Fraud & Internal Controls For Nonprofit Organizations

Fraud & InternalControls for NonprofitOrganizationsRodney D. Case, CPA, MAFF

Facts and Stats about Fraud Statistics on the following slides come from the report to the Nations onOccupational Fraud and Abuse: 2016 Global Fraud Study Study of 2,410 cases of fraud between January 2014 and October 2015 www.acfe.com

Facts and Stats about Fraud Typical Organization loses 5% of annual revenue to fraud Median loss was 150,000 Over 23% of the losses exceeded 1 Million 10% of the losses examined were applicable to nonprofits – median loss of 100,000

Facts and Stats about Fraud Most Common – Asset Misappropriation (83%) – median loss of 125,000 Corruption – (35%) – median loss of 200,000 Financial Statement Fraud (10%) – median loss of 975,000

Facts and Stats about Fraud Longer the fraud lasts, the greater the damage. Median fraud duration – 18 months If a schemes lasted beyond five years, median loss of 850,000

Facts and Stats about Fraud Almost 95% of all cases – effort was made to hide and conceal the fraud Most common method – Creating or altering documents Owners/Executives – 18.9% - Median loss of 703,000 Employees – 40.9% - Median loss of 65,000 Managers – 36.8% - Median loss of 173,000

Facts and Stats about Fraud Median loss suffered by small organizations (100 employees or less) was thesame as that incurred by larger organizations (more than 10,000 employees) Greater impact to smaller organizations Most are first-time offenders In 40% of cases, organizations decided not to refer the case to lawenforcement. Bad publicity number one reason.

How do we mitigate these frauds withinour Organizations?Internal Controls

Causes of Control Weaknesses Lack of internal controls Lack of management review Override of existing controls Poor tone at the top Lack of competent personnel in oversight roles Lack of independent checks or audits Lack of employee fraud education No clear lines of authority Lack of reporting requirements

What are internal controls? Policies and procedures that protect the assets of an organization, create reliablefinancial reporting, promote compliance with laws and regulations, and facilitateeffective and efficient operations. Relate to accounting, reporting and to the organization’s communications process. Internal controls typically included procedures for: Handling funds received and expended Preparing appropriate and timely financial reporting Conducting and annual audit Evaluating staff Maintaining inventory records Implementing personnel and conflicts of interest policies

Top 4 nonprofit internal control risksthat we see Accounting Policy manual Sarbanes-Oxley Act General organization level controls Information Technology Controls

Accounting Policy Manual Description of procedures to monitor and record assets received, held andexpended. How do you handle real world day to day operations for each accounting cycle Discusses key internal controls Assists with employee turnover Real world examples

Sarbanes-Oxley History – Enacted July 30, 2002 – Set new or expanded requirements for USpublic company boards, management and public accounting firms. Deals with Corporate governance and financial practices Implement aspects to help your Organization Confidential and anonymous mechanism to encourage employees to reportinappropriate financial management Document destruction and retention policies

General Organizational Level Controls Segregation of Duties – Primary defense against internal fraud Effective checks and balances hinder embezzlement opportunities Deliberate fraud will require collusion of two or more people Much more likely that innocent errors will be found Concept of having more than one person complete a task to increase controls. Two Person Office Three Person Office Four or more person office

Information Technology Controls User Access System, application, and data security Should specify protocol for accessing, inputting, and changing electronic datamaintained by your Organization Protect confidential information of donors. Clients, etc. Information integrity, reliability, and validity are of the utmost importance intodays world

Conclusion Instituting and applying an effective internal control environment is a sign ofproper governance and proactive management. A strong internal controlenvironment assists nonprofit organizations in fulfilling their fiduciary duties.

Questions? Rodney D. Case, CPA, MAFFMWH Group, PC www.mwhpc.comrcase@mwhpc.com 940-723-1471

GUIDE TOSMALL BUSINESSRECORDKEEPING624 Indiana AveWichita Falls, TX 76301(940).723.1471mwhpc.com

