One question that we frequently ask nonprofit organizations is, “What processes are in place for identifying, responding to, and monitoring fraud risks?” Most of the time, the responses describe an informal process including a description of the segregation of duties and review procedures in place. Given that nonprofit frauds aren’t going out of style anytime soon, it is important that nonprofits have a concrete fraud risk assessment process.
One of the most damaging effects a fraud can have on a nonprofit organization is a tarnished reputation. Sure, fraud resulting from an employee skimming funds certainly has an immediate financial impact, but the blemish on an organization’s reputation can have long-term consequences.
Procedures can be implemented by an organization to strengthen internal controls and ultimately contribute to a decreased risk of fraud. The risk of fraud will never be eradicated, however, because as soon as a new control is implemented, someone, somewhere, will start crafting a way to sidestep it.
The goal of a fraud risk assessment is to identify the vulnerabilities and gaps in internal controls that could leave the organization exposed to both financial and reputational damage. Developing a proper fraud risk assessment should involve input from all members who have their hand in the finances of the organization, from the board of directors to the staff accountant.
The AICPA has offered some considerations when developing a fraud risk assessment. First, consider the types of fraud schemes that have potential to occur. Second, consider concealment strategies that could be used by a fraudster to avoid being caught. Third, consider the positions which pose the highest risk of committing fraud. Fourth, consider what controls are already in place to deter, prevent, and detect fraud. Fifth, create a list of red flags that board members and employees can use to be on the lookout.
It is important to remember this is not a once-and-done effort. As systems, processes, positions and responsibilities change within an organization, so should the assessment of risk.
Don’t have a fraud risk assessment plan, or your current plan could stand a refresh? E. Cohen and Company, CPAs can help. From engagements to determine if current controls are functioning as intended to independent internal control audits, we have the resources to help improve your organization’s financial control. Contact mduvall@ecohen.com for more information, and be sure to visit ecohen.com to see all of the services we provide.
Courtesy of: https://www.linkedin.com/pulse/assessing-fraud-risk-matthew-duvall-cpa-ms-a/ Matthew Duvall, CPA, MS-A on LinkedIn