Fighting Nonprofit Fraud

Like most people in the nonprofit world, Nick Rees has heard the horror stories of trusted employees who labor faithfully at their jobs for decades, only to shock their employers by stealing money from the organization’s coffers. As vice president for development at the Buckeye Ranch, a large mental-health-services provider in Ohio, he had always hoped his charity had enough safeguards to keep such theft from happening there.

Late last year, however, the organization, which runs on a budget of $34-million annually, had to seek police help with allegations that a trusted longtime employee had abused its expense-reimbursement system to steal about $9,000. Mr. Rees says the accounting department caught the irregularities within a month, the employee was fired, and she arranged to pay back the money.

As such matters go, it could have been worse.

“I think we have a pretty good system,” he says, “and we proved it to ourselves.”

With the downturn in the economy, experts on nonprofit groups and employee theft say more organizations will probably be put to the same test.

“As the economy gets worse, you’ll find there’s more pressure, and people who have the opportunity to commit fraud will find the rationalization to do it,” says Janet Greenlee, an associate professor of accounting at the University of Dayton, who has studied employee fraud in nonprofit organizations.

“Now,” she adds, “the question is, how do you prevent it?”

Tracking Theft

The first step, Ms. Greenlee and other experts agree, lies in acknowledging the fact that even the most trusted employees are capable of fraud. In fact, those are the most likely suspects.

“If you don’t trust someone,” Ms. Greenlee says, “you don’t give them access to assets.”

The true extent of the problem throughout the nonprofit world is hard to gauge. Charities often don’t report their losses to the police for fear of negative publicity and adverse effects on fund raising. (After publishing a study on the issue in 2007, Ms. Greenlee says, she received hate mail.)

More data on the problem should become available as nonprofit groups file their 2008 Form 990 informational tax returns with the Internal Revenue Service; For the first time, the 2008 forms ask charities to note whether they were victims of embezzlement or theft.

In Ms. Greenlee’s study, she and several colleagues concluded that nonprofit groups lose roughly $40-billion annually to fraud. They extrapolated that figure from an Association of Certified Fraud Examiners’ report that said all organizations, nonprofit and for-profit, tend to lose about 6 percent of their revenue to fraud annually. Some have questioned the validity of Ms. Greenlee’s finding, since it is drawn from an estimate of fraud losses generally, not actual data from $40-billion worth of cases.

Others have also attempted to count episodes of fraud at charities, and the cost of such thefts. Pamela Davis, chief executive of Nonprofits’ Insurance Alliance Group, which insures almost 9,000 nonprofit organizations in 24 states, had her workers study five years of the insurers’ data on volunteer and employee theft. They analyzed policies of about 2,000 nonprofit groups and found about one theft claim for every 100 policies.

Last year a report by the Association of Certified Fraud Examiners, which studied 959 cases, found that the median loss for nonprofit organizations that had been victimized by an embezzler was $109,000, meaning that about half lost more and half less. The median time to detect a theft was 24 months.

Likely Suspects

As organizations cut their staffs and budgets to ride out the rough economic times, they might be more likely to miss an incident or pattern of fraud, says Claudine Ford, head of Charity One Insurance Agency, in Azusa, Calif., who helps handle claims on employee-theft policies.

“When you start cutting positions and giving one person more to do, the risk is going to go up,” said Ms. Ford. “The controls will fall apart.”

Mr. Rees echoes that concern. “You’re pressing your employees to do more work with less help. You want to make sure the people in your accounting department who are doing that type of work have the time to do it.”

Ms. Greenlee’s study, which examined 58 nonprofit fraud cases, draws a startlingly specific profile of who is most likely to steal.

The typical fraud in her study involved a loss of less than $50,000, and the perpetrator was typically a woman who earned less than $50,000 a year and had never before committed a crime. The median age was 41, and the median tenure with the organization was seven years.

Ms. Greenlee says she faced the problem herself years ago as a program director for a social-services charity, when she discovered that a much-loved bookkeeper had been stealing for years.

The bookkeeper created an account she called “cash short and over” and used it to quietly siphon off money. She did it so well that auditors missed the discrepancy, and she took tens of thousands of dollars over two years. The employee was forced to resign, but wasn’t fired or prosecuted, Ms. Greenlee says. Even though the bookkeeper was bonded, the organization swallowed the loss rather than report it to police.

Ms. Greenlee calls that a mistake.

“If you catch someone, you have to make an example of it, because everybody knows,” she says. “They’ll feel like idiots for not doing it” if the consequences aren’t stiff.

Taking Precautions

Stopping potential thieves is not complicated.

Most precautions suggested by experts seem like common sense. Don’t sign blank checks. Do background checks on employees who handle money, and don’t let the person who reconciles the bank statements also make the deposits.

But other effective safeguards might not seem as obvious. For instance, Ms. Greenlee says, all employees should be required to take vacation time regularly.

“The secretary or bookkeeper you love who hasn’t taken a vacation in 30 years — maybe the person can’t take a vacation because they have to be there to cover [the fraud] up,” she says.

Edward McMillan, a certified public accountant in Forest Hill, Md., also studies nonprofit fraud. He suggests that nonprofit organizations checking their safeguards should be able to answer “yes” to the following questions:

• Are two signatures required on all checks and wire transfers?
• Are checks received in the mail immediately endorsed by the person who opens the mail?
• After checks have been endorsed, are employees who work outside the accounting department prohibited from coming into contact with the original checks?
• Is the stock upon which the checks are printed nonscannable?
• Has the bank been instructed not to change authorized signers without the approval of management?
• Is more than one person involved in preparing payroll and remitting payroll taxes?

“You do not know what’s going on in people’s personal lives,” Mr. McMillan writes on a tip sheet he distributes to charities. “In almost every situation where fraud has been discovered, the guilty party is the person above suspicion.”

Taking Control

Ms. Davis, of the Nonprofits’ Insurance Alliance Group, says her organization hasn’t seen a discernible uptick in theft claims since the recession took hold. She believes embezzlers are affected less by economic trends than by psychological compulsions that drive them to steal when they see an opportunity. Whether an organization has a system of safeguards in place, she says, is a decisive factor in determining if it will experience theft.

She says if an organization is so small it can’t afford strong controls or enough staff members to enforce them, the group should ask its board members to take a bigger role in reviewing and reconciling bank statements.

Mr. Rees says the Buckeye Ranch has no regrets about reporting its theft case to the police or firing the purported thief. Television news stations ran stories about it on a Friday, some of which made the case seem like a more complicated internal meltdown than the simple case of theft Mr. Rees says it really was.

But ultimately, he says, donors understood.

“The whole thing was a dead issue by Monday the following week,” he says. “I haven’t heard anything about it since.”