WHAT TO KEEP AND FOR HOW LONGACCOUNTINGYEARSACCOUNTINGYEARSAccounts Payable Ledger7Charge Slips7Accounts Receivable Aging7Charts of AccountsPCheck RegisterPReportsAccounts Receivable Invoices7Expense Reports7Accounts Receivable Ledger7Financial StatementsPAccounts Written-off7General LedgerPAuthorization - Accounting5Investment—Sales/PurchasesPBalance SheetsPJournal EntriesPBank Deposit Slips3Petty Cash Records7Bank Reconciliations7Profit/Loss StatementsPBank Statements7Purchase Order7Budgets3Subsidiary LedgerPCanceled Checks10Trial BalancePCanceled Dividend ChecksPVendor Invoices7Cash BookPVoucher Check Copies7Cash Disbursement & ReceiptPRecordCash Sales Slips7Guide to Small Business Recordkeeping

WHAT TO KEEP AND FOR HOW LONGFIXED ASSETSYEARSDepreciation SchedulePInventory RecordsPPlans & BlueprintsPPlant Cost LedgerPProperty AppraisalsPProperty RegisterPRecords for Property Subject to DepletionPPAYROLLYEARSChecks—Payroll7Commission Reports—Salesperson6Contractors3 years from date ofcompletion of contractEmployee Withholding Exemption Certificates10Payroll Records—After Termination10Payroll Register4Time Reports7W-2 FormsPVacation/Sick Pay4Guide to Small Business Recordkeeping

WHAT TO KEEP AND FOR HOW LONGTAXESYEARSCanceled Checks—Tax PaymentsPCorrespondence—TaxPDepreciation SchedulesPFUTA/FICA/Income Tax Withholding4Income Tax ReturnsPInventory ReportsPPayroll Tax ReturnsPSales Tax ReturnsPGuide to Small Business Recordkeeping

WHAT TO KEEP AND FOR HOW LONGCORPORATE RECORDSYEARSAmendmentsPAnnual ReportsPArticles of IncorporationPAudit—Internal6Audit Reports—PublicPBoard of Directors—CommitteePBoard of Directors—Minute BookPBylawsPCapital Stock CertificatesPCapital Stock LedgerPCapital Stock TransactionsPCharterPContracts—After ing5Correspondence—GeneralPDividend Register & Canceled DividendChecksPElection RecordsPOrganizational ChartsPPartnership AgreementPStockholders—Minute BookPStock Transfer RecordsPGuide to Small Business Recordkeeping

Segregation of Duties - Two PeopleAccountant or other professional staff*Non-accounting personnel such as a receptionist, administrative personnel, etc. can betrained to perform some of the less technical dutiesMail checksWrite checksReconcile bank statementRecord credit/debitsApprove payrollDisburse petty cashAuthorize purchase ordersAuthorize check requestsAuthorize invoices for paymentExecutive DirectorReceive and open bank statementsSign checksMake depositsPerform interbank transfersDistribute pay checksReview petty cashReview bank reconciliationsApprove vendor invoicesPerform analytical proceduresSign important contractsMake compensation adjustmentsDiscuss matters with board or audit committeeReview wire/ACH transactionsReview account activity

Segregation of Duties - Three PeopleAccountant/other*Non-accounting personnel such as a receptionist, administrative personnel, etc. can betrained to perform some of the less technical dutiesApprove payrollProcess vendor invoicesMail checksPerform analytical proceduresApprove invoices for paymentDisburse petty cashOpen mail and log cashReceive bank statementsAccounting StaffWrite checksReconcile bank statementRecord credit/debitsReconcile petty cashDistribute payrollExecutive DirectorSign important contractsMake compensation adjustmentsSign checksComplete deposit slipsPerform interbank transfersPerform analytical proceduresReview bank reconciliationReview wire/ACH transactionsReview account activity

Segregation of Duties - Four PeopleAccountant/other*Non-accounting personnel such as a receptionist, administrative personnel, etc. can betrained to perform some of the less technical dutiesDistribute payrollOpen mail and log cashDisburse petty cashMail checksReview bank reconciliationAccountant/other*Non-accounting personnel such as a receptionist, administrative personnel, etc. can betrained to perform some of the less technical dutiesApprove vendor invoicesPerform interbank transfersApprove payrollComplete deposit slipsAccounting StaffWrite checksReconcile bank statementRecord credit/debitsReconcile petty cashExecutive DirectorSign important contractsMake compensation adjustmentsSign checksPerform analytical proceduresReview wire/ACH transactionsReview account activity

*Non-accounting personnel such as a receptionist, administrative personnel, etc. can be trained to perform some of the less technical duties Distribute payroll Open mail and log cash Disburse petty cash Mail checks Review bank reconciliation