Fraudulent expense reporting by employees continues to be a common threat to operations. A recent survey by the Association of Certified Fraud Examiners estimated the median loss from expense reimbursement fraud was $30,000 per year. This is a considerable amount of money for many NPOs!
As with most areas of internal controls, to prevent and/or detect this type of scheme, start with a solid, clear reimbursement policy and then review reimbursement requests to ensure the policy is being followed. Do you have to review 100%? Not likely. Reviewing on a sample basis, as long as the employees are aware this is happening, should be adequate to ensure the policy is being followed. By setting up this “perception of detection”, employees will be less likely to commit a fraud due to the increased chance of their misdeeds being uncovered.
Elements of a strong reimbursement policy include:
Timely reporting – reimbursement requests should be submitted within 30 days of the expense
Appropriate expenditures – the policy should be very clear as to expectations regarding reimbursement for alcoholic beverages, family members, expensive hotels and restaurants, excessive tipping
Proper documentation – if it is not feasible to require original receipts, have the employees responsible for retaining the original receipts so that they can be produced if a reimbursement request is chosen for review
Minimum receipt threshold – set a reasonable level, such as $25 or $50, below which a receipt is not required for reimbursement
Chargeback provisions – if undocumented expenses are found during the review process, have a clear policy regarding potential charge-back to the employee
We mentioned earlier that testing 100% of reimbursement requests may not be necessary, depending on the nature of your operations and available staff time for review. In addition to reviewing reimbursement requests in detail, which should always include all original receipts, you might consider running a report to evaluate and identify the employees having the most charges below the minimum threshold.
Prevention is always less expensive than detection and Eide Bailly can help protect your organization. Our forensic teams enjoy assisting with preventative measures including all areas of internal controls. Contact us today!
Trillions of dollars of revenue worldwide is lost due to fraud. According to the Association of Certified Fraud Examiners 2016 Report to the Nations on Occupational Fraud and Abuse, 5 percent of annual revenues are lost to fraud–that is $3.7 trillion worldwide. While the median loss was $150,000, 23 percent of cases involved losses of greater than $1 million. Typically, smaller organizations suffer the larger losses. It is important to be aware of the current trends in fraud so your company can avoid occupational fraud and abuse.
In 83 percent of fraud cases, the fraud involved asset misappropriation. Most frequently victimized were private companies and those in the banking and financial services industry. While employees were typically the perpetrators, owners and executives were the ones who generated the largest fraud losses. The primary weakness in many of these cases was lack of internal controls.
An example of poor controls in a small business can be seen in an actual fraud examination performed by Eide Bailly. The bookkeeper for a tile company was responsible for daily tasks including collecting sales receipts, completing deposit slips and making deposits. After a period of time, the bookkeeper began to remove checks and hid them in her desk. Later, when the daily sales included an amount of cash that matched one or several of the checks which had been set aside,the bookkeeper exchanged the cash for checks and made the daily deposit. No one in the company was aware the cash was missing until it was discovered revenue numbers would not reconcile. By the end of the scheme, the business lost more than $150,000.
Some simple controls could have prevented this scheme. Click here to learn more about business considerations
Nonprofit organizations can be more susceptible to fraud than other organizations as a significant portion of their revenue stream may come from donations and fundraising for which there is no accounts receivable on the books.
A recent article in the June 2014 issue of the Journal of Accountancy titled “How Not-for-Profits Can Reduce Fraud Risk” highlights the following areas in which management can ensure proper controls are in place to prevent and detect possible fraud:
Protect Donations at Fundraisers
Payments received at a silent auction should be received in dual custody, with one person receiving the bidding documentation and the other person receiving the physical payments. A third person should prepare the deposit and another individual should reconcile the bid documentation, the payment received and the deposit to ensure all funds received were deposited.
If payment is to be made at a later date, the winning bidder should be informed of where the payment should be sent. Subsequent write-offs of receivable balances should be approved by someone other than the individual responsible for receivable activity.
Payments for attending the event which are received at the event should be placed in an envelope and all envelopes should be collected and opened in dual custody. Receipts should be sent to the donor and any complaints by donors should be received by an individual other than the one responsible for collecting and depositing the funds.
Secure Donated Merchandise
An organization should have policies and procedures for handling the receipt and disposition of donated merchandise. The policies should address how and by whom the merchandise will be used and how it will be disposed of at the end of its life. Periodic inventories should be performed and records should be maintained of such merchandise.
Strong Hiring Practices
Organizations should ensure they have good hiring practices. References should be checked and criminal background checks should be performed. In addition, when hiring a person in a fiscally responsible position, the individual’s credit should be checked. Oftentimes, nonprofit organizations have difficulty finding well-qualified personnel as they may offer lower pay than for-profit organizations. This creates the potential for “rationalization” that they deserve higher pay, which can lead to fraud. In addition, many nonprofits place a lot of trust in their personnel which creates the opportunity for fraud.
Segregation of Duties
No single person should have complete control over a single transaction. The same person should not be able to set up new vendors, enter invoices, print and mail checks, and reconcile bank accounts. By involving a second person in the process, an organization reduces the opportunity for fraud as now collusion may be necessary to commit the fraudulent act.
Bank reconciliations should be performed by someone other than the individual involved in recording of the day-to-day transactions.
Nonprofit organizations need to understand the risks affecting their organization and ensure they have appropriate controls in place to secure their resources.
While performing audits of nonprofits, we work with management of organizations to identify risks that may cause the financial statements to be materially misstated due to fraud. Sometimes these conversations start with the executive director or other member of the management team claiming they have no risks of fraud, because their employees are all committed to the mission of the organization and would never steal from them. Maybe their bookkeeper has been there for years, and they have complete trust in him/her.
Unfortunately, that is an environment that can be conducive to fraud. When management is unable to look at the situation dispassionately, without putting personalities and personal feelings into it, a fraud can occur. All too often an embezzlement of thousands or hundreds of thousands of dollars is uncovered and it is the trusted bookkeeper or long-time employee who hatched the scheme.
Strong organizations identify the risks of fraud and put controls in place to mitigate those risks. Board members and management evaluate the controls to be certain they are being followed. They ask questions and investigate things that don’t look right. They understand the controls protect their employees as well as the organization. Many nonprofits use outside consultants to perform an internal control examination to address process weaknesses – before the shock of a fraud is uncovered.