Fraud can have devastating effects on not-for-profit organizations, jeopardizing their financial stability and public trust. Given their reliance on donations, grants, and volunteer efforts, not-for-profits must implement strong fraud risk management strategies to safeguard their mission and resources. Below are best practices to help prevent and detect fraud in not-for-profit organizations:
1. Establishing Confidential Methods for Reporting Fraud Tips
Most fraud cases come to light because of tips, primarily from employees, but also from vendors, donors, and beneficiaries. To encourage whistleblowers and protect their anonymity, organizations should establish multiple confidential reporting channels. Options include subscribing to a third-party hotline service, creating a dedicated email address (e.g., fraud@nonprofit.org), or incorporating a secure online reporting form on the organization’s website. Ensuring that individuals feel safe from retaliation is critical in fostering an environment of transparency and accountability.
2. Maintaining Up-to-Date Policies and Procedures for High-Risk Functions
Not-for-profits should implement and regularly update policies and procedures related to high-risk financial activities such as cash handling, receivables, disbursements, and payroll. Best practices include segregating duties to prevent any one person from having control over an entire financial transaction. Policies should outline clear procedures for management review and accountability to reduce the likelihood of fraud, errors, and financial mismanagement.
3. Conducting Periodic Risk Assessments
Regular fraud risk assessments help identify gaps in internal controls that could allow fraud, waste, or abuse to go undetected. Whether conducted internally or by an external provider, these assessments should evaluate financial controls, cybersecurity measures, and grant management processes. Cyber threats pose significant risks to not-for-profits, and organizations should consider incorporating cyber risk assessments into their overall fraud prevention strategies.
4. Publishing an Anti-Fraud Policy
An anti-fraud policy reinforces an organization’s commitment to ethical behavior and transparency. Leadership should establish a strong “tone at the top,” emphasizing a zero-tolerance stance toward fraud, waste, and abuse. Annual fraud awareness training can educate employees and volunteers about the organization’s fraud prevention controls and the consequences of engaging in fraudulent activities. According to the Association of Certified Fraud Examiners (ACFE), organizations that do not provide fraud awareness training suffer nearly twice the financial losses compared to those that do.
5. Creating an Incident Response Plan
Having a well-defined incident response plan ensures a swift and effective reaction to fraud allegations or cyber incidents. The plan should include steps for engaging legal counsel and forensic accountants, conducting an independent investigation, communicating with stakeholders, and monitoring for further fraudulent activity. Identifying external experts in advance will help streamline the response process when an incident arises.
6. Engaging Governance and Leadership in Fraud Prevention
Board finance committees and executive leadership must take an active role in fraud risk management. At least once a year, fraud prevention strategies should be reviewed as a formal agenda item. Key discussion points should include:
- Are existing controls effective?
- Can fraud detection measures be strengthened?
- Should an external evaluator be engaged for an independent assessment?
By scheduling regular reviews, leadership can ensure that fraud risk remains a priority rather than an afterthought.
Looking Ahead
As fraud schemes evolve and cyber threats continue to rise, not-for-profit organizations must remain vigilant and adaptive. Collaboration with industry peers, regulatory bodies, and fraud prevention experts can further strengthen an organization’s defenses. Organizations that prioritize fraud risk management and continuously refine their strategies will be better positioned to protect their missions, maintain donor trust, and sustain long-term success.
If you have any questions or need further guidance, we’re here to help. Please do not hesitate to reach out to discuss your specific situation.
This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.
