Nonprofits, like any organization, must protect themselves from fraud. While fraud in the nonprofit sector isn’t as prevalent as in for-profit entities — comprising just 9% of fraud cases according to the Association for Certified Fraud Examiner’s 2020 Report to the Nations – the results can be devastating because nonprofits usually have fewer resources to prevent and recover from losses.
The following fraud considerations can help you protect your nonprofit from fraud.
Educate employees, donors
Fraud schemes tend to follow trends. For example, disaster relief scams trend up after every natural disaster or other emergency. These scams seek donations to help victims via emails, phone calls, social media posts, and crowdfunding platforms. The trouble is, the donations end up with the fake charity’s creator.
These fake charities often have names that sound similar to well-known relief organizations. Not only do they funnel donations away from legitimate charities, but they can also harm a legitimate organization’s reputation. If your organization collects donations for disaster relief, consider educating regular donors on how to identify legitimate requests for help. Remind them legitimate charities don’t ask for large donations in cash, gift cards, or bank wires.
Keep digital donations secure
Online fundraising allows nonprofits to collect donations from anywhere and enables donors to give one-time and recurring donations easily. But keeping donors’ personally identifiable information (PII) is crucial.
In addition to credit card, driver’s license, and Social Security numbers, PII also includes names, addresses, and other numbers and information linked or linkable to an individual.
The first way to protect donor PIIs is not to collect them. Hackers can’t steal information you don’t have, so avoid collecting and storing unnecessary information about donors. Ensure that all communication to and from your website is encrypted with a Secure Sockets Layer (SSL) certificate purchased from a trusted certificate authority. Work with your IT professional or use a reputable online fundraising platform to ensure all online transactions take place in a secure environment.
Implement sound internal controls
Many nonprofits have small teams and may rely on volunteers to help with back-office work. In that environment, sound internal controls are more challenging but not impossible.
Internal controls are like armor protecting your organization’s assets and financial reporting. Consider implementing these basic financial controls to safeguard your data:
- Segregate duties. Limit a single individual from having control over two or more phases of a financial transaction or operation. For example, the employee who receives cash or check donations should not also record the deposit in the accounting records. The person who sets up new vendors in the accounting software should not issue payments to vendors. Our team of professionals can provide advice on other ways to segregate duties in your organization.
- Reconcile bank and credit card statements monthly. Regularly reviewing and reconciling bank and credit card statements can help you spot unusual activity or fraud and take steps to limit potential losses.
- Secure your physical premises and assets. Ensure petty cash boxes, blank check stock, undeposited cash and checks, debit and credit cards, and other assets are locked up when not in use. Something as simple as locking office doors when nobody is monitoring the entrance can prevent someone from stealing computers and other assets.
- Take tips and complaints seriously. According to the ACFE, 40% of nonprofit fraud is detected because of a tip or complaint, compared to just 17% by internal auditors and 6% by examination of documents. Educate everyone in your organization on the importance of fraud prevention and detection, and provide a way to report suspected fraud without the risk of retaliation.
Ultimately, trust is the true value of preventing fraud at your organization. Trust is the foundation of the organization’s relationship with employees, directors, board members, fundraisers, donors, and the communities it serves. Proper training, technology, and controls will help your organization build and maintain that culture of trust so you can continue creating positive change in the world.
Do you need help updating or creating your nonprofit’s security strategy? Contact our team of professionals today!
Treasury Circular 230 Disclosure
Unless expressly stated otherwise, any federal tax advice contained in this communication is not intended or written to be used, and cannot be used or relied upon, for the purpose of avoiding penalties under the Internal Revenue Code, or for promoting, marketing, or recommending any transaction or matter addressed herein.