Accepting the fact that fraud will happen is a big part of, ideally, preventing it or, more practically, minimizing the damage if it does occur.
During the 2013 Blackbaud Conference for Nonprofits, Melanie Morton of Blackbaud discussed the damage of fraud and potential ways to stop it. Norton said that constant vigilance is the key, but she also said that nonprofits could work against fraud by implementing the following procedural controls:
- Reconcile both bank and card-related accounts daily;
- Segregate accounts by payment type and purpose to easier identify exceptions and enable use of transaction filters & blocks;
- Report potential fraud occurrences to the organization’s bank in a timely manner; and,
- Offer employee support with documented procedures and training.
Enforce security procedures with:
- Authentication/authorization controls in payment process such as strong passwords and a security token or key fob that generates one-time-use passwords;
- Physical access controls to payment processing;
- Logical access controls to network and payment apps dedicated computer for financial institution transactions or restrictions on staff use of Internet on the network;
- Transaction limits for payment disbursements and corporate card purchases;
- Separate duties in payment process (submitting bills, approvals, signing checks, and reconciliation);
- Internal and external audits; and,
- An employee hotline to report potential fraud.