Article
Understanding and mitigating the risk of fraud in not-for-profit organizations
Apr 22, 2025 · Authored by Ashley Deihr, Mumta Taneja, Laurie Horvath, Tom Grabow
Not-for-profit organizations can be shockingly vulnerable to the risk of fraud. As an example, because of limited accounting staff size, an organization’s accounting clerk could be responsible for both opening donations, as well as for recording and depositing those donations. Due to this lack of segregation of duties, that clerk could embezzle $250,000 in funds intended to support the organization’s mission and might only be caught by an audit prompted by a whistleblower’s allegation.
Alternately, consider a scenario where an organization’s CFO manipulates the financial statements to create a misleading picture of financial health and programmatic success, resulting in significant increases in donations and grant funding. But when the fraud is eventually uncovered due to a donor’s request for detailed financial information, donors and granting agencies may became understandably concerned and halt funding, thereby curtailing the organization’s mission. In this case, the pressure to meet fundraising targets and the lack of internal controls contributed to the occurrence of the fraud.
Another example involves a procurement director accepting bribes from vendors in exchange for awarding contracts. The director was able to award contracts of any dollar value, with no additional review from management. The fraud was discovered when a whistleblower reported suspicious activities. When confronted with the fraud, the procurement director blamed insufficient compensation as a motivating factor for his actions. In this case, the lack of oversight and ethical training contributed to the occurrence of fraud.
Think something like this can’t happen to your organization? Well, think again. Fraud in not-for-profit organizations is more common than you think and can have serious impacts.
- Financial losses: Director financial impacts that can hinder the organization's ability to fulfill its mission. Losses may include penalties, legal liabilities and costs incurred to investigate fraud.
- Reputational damage: Loss of donor trust and public confidence leading to reduce funding. Not-for-profits rely heavily on donations, grants and volunteer efforts to achieve their work, which makes protecting your reputation imperative to being able to achieve your goals.
- Operational disruption: Diverts resources from mission-critical activities to address fraud-related issues; therefore, leading to increased costs and operational inefficiencies.
Unfortunately, this reliance on external resources, combined with natural resource constraints internally and less complex organizational structures, can leave not-for-profits vulnerable to fraud.
An introduction to fraud
Fraud is defined as any intentional act or omission designed to deceive others, resulting in a loss for the victim and/or a gain for the perpetrator.
Fraud can be categorized into three main types:
External fraud
Including activities like counterfeiting, cyber-criminality, bribery, money laundering and social engineering.
Internal (or occupational) fraud
- Financial statement fraud: The manipulation of financial records to present a false picture of the organization's financial health. This can be used to attract more donations or grants, or to hide the misuse of funds.
- Asset misappropriation: The theft or misuse of the organization's assets. This is the most common type of fraud and includes embezzlement, theft of inventory and unauthorized use of funds.
- Corruption: The abuse of power for personal gain. Examples include bribery, conflicts of interest and kickbacks.
Fraud against individuals
including identity theft and Ponzi schemes
Fraud triangle
Fraud experts often refer to the “fraud triangle,” which outlines the three elements that lead individuals to commit fraud; only one element can be present for fraud to occur:
- Financial pressure or the motive compelling someone to commit fraud.
- Opportunity or the ability to commit a fraud.
- Rationalization or the justification a fraudster uses to explain why they committed a fraud.
Fraud in not-for-profit organizations
Not-for-profit organizations face heightened risks of occupational fraud due to lean accounting teams, potential for conflicts of interest, grant and donation fraud, vendor kickbacks, false expense reimbursements and payroll fraud. They are particularly vulnerable because of fewer resources to prevent and recover from fraud loss.
The ACFE Occupational Fraud 2024: A Report to the Nations found that not- for-profit organizations reported 164 fraud cases, with a median loss of $76,000 and an average loss of $611,000. In addition, organizations that experience a fraud, may be fined or penalized, and the report further noted that not-for-profit organizations received fines most frequently, while publicly traded companies were the least likely to receive a fine.
