tag:blogger.com,1999:blog-28376115925911237272024-02-20T21:48:01.838+10:00Fraud in NFPIf you work for a Not-for-Profit organisation and would like tools and information to help reduce the likelihood of fraud occurring in your organisation - and increase the likelihood of it being discovered if it does - then read on ....Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.comBlogger66125tag:blogger.com,1999:blog-2837611592591123727.post-8456341784850885822012-12-04T09:41:00.002+10:002012-12-04T09:41:27.977+10:00Back to it<span style="font-family: Arial, Helvetica, sans-serif;">It has been some time since I last posted on my blog. Unfortunately, my work took me away from what I love to do and that is to work with Not-for-Profits. So I made a decision to change and now have set up my own consulting business.</span><br />
<span style="font-family: Arial;"></span><br />
<span style="font-family: Arial;">Keep a watch for posts being made!</span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-49258364897190053912011-01-30T14:10:00.000+10:002011-01-30T14:10:26.661+10:00Invoice Fraud<span style="font-family: Arial, Helvetica, sans-serif;">Many organisations at some time will receive an invoice for goods or services that the organisation did not receive. These may be opportunistic fraud from someone external to the organisation that will be sending small dollar value invoices to a large number of businesses in the hope that due to the small amount, the invoice would not be investigated further and simply paid. These could be created by employees who are aware of a lack of controls internally that allows the employee to create false invoices and have them put through the approval process and then be paid.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">So how can an organisation make sure that they are not allowing for a false creditor to be set up on the system thereby allowing false invoices to be paid? Here are some points that may assist in the approval process for new creditors:</span><span style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<ul><li><span style="font-family: Arial, Helvetica, sans-serif;">A free ASIC search can show if the company is actually registered and confirm the ACN – for those not in Australia, a confirmation that the company has officially been registered with the appropriate government authority;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Verify the personal details of the directors – this can be done by checking the telephone directory, a Google search or other similar search;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Determine if the company has a credit rating;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Search for any legal proceedings against the company – many courts have an online system of checking matters currently before the court as well as those that had been finalised;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Check the telephone directory to determine if the company is listed; and</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Confirm the trading address through means such as Google Maps.</span></li>
</ul>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-38468206210867335092010-10-10T20:17:00.000+10:002010-10-10T20:17:05.293+10:00How Up to Date Are Your Policies?<span style="font-family: Arial, Helvetica, sans-serif;">One problem I see on a regular basis when I am conducting fraud investigations is the lack of policies or that policies are out of date. Let me give you an example. I regularly see employees using credit cards issued for organisation use for personal use. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><span style="font-family: Arial, Helvetica, sans-serif;">When conducting these types of investigations, employees make comments such as “I didn’t know I couldn’t use it like that” or “Everyone else uses the card to buy personal things, why can’t I?”. If there is an up-to-date policy that employees are required to be aware of, these types of issues should not arise.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">So what should an organisation do? Here are some suggestions:</span><br />
<ul><li><span style="font-family: Arial, Helvetica, sans-serif;">Make sure policies are reviewed on a regular basis. What is a regular basis? That is dependent on individual organisations – yearly is common.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Do policies clearly set out what is and is not acceptable behaviour of your employees and volunteers?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Have policies that are in plain language and are straight to the point. There is no need to have “long winded” policies that are difficult to read.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Make sure employees and volunteers are aware of and understand policies. This can be done by having policies available on the organisation’s intranet, having employees sign off each year to say they have read and understand the policies (this can be done at the induction when they are first employed and at their yearly performance appraisal).</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">If an event triggers a potential issue with a policy, update it when the issue arises – don’t leave it until another problem arises.</span></li>
</ul>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-85605315113622782932010-08-29T20:37:00.000+10:002010-08-29T20:37:00.249+10:00How Important is Your Information?<span style="font-family: Arial, Helvetica, sans-serif;">Every nonprofit organisation maintains a significant amount of information. How much is that information worth to your organisation – donor lists, methods of preparing sponsorship proposals or grant proposals.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">It is difficult, if not impossible to place a value on these, but if someone was to takes copies, the future reduction in income could be significant. So how do you protect your information? Some examples include:</span><br />
<ul><li><span style="font-family: Arial, Helvetica, sans-serif;">Do not allow staff to use external devices such as external hard drives on their computers;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Only allow those staff who need access to the documents to have access;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">If a staff member resigns, review what they send through their work email;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">When the staff member leaves, if you are concerned, have their computer reviewed for such things as the use of personal emails (eg Hotmail).</span></li>
</ul>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com1tag:blogger.com,1999:blog-2837611592591123727.post-10699287253025904392010-07-26T21:37:00.000+10:002010-07-26T21:37:47.336+10:00Is Fraud Really a Risk?<span style="font-family: Arial, Helvetica, sans-serif;">Respondents to our new PPB Not-for-Profit Risk Survey were asked if their organisation takes into account a number of different risks, including fraud. Where did fraud rank?</span><br />
<br />
<span style="font-family: Arial;">58% of organisations stated that they considered fraud was a risk to their organisation. However, fraud ranked 7th. The order of risks was as follows:</span><br />
<br />
<span style="font-family: Arial;">Financial Risk - 89%</span><br />
<span style="font-family: Arial;">Compliance Risk - 77%</span><br />
<span style="font-family: Arial;">Public Liability Risk - 71%</span><br />
<span style="font-family: Arial;">Human Risks - 69%</span><br />
<span style="font-family: Arial;">Security Risk - 65%</span><br />
<span style="font-family: Arial;">Project Risk - 64%</span><br />
<span style="font-family: Arial;"><strong>Fraud Risk - 58%</strong></span><br />
<span style="font-family: Arial;">Technological Risk - 56%</span><br />
<span style="font-family: Arial;">Financial literacy of key staff - 46%</span><br />
<span style="font-family: Arial;">Natural hazard / disaster risks - 46%</span><br />
<span style="font-family: Arial;">Risk of Insolvency - 43%</span><br />
<br />
<span style="font-family: Arial;">While 58% of respondents take into account fraud as a risk, it was interesting to note that while 89% of organisations consider financial risk, just under half (43%) consider the risk of insolvency.</span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com2tag:blogger.com,1999:blog-2837611592591123727.post-21792809282929829182010-07-11T21:56:00.000+10:002010-07-11T21:56:39.029+10:00Protecting sensitive information<span style="font-family: Arial, Helvetica, sans-serif;">All organisations will, over time, hold information that is considered sensitive (eg. Information about clients or students, information about donors, grant information). This information needs to be protected. Examples of ways to protect sensitive information include:</span><br />
<ul><li><span style="font-family: Arial, Helvetica, sans-serif;">Personal data of employees, volunteers, clients etc should be held in accordance with relevant data protection legislation that is relevant to the organisation’s jurisdiction.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">All data should be stored securely and adequately backed up. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Audit logs should be maintained so as to know who accessed data and when it occurred. These audit logs needs to be maintained and backed up appropriately also.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Spot checks should be undertaken to confirm that access to the records were for legitimate reasons.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Determine who should have access to the data and ensure they are the only ones who have access.</span></li>
</ul>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-12832205759916319142010-06-28T21:56:00.001+10:002010-06-28T22:01:22.792+10:00What is Financial Statement Fraud?<span style="font-family: Arial, Helvetica, sans-serif;">The financial statements of an organisation explain what the organisation has done during the last 12 months so when financial statement fraud occurs, the financial statements do not tell the true or actual picture.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">Both the Profit and Loss Statement and the Balance Sheet can be manipulated.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">The Profit and Loss Statement can be misstated in the following ways:</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>Overstated revenue</strong></span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">By overstating revenue, the profit is improved or loss is reduced.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>Understated expenses</strong></span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">By understating expenses, the same effect as overstating revenue is achieved.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">However, the opposite may also be possible in a nonprofit. For example, if an organisation is required to expend all of a grant and has not done so, increasing expenses would enable the grant to be acquitted as required by the grant provider.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">The Balance Sheet can be misstated in the following ways:</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>Overstated assets</strong></span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">Generally an organisation will want to overstate assets to show the organisation in a better position than it is actually in (for example to ensure the bank is happy with lending criteria). However, again the opposite may occur in a nonprofit organisation as the organisation may want to be seen to have fewer assets to ensure the continued receipt of grants.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>Understated liabilities</strong></span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">It is normal in financial statement fraud that liabilities are understated.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">Ultimately someone in the organisation has to undertake the falsified transactions and the accounts are then approved with or without knowledge of the fraud. However, if the accounts are then used, significant problems could arise, from fraud charges against an employee, management or a member of the board, reputation risk or loss of funding.</span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-72446905685858508822010-06-14T16:40:00.000+10:002010-06-14T16:40:04.325+10:00Changing Treasurers = Loss of Accounting Records?<span style="font-family: Arial, Helvetica, sans-serif;">One of the questions I am regularly asked about is how smaller nonprofits keep control of their accounting records when treasurers change so regularly – usually every year.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"></span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">Issues I have been asked about include:</span><br />
<ul><li><span style="font-family: Arial, Helvetica, sans-serif;">The Treasurer uses his/her own accounting software on his/her home computer. In this case how does the board control the security of the information (eg. viruses on the computer), loss of the information (eg. damage to the computer hard drive) or the computer being stolen if the house was broken into? There is also the issue of the organisation potentially not using licensed software.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">The Treasurer does not hand back the accounting records when ceasing in the position. If the only records available are those held by the accountant / auditor it can be difficult to budget for the next year.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">The Treasurer does not give the rest of the board access to the accounting records. This can mean a number of problems from the Treasurer wanting absolute control, to fraud.</span></li>
</ul><span style="font-family: Arial, Helvetica, sans-serif;">How do you resolve a situation like this? The organisation should consider and investigate online accounting software. Some accounting software (some of which is well known and widely used) is now available online. This means that as one Treasurer leaves and a new Treasurer takes over, the data is available. It also mean that it can be accessed (even if it is read only) by other members of the board, the external accountant / auditor and is backed up properly by the software provider.</span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com2tag:blogger.com,1999:blog-2837611592591123727.post-72407754730480435342010-05-30T19:58:00.000+10:002010-05-30T19:58:02.042+10:00Employment difficulties<span style="font-family: Arial, Helvetica, sans-serif;">Have you ever had difficulty finding a new staff member and had another staff member recommend a family member? There are a number of issues that should seriously be considered.</span><br />
<span style="font-family: Arial;"></span><span style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><span style="font-family: Arial, Helvetica, sans-serif;">Firstly, the relationship may cause tension in the workplace – either between the two or between them and other employees / volunteers. The other issue is that it potentially makes is easier for them to collude to commit fraud as a result of the close family relationship.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">So how can you deal with this issue? A decision needs to be made whether it is appropriate to employ relatives of current employees. The employment policy should clearly set out that family members will not be employed at least, in the same area or allowing one family member to supervise the other family member.</span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-15855799853589980312010-05-16T20:42:00.000+10:002010-05-16T20:42:09.259+10:00Front page of the Newspaper Test<span style="font-family: Arial, Helvetica, sans-serif;">When management or the board of any non profit makes a decision, they need to consider a number of issues - eg. what will it cost the organisation, what benefits will the organisation receive.</span><br />
<br />
<span style="font-family: Arial;">However, another issue needs to be considered when making decisions - how would others view your decision if it made the front page of the newspaper? Would you lose donations? Would there be agreement with your decision? Every decision should be considered to this extent. Those decision can very from how do you spend funds raised to should you report fraud to the police.</span><br />
<br />
<span style="font-family: Arial;">Of course, some non profits are at greater risk of hitting the front page of a newspaper than other non profits (eg. a charity would be a reasonably high risk as a significant portion of funds are publically raised). However, this one question is a good test of if the decision is in the best interests of the organisation.</span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-30704073330133177642010-05-02T20:50:00.000+10:002010-05-02T20:50:25.098+10:00Educating Donors<span style="font-family: Arial, Helvetica, sans-serif;">How many times have you had questions raised about what percentage of funds donated actually goes directly to the mission of the organisation? It is difficult to achieve and then maintain an appropriate balance between the expectations of donors of funds where they want every cent of every dollar donated to go to the mission of the organisation and having sufficient funds to be able to develop and maintain appropriate controls.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">With demands from donors wanting all funds donated going to the mission, how does the organisation pay expenses, such as market rates of salary / wages to employees and having the resources to maintain controls.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">If an employee is not paid at market rates and controls are not maintained appropriately, the risk of fraud will increase.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">So what is the answer? It is not an easy question to answer considering the amount of media that is regularly given to the percentage of donated funds that are used for the organisation’s mission. Ultimately it is a longer term education process so that donors of funds understand that a reasonable percentage of funds are needed to administer the organisation.</span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-7625372923681241142010-04-02T19:38:00.000+10:002010-04-02T19:38:14.883+10:00Auditor Management Letters<span style="font-family: Arial, Helvetica, sans-serif;">In a previous fraud tip we discussed how it is not the primary role of the auditor to detect fraud. They are engaged to provide an opinion as to the reasonableness of the financial statements. To be able to provide that opinion, one thing that the auditor needs to do is to consider the reasonableness of internal controls.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">Issues that the auditor finds, such as weaknesses in internal controls, are provided to the organisation by way of a management letter. The following should be considered in relation to the management letter:</span><br />
<ul><li><span style="font-family: Arial, Helvetica, sans-serif;">If there are a number of issues or if the issues are complex in nature, the auditor should meet with the board to discuss the issues;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">The board needs to understand the issues raised;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">The board should consider each of the issues and prioritise the list in order of importance so as to ensure the issues raised are corrected;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">The board should work with management to ensure issues raised are corrected within a reasonable time frame.</span></li>
</ul><span style="font-family: Arial, Helvetica, sans-serif;">It should also be noted by correcting issues raised in the management letter, problems with internal controls can be corrected which should result in a reduced risk of fraud. Correcting the issues may also save funds by reducing the time needed by the auditor to undertake the audit, thus reducing the audit fee.</span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-10689962983221416672010-03-21T20:31:00.000+10:002010-03-21T20:31:46.629+10:00Bad Debt Policy<span style="font-family: Arial, Helvetica, sans-serif;">Policies are an important part of any organisation. One of the policies needed is a Bad Debt Policy which provides details of when a debt should be written off. It also provides details of how the write off process needs to be authorised. So how does this help with fraud prevention?</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">A common method to hide a fraud is to take funds as they are received and to record them in the accounts as a debtor. As the debtor gets larger and is seen not to be being collected, it is written off, thereby reducing the risk of the fraud being discovered. This is especially a problem for organisations that are regularly owed funds from clients or other customers which do not pay and there is a history of writing off the debt.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">When preparing a Bad Debt Policy, you need to clearly set out the criteria of when a debt is to be written off as well as how the write off is to be authorised. It is the authorisation process that should pick up potential fraud.</span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-45761026883869099782010-03-07T19:43:00.001+10:002010-03-07T19:58:16.121+10:00Budgeting as a tool to reduce fraud<span style="font-family: Arial, Helvetica, sans-serif;">Budgets should be a part of any organisations. What a lot of people do not realise is that the budgeting process is a useful tool in the fight against fraud. For example, the comparison of actual results to budgets may show discrepancies in spending which when investigated may show significant over spending which has not been approved.</span><br />
