Developing a Fraud-Free Workplace for the Nonprofit Organization: A Fresh Perspective

By Eric A. Kreuter |  Hope Goldstein  |  September 16, 2015  |  Download PDF


Nonprofit fraud is becoming more prevalent, according to a number of sources, and is occurring more frequently and becoming more costly. According to the 2014 Report to the Nations by the Association of Certified Fraud Examiners (ACFE), nonprofit fraud accounted for 10.8% of total incidents of fraud in 2013, up from 9.6% reported in 2010. Nonprofit organizations lost a median $108,000 per incident in 2013, up from $90,000 reported in 2010. Since many nonprofits are relatively small, the financial impact is often far greater than the dollar amount implies.

Despite the increasing frequency of nonprofit fraud, leaders don’t see it as a major issue. In fact, according to the Nonprofit Pulse, a national survey of nonprofit leaders (including chief executive officers, executive directors, chief financial officers and Board members) developed and performed by our firm, Marks Paneth LLP, only 1% of respondents say “fraud by staff” is a top challenge.

Despite this, financial control failures are common at nonprofits and can sometimes be fatal to the organization. Leaders of nonprofits would be well served to take steps to assess their risk, tighten controls and detect fraud as early as possible.


All organizations are at risk. There are always people willing to commit fraud, and when the economy is difficult – as the current economy is, in spite of employment numbers – there are a greater number of frustrated, underemployed people. Thus, there may be an increase in the number of people committing fraud. In addition, there are new, emerging forms of fraud. The theft and sale of data, for example, represents a new level of risk over and above the more traditional theft or embezzlement-related frauds. The risk environment is continually growing more complex.


The impact of fraud on any organization can be significant, with ramifications outside the domain of mere financial loss. According to a report on the economic impact of fraud in the UK, (Levi, Burrows, Fleming, & Hopkins, 2007):

…the impact of fraud is more than just ‘pounds and pence’: victims vary in the ‘collateral damage’ caused and how well placed they are to recuperate from their losses, economically and psychologically. (p. 5).[i]

The particular challenge for nonprofit organizations is that their finances are often so fragile that the impact of fraud and mishandling of finances is often severe. While fraud is always harmful, nonprofits have to worry about additional factors - in particular the risk to their reputation. A perception that they are mishandling funds can severely constrain donations. If donors lose confidence in the organization, they are likely to move their contributions elsewhere. These effects can be long-lasting and can have surprising ramifications. Knowing this, many organizations fail to report internal frauds to law enforcement because of the desire to avoid negative publicity.

For-profit organizations can clean house, replacing their leaders and board members. Customers seem willing to forgive them and continue “business as usual.” In the nonprofit world, that is not always the case. Nonprofits affected by fraud often feel the after-effects on their reputations for many years later. A smaller nonprofit can be severely affected and lose donations, be forced to merge or, worse, have to shut its doors.


Fraud typically takes place within organizations where controls are perceived to be weak, where little effort is made toward fraud deterrence and where one or more employees feel under pressure of financial need. When such pressure is combined with opportunity (in a weak control environment), fraud is much more likely to occur. Usually, workplace fraud starts small and then builds as the fraudster becomes increasingly emboldened to take greater risks.

Nonprofit organizations, in particular small to midsize ones, often have not paid sufficient attention to the control environment. Wage scales are typically lower than in the for-profit environment; this can lead to a greater number of employees under financial pressure. In addition, nonprofit organizations are often short-staffed, with people doing multiple and sometimes conflicting jobs – for example, there might be one person who issues the checks, manages receivables and handles the bank reconciliation. Such loose controls can open the door to fraud. 


How should a nonprofit organization go about strengthening its control environment? Fundamental steps come first. Leaders should be aware that personal ethics are diverse and that even ethical people may choose crime if their personal circumstances become so severe that they feel no other option is available.

