Red Flags: Beware The Fraud Triangle

The director of facilities at the Woodruff Arts Center in Atlanta pleaded guilty a few years ago to embezzling more than $1.1 million. According to the Federal Bureau of Investigation, former employee Ralph Clark stole the money from the visual and performing arts center by submitting invoices for bogus expenses, picking the checks up in person, and then depositing them into accounts over which Clark had signatory authority.

Limited staff, tight operating budgets, and a trusting nature have helped to make nonprofits attractive targets for criminals, according to accountants and other fraud investigators. In fact hundreds of millions of dollars have been illegally diverted from nonprofits — $170 million alone in 2009 — according to a Washington Post story covering the years 2008 to 2012.

Fraud can be difficult to detect, especially if higher-ups are involved. There are some “red flags” that can serve as early indicators that something’s wrong.

“Splitting up responsibilities among multiple people — with each serving as a check or balance on the other — is a basic form of internal control,” said Nidhi Rao, a director in the Greater Washington, D.C., office of BDO Consulting. “Nonprofits tend to have relatively small staffs, so it can be a challenge to find enough employees to segregate duties in an adequate manner. This can be a big problem,” she said.

Bank reconciliations that aren’t being done in a timely manner could be a red flag for fraud, she noted.

“Another red flag is when one person has control over disbursements with no oversight,” she added. “In one case we discovered that an executive director at a nonprofit was able to improperly charge about $1 million of personal expenses to a corporate credit card because there were no monitoring processes in place.”

Her advice: “Get creative. Management should identify creative compensating control solutions to address the risk of fraud when duties cannot be adequately segregated. The board of directors and senior management of the organization should also take steps to ensure that appropriate tone at the top is established and that employees have a venue to anonymously report their concerns and issues.”

Verifying the integrity of the basic books and records can help to prevent or detect fraud, according to Jerry O’Neil, a partner in the New York City office of accounting firm O’Connor Davies.

While the books contain numerous transactions, he explained, the numbers can be changed or adjusted by journal entries to the general ledger. “So it is important that all journal entry postings should be reviewed and approved by responsible parties.”

Accountability and good governance procedures — including a written “whistleblower” and conflicts of interest policies — can also help.

“Internal controls, and policies and procedures should be periodically reviewed to ensure they’re up to date and are functioning as intended,” O’Neil said. “Employees at all levels should be encouraged to report improper practices without fear of improper retaliation.”

Even some simple, common sense steps can make a difference. “Change passwords on a periodic basis to reduce the risk of improper access,” O’Neil suggested. “And you want to preserve an audit trail of transactions, so data records should be backed up daily or weekly and stored offsite. Those backed up records should be tested periodically to ensure their integrity,” he said.

Internal and external auditors should be on the lookout for “the fraud triangle” of opportunity, rationalization and pressure, advised Mark Oster, New York City-based national managing partner for Grant Thornton’s Not-for-Profit and Higher Education practices.

“When an opportunity, such as weak internal controls, combines with pressure, such as personal financial problems or unrealistic performance compensation demands, some individuals will rationalize fraud, perhaps by convincing themselves that they’re not being rewarded in a fair manner,” said Oster. “We’ve also seen situations where a high-level executive creates a culture of fear, and will routinely bypass internal controls without being challenged. This creates a climate where fraud can flourish.”

Situations like that call for extra vigilance, he added. “The trail of red flags can include altered documents, or inventory shortages like missing laptops or other portable assets,” Oster cautioned. “Also look for employees who appear to be living beyond their means.”

Carefully reviewing documents can turn up discrepancies, such as invoices from different vendors that bear the same invoice number, or check numbers issued from Accounts Payable that are out of sequence.

“Analytic software can be used to catch a lot of these conditions,” he added. “Vendor addresses can also be compared with the home addresses of employees and board members. If they match, you could have a situation where individuals are using their own company to overbill the nonprofit for goods and services.”


Martin Daks is a freelance business writer based in Bethlehem Twp., Pa., and a regular contributor to The NonProfit Times.