<span style="font-family: Arial;"></span><span style="font-family: Arial, Helvetica, sans-serif;"></span><span style="font-family: Arial, Helvetica, sans-serif;">But to enable reliable comparisons of actual results to budgets, the preparation of budgets need to be undertaken with care. Hints on developing budgets are:</span><br />
<ul><li><span style="font-family: Arial, Helvetica, sans-serif;">It doesn’t matter how big or small your organisation is. It should still have a budget;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Go back to last year’s budget (if there is one) and see how accurate it was compared to actual results;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Go back to last year’s actual results and determine when income was received (eg. was it seasonal) and when expenses were incurred (eg. are there a number of expenses that are paid once a year?);</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">If there are new programs or expenditures that are to be included, have that relevant person or department prepare a detailed “mini budget” to be included in the budget;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Determine if there are new events that may affect the budget (eg. capital expenditure);</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Make sure the board sign off on the budget after having thoroughly reviewed the budget.</span></li>
</ul><span style="font-family: Arial, Helvetica, sans-serif;">To reduce fraud, the budget needs to be accurate. If you find that the budget is starting to have significant variances from the budget, it may be necessary to restate the budget. It is these variances that may show fraud is occurring and if variances are common place, fraud may be missed.</span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-26890159987552080932010-02-21T19:53:00.002+10:002010-02-21T19:55:18.762+10:00Good Culture = Reduced Fraud<span style="font-family: Arial, Helvetica, sans-serif;">An organisation can never underestimate the value a good culture within the organisation plays in reducing the risk of fraud. Having a good culture includes management and the board leading by example as well as employees and volunteers enjoying working for the organisation and believing in the organisation’s mission.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">A poor culture where employees and volunteers feel that they are not part of the organisation, feel ignored and have low morale have less loyalty to the organisation and do not have the same, if any, feel of guilt at committing fraud against the organisation.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">But how do you know if you have a good culture within your organisation. Using employee/volunteer surveys is one way to determine if the organisation has a good culture. Another way is to review retention rates and sick leave rates. If rates are increasing it may indicate a slide in the organisation’s culture.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">The following are some issues that may detract from the culture within the organisation and therefore lead to an increase in fraud:</span><br />
<ul><li><span style="font-family: Arial, Helvetica, sans-serif;">Management and the Board not leading by example, being autocratic, do not take action against inappropriate action and do not reward good behaviour;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Actual or perceived inequalities in the way staff and volunteers and managed;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Not being recognised either with appropriate promotion and/or market rates of pay;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Unrealistic budget expectations, both reducing costs and increasing funding or a combination of both; and</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Poor training and lack of other employee benefits.</span></li>
</ul>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-48343696640044757442010-02-07T20:46:00.001+10:002010-02-07T20:57:01.346+10:00Trust<span style="font-family: Arial, Helvetica, sans-serif;">Something that I hear all the time when I talk to nonprofit organisations is that they trust their employees. It is also interesting that in many instances, the organisation trusts employees more than volunteers.</span><span style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><span style="font-family: Arial, Helvetica, sans-serif;">While the majority of employees and volunteers are honest, there will always be some that are not. So what do you do? Here are some tips to help:</span><br />
<ul><li><span style="font-family: Arial, Helvetica, sans-serif;">Don’t be concerned about implementing new controls. You are doing this for two reasons. Firstly to protect the organisation from fraud and secondly to protect employees and volunteers that do follow the rules.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">If you can’t segregate duties, put other controls in place that will act as detection controls.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">If someone has been doing the same role for a long time and it is difficult to suggest you need to change the way it is done, explain the risks – for example an employee would regularly take the cash takings to the bank in their her car every day. She was not concerned when we suggested a change to make sure the organisation was covered by insurance and she would not at risk of potentially being robbed.</span></li>
