Nonprofit Accounting Basics

Fraud Risk Management Programs: Does your organization have one? Potential fraudsters want to know…

Note: Articles published before January 1, 2017 may be out of date. We are in the process of updating this content.

One of the most damaging effects a fraud can have on a nonprofit organization is a tarnished reputation. Sure, a fraud resulting from an employee skimming funds certainly has an immediate financial impact, but the blemish on an organization’s reputation can have a far worse impact.

Processes and procedures can be implemented by an organization to strengthen internal controls and ultimately reduce the risk of fraud. (I say “reduce” and not “eliminate” because as soon as an internal control is created, someone can start crafting a way to circumvent it.) These internal controls, however, can be curbed by the resources of the organization. The clear resource is money, but employees and board members are also important organizational resources.

The AICPA recently issued the 2013 Audit Risk Alert: Not-For-Profit Entities Industry Developments. Included within this risk alert is the recommendation that an organization develop a formal fraud risk management program, including a fraud risk assessment. The goal of a fraud risk assessment, per the AICPA, is to identify certain vulnerabilities and gaps in internal control that could leave the organization open to both financial and reputational damage.

Since it is in the best interest of everyone (with the exception of a potential fraudster) to prevent fraud, the AICPA has provided guidance in developing a fraud risk assessment. According the AICPA’s Audit Risk Alert, the fraud risk assessment developed by your organization should identify:

  1. the fraud schemes that could potentially occur,
  2. the possible concealment strategies that could be used by the fraudster to avoid detection,
  3. the individuals or gatekeepers who pose the highest risk of committing fraud,
  4. the controls currently in place to deter or detect fraud, and
  5. a list of warning signals or red flags that can be used to educate the organization, including employees and board members.

Developing a fraud risk management program, including a fraud risk assessment, can be created using some of your organization’s most valuable resources – management and board members. You could easily hire a consultant who bills by the hour to develop this program, but a well-rounded, engaged board of directors and a skilled management team should be willing and able to develop this program as well.

If your organization already has a fraud risk management program, great! You’re already one step ahead of a potential fraudster. You should, however, consistently update the program and include the items identified by the AICPA above.

If your organization hasn’t developed a fraud risk management program and a fraud risk assessment, the above information will surely get your organization off to a good start.

The AICPA’s 2013 Audit Risk Alert: Not-For-Profit Entities Industry Developments is available for purchase online through the AICPA store.