Although it is important to be able to notice certain warning signs when they are made apparent, all non-for-profit organizations should have controls in place that will deter fraudulent activity from occurring in the first place. Even though many of the managers have multiple jobs and it may seem like an easier option to let the auditors try and discover fraudulent activity, the ultimate responsibility belongs to the management to monitor all the internal controls. Having an annual outside audit is an essential part in anti-fraud control, but by the time that the auditors discover the problem, it may be too late.
A good starting point in creating a set of fraud risk management controls is to meet with the board and decide what skills and weaknesses the team has, and decide where to seek professional help. These controls should then be implemented and taught to senior management so they can successfully carry them out in day-to-day operations. Every organization needs a catalyst to take initiative and integrate a safety procedure to protect the rest of the employees and organization as whole.
A smart idea for board members to elect to take part in would be to create an independent audit committee. The committee should be appointed by management, but remain independent from them as a whole, and have the power to hire outside members to assist them in their work. It would also be advantageous for one of the members of the audit committee to be competent in the financial side of the business.
The board should also implement a general system of internal and cultural controls that act as the basis for an anti-fraud program. Having internal controls in place will make it more difficult for fraudsters to hide their trail and discourage many of them from even trying. Some common tools that will help this include: security and access controls, dual authorization limits, audits, inspections and transaction monitoring.
As mentioned before, an important aspect of the control system is to establish the right “tone from the top.” While technological and operational controls are important, they still do not cover everything. This is why it is important for the higher ranking employees to set the correct attitude and actions that will make lower ranking employees thing twice about acting unethically. Promoting an integrity driven culture will also entice honest employees to put a stop to fraudulent activity if they see it. A “self-policing” control system is as effective as any expensive internal control system found in larger companies. The board should also provide for an easy and clear procedure to report suspicious behavior. The Association of Certified Fraud Examiners found that the most effective way to uncover fraudulent activity has been tips from other employees. A study has shown that almost triple the amount of detected frauds came from tips in comparison to other forms of internal control. Establishing this process and instilling in employees that the reputation of the non-for-profit is on the line with any type of fraud will significantly increase chances of uncovering hidden fraud trails.
In addition, non-for-profit organizations should emphasize the importance of fraud detection through workshops and trainings in which management can educate employees on things like certain warning signs to look out for, available resources and whistleblower policies. Another important control to implement is to develop response plans in case fraud is not detected and the organization is up against major issues. If a non-for-profit organization deals with the discovery of fraud in an incorrect matter, they could risk having the dishonest employee get away with the fraud, or even risk legal litigation for false claims. Each organization should gave a specific guideline to follow incase fraud is found, and it should be specialized to include each separate type of fraud, to diminish any legal or technicality issues.