One question that we frequently ask nonprofit organizations is, “What processes are in place for identifying, responding to, and monitoring fraud risks?” Most of the time, the responses describe an informal process including a description of the segregation of duties and review procedures in place. Given that nonprofit frauds aren’t going out of style anytime soon, it is important that nonprofits have a concrete fraud risk assessment process.
One of the most damaging effects a fraud can have on a nonprofit organization is a tarnished reputation. Sure, fraud resulting from an employee skimming funds certainly has an immediate financial impact, but the blemish on an organization’s reputation can have long-term consequences.
Procedures can be implemented by an organization to strengthen internal controls and ultimately contribute to a decreased risk of fraud. The risk of fraud will never be eradicated, however, because as soon as a new control is implemented, someone, somewhere, will start crafting a way to sidestep it.
The goal of a fraud risk assessment is to identify the vulnerabilities and gaps in internal controls that could leave the organization exposed to both financial and reputational damage. Developing a proper fraud risk assessment should involve input from all members who have their hand in the finances of the organization, from the board of directors to the staff accountant.
The AICPA has offered some considerations when developing a fraud risk assessment. First, consider the types of fraud schemes that have potential to occur. Second, consider concealment strategies that could be used by a fraudster to avoid being caught. Third, consider the positions which pose the highest risk of committing fraud. Fourth, consider what controls are already in place to deter, prevent, and detect fraud. Fifth, create a list of red flags that board members and employees can use to be on the lookout.
It is important to remember this is not a once-and-done effort. As systems, processes, positions and responsibilities change within an organization, so should the assessment of risk.
Don’t have a fraud risk assessment plan, or your current plan could stand a refresh? E. Cohen and Company, CPAs can help. From engagements to determine if current controls are functioning as intended to independent internal control audits, we have the resources to help improve your organization’s financial control. Contact mduvall@ecohen.com for more information, and be sure to visit ecohen.com to see all of the services we provide.
Courtesy of: https://www.linkedin.com/pulse/assessing-fraud-risk-matthew-duvall-cpa-ms-a/ Matthew Duvall, CPA, MS-A on LinkedIn
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category . |
cookielawinfo-checkbox-functional | 1 year | The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category . |
cookielawinfo-checkbox-others | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others". |
cookielawinfo-checkbox-performance | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance". |
ep201 | 30 minutes | This cookie is set by Wufoo for load balancing, site traffic and preventing site abuse. |
PHPSESSID | session | This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed. |
viewed_cookie_policy | 1 year | The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_4JQW09H0BS | 2 years | This cookie is installed by Google Analytics. |
_gat_gtag_UA_539141_3 | 1 minute | Set by Google to distinguish users. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
vuid | 2 years | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website. |
Cookie | Duration | Description |
---|---|---|
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |