An organisation can never underestimate the value a good culture within the organisation plays in reducing the risk of fraud. Having a good culture includes management and the board leading by example as well as employees and volunteers enjoying working for the organisation and believing in the organisation’s mission.
A poor culture where employees and volunteers feel that they are not part of the organisation, feel ignored and have low morale have less loyalty to the organisation and do not have the same, if any, feel of guilt at committing fraud against the organisation.
But how do you know if you have a good culture within your organisation. Using employee/volunteer surveys is one way to determine if the organisation has a good culture. Another way is to review retention rates and sick leave rates. If rates are increasing it may indicate a slide in the organisation’s culture.
The following are some issues that may detract from the culture within the organisation and therefore lead to an increase in fraud:
- Management and the Board not leading by example, being autocratic, do not take action against inappropriate action and do not reward good behaviour;
- Actual or perceived inequalities in the way staff and volunteers and managed;
- Not being recognised either with appropriate promotion and/or market rates of pay;
- Unrealistic budget expectations, both reducing costs and increasing funding or a combination of both; and
- Poor training and lack of other employee benefits.
Something that I hear all the time when I talk to nonprofit organisations is that they trust their employees. It is also interesting that in many instances, the organisation trusts employees more than volunteers.
While the majority of employees and volunteers are honest, there will always be some that are not. So what do you do? Here are some tips to help:
- Don’t be concerned about implementing new controls. You are doing this for two reasons. Firstly to protect the organisation from fraud and secondly to protect employees and volunteers that do follow the rules.
- If you can’t segregate duties, put other controls in place that will act as detection controls.
- If someone has been doing the same role for a long time and it is difficult to suggest you need to change the way it is done, explain the risks – for example an employee would regularly take the cash takings to the bank in their her car every day. She was not concerned when we suggested a change to make sure the organisation was covered by insurance and she would not at risk of potentially being robbed.
While all organisations will ultimately have to place some level of trust in employees and volunteers, don’t ever be afraid to implement new controls or change controls already in place. You can’t put all of your trust in a person without the back up of some form of control. This is simply not acceptable.
