It seems that barely a week goes by without reports of an organisation, often in the charity or public sector, having been the victim of a significant fraud. The latest report by the National Fraud Authority, published in 2013, estimated that fraud costs the charity sector over £140 million a year. Almost 10 per cent of the charities that responded to the NFA's survey on fraud had identified fraud in the previous 12 months.
Trustees of not for profit organisations, museums and religious groups as well as charities, are at risk of being held personally responsible for financial losses resulting from fraud if they are considered not to have acted properly to preserve the organisation's assets. They may also suffer embarrassment or even professional damage from perceived incompetence in not spotting the embezzlement.
But why are charities particularly at risk from fraud? A culture of trust, openness and volunteering has many positive advantages, but it may result in reliance on a small team of part time staff or volunteers, with relatively little supervision of those responsible for managing the finances. Internal controls over cash and access to bank accounts may be weak and cash flows can be unpredictable, making comparison with previous years difficult.
Being a trustee of a charity is not usually a full time role and trustees may be onsite relatively infrequently. Nevertheless, they are bound under charity law to safeguard the charity's funds and assets and are ultimately responsible for preventing and detecting fraud and for investigating any incidence of fraud that comes to light. Failure to carry out these responsibilities adequately may render the trustees personally liable for the charity's losses.
A key step in preventing fraud is for the trustees to identify where the opportunities for fraud exist. Does the charity hold a lot of cash on the premises, for example? Cash will always be the easiest asset to steal and trustees should look for opportunities to reduce the cash on site wherever possible. Where numbers allow, staff duties should be segregated so that no one individual has both physical control over inflows and outflows of funds and is also responsible for the recording of those transactions in the accounting records. Cheque payments, automated cash transfers and expense claims (including those of the trustees) should be authorised by a responsible individual who actually looks at the underlying documentation before signing. Passwords and other electronic controls should be properly adhered to - staff should not be using someone else's password and passwords should be cancelled when an employee leaves.
Trustees should be alert for signs that fraud may be occurring. The long standing, trusted employee who is always first to arrive each day and last to leave and never takes a holiday may simply love her job, but she may have something to hide. Trustees should look at the accounting records periodically, even where there is a financial controller in place. Are bank accounts being properly reconciled on a monthly basis; are there unexplained delays in banking or a preponderance of journal entries masking a clear audit trail? Take a look at the bank statements from time to time - are the balances shown in the management accounts actually there? Are there large or unusual payments or regular round-sum transfers for no obvious reason?
The vast majority of frauds are simple theft or diversion of funds and should be detectable with a reasonable degree of vigilance. It is not acceptable for trustees to simply delegate this task to the charity's auditors, whose responsibilities are quite different. Yes, the auditors should uncover fraud that has a material effect on the financial statements, but by then it may be too late. Trustees will want to nip any fraud in the bud before the charity's reputation and integrity is called into question.
A clear whistle blowing policy for reporting fraud is vital. Above all, trustees must take ownership of the problem of fraud, recognise its significance for their organisation and develop strategies for dealing with it. These will include a clear policy for reporting any incidences of fraud, both within the organisation and externally (to authorities such as the Charity Commission, the police and, if relevant, HMRC). Professional legal and forensic accounting assistance may also be required to address employment issues and maximise recoveries from the perpetrator or third parties.