Tuesday, December 4, 2012

Back to it

It has been some time since I last posted on my blog.  Unfortunately, my work took me away from what I love to do and that is to work with Not-for-Profits.  So I made a decision to change and now have set up my own consulting business.

Keep a watch for posts being made!

Sunday, January 30, 2011

Invoice Fraud

Many organisations at some time will receive an invoice for goods or services that the organisation did not receive. These may be opportunistic fraud from someone external to the organisation that will be sending small dollar value invoices to a large number of businesses in the hope that due to the small amount, the invoice would not be investigated further and simply paid. These could be created by employees who are aware of a lack of controls internally that allows the employee to create false invoices and have them put through the approval process and then be paid.

So how can an organisation make sure that they are not allowing for a false creditor to be set up on the system thereby allowing false invoices to be paid? Here are some points that may assist in the approval process for new creditors:

  • A free ASIC search can show if the company is actually registered and confirm the ACN – for those not in Australia, a confirmation that the company has officially been registered with the appropriate government authority;
  • Verify the personal details of the directors – this can be done by checking the telephone directory, a Google search or other similar search;
  • Determine if the company has a credit rating;
  • Search for any legal proceedings against the company – many courts have an online system of checking matters currently before the court as well as those that had been finalised;
  • Check the telephone directory to determine if the company is listed; and
  • Confirm the trading address through means such as Google Maps.

Sunday, October 10, 2010

How Up to Date Are Your Policies?

One problem I see on a regular basis when I am conducting fraud investigations is the lack of policies or that policies are out of date. Let me give you an example. I regularly see employees using credit cards issued for organisation use for personal use.

When conducting these types of investigations, employees make comments such as “I didn’t know I couldn’t use it like that” or “Everyone else uses the card to buy personal things, why can’t I?”. If there is an up-to-date policy that employees are required to be aware of, these types of issues should not arise.

So what should an organisation do? Here are some suggestions:
  • Make sure policies are reviewed on a regular basis. What is a regular basis? That is dependent on individual organisations – yearly is common.
  • Do policies clearly set out what is and is not acceptable behaviour of your employees and volunteers?
  • Have policies that are in plain language and are straight to the point. There is no need to have “long winded” policies that are difficult to read.
  • Make sure employees and volunteers are aware of and understand policies. This can be done by having policies available on the organisation’s intranet, having employees sign off each year to say they have read and understand the policies (this can be done at the induction when they are first employed and at their yearly performance appraisal).
  • If an event triggers a potential issue with a policy, update it when the issue arises – don’t leave it until another problem arises.

Sunday, August 29, 2010

How Important is Your Information?

Every nonprofit organisation maintains a significant amount of information. How much is that information worth to your organisation – donor lists, methods of preparing sponsorship proposals or grant proposals.

It is difficult, if not impossible to place a value on these, but if someone was to takes copies, the future reduction in income could be significant. So how do you protect your information? Some examples include:
  • Do not allow staff to use external devices such as external hard drives on their computers;
  • Only allow those staff who need access to the documents to have access;
  • If a staff member resigns, review what they send through their work email;
  • When the staff member leaves, if you are concerned, have their computer reviewed for such things as the use of personal emails (eg Hotmail).

Monday, July 26, 2010

Is Fraud Really a Risk?

Respondents to our new PPB Not-for-Profit Risk Survey were asked if their organisation takes into account a number of different risks, including fraud.  Where did fraud rank?

58% of organisations stated that they considered fraud was a risk to their organisation.  However, fraud ranked 7th.  The order of risks was as follows:

Financial Risk - 89%
Compliance Risk - 77%
Public Liability Risk - 71%
Human Risks - 69%
Security Risk - 65%
Project Risk - 64%
Fraud Risk - 58%
Technological Risk - 56%
Financial literacy of key staff - 46%
Natural hazard / disaster risks - 46%
Risk of Insolvency - 43%

While 58% of respondents take into account fraud as a risk, it was interesting to note that while 89% of organisations consider financial risk, just under half (43%) consider the risk of insolvency.

