Those who work for nonprofits are frequently asked what processes they have in place for identifying, responding to, and monitoring fraud risks. Most times, the response describes an informal process which includes a description of the segregation of duties and review procedures in place.
Given that nonprofit-focused schemes aren’t going out of style anytime soon, it is important that organizations have a concrete fraud risk assessment process.
A tarnished reputation is one of the most damaging effects a fraudulent incident can have on a nonprofit organization. Sure, fraud resulting from an employee skimming funds certainly has an immediate financial impact, but the resulting blemish on an organization’s reputation can have severely detrimental long-term consequences.
The goal of a fraud risk assessment is to identify the vulnerabilities and gaps in internal control systems that could leave the organization exposed to both financial and reputational damage. Developing a proper fraud risk assessment should involve input from all members who have their hand in managing the finances of the organization, from the board of directors to the staff accountant.
An organization can implement procedures to strengthen internal controls and ultimately help reduce the risk of fraud. However, that risk will never be fully eradicated, because as soon as a new control is implemented, someone out there will start crafting a way to sidestep it.
The American Institute of Certified Public Accountants (AICPA) has offered some guidance when developing a fraud risk assessment.
First, consider the types of fraud schemes that can potentially occur, as well as concealment strategies that could be used by a fraudster to avoid being caught.
Next, think about the positions which pose the highest risk of committing fraud and what controls your organization already has in place to deter, prevent, and detect fraud.
Finally, create a list of red flags that board members and employees can reference to be on the lookout.
It is also important to remember this is not a one-and-done effort. As systems, processes, positions, and responsibilities change within an organization, so should the assessment of fraud risk.
If you have any questions about the information above, please contact your E. Cohen advisor.
Matthew (Matt) Duvall is a Principal in the Assurance Services Group at E. Cohen. He has been with the firm since 2016 and has more than 18 years of experience providing auditing, accounting, tax, and consulting services to a broad range of clients in the Washington, D.C. Metropolitan area, including nonprofit organizations, government contractors, and employee benefit plans.
Matt’s specialization is with nonprofit organizations, where he has expertise in providing financial audits,
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category . |
cookielawinfo-checkbox-functional | 1 year | The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category . |
cookielawinfo-checkbox-others | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others". |
cookielawinfo-checkbox-performance | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance". |
ep201 | 30 minutes | This cookie is set by Wufoo for load balancing, site traffic and preventing site abuse. |
PHPSESSID | session | This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed. |
viewed_cookie_policy | 1 year | The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_4JQW09H0BS | 2 years | This cookie is installed by Google Analytics. |
_gat_gtag_UA_539141_3 | 1 minute | Set by Google to distinguish users. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
vuid | 2 years | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website. |
Cookie | Duration | Description |
---|---|---|
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |