Sadly, nonprofit organizations are not immune from employee embezzlement. Because many nonprofits tend to be more trusting of their employees and have less stringent financial controls than their for-profit counterparts, they fall prey to embezzlement and other forms of employee fraud at an alarming rate. By way of recent example:
- On September 17, 2009, the former CFO of the Association of Fish and Wildlife Agencies, an international conservation group based in Washington, D.C., is to be sentenced in federal court after her plea of guilty to wire fraud. A 10-year employee of the organization who worked her way up to CFO, she used the organization's credit card to charge approximately $184,000 in personal expenses, including hair and make-up expenses and casino charges.
- On September 4, 2009, the former Executive Director of the Oklahoma CASA Association, an advocacy agency for abused and neglected children, received a 15-year prison sentence after her plea of guilty to embezzling $549,024. Another 10-year employee of the organization, she also used the organization's credit cards for personal expenses such as foreign vacations, cosmetic surgery, and college tuition. During the investigation, it was reported she told law enforcement officers, "I was very good at cooking the books."
- On August 31, 2009, a former bookkeeper and office manager at the House of Ruth, a California organization that provides shelter to homeless women and children, was sentenced to a year in prison. The former bookkeeper and office manager had pleaded guilty earlier in the year to federal charges of misappropriating $138,370 in federal funds and embezzling $238,000 from the organization's bank accounts.
Nonprofits are not defenseless, however, and there are several proactive steps organizations can take to prevent and detect employee embezzlement.
Double Signatures, Authorizations and Back-up Documentation
Multiple layers of approval will make it far more difficult for embezzlers to steal from the organization. For expenditures over a predetermined amount, require two signatures on every check and two authorizations on every cash disbursement. Where the professional staff of an organization is too small to effectively implement a double authorization policy, consider having a (volunteer) officer or director be the second signatory or authorization required (generally, an officer will be preferable to a director). Similarly, all check and cash disbursements should be accompanied by an invoice or other document showing that the payment or disbursement is appropriate. If the size of your organization allows it, the invoice or disbursement request should be authorized by a manager who will not be signing the check. Never pre-sign checks. With credit cards, require prior written approval for costs estimated to exceed a certain amount. Again, the person using the card cannot be the same person authorizing its use.
Segregation of DutiesHand in hand with multiple authorizations goes the segregation of duties. At a minimum, different employees should be responsible for authorizing payments, disbursing funds, and reconciling bank statements and reviewing credit card statements. If the organization does not have enough professional staff to effectively segregate duties, a (volunteer) officer or director should be tasked with reconciling the bank statement and reviewing credit card statements. Because embezzlement also can occur when funds are coming into an organization, no single individual should be responsible for receiving, depositing, recording, and reconciling the receipt of funds. By the same token, all contracts should be approved by a manager uninvolved and personally uninterested in the transaction (i.e., it will not impact his or her bonus or salary) and, wherever possible, contracts should be the product of competitive and transparent bidding.
Fixed Asset Inventories
At least yearly, the organization should perform a fixed asset inventory to ensure that no equipment or other goods are missing.
Background checks on new employees and volunteer leaders can unearth things such as undisclosed criminal records, prior instances of fraud and heavy debt loads that can make it more likely that an employee or volunteer leader might succumb to fraud.
Audits and Board Level Oversight
The control measures discussed above only work if someone is checking. In addition to management, who should be ensuring that the measures discussed above are followed, organizations should also undertake regular external audits to ensure that these measures are effective. Organizations also should establish audit committees on their board of directors, containing at least one person expert in accounting, that would serve as the primary monitor of these anti-fraud measures. In lieu of an audit committee, smaller organizations should consider putting a CPA or other financially-knowledgeable person on the board of directors to serve a similar function.
* * * * * *
While there will always be instances where a determined thief manages to beat an organization's controls, the steps suggested above will go a long way toward deterring embezzlement and other types of fraud, and will make it easier to expose dishonest employees.
William Devaney is a partner at Venable LLP, resident in its New York City office. A former federal prosecutor, he frequently conducts internal investigations for nonprofit organizations and represents them in government investigations.
Jeffrey Tenenbaum is a partner at Venable LLP, resident in its Washington, DC office. He chairs Venable’s Nonprofit Organizations Practice Group.
This article appeared in the September 11, 2009 issue of Association Trends; the December 2009 issue of Exempt Magazine; the November/December issue of Association Impact; and the 2010 edition of Journal for Nonprofit Management.