</ul><span style="font-family: Arial, Helvetica, sans-serif;">While all organisations will ultimately have to place some level of trust in employees and volunteers, don’t ever be afraid to implement new controls or change controls already in place. You can’t put all of your trust in a person without the back up of some form of control. This is simply not acceptable. </span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-91453461109798432052010-01-31T20:54:00.000+10:002010-01-31T20:54:21.286+10:00What is the true cost of fraud?<span style="font-family: Arial, Helvetica, sans-serif;">The following, while not an exhaustive list, need to be considered:</span><br />
<ul><li><span style="font-family: Arial, Helvetica, sans-serif;">Of course the actual value of the fraud needs to be taken into account.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">How much does it cost to investigate the fraud? This could be the cost to bring in someone externally to conduct the investigation or the time cost of people within the organisation to investigate the fraud.</span></li>
<li><span style="font-family: Arial;">Who will liaise with law enforcement and take the necessary time to work with them and potentially ultimately attend court to give evidence?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Fraud comes straight off the bottom line – consider this: if your organisation runs with a 1% surplus, a $50,000 (off the bottom line) fraud means that you need to raise $5,000,000 (top line) to replace that $50,000. This is a very difficult task to do.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Would the fraud mean your organisation would need to either need to arrange an overdraft or extend the overdraft to maintain the cashflow? The additional interest becomes a cost of the fraud for the length of time it takes to no longer need the overdraft or extended overdraft.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">It is very difficult if not impossible to determine the cost of the fraud on the reputation of the organisation. What effect would the fraud have if it made the front page of the newspaper?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Could the organisation be at risk of losing funding such as grants?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Losses can be offset by any insurance, but it needs to be remembered that an insurance payout is “after the fact” and cashflow can be significantly affected before the payout is received.</span></li>
</ul>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-67946486091269906322010-01-24T21:16:00.001+10:002010-01-24T21:18:01.425+10:00Does Your Board Hinder Your Fraud Prevention?<span style="font-family: Arial, Helvetica, sans-serif;">I am often asked the question of how does the person charged with fraud prevention in an organisation, get buy in from the board and in some instances from management.</span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">There is no easy answer, but the following are some ideas that may help:</span><br />
<ul><li><span style="font-family: Arial, Helvetica, sans-serif;">Remind the board of their duties to the organisation – eg. duty of care;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Have the board consider what they organisation could do with an amount that could easily be lost to fraud, say $50,000 (eg. run a specific program, provide a service to 250 clients);</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Step the board through the true cost of fraud (eg. the loss of funds to the fraud, extra interest on an increased overdraft facility, cost to investigate the fraud, legal costs);</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Explain that employees and volunteers should not be concerned with the introduction of a fraud control program – the program is important to protect those employees and volunteers that are honest and find those that are not. </span></li>
</ul>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-25463216572275959292010-01-17T19:54:00.002+10:002010-01-17T20:07:20.498+10:00How do you deal with the media?<span style="font-family:arial;">There are a number of issues you need to deal with when fraud is discovered. One of those is how do you deal with the media. The following are suggestions on issues that need to be considered:</span><br /><span style="font-family:Arial;"></span><br /><ul><li><span style="font-family:Arial;">The first thing you need to consider, and pre-plan for, is the potential risk to your organisation of media attention, should it become publich that it has suffered a fraud. For example, a charity is likely to be at a higher risk as funds it relies on are from public donations and it would therefore potentially make newsworthy reading.</span></li><li><span style="font-family:Arial;">The organisation then needs to be prepared. Does the organisation have a media policy? If yes, part of that policy should be who has authority to speak to the media. This person should be the person authorised to speak to the media if enquiries are made about the fraud. It also needs to be determined who authorises what can be said to the media.</span></li><li><span style="font-family:Arial;">The organisation needs to consider how they will address the issue if they are contacted by the media. It is the reputation of the organisation that is at risk if a report that is not favourable to the organisation is published.</span></li></ul><span style="font-family:arial;"></span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-47071876985210684352009-12-06T18:48:00.002+10:002009-12-06T19:16:53.427+10:00How Do You Recover Funds Lost to Fraud<span style="font-family:arial;">When developing a Fraud Control Policy an important part of that plan is determine if it is possible to recover funds that the organisation has lost to fraud. A number of issues need to be considered:</span><br /><ul><li><span style="font-family:arial;">Does the organisation have insurance for fraud? This has been discussed previously. If the organisation has insurance for fraud, remember that cash flow potentially could be affected until such time as a payment is received.