Fraud risk management for small charities

When news of charity fraud is reported, the sector as a whole is hit hard. Both staff, volunteers, and trustees have been implicated in the past. Charities, small and large, continue to fall victim of fraudulent activity.

The Annual Fraud Indicator 2017, a report by Crowe Clark Whitehill, the University of Portsmouth, and Experian, found that financial loss due to fraud in charities had risen from £1.9bn in 2016 to £2.3bn.

The impact of fraud on a small charity can be particularly devastating. Financially, the financial loss may be unrecoverable. But also, the damage to the organisation’s reputation is immeasurable.

Understanding fraud

Action Fraud, the UK’s national fraud and internet crime reporting centre, defines fraud as “when trickery is used to gain a dishonest advantage, which is often financial, over another person”.

In its nature, fraud is a covert activity, which is designed never to see the light of day. This makes it particularly difficult to detect fraudulent activity, and charities cannot afford to be complacent about their fraud risk management.

Fraud triangle

Perhaps one of the most insightful ways of thinking about fraud was a term coined by an American penologist and criminalist, Donald R. Cressey. He thought that there are three factors that are always present for every fraud situation:

  • Motive – the circumstances that create a need to commit fraud e.g. need for money;
  • Opportunity – the circumstances that make it possible for the fraud to occur; and
  • Rationalisation – the ability to justify the fraud, e.g. “Nobody cares about this, it’s tiny!”

While no organisation is immune to the risk of fraud, removing one of these factors can make it impossible for fraud to occur. In particular, organisations can close gaps in management controls (i.e. remove opportunity).

Big challenges for small charities

The Trustees have a legal duty to safeguard the assets of the charity. It is therefore their responsibility to design and instigate internal control mechanisms for preventing, detecting, and responding to fraud.

However, small charities face particular challenges in mitigating fraud risk. Often, there is simply not enough staff in the charity so that segregation of duties controls can be implemented. For example, the person holding cash is often the same person “authorising” and recording payments.

Small charities are particularly attractive for fraudsters, given the high level of embedded trust between colleagues in the sector. In many ways, a small charity can be much like a family, so it can be awkward to even contemplate that someone could defraud the charity.

The result is that the systems of internal control for fraud prevention and detection are generally less developed in small charities. But there are simple and generally cost free activities that the Trustees can adopt in order minimise the risk.

Risk assessment: identifying the exposure points

Assessing the risk of fraud in the organisation is one of the most important mitigation activities. This can be as simple as an outline list of situations in the organisation’s normal course of business which present opportunities for fraud. For example:

  • Grants and donations received in cash.
  • Income received by a single person over a period of time i.e. a small amount at a time.
  • Expense claims for allowances, travel, and subsistence.
  • Changes to the accounting records.
  • All purchasing done by a single individual.
  • Diverting supplier payment to an employee’s own account.
  • Duplicate and/or fake invoices in the financial records.
  • Cheques being signed and cashed by the bank signatories.

Agree an action plan

Leading from the top, the Trustees should agree a mitigation plan showing how the charity protects itself against fraud. To save time, this could be done as part of a wider risk management process.

Preventative controls for small charities

For small charities, the operations and organisational structures can render conventional fraud control mechanisms ineffective. However there are alternative activities that Trustees could consider:

  • Have a finance sub-committee on the board with a higher level of visibility with regards to the Charity’s finances. They should also maintain a healthy level of scepticism and aim to promote best practice financial management.
  • All payments should be counter-authorised by at least one other person. Small charities should consider the feasibility of a trustee other than the treasurer authorising payments, while the treasurer monitors and scrutinises the expenditure.
  • Have a fraud policy and procedures in place. In particular, have a really simple reporting mechanism for fraud suspicion, including the option to report to members of the board of Trustees if the staff do not feel comfortable reporting the issue to their direct reports.
  • Have clear whistleblowing procedures in place.
  • During training or other day-to-day business activities, invite someone to speak to staff about fraud to increase awareness. Your accountants, local community accountancy group, or the skills sharing and mentoring service by The Coalition for Small Charities may be a good resource for this.
  • The finance procedures should include a limit to the amount that can be paid in cash and the nature of items that can be paid for in cash.
  • Consider using online banking, with double authorisation, to minimise cash and cheque transactions.
  • Wherever possible, commit the organisation to expenditure in its own name instead of relying on staff to pay and then reclaim in expenses.
  • Keep cash and other assets locked away. A fraudster can’t do very much if they don’t have access to the assets.

Detective controls

Detecting fraud can be really hard, even for a seasoned fraud investigator. Some of the actions a small charity could take include:

  • On-going review: The finance sub-committee should review the finances of the organisation on a regular basis.
  • Keep your management accounts simple, to help all trustees better understand and query them.
  • Spot checks, particularly identifying trends e.g. multiple payments going to the same payee with no apparent reason or standing contract, amounts changed on invoices consistently.
  • Maintain good record keeping: it is much easier to hide a fraud in a pile of disorganised documents.
  • Implement simple whistleblowing and reporting mechanisms.

Support resources

In March 2018, the Fraud Advisory Panel published a new guide for Trustees and Senior Managers: Tackling Charity Fraud: Prevention is Better than Cure. This guide looks at different types of common fraud in the sector, and provides guidance on how trustees and management could set up or improve their organisation’s internal controls to combat fraud.

The Fraud Advisory Panel has also created and made available a range of other fraud management resources, including a charity fraud checklist, case studies, e-learning videos, and infographics.

Reporting and Responding to actual fraud

Even when we’ve done our best, fraud can still find its way through our preventative processes. Organisations need to have a fraud reporting and response mechanism in place to help them take appropriate action.

Internally, having an “ethics/compliance champion” can work well for some charities. This would be someone that staff would feel more comfortable with so they can report to them instead of going through the normal reporting lines.

Externally, if the fraud involves your bank accounts or business cards, you will need to inform the bank immediately.

If there are concerns over anyone’s safety, the charity should consider reporting to your local police.

If the case involves national taxes e.g. Gift Aid or VAT, you will need to report to HMRC. You can call 0800 788 887 to make a tax evasion report.

In all cases, suspected and actual fraud should be reported to Action Fraud (this can be done online at www.actionfraud.police.uk or by calling their helpline 0300 123 2040).

To report the fraud as a serious incident, you will need to report it to the Charity Commission. This can be done by email at rsi@charitycommission.gsi.gov.uk.

Written by:

Charles Ssempijja

Director

NfP Accountants

Financial management for small charities & social enterprises

www.nfpaccountants.co.uk

Share