Corruption was the most common scheme, underscoring the need for strong controls and ethical corporate culture.
- Lack of internal controls: Many not-for-profits operate with limited resources and may not have robust internal controls in place, creating opportunities for fraudsters to exploit.
- Limited oversight: Not-for-profits often rely on volunteer boards and committees for oversight. These individuals may not have the expertise or time to effectively monitor the organization's activities.
- Pressure to meet financial goals: Not-for-profits may face pressure to meet fundraising targets or financial goals. This pressure can lead to unethical behavior and fraud.
Preventing fraud in not-for-profits requires a proactive approach and the implementation of strong internal controls. Here are some strategies that can help:
- Establish strong internal controls: Implementing robust internal controls is essential to prevent fraud. This includes segregation of duties, regular audits and thorough documentation of financial transactions.
- Conduct regular audits: Regular audits can help identify and address potential fraud risks. These audits should be conducted by independent auditors who have experience with not-for-profits.
- Provide training and education: Educating staff and volunteers about fraud risks and prevention strategies is crucial. This can include training on ethical behavior, internal controls and how to report suspicious activities. Fraud awareness training is vital for staff at all levels of an organization. According to the ACFE Occupational Fraud 2024: A Report to the Nations, not-for-profit organizations that provided fraud awareness training uncovered frauds more than 2.5 times faster than those that did not and lost almost half as much money; yet, not-for-profit organizations have the lowest implementation rate of fraud awareness training.
- Implement whistleblower policies: Encouraging staff and volunteers to report suspicious activities can help identify and address fraud early. Implementing whistleblower policies and providing anonymous reporting channels can support this effort.
- Establish clear roles: All personnel have a responsibility in managing fraud risk, from the CEO and CFO to employees and the Board. Employees must ensure appropriate controls are in place, while management and the Board should develop formal policies to detect and prevent fraud.
- Strengthen oversight: Ensuring that the Board and committees have the expertise and time to effectively oversee the organization's activities is important. This can include recruiting individuals with financial expertise and providing training on oversight responsibilities.
Management should be aware of red flags that could indicate the presence of fraud. Quickly identifying and proactively addressing these red flags can help mitigate fraud risks.
Personnel issues
o Lack of background checks
o Dissatisfied employees
o Unwillingness to share duties
o Reluctance to take time off
o Living beyond one’s means
Process issues
o Lack of segregation of duties
o Lack of written policies or documentation to support the execution of controls
o Poor physical security
o Poor information systems access controls
Management issues
o Lack of technical area expertise
o Lack of adequate supervision
o History of legal violations
Red flag phrases used by employees that may indicate control deficiencies and/or fraud risks:
o “This is really how it’s done”
o “I have always done it this way…”
o “Just this one time…”
o “Off the record…”
o “There are no policies or procedures for this process”
If a red flag is noticed, it is important to follow organization protocols which may include informing management or using the appropriate reporting avenues (e.g., whistleblower hotlines). It is important to maintain confidentiality as to prevent compromising potential investigative procedures.
Management and boards can help their organizations to address fraud risk through implementation of an anti-fraud program. While such a program must be tailored to the size and nature of the organization, key components can include:
- Anti-fraud policy
- Anti-fraud or whistleblower hotline
- Code of conduct
- Compliance and ethics department
- Conflict of interest policy
- Dedicated fraud department
- Employee support programs
- Fraud risk assessments
- Fraud training for employees
- Fraud training for management/executives
- Independent audit committee
- Internal audit department
- Job rotation
- Management certification of financial statements
- Management review and surprise audits
- Mandatory vacation
- Proactive data monitoring/ analytics
- Robust internal controls framework
- Whistleblower anti-retaliation policy
- Whistleblower rewards
Fraud in not-for-profit organizations is a significant issue that can undermine the trust and effectiveness of these entities. Not-for-profits can take proactive steps to protect themselves from fraud, ultimately ensuring they are able to achieve their missions and serve their communities effectively.
Baker Tilly can help. Please connect here to learn more about our not-for-profit services.