</span></li><li><span style="font-family:arial;">Determine if it is economically viable to take civil recovery proceedings. If the fraudster has a gambling or other addiction it is unlikely that funds will be available. However, if the fruadster has purchased a property or utilisied the funds in some other similar way, funds may be available for recovery. The organisation must remember that the funds that have been taken are the organisations. The organisation should not “feel sorry” for the fraudster.</span></li><li><span style="font-family:arial;">When the fraudster is found guilty, the court may order restitution. However, in this case the organisation must wait until the matter has been through Court. This may take 18 months or more. In this time, the fraudster may have disposed of any funds and assets that they have owned. This is the least favourable of the three alternatives.</span></li></ul>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-3084088464772109742009-11-29T20:23:00.002+10:002009-11-29T20:32:09.824+10:00Should Fraud be Reported to the Police<p><span style="font-family:arial;">When developing a Fraud Control Policy an important part of that plan is a clear statement as to whether fraud that has been discovered will be reported to the Police. A number of issues need to be considered in making this decision: </span></p><ul><li><span style="font-family:arial;">In some jurisdictions, it is required by law that any serious offence is report to the Police. An organisation needs to understand if such a requirement is in place in their jurisdiction; </span></li><li><span style="font-family:arial;">If an organisation does not report the matter to Police, the organisation needs to consider what message this send to other employees and volunteers; </span></li><li><span style="font-family:arial;">If an organisation does not report the matter to Police, will the person committing the fraud go on to another employer and commit fraud there?; </span></li><li><span style="font-family:arial;">By reporting the matter to Police, the organisation needs to consider if it is likely that the fraud will be reported in the media as it goes through the Court process and the potential damage this could cause the organisation; </span></li><li><span style="font-family:arial;">The organisation’s insurance policy may require the fraud to be reported to the Police.</span> </li></ul>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-78489267312541020902009-11-22T21:39:00.002+10:002009-11-22T21:43:47.651+10:00Cheque Fraud<span style="font-family:arial;">Cheque fraud can easily occur and can cost an organisation significant amounts if appropriate controls are not in place.<br /></span><br /><span style="font-family:arial;">Cheque fraud can occur in a number of ways:</span><br /><ul><li><span style="font-family:arial;">Using false invoices to have a cheque paid in favour of the false business;</span></li><li><span style="font-family:arial;">Changing a legitimate cheque (payee and amount) without having authority to do so;</span></li><li><span style="font-family:arial;">The theft of cheques and the use of those cheques at a later time;</span></li><li><span style="font-family:arial;">Duplication of cheques, especially if they are preprinted by the company;</span></li><li><span style="font-family:arial;">Depositing a cheque into another account without authority.<br /></span><span style="font-family:arial;"></span></li></ul><p><span style="font-family:arial;">To prevent cheque fraud, there are a number of possible controls:</span></p><ul><li><span style="font-family:arial;">Reconcile the bank account on a regular basis;</span></li><li><span style="font-family:arial;">Never sign blank cheques. Only sign cheques when details have been completed and there is documentation supporting the payment;</span></li><li><span style="font-family:arial;">Limit the number of signatories on the account and remove signatories when they are no longer required;</span></li><li><span style="font-family:arial;">Ensure that cheques require at least two signatories;</span></li><li><span style="font-family:arial;">Keep all cheques in a safe place to deter theft;</span></li><li><span style="font-family:arial;">Avoid the use of acronyms when completing the Payee;</span></li><li><span style="font-family:arial;">If you are expecting more cheques and they have not arrived, contact the bank and cancel them.</span></li></ul>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-46294686247237335442009-11-15T21:24:00.000+10:002009-11-15T21:26:00.194+10:00Using Imprest Accounts<span style="font-family:arial;">If you operate at a number of different locations or have a number of branches, the use of imprest accounts may be a good solution.<br /></span><br /><span style="font-family:arial;">An imprest account is used on the following basis:</span><br /><ul><li><span style="font-family:arial;">A set bank account balance (set depending on the spending requirements of the location / branch and on the regularity of the reimbursement (eg. weekly, monthly));</span></li><li><span style="font-family:arial;">Deposits are made to the organisations general account and not the imprest account;</span></li><li><span style="font-family:arial;">A reconciliation of the imprest account is conducted when a reimbursement is required;</span></li><li><span style="font-family:arial;">Signatories to the imprest account are usually people located at the location / branch for ease of use of the account.