With this in mind, every position should be evaluated and re-evaluated for substance, the potential for further enrichment and a better understanding as to how each job integrates with each department and the organization as a whole. This will help managers gauge where weaknesses in controls may exist. Once weaknesses are determined, controls can be strengthened to decrease the potential for fraud and, if fraud is perpetrated, increase the likelihood of detection. When a fraud is detected, it is important for the leaders of the organization to act definitively and to then reverse-engineer the fraud to learn how it was perpetrated in order to use the knowledge to further evolve the control system. This is an iterative process.

Leadership matters here. Internal control systems, procedures, practices, rules of conduct, ethical policies and orientation and training programs are often designed to deepen the awareness of the code or tone at the top. Employees will observe the behavior and conduct of organizational leaders to assess the tone.


While fraud prevention is an ideal goal, in practice it is difficult. People determined to commit fraud will often find new ways around safeguards. What is often much more effective is deterrence. A combination of tighter controls, strong whistleblower policies and early detection is the best anti-fraud formula.

There are several steps that nonprofit organizations can and should take. Some are mandatory. For instance, whistleblower policies are required by law (see sidebar at end).

Other steps are strongly advisable, even if difficult – budgets may be constrained, but it is important to staff appropriately. Jobs should be separated in a way that supports fiscal controls, and organizations should pay a competitive wage that reduces the odds of dissatisfaction. “Financial improprieties are less likely to occur in organizations with strong financial controls” (Schilit, 1993, p. 147).[ii] As a first step, ensuring recruitment and hiring of qualified employees together with robust efforts to more fully investigate their backgrounds as part of pre-employment screening is essential. It is even recommended to do an employment screening a year after being hired. Examining the duties of each position juxtaposed to the specific department and the organization in its entirety can help streamline the workforce and keep employees motivated by ensuring that their jobs are appropriately challenging. Fostering a formal or at least informal mentoring program can also provide ongoing opportunities for guidance and problem solving, which, in the long run, will result in greater workplace satisfaction and decreased involuntary turnover.

Monitoring workplace economics (base compensation, incentive pay, benefits) is a key component to rewarding top performers and preventing chagrined workers from feeling they are underpaid compared to peers in other organizations. This step requires solid coordination between the human resource function and budgeting. Management of payroll, often the most costly component of the expenses associated with delivery of a product or service, can make or break the organization’s economic viability. Remaining competitive is crucial in today’s business climate. Therefore, finding efficiencies requires a balance between maintaining an adequately staffed workforce and payroll expenses. As one nonprofit Executive Director said, “No margin; no mission.”


With those basic issues taken into account, the most important single step is to audit current controls, identify weak points and make changes as needed to both policies and staffing levels.

Typically, the infrastructure of many nonprofits, especially smaller organizations, cannot justify an internal audit department. (Unsurprisingly, donors prefer that their contributions go to programs rather than to administrative costs.)  In these situations, a periodic collaboration with an external auditor or consulting firm, able to perform adequate testing to assess the quality of the internal control system, will help the organization operate more securely than one which dismisses the threat of internal control weaknesses. Employees will be aware that their actions are being monitored periodically.

While it may not be feasible for every nonprofit organization, an internal audit function is the ideal solution.  “Consistent with its mission, the Internal Audit Department provides management with information, appraisals, recommendations, and counsel regarding the activities examined and other significant issues” (Marquette University, 2014, p. 1).[iii] Each business system can be checked and re-checked for upgrading controls. Often, the costs of an internal audit department will be far less than the benefits achieved through tighter controls and ongoing monitoring – major aspects of fraud deterrence. Further, the internal audit function can serve to decrease the costs of the external audit; therefore, coordination of the internal auditor’s procedures with those of the external auditor will help reduce overall costs.

Of course, sometimes the necessary changes are simple – while in the past, leaders might have had bank statements delivered to their homes to check signatures, today they can access statements and cancelled checks online. Fraud deterrence can be that basic.


What if, in spite of strong controls, fraud is only detected after the fact? A well-managed organization will be unafraid to terminate employees who have crossed the line and committed improprieties. Therefore, fostering a zero-tolerance policy for workplace fraud and carrying out disciplinary policies will ensure that other employees fully comprehend what can and will happen should they replicate the fraudster’s actions. Human resources should make sure that employees accused of conduct that could lead to disciplinary action receive appropriate due process before actions are taken. This will help reduce risk of employment-based litigation.

