Questions Not-for-Profit Boards and Advisors Should Ask About Fraud
Not-for-Profit Boards provide the critical governance, oversight and guidance needed to steer the organization in the correct direction. This includes awareness and advice on risks including fraud risks.
The challenge is that most NFP Board members have little if any knowledge of fraud beyond what they read in the papers and see on TV. It’s simply not their core
skill. They just don’t know what can go wrong with any depth.
Result: management and staff are deprived of needed guidance, and are often confused about what’s expected and how far to go – especially in not-for-profit organizations.
Two actions help compensate for this gap. First, know what questions to ask – and ask them! Second, find Board Advisors who can assist with building, implementing, and sustaining an effective Anti-Fraud Campaign.
Let’s look at these two critical actions.
First and foremost, Board members must step up and become personally familiar with the risks of fraud specific to the organizations they serve. This isn’t extra
work for Board members – it’s core work. That takes personal commitment, a little research, and an awareness of the questions Boards should be asking of the management team, internal and external auditors, and any advisors who serve the Board.
For example, here are five great questions Board members should ask to get the Fraud Risk Management dialog going.
1. What are the top ten fraud risks we face?
Fraud risk assessments are the flavor of the month right now. Much attention is placed on the format of the assessment often at the expense of the quality and depth of this important anti-fraud foundation step.
Fraud Risk Assessments should include the risk of manipulation in financial and non-financial results, theft of assets including information, risks from known and unknown third-parties who target the not-for-profit, and anything else that comes up from brainstorming meetings. Of course, include the 2015 favorite risk – cyber and other information technology fraud.
Assemble the needed brainstorming team and get started on open discussions that ask and answer, “What Can Go Wrong?”
2. How well prepared are we today to deter, prevent or promptly detect fraud?
The answer to this question should include the formal control infrastructure in place and the competency, awareness, interest, and attention level of managers and staff. Formal controls are often very thin in not-for-profits, and when we combine thin controls with staff lacking anti-fraud skills – well, the formula for disaster is set.
Board members should assess the organization’s structure from the top down to ensure it is properly aligned with mission and includes a working system of effective checks and balances.
Helpful questions include:
• What specific exposures should the Board itself be looking for and monitoring each month, including the accuracy of financial information and the risk of management override of controls?
• In support of Board anti-fraud responsibilities, is there an Audit Committee chaired by an independent director with real anti-fraud oversight skills?
• Do both the external and internal audit functions report to the Audit Committee both operationally and administratively? Do these audit and controls specialists identify and report areas of weakness?
• Is there a response protocol in place for handling tips?
• Do executives and managers really know how to minimize fraud risks? Do they monitor to ensure anti-fraud controls and behaviors are operating?
• Do staff members have the skills to recognize fraud and other wrongdoing in the documents and transactions they handle every day? And do they know they must speak up when something looks funny to them?
3. Is there a safe direct line of communication to the Board for anyone with concerns about suspected wrongdoing, misconduct or outright fraud?
Formal reporting hotlines are always a great idea – especially when administered by qualified third parties. But regardless of whether a formal mechanism is in place, do employees, suppliers, volunteers, donors and others know how to get directly to Board members when wrongdoing is suspected?
4. Is the Executive Director or equivalent position visible and vocal in leading the organization’s anti-fraud efforts?
I see it every day in business organizations confronting fraud risks. If the number one executive doesn’t lead the charge and get personally involved, it doesn’t
happen. Not number two; number one.
Visible vocal support includes stating their anti-fraud expectations clearly so that every employee, manager, Board member and volunteer understands. It includes issuing a Policy on Anti-Fraud Responsibilities that requires everyone to pitch in and help by knowing what can go wrong in their areas, paying attention, and speaking up right away.
Fighting fraud is a campaign, not an event. Number one must commit to leading that campaign until resulting anti-fraud daily behaviors become the new ‘muscle-memory’ of every employee and manager. Chief executives must be both visible and vocal, and they must personally recruit the troops to help.
5. Are employees trained in anti-fraud skills?
Employees will quickly pledge their willingness to fight fraud and protect the NFP organization where they work. But most lack the skills. Intentions without skills simply doesn’t work – not when fighting fraud is the goal.
Employees need real, useable, transaction-based skills for fighting fraud. Turn-by-turn instructions so there’s no possible chance for misunderstanding of what fraud looks like in documents they see, and exactly how and when to respond.
Employee willingness and anti-fraud competency are often the first and last line of defense in not-for-profits. The Board should make certain that the organization and employees are set up for success. Skills training is the critical missing link in most NFP’s and just about every other organization everywhere.
The second anti-fraud action great Boards take is to find and engage qualified Board Advisors who can fill in the gaps in Board anti-fraud skills. Board Advisors may include internal audit leaders, CPAs, legal and compliance staff or consultants, security and IT knowledge leaders, and anyone else needed to show the Board how to put effective action behind their anti-fraud intentions.
There is a new organization seeking to develop and certify Board members, candidates and advisors on issues of governance and risk management. Fraud Risk Management is right at the top of the list of priorities. It’s the perfect time to get in on the ground floor of this new organization created specifically to raise the bar on any Board’s ability to manage fraud and similar risks.
Find out more about the Center for Strategic Business Integrity.
Granted the ideas in this article aren’t the entire answer, but they are a good place to start. Break through the inertia that has prevented Boards, advisors and not-for-profit executives from bringing Anti-Fraud Campaigns to life. Start by taking the actions listed here. Build a head of steam in 2015, and make your goal beating fraud exposures once and for all.
Let me know if I can help. Just say the word and we’ll kick around ideas.
John J. Hall is a CPA and Certified Board Advisor. He brings 35 years of Fraud Risk Management experience to every client consulting engagement and training event. Since 1990, John has led over 2,000 live programs on fraud prevention, quick detection, and efficient incident response.