fraud in nonprofits: real stories presented by: mike hablewitz, cpa, senior manager
TRANSCRIPT
Fraud Triangle
• 3 factors are generally present in any fraud:
Pressure
Rationalization Opportunity
Fraud Triangle
Case #1
• The situation:– 2 people with access to accounting system
and ability to prepare checks (one person usually prepared them)
– Check preparers had access to signature stamp for the E.D.
– Check registers were given by the check preparer to the E.D. for review and signature
Case #1
• What happened? How did she do it?– Check preparer wrote fraudulent checks to
herself– Used the signature stamp (although she could
have forged the signature)– Check registers were altered to exclude these
fraudulent checks
Case #1
• What could the organization have done?– Reviewed bank statements and cancelled
check images– Accounted for every check number– Review financial statements – compare
budgeted versus actual expenses
Case #2
• The situation:– Board run organization (no employees)– Treasurer handles the finances– Board monitored/governed the organization’s
finances by how much cash was in the bank
Case #2
• What happened? How did he do it?– The Board President made dozens of
fraudulent cash withdrawals– He also executed several fraudulent
electronic payments– He received the bank statements and he
reported to the Board how much cash was on hand
Case #2
• What could the organization have done?– Board requirement that monthly financial
statements be produced, then compare budget vs. actual results; follow-up on unexpected variances
– Have someone else also involved in the finances, provide oversight
– Review of bank statements for unusual activity
Case #3
• The situation:– The bookkeeper opened the mail, prepared
the deposit log, and made the deposits– There was typically no involvement of another
person in the deposit process– The organization received small, unsolicited
contributions, including some cash
Case #3
• What happened? How did she do it?– The bookkeeper skimmed from the deposits,
typically from the cash– She filled out the deposit logs accordingly, or
altered them afterward if need be (they were completed in pencil!)
– She didn’t take large individual checks that likely would have been easier to notice if they were missing
Case #3
• What could the organization have done?– Have two people present when opening mail– Have both people sign and date the daily
deposit log, and complete it in pen or electronically (sign and date a hard copy)
– Note: All checks should be restrictively endorsed immediately upon opening the mail regardless of how many people are present
– Compare the deposit log to the deposits on the bank statements
– Using a lockbox is an alternative solution
Case #4
• The situation:– The organization had multiple employees with
a company credit card (all on one account)– The credit card bill was approved by the
Executive Director just like all the other vendor bills
Case #4
• What happened? How did he do it?– The Executive Director made numerous
fraudulent (personal) charges using his company credit card
– The Accountant didn’t make sure that receipts were turned in for all charges on the account
– Only the Executive Director and Accountant saw the credit card bills
Case #4
• What could the organization have done?– Require all receipts be turned in to the
Accountant, and make sure the receipts haven’t been “altered”
– Have an upward review and approval (board member) of the Executive Director’s charges/receipts
– The same should be done for an Executive Director’s expense reports
Case #5
• The situation:– There were multiple people who could
approve invoices and sign checks– The invoices were not marked “paid”– Mail from vendors was routed to the
Accountant unopened
Case #5
• What happened? How did she do it?– The Accountant would submit the same
invoice/check to multiple check signers (could use a copy or just resubmit the same invoice)
– As a result, the vendor would be paid twice, creating a credit on the account
– The vendors would then send a check to pay the organization back, which was routed to the Accountant who cashed it personally
Case #5
• What could the organization have done?– Require that only original invoices will be
approved for payment– Cancel all invoices, commonly done with a
“paid” stamp where the date and check number is noted on the invoice
– Have two people open the mail and immediately restrictively endorse incoming checks for the organization’s deposit only
Case #6
• The situation:– The Accountant submitted all payroll info to
the 3rd party payroll provider– The payroll reports from the 3rd party were
used by Accountant to record the transactions in the accounting system
– Nobody else saw the payroll reports
Case #6
• What happened? How did she do it?– The Accountant submitted info to the 3rd party
for a ghost employee (her relative)– She had the necessary info to complete the
paperwork, then forged a signature on a form– Employees were paid via direct deposit (no
“individual” amount and cancelled check image available for review on the bank statement)
Case #6
• What could the organization have done?– Have the 3rd party payroll reports sent directly
to someone other than the Accountant– Have this person review the reports to ensure
all names are legitimate employees (note: make sure the salary and wage rates are reasonable for everyone as well, especially the person submitting the info to the 3rd party)
Tips and Reminders
• Trust your instincts – if something doesn’t seem right, investigate it
• Look for signs of pressures (fraud triangle)• Do background checks• Review the following:
– Bank statements, EFTs and check images– Payroll reports– Credit card statements/receipts– Financial statements, including budget variances
Tips and Reminders
• Cancel all invoices• Know who your employees and your
vendors are• Have two people open mail and handle
deposits– Have two people involved at special events as
well, especially if cash is involved
• Restrictively endorse all checks immediately upon opening the mail
Closing Thoughts
• Trust, but verify; it is okay to be skeptical• Document your internal controls• Don’t rely on outside parties – employees are
the best source for tipping off a fraud.• Fraud happens, and it happens way more than
we’d like to think; nonprofits are certainly not immune
• Perpetrators are often the last person we would suspect
• Don’t be on the front page of the newspaper!
Thank you!
Mike Hablewitz, CPA, Senior Manager
Wegner CPAs
2110 Luann Lane
Madison, WI 53713
608.442.1923
www.wegnercpas.com
wegnercpas.com/blog
facebook.com/WegnerCPAs
linkedin.com/company/WegnerCPAs
twitter.com/WegnerCPAs
google.com/+WegnerCPAs