In this white paper, we will share first-hand experience and research regarding the negative impact on nonprofit organizations as a result of financial fraud and cybercrime.  Specifically, we will discuss the direct economic effect on the financial bottom line as a result of lost time, litigation, fines and penalties as well as the eroding of public confidence, which has a causal effect on donor contribution. Nonprofit organizations provide critical social services to our communities in need, including healthcare and education. However, in spite of these organizations mission-driven approach, they often find themselves the victims of a wide range of financial crimes ranging from financial fraud and embezzlement to cyber crime. We will provide background information and document case studies that demonstrate how organizations can assess, mitigate and transfer risk to respond and recover quickly through proactive processes to protect critical business resources as part of business continuity plan to serve their communities.

Understand the Inherent Risks and Vulnerabilities to Fraud for Nonprofits and Why They Should be Concerned

Today, nonprofit organizations operate in an inherently challenging environment where they are vulnerable to threats  from financial fraud and cybercrime.  According to the 2014 Report to the Nations by the Association of Certified Fraud Examiners (ACFE), nonprofits are increasingly falling victim to fraud, accounting for 10.8% of total frauds in 2013, which is up from 9.6% reported in 2010. Nonprofit organizations lost a median $108,000 per fraud in 2013, up from $90,000 reported in 2010, in large part because of some unique internal operational weaknesses which may be easily exploited by fraudsters. 

What are some of the common challenges leading to the risk of fraud?

One operational challenge that nonprofits frequently deal with is the segregation of duties, usually due to limited staffing. Our experience in conducting fraud assessments and audits often reveal this as a vulnerability, especially in instances of an embezzlement of a nonprofit. We have found these organizations to be at risk due to lack of effective internal controls. Often, because of budgetary constraints, nonprofits are short-staffed in managerial and operational positions, leaving inadequately supervised employees and reduced oversight to monitor internal financial controls. Limited budgets can also deter nonprofits from having the basic information security policies, procedures and incident response planning that could lessen the eventual impact of financial fraud and cybercrime.  

A second challenge for nonprofit organizations is the lack of emphasis on creating a culture of fraud prevention and detection as well as a clear understanding of the consequences for offenders. According to Bob Carlson in his 2011 article in The Chronicle of Philanthropy, ‘although an employee committing fraud may significantly impact the organization, employers have been reluctant to fire or prosecute employees. Again, we continue to see this position taken by management in similar circumstances, but one that deserves consideration when looking at the downstream effect on future employee action versus immediate harm to reputation once stakeholders receive notification.’  

Another common issue is that leaders of nonprofits, board members, and volunteers may have a sense of complacency supported by a feeling of well-being that they are not likely to be a target for fraud. This confidence is not born out by facts.  We should review by the ACFE and the cybersecurity threat analysis of Verizon, Ponemon, and IBM which found that small businesses and nonprofits are equally deemed to be likely targets for a cybercrime as are larger corporate organizations. 

To download a PDF of the complete White Paper, Click Here