Sunday, July 11, 2010

Protecting sensitive information

All organisations will, over time, hold information that is considered sensitive (eg. Information about clients or students, information about donors, grant information). This information needs to be protected. Examples of ways to protect sensitive information include:
  • Personal data of employees, volunteers, clients etc should be held in accordance with relevant data protection legislation that is relevant to the organisation’s jurisdiction.
  • All data should be stored securely and adequately backed up.
  • Audit logs should be maintained so as to know who accessed data and when it occurred. These audit logs needs to be maintained and backed up appropriately also.
  • Spot checks should be undertaken to confirm that access to the records were for legitimate reasons.
  • Determine who should have access to the data and ensure they are the only ones who have access.

Monday, June 28, 2010

What is Financial Statement Fraud?

The financial statements of an organisation explain what the organisation has done during the last 12 months so when financial statement fraud occurs, the financial statements do not tell the true or actual picture.

Both the Profit and Loss Statement and the Balance Sheet can be manipulated.

The Profit and Loss Statement can be misstated in the following ways:

Overstated revenue

By overstating revenue, the profit is improved or loss is reduced.

Understated expenses

By understating expenses, the same effect as overstating revenue is achieved.

However, the opposite may also be possible in a nonprofit. For example, if an organisation is required to expend all of a grant and has not done so, increasing expenses would enable the grant to be acquitted as required by the grant provider.

The Balance Sheet can be misstated in the following ways:

Overstated assets

Generally an organisation will want to overstate assets to show the organisation in a better position than it is actually in (for example to ensure the bank is happy with lending criteria). However, again the opposite may occur in a nonprofit organisation as the organisation may want to be seen to have fewer assets to ensure the continued receipt of grants.

Understated liabilities

It is normal in financial statement fraud that liabilities are understated.

Ultimately someone in the organisation has to undertake the falsified transactions and the accounts are then approved with or without knowledge of the fraud. However, if the accounts are then used, significant problems could arise, from fraud charges against an employee, management or a member of the board, reputation risk or loss of funding.

Monday, June 14, 2010

Changing Treasurers = Loss of Accounting Records?

One of the questions I am regularly asked about is how smaller nonprofits keep control of their accounting records when treasurers change so regularly – usually every year.

Issues I have been asked about include:
  • The Treasurer uses his/her own accounting software on his/her home computer. In this case how does the board control the security of the information (eg. viruses on the computer), loss of the information (eg. damage to the computer hard drive) or the computer being stolen if the house was broken into? There is also the issue of the organisation potentially not using licensed software.
  • The Treasurer does not hand back the accounting records when ceasing in the position. If the only records available are those held by the accountant / auditor it can be difficult to budget for the next year.
  • The Treasurer does not give the rest of the board access to the accounting records. This can mean a number of problems from the Treasurer wanting absolute control, to fraud.
How do you resolve a situation like this? The organisation should consider and investigate online accounting software. Some accounting software (some of which is well known and widely used) is now available online. This means that as one Treasurer leaves and a new Treasurer takes over, the data is available. It also mean that it can be accessed (even if it is read only) by other members of the board, the external accountant / auditor and is backed up properly by the software provider.

Sunday, May 30, 2010

Employment difficulties

Have you ever had difficulty finding a new staff member and had another staff member recommend a family member? There are a number of issues that should seriously be considered.

Firstly, the relationship may cause tension in the workplace – either between the two or between them and other employees / volunteers. The other issue is that it potentially makes is easier for them to collude to commit fraud as a result of the close family relationship.

So how can you deal with this issue? A decision needs to be made whether it is appropriate to employ relatives of current employees. The employment policy should clearly set out that family members will not be employed at least, in the same area or allowing one family member to supervise the other family member.

Sunday, May 16, 2010

Front page of the Newspaper Test

When management or the board of any non profit makes a decision, they need to consider a number of issues - eg. what will it cost the organisation, what benefits will the organisation receive.

However, another issue needs to be considered when making decisions - how would others view your decision if it made the front page of the newspaper?  Would you lose donations?  Would there be agreement with your decision?  Every decision should be considered to this extent.  Those decision can very from how do you spend funds raised to should you report fraud to the police.

Of course, some non profits are at greater risk of hitting the front page of a newspaper than other non profits (eg. a charity would be a reasonably high risk as a significant portion of funds are publically raised).  However, this one question is a good test of if the decision is in the best interests of the organisation.