Leaders must remain clear-minded when top performers are the ones accused of inappropriate conduct. Sometimes leaders are reluctant to terminate those who are perceived to be heavily contributing to the bottom line. However, being overly lenient based on such a metric can derail the respect employees have for the overall organizational policies. Further, by allowing individuals unwarranted latitude, greater harm could be done to the organization, making any decision to “look the other way” seem to be very short-sighted.

Reputation takes a long time to build, but a short time to lose. “Today, damage to reputation is one of the greatest concerns of CEOs” (Drexel University, 2014, p.1).[iv] No person should be considered untouchable when it comes to adhering to policies or immune from discipline for breaking the rules.


Unfortunately, stealing is not going out of vogue. Human behavior is such that bad eggs will always be present, and leaders must remain hyper-vigilant. Assuming that the business of the organization is viable, by staying attuned to the potential for fraud and taking reasonable preventive steps, the reliance on detective controls lessens and the potential for loss due to fraud decreases. The best approach is to be proactive, not passive. While being proactive can carry a price, insurance does as well. When fraud hits, organizations are likely to find it faster and come through it better if they have taken the right steps and set up the right controls ahead of time.


When Congress enacted the Sarbanes-Oxley Act, following several frauds that occurred in corporate America, it included two provisions that also apply to nonprofits. Federal law prohibits all corporations, including nonprofits, from retaliating against employees who “blow the whistle” on their employers’ accounting practices. Consequently, having a good internal process for addressing complaints including a whistleblower protection/anti-retaliation policy can help an organization protect itself from the risk of violating state and federal laws that afford protections to whistleblowers, and can help ensure that if there is a problem, it will be investigated and fixed.

Organizations that encourage complaints by having an “open door” policy and have a standard of “no retaliation” for raising concerns are considered more transparent.

By having a written whistleblower policy, an organization demonstrates that it is practicing sound governance and exercising prudent risk management. The organization will be in a position to correct a situation, if it becomes aware of the problem. A whistleblower policy that encourages people to report their concerns without fear of retaliation is critical to good governance. A good policy should include:

  • Procedures for reporting violations
  • Procedures for preserving the confidentiality of reported information
  • Designated administrator of the policy (an employee, officer or director)
  • A requirement that a copy of the policy be distributed to directors, officers employees and volunteers

[i] Levi, M., Burrows, J., Fleming, M.H., and Hopkins, M. (2007). The nature, extent and economic impact of fraud in the UK: Report to the Association of chief police officers’ economic crime portfolio – February 2007. Retrieved September 12, 2014:

[ii] Schilit, H.M. (1993). Financial shenanigans: How to detect accounting gimmicks & fraud in financial reports. New York: McGraw-Hill.

[iii] Marquette University. (2014). Role of internal audit. Retrieved September 12, 2014:

[iv] Drexel University. (2014). Center for corporate reputation management. Retrieved September 12, 2014:

About Eric A. Kreuter

Eric A. Kreuter Linkedin Icon

Eric Kreuter, Ph.D., CPA, CGMA, CFE, CBA, is a Partner in the Advisory Services group at Marks Paneth LLP. He specializes in litigation and forensic services, including commercial damages and fraud investigations. His background also includes management, human resources and other consulting services. He is well-versed in all facets of the construction industry. Dr. Kreuter has worked in professional services firms since 1983 and was also a founding shareholder in a CPA firm. He has... READ MORE +

About Hope Goldstein

Hope Goldstein Linkedin Icon

Hope Goldstein, CPA, is the Co-Partner-in-Charge of the Nonprofit, Government & Healthcare Group at Marks Paneth LLP. Ms. Goldstein brings to her role the skills she has developed during more than 27 years of providing accounting and auditing services to her clients in the nonprofit, higher education and public sector industries. She co-leads a team of more than 60 professionals who specialize in the nonprofit industry and focus on ensuring the accuracy and transparency of... READ MORE +

SUCCESS IS PERSONAL Click here to learn more about our brand