduct. A Code of Conduct sets the standards of ethical behaviour expected of all stakeholders – everyone from the board to management, contractors, employees and volunteers. Its policies should cover things including gifts and gift registers, conflicts of interest, use of credit cards, entertainment and travel expenses, transparent recruitment processes, discipline and termination policies.

Have clear, written financial procedures.
It’s important to have controls that all staff and volunteers can follow. Have multiple checks and balances in place to limit the risk of fraud and ensure that there are multiple people responsible for authorising, implementing and reconciling financial transactions and set clear limits on purchases and other transaction amounts.

Employ robust human resources procedures.
Always carry out rigorous reference checks and follow strict recruitment procedures when hiring personnel. Scrutinise the past employment history of prospective employees thoroughly. Ensure that fraud prevention measures are communicated to staff and volunteers and that they are aware of how and whom to report suspicions.

Outline clear financial responsibility.
Any employee with financial responsibility must be competent and fully understand their role and responsibilities. Make people accountable and do not take anything for granted.

Develop a fraud prevention policy.
One that sets out exactly who in your organisation must do what to prevent, identify and respond to incidents of fraud.

Review your online controls.
In recent years we’ve seen a rise in online fraud, involving both financial (e.g. payroll and credit card transactions) and non-financial (e.g. confidential client records) data. Ask yourself: how easily can my systems be hacked?  Do I have similar controls in place for electronic transactions as I do for other transactions? How often do I change my organisation’s internet banking passwords? What does my IT health check report say?

Ensure employees take annual leave each year.
If you have an employee that doesn’t want to take leave, and is secretive about their work, it may be wise to carry out an internal audit to ensure that there isn’t any fraudulent activity. Requiring your people to take leave is an effective safeguard to minimising risk and also ensuring knowledge succession planning.

Limit cash handling.
Having large amounts of cash around can be a temptation too hard to resist for some. So limit the amount of money that is handled by your employees.

Regularly check your accounts and any grant funding.
Review your accounts regularly and identify anything that does not make sense. Understand the metrics and trends and compare to benchmarks like industry, prior years, budgets and ask questions.

Understand the importance of reporting fraud.
Frauds are typically discovered by tip-offs and internal controls, which means that it is important to foster a culture where people are encouraged to speak up. Implement a Whistleblower Policy that guarantees people who speak out against suspect behaviour feel safe.

No matter what type of NFP organisation you are, fraud is a very real and present danger. Having strong internal controls is the most effective way of reducing fraud. Unfortunately, just because you may be a NFP, does not mean you are exempt.  It’s important to seek reliable advice on how your organisation can implement effective internal controls and on managing your fraud risk.

If you would like to find out more about fraud protection in the not-for-profit sector, please contact Vishal Modi.


Edited excerpts from a presentation given by the author, a director at Hill Rogers, who recently spoke at the Associations Forum’s CEO & Chair Symposium.

This article is also based on the Australian Charities and Not-for-profits Commission (ACNC’s) guide to fraud prevention.