Responsibility of Board Members
According to research published in the Marquette report and the Association of Certified Fraud Examiners (ACFE) Report to the Nations on Occupational Fraud & Abuse (2016), those who commit fraud (for the first time) are among the most trusted in their organization(s). These are competent, educated employees that have risen to a level in their careers where they have access to assets and less oversight. Exceptionally few perpetrators are below 30 years of age or above 60 years. Individuals between those two ages account for 83% of cases. While data suggests that fraud is an equal opportunity crime (both genders commit the offense in equal numbers), men steal around 25% more than their female counterparts. Another interesting factoid: the longer individuals are employed, the more they steal.
Forensic accountant and Certified Fraud Examiner, Denise McClure, explains the story behind these numbers. Seasoned employees steal more than their untried workmates because they can justify it, she says. “I should have gotten a raise years ago,” “I’m under-appreciated,” “I’m only borrowing this money,” are all common rationalizations-turned-manifestos that help first-time offenders justify their illicit behavior. In the 1940s, Donald Cressy, a criminology student at Indiana University, hypothesized that there were three conditions necessary for someone to commit fraud: 1) a non-sharable financial pressure, 2) opportunity, and 3) rationalization. Today, experts call this combination the Fraud Triangle.
If the problem is that employees or staff see an opportunity to steal funds with a minimal chance of being caught, then the solution is to upset that confidence. Organizations need to make it difficult for employees to steal. If no one person has access to every password, master file, account, etc., then it is much harder for them to redirect funds without others noticing the discrepancy. This segregation of duties, along with regular reporting and reviews (typically by board members) will cultivate a “perception of detection” which tells your employees that whatever opportunity they may see, the chances of getting away with the crime are very, very small.
Nonprofits are particularly susceptible to first-time fraud offenders. Their mission-based, trust-filled culture attracts passion, but not always competency. If board members haven’t set up an adequate system of internal processes, oversight, and segregation of duties, they could be exposing their funds and employees to significant risk. Studies indicate nonprofits that publicly admit they were the victim of a fraud related offense will suffer a 30% drop-off in donor contributions during their next donation cycle. In fact, 60% of all fraud cases won’t be prosecuted because of perceived negative public reaction. Theoretically, restitution should be a compelling enough reason to take a fraudster to court despite the PR struggles, but restitution is a bit of a myth. “When people steal money, they spend it,” says Denise, “so there often isn’t any money to give back.”
When well executed, internal controls protect the integrity of the accounting staff and provide additional fiduciary protection to the board members. Your accounting software could (and should) be helping with all of this. Being able to segregate roles, assign security clearance by position or user, and keep an unbroken audit trail are all immensely important to the safety and success of any organization. “Pro-tip,” says Denise, “Look for an accounting solution that offers custom reports.” It’ll save loads of time and having clean, accessible reports will allow for more frequent (or impromptu) reviews.
Internal controls require a balance. Too many safeguards and your operation becomes absurdly inefficient. Too few, and the company is leaving the “opportunity” door open to disgruntled, stressed, and/or desperate employees/staff. The best way to protect your organization’s assets is to use the Trust but Verify principle.
Check out Denise McClure’s second webinar to discover what Trust but Verify looks like in action. Or, if you’re suddenly keen on improving security, consider running diagnostics on your organization’s internal controls.
Trackback from your site.