</span></li></ul><p><span style="font-family:arial;">The use of an imprest account reduces the risk of fraud as it reduces the possible spending people at the location / branch can undertake.<br /></span></p><p><span style="font-family:arial;">The imprest account system allows locations / branches to have some autonomy while still being restricted in the amount they can spend and still providing regular support for the expenditure they undertake.</span></p>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-27698160203723726632009-11-08T20:26:00.001+10:002009-11-08T20:28:01.883+10:00Travel Expenses<span style="font-family:arial;color:#000000;">How do you control expenses spent by employees while travelling on work related trips? There are a few options which can be considered, each with their own benefits and risks.<br /><br /><strong>Per Diems</strong></span><br /><span style="font-family:arial;color:#000000;"></span><br /><span style="font-family:arial;color:#000000;">These allow an organisation to reduce paperwork if they have a number of employees and volunteers travelling. A per diem is an allowance which can be easily set by referring to meal allowances as set by the relevant federal government. In Australia, this is set by the Australian Tax Office. If the employee spends more, it will be at their own personal cost. However, if they spend less they keep the amount they did not spend.<br /><br />The benefit to the organisation is that it knows exactly how much it will spend and has a reduced level of paperwork. The potential cost to the organisation is that the employee spends less and therefore the organisation overpays the employee.<br /><br /><strong>Full reimbursement of costs</strong></span><br /><span style="font-family:arial;color:#000000;"></span><br /><span style="font-family:arial;color:#000000;">In this situation, employees need to provide receipts for all meals and other costs incurred. However, the organisation needs to clearly set out what is and is not acceptable expenditure. For example, no alcohol, no mini bar in the hotel room. If a number of employees and volunteers travel frequently, the administration of this system can out way the benefits of only reimbursing the actual costs incurred. Also employees can spend more than they would under the per diem system because it’s “on the boss” or the organisation is paying for it. The other concern is that receipts are obtained by the employee where these costs are not actually incurred and reimbursement made.<br /><br />Both systems have advantages and disadvantages. Whichever system is used, there needs to be a clear policy developed for when employees and volunteers are travelling on business.</span>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0tag:blogger.com,1999:blog-2837611592591123727.post-53743375354232527962009-11-01T16:56:00.003+10:002009-11-01T17:06:50.709+10:00Internet Fraud<p class="MsoNormal"><span style="font-family:Arial;"><?xml:namespace prefix = o /><o:p>I am surprised with the number of phishing emails that still arrive in my Inbox every week – most supposedly from banks which I don’t even have a bank account with. But the concerning aspect is that people still fall for the email and click the link, ending up giving their contact details.<br /><br />So how do people get our information over the internet.<br /><br />Phishing requires that a person provides their information. It is often via the email process we all see. An email is received from what appears to be a legitimate company (in many instances a bank). The emails advise you of some issue – the bank has had a security upgrade for example – and they need you to verify your information. You click the link and are taken to a web page that looks almost identical to the company you have been dealing with. There you put in your username and login and the hackers have your information.<br /><br />A Trojan is malware. It is used by a hacker to obtain unauthorised access to the user’s computer system. Trojans are designed to give hackers remote access to the users computer and give them the ability to perform the same functions the user can.<br /><br />Key logging programs do as the name suggests. The program allows for each key stroke entered by the user is recorded by the program. These programs are used frequently to obtain a persons username and password for internet banking.<br /><br />No matter what the issue, the preventative measures are the same. Here are some examples:</o:p></span></p><ul><li class="MsoNormal"><span style="font-family:Arial;"><o:p>Have appropriate firewalls on computer systems; </o:p></span></li><li class="MsoNormal"><span style="font-family:Arial;"><o:p>Have up-to-date virus checking software and regularly check for updates to it; </o:p></span></li><li class="MsoNormal"><span style="font-family:Arial;"><o:p>Use a strong password and change it regularly; </o:p></span></li><li class="MsoNormal"><span style="font-family:Arial;"><o:p>If it seems to good to be true – it probably is - for example never give your password to anyone; </o:p></span></li><li class="MsoNormal"><span style="font-family:Arial;"><o:p>Use security tokens or similar for internet banking.</o:p></span></li></ul>Lisa Bundesenhttp://www.blogger.com/profile/08473126081206561072noreply@blogger.com0