Fraud in Nonprofits: Real StoriesPresented by: Mike Hablewitz, CPA, Senior Manager

Fraud Triangle

• 3 factors are generally present in any fraud:

Pressure

Rationalization Opportunity

Fraud Triangle

Case #1

• The situation:– 2 people with access to accounting system

and ability to prepare checks (one person usually prepared them)

– Check preparers had access to signature stamp for the E.D.

– Check registers were given by the check preparer to the E.D. for review and signature

Case #1

• What happened? How did she do it?– Check preparer wrote fraudulent checks to

herself– Used the signature stamp (although she could

have forged the signature)– Check registers were altered to exclude these

fraudulent checks

Case #1

• What could the organization have done?– Reviewed bank statements and cancelled

check images– Accounted for every check number– Review financial statements – compare

budgeted versus actual expenses

Case #2

• The situation:– Board run organization (no employees)– Treasurer handles the finances– Board monitored/governed the organization’s

finances by how much cash was in the bank

Case #2

• What happened? How did he do it?– The Board President made dozens of

fraudulent cash withdrawals– He also executed several fraudulent

electronic payments– He received the bank statements and he

reported to the Board how much cash was on hand

Case #2

• What could the organization have done?– Board requirement that monthly financial

statements be produced, then compare budget vs. actual results; follow-up on unexpected variances

– Have someone else also involved in the finances, provide oversight

– Review of bank statements for unusual activity

Case #3

• The situation:– The bookkeeper opened the mail, prepared

the deposit log, and made the deposits– There was typically no involvement of another

person in the deposit process– The organization received small, unsolicited

contributions, including some cash

Case #3

• What happened? How did she do it?– The bookkeeper skimmed from the deposits,

typically from the cash– She filled out the deposit logs accordingly, or

altered them afterward if need be (they were completed in pencil!)

– She didn’t take large individual checks that likely would have been easier to notice if they were missing

Case #3

• What could the organization have done?– Have two people present when opening mail– Have both people sign and date the daily

deposit log, and complete it in pen or electronically (sign and date a hard copy)

– Note: All checks should be restrictively endorsed immediately upon opening the mail regardless of how many people are present

– Compare the deposit log to the deposits on the bank statements

– Using a lockbox is an alternative solution

Case #4

• The situation:– The organization had multiple employees with

a company credit card (all on one account)– The credit card bill was approved by the

Executive Director just like all the other vendor bills

Case #4

• What happened? How did he do it?– The Executive Director made numerous

fraudulent (personal) charges using his company credit card

– The Accountant didn’t make sure that receipts were turned in for all charges on the account

– Only the Executive Director and Accountant saw the credit card bills

Case #4

• What could the organization have done?– Require all receipts be turned in to the

Accountant, and make sure the receipts haven’t been “altered”

– Have an upward review and approval (board member) of the Executive Director’s charges/receipts

– The same should be done for an Executive Director’s expense reports

Case #5

• The situation:– There were multiple people who could

approve invoices and sign checks– The invoices were not marked “paid”– Mail from vendors was routed to the

Accountant unopened

Case #5

• What happened? How did she do it?– The Accountant would submit the same

invoice/check to multiple check signers (could use a copy or just resubmit the same invoice)

– As a result, the vendor would be paid twice, creating a credit on the account

– The vendors would then send a check to pay the organization back, which was routed to the Accountant who cashed it personally

Case #5

• What could the organization have done?– Require that only original invoices will be

approved for payment– Cancel all invoices, commonly done with a

“paid” stamp where the date and check number is noted on the invoice

– Have two people open the mail and immediately restrictively endorse incoming checks for the organization’s deposit only

Case #6

• The situation:– The Accountant submitted all payroll info to

the 3rd party payroll provider– The payroll reports from the 3rd party were

used by Accountant to record the transactions in the accounting system

– Nobody else saw the payroll reports

Case #6

• What happened? How did she do it?– The Accountant submitted info to the 3rd party

for a ghost employee (her relative)– She had the necessary info to complete the

paperwork, then forged a signature on a form– Employees were paid via direct deposit (no

“individual” amount and cancelled check image available for review on the bank statement)

Case #6

• What could the organization have done?– Have the 3rd party payroll reports sent directly

to someone other than the Accountant– Have this person review the reports to ensure

all names are legitimate employees (note: make sure the salary and wage rates are reasonable for everyone as well, especially the person submitting the info to the 3rd party)

Tips and Reminders

• Trust your instincts – if something doesn’t seem right, investigate it

• Look for signs of pressures (fraud triangle)• Do background checks• Review the following:

– Bank statements, EFTs and check images– Payroll reports– Credit card statements/receipts– Financial statements, including budget variances

Tips and Reminders

• Cancel all invoices• Know who your employees and your

vendors are• Have two people open mail and handle

deposits– Have two people involved at special events as

well, especially if cash is involved

• Restrictively endorse all checks immediately upon opening the mail

Closing Thoughts

• Trust, but verify; it is okay to be skeptical• Document your internal controls• Don’t rely on outside parties – employees are

the best source for tipping off a fraud.• Fraud happens, and it happens way more than

we’d like to think; nonprofits are certainly not immune

• Perpetrators are often the last person we would suspect

• Don’t be on the front page of the newspaper!

Thank you!

Mike Hablewitz, CPA, Senior Manager

Wegner CPAs

2110 Luann Lane

Madison, WI 53713

608.442.1923

mike.hablewitz@wegnercpas.com

www.wegnercpas.com

wegnercpas.com/blog

facebook.com/WegnerCPAs

linkedin.com/company/WegnerCPAs

twitter.com/WegnerCPAs

google.com/+WegnerCPAs