Nonprofit Accounting Basics

A Simple, Cost Effective Way to Prevent Fraud

Each year, hundreds of nonprofit organizations are victimized by employee thefts. These frauds are frequently perpetrated by highly-trusted individuals holding key positions and often involve substantial sums of money. There are practical, cost effective, controls which can protect your organization or your employer from similar circumstances.

Many organizations depend on their auditors to protect them against the acts of disloyal employees. However, an audit of financial statements is not an engagement to investigate fraud. When auditing financial statements in accordance with generally accepted auditing standards, an auditor:

  • reviews an organization’s internal controls and accounting procedures
  • makes certain spot checks
  • systematically tries to confirm the existence and value of the organization’s assets
  • defines the extent of its liabilities

All of this is done for the purpose of obtaining reasonable assurance about whether the financial statements are free of material misstatement. Accordingly, an auditor tends to concentrate on large transactions and major accounts which, if in error, could have a material effect on the organization’s financial statements. For this reason, the tampering with a number of small accounts over an extended period will likely escape detection in most audits.

It must also be remembered that many people holding key financial positions in the organization are former auditors or, through other experience, have gained an understanding of the audit process and its inherent limitations. They are, therefore, frequently able to divert the organization’s assets by methods not subject to detection by a financial statement audit.

Defalcations generally take place over extended periods of time and usually involve a series of minor thefts, typically concealed by false bookkeeping entries. Accordingly, they are more likely to be discovered through appropriate separation of asset handling and recording functions, and through careful observation by management of employees in sensitive positions, rather than through an annual audit.

Even where the separation of functions is not feasible due to an organization’s small size, governance and management can still protect the organization against embezzlements by taking three simple, cost-efficient measures.

  1. The simplest, yet perhaps most effective, step is to have the executive director or other key officer receive bank statements directly from the bank and review them. Examine each check for an unrecognized payee, unusual endorsement, or other indications of irregularities. If cancelled checks are not returned by the bank, arrangements can generally be made for online access enabling the key officer to view scanned images. Review wire transfers and the bank accounts to which the transfers were made and question the purpose. After this review, the bank statements and checks can be given to the accounting department for reconciling to the books. The completed reconciliation should then be returned to the key officer for review and approval.
  2. Talk to your banker about the risk mitigation services they provide for your disbursement accounts. Look at "debit blocks” for ACH activity so that no one, or only specified payees, can debit your account with ACH transactions. In addition, arrange for “positive pay” services where you can match the checks you have issued with checks presented to your bank to clear: exceptions are referred to you for pay/non-pay instructions.
  3. To detect, if not prevent, payroll schemes, occasionally verify the names on your organization’s payroll with persons outside the accounting department. Ghost employee schemes can be uncovered by having personnel, other than the payroll department, distribute paychecks and obtain positive identification of the payee. If paychecks are either mailed or direct-deposited, a list of duplicate addresses or deposit account numbers may reveal ghost employees or duplicate payments. Because each employee is required to have a social security number, a listing of duplicate numbers may reveal multiple payments.

In addition to the above, exercise the following precautions:

  • do not allow the controller or bookkeeper to sign checks;
  • do not sign checks which have not been completely filled in;
  • inspect original supporting documentation before signing a check;
  • occasionally verify the names of all the suppliers with your organization’s purchasing and receiving departments;
  • require employees with accounting functions to take annual vacations and have others perform their duties;
  • prepare and carefully review monthly financial statements in sufficient detail to disclose significant variances from prior year or budget; and
  • carry fidelity insurance for employees in sensitive positions.

No internal control system can guarantee the absence of fraud. However, the foregoing steps can minimize its likelihood with little additional time and cost.