Reducing the Risk of Fraud in Your OrganisationJuly 6, 2016 - 10 minutes read
For many of us, the word ‘fraud’ might conjure up images of corruption in large corporations, or dramatic stories you might hear on the evening news. However, the reality is that a great deal of fraud occurs in relatively ‘small’ ways, and may also frequently go undetected.
Fraud might also be something that is not uppermost in the thoughts of church leaders, who are often far more focussed on outreach and delivery of services. It’s important though to be aware that it can occur in churches, charities and not-for-profits (NFPs) just as it does in commercial enterprises, and this makes it important for these organisations to implement procedures and strategies for fraud detection and prevention.
In fact in one particular case, a former Uniting Church employee forged withdrawal forms and cheques and managed to steal more than $4 million from the church’s charitable accounts over a period of 7 years – with the theft only being found out during an annual audit. As a result, the church filed lawsuits against the bank for failing to prevent the thefts, and also against the audit / accountancy firm for negligence in failing to pick up the fraud for so many years. The church also developed new policies to reduce the chances of a recurrence.
How big is fraud?
Every two years the ACFE (Association of Certified Fraud Examiners) produces a ‘Report to the Nations’ document based on their research into occupational fraud around the world.
Here are some of the impacts of fraud from the 2016 survey and report:
- Total losses from fraud: $6.3 billion.
- The most common type of fraud: asset misappropriation at 83%, with a median loss of $125,000.
Examples of this include inaccurate expense claims, claiming payment for time not worked, using business credit cards for personal expenses, and the creation of ‘fake’ invoices.
- The least common type of fraud: financial statement fraud at 10%. However even though the rate is low, it results in a much higher median loss of around $975,000.
- Median loss across all fraud cases: $150,000.
- Most common concealment activity: creating and altering physical documents, at a rate of 94.5%.
The research also showed that in organisations where anti-fraud controls were in place, detection of fraud occurred up to 50% faster, and losses from fraud were 14%-54% lower.
It was also found that the median losses from fraud were similar in both small business and large corporations. However the impact on smaller organisations is much greater, as you might expect.
The impact of fraud is not only financial however; it can also have a negative effect on workplace health and safety. Examples of this include loss of reputation, poor morale, resentment, suspicion and lack of trust, and excessive internal focus.
Why do people commit fraud?
People who commit fraud are not necessarily seasoned criminals. Research indicates they often do not come into an organisation with the intent of committing crime, but are drawn into it in some way. This might include current personal financial difficulties, or a perception of unfairness at work – such as poor remuneration or reward or inequitable treatment. Some employees might also ‘borrow’ money while intending to pay it back later, or else find themselves being tempted as a result of lax procedures or poor internal controls.
Potential impact on churches and not-for-profits
Smaller organisations often lack the resources of larger ones to implement detection methods and prevention strategies, and for NFPs this may be even more the case. Church organisations might also be particularly vulnerable to fraud, due to high turnover of Board members, and / or lack of appropriately qualified or experienced workers. This makes detection and prevention possibly even more important – especially where good stewardship, accountability and transparency are considered to be essential qualities.
Prevention strategies can go a long way towards reducing the risk, including in the areas of recruitment, procedures, and audits, which are covered below.
Recruitment and employment:
- Job roles: create clearly-defined job descriptions so that workers fully understand the scope of their roles and know what is expected of them.
- Recruitment: make sure to develop good recruitment practices. These should include conducting thorough background checks and ensuring the appointment of properly qualified and experienced people for the organisation.
- Training and supervision: proper training of all personnel in your systems, along with a reasonable level of supervision and work-checking, helps to reduce the risk of errors and fraud.
- Remuneration: ensure that paid employees are rewarded appropriately – i.e. according to national standards and / or Churches of Christ recommended minimum remuneration packages.
- Other: regular rotation of worker tasks and responsibilities, and annual or semi-annual performance reviews and feedback.
Procedures and internal controls:
- Account reconciliations: regular reconciliations of all bank accounts and credit card statements in particular enable you to detect errors or unauthorised transactions.
- Segregation of duties: such as designating separate individuals for receipting / counting of cash and doing the banking.
- Dual authorisers: ensuring there are two signatories or authorises for cheque and online payments.
- Internal audits: regular data monitoring and conducting internal audits of your finances to uncover problems and errors, and to ensure you are keeping up with ATO compliance.
- IT policies: separate logins and passwords for users, plus different levels of access to programs and data depending on responsibilities. Installation of firewalls and anti-virus software are also important strategies to prevent unauthorised access and hacking.
- Premises access: locking of the premises after hours, locking-up of safes and filing cabinets to prevent unauthorised access, and restricting access to certain areas of the building should be considered.
- Regular external audits: independent financial audits by professional auditors should be done on a regular basis to examine and verify the accuracy of your organisation’s finances.
- Governance: strong board governance and oversight and regular reviews.
- Culture: transparency, accountability, and zero tolerance for dishonesty and fraud.
The above strategies not only improve security, but also reduce the temptation that can present itself in organisations where workplace and security procedures tend to be lax.
In saying all this though it’s impossible to eliminate all risk, and displaying a lack of trust in your workers or constantly micro-managing them is likely to lead to resentment. This means that your prevention strategies will need to involve some degree of balance.
Some of the more successful methods for detecting fraud include anonymous tip-offs or hotlines, regular account reconciliations, data monitoring, and internal and external audits (see our previous article on the importance of regular audits for more information). In addition, ‘warning signs’ – such as a worker clearly living beyond their means – may indicate that something is not as it should be, and might warrant a little further investigation!
Response and reporting procedures
It’s vital to respond in a sober manner to suspected fraud; the last thing you would want is to accuse a person unfairly and risk ruining a perfectly good relationship! The first thing to do is to gather as many facts and evidence as you can before taking any additional steps, which may include:
- Discussing the situation with the suspect and allowing them the opportunity to respond.
- Isolating the suspect’s computer for forensic examination.
- Getting professional assistance from a legal representative.
- Reporting to the police and dismissing the worker if the fraud is confirmed (see our previous post on lawfully dismissing employees).
We also have a number of other posts relating to this issue on our website:
Church building security and crime-proofing.
Importance of independent financial audits.
Protection of sensitive data and information.
Cash security tips for churches.
Church key-and-lock management.
Lawfully dismissing workers.
Written by Tess Oliver
Tags: finances, security