The ongoing pandemic has strained many nonprofits, forcing them to cut corners to survive. But fraud prevention is one critical area you can’t afford to overlook, even just for the short term. If anything, antifraud measures are more important than ever.

Vulnerabilities of nonprofits

The Association of Certified Fraud Examiners’ (ACFE’s) study, Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse, notes that nonprofits can be more susceptible to fraud than for-profit businesses. Even in normal circumstances, they typically have fewer resources available to help prevent and recover from a fraud loss.

Experts often refer to the “fraud triangle:” three factors that must be present for fraud to occur —  opportunity, motive and rationalization. Current conditions exacerbate the odds that these factors exist in your organization.

For example, if you’ve had to cut staff, you may find it difficult to segregate duties so that accounting and finance functions are properly divided among staff. That can translate to greater opportunities to commit fraud. Employees may be motivated to pursue fraud schemes because of personal financial problems created by the pandemic. And they might rationalize such actions because they feel overworked and underpaid.

4 essential steps for prevention

Several measures can help nonprofits of all sizes combat the risk of fraud:

  1. Create fraud-reporting mechanisms. Year after year, the ACFE finds that organizations with hotlines detect frauds more quickly than those without (12 months vs. 18 months). Moreover, in the most recent report, organizations without hotlines suffered a median loss nearly double the median loss for those with hotlines ($198,000 vs. $100,000).

It’s worth noting that the preferred mechanism seems to be shifting. While the previous two ACFE reports found that telephone hotlines were the most popular reporting method with whistleblowers, email and web-based reporting both were as popular in 2020. Thus, you should think about offering multiple reporting channels.

  1. Conduct training. Employees at all levels — and possibly volunteers — should undergo regular antifraud training. The training should explain the types of behaviors that constitute fraud and the consequences for the organization and its mission. It should cover all your fraud-related policies (for example, conflicts of interest and whistleblower policies) and the availability of a fraud-reporting mechanism. The ACFE has found that training boosts the likelihood of detection via tip.

Discussion of a zero-tolerance policy also can serve as a deterrent, assuming you walk the talk when fraud occurs. Nonprofit organizations should consider pressing criminal charges against perpetrators to send a message to employees and other stakeholders.

  1. Take a proactive stance toward detection. Don’t be passive, waiting for red flags to pop up before you act. For example, the ACFE recommends using data analytics to search for anomalies that can suggest fraud. It also suggests that managers regularly review internal controls, processes, and accounts or transactions in their areas for adherence to the organization’s policies and expectations.

In addition, management should make these reviews known to all. That may deter potential bad actors and also sets the tone, showing that the threat of fraud is taken seriously. Comprehensive fraud risk assessments, ideally performed by an independent party, are advisable as well.

  1. Fortify internal controls. The ACFE report identifies the three most common control weaknesses for nonprofits. The lack of internal controls ranks at the top, followed by lack of management review and override of existing controls. Several such controls are worth implementing, although some may be easier than others.

Your nonprofit should routinely reconcile its assets and liabilities accounts, as well as reviewing bank and other third-party statements. Job rotation and mandatory vacations can make it more challenging for an employee to carry out a long-term scam. Authorizations (or perhaps two-party authorizations) for access to specific accounts should be required for certain transactions.

Cheaper in the long run

Some of these measures may seem unduly burdensome or unnecessarily pricey. However, the possible long-term costs of fraud, both financial and reputational, far outweigh those concerns.