Post on 09-Jan-2022
Online CLE
Helping Nonprofit Clients Avoid and Manage Embezzlement
1 General CLE credit
From the Oregon State Bar CLE seminar Safeguarding Oregon Nonprofits, presented on November 12, 2020
© 2020 Susan Bower, Lottie Zorn, CPA. All rights reserved.
Chapter 1
Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
Susan BowerOregon Department of JusticeCharitable Activities Section
Portland, Oregon
Lottie Zorn, CPACharitable Audit Coordinator
Oregon Department of JusticeCharitable Activities Section
Portland, Oregon
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–iiSafeguarding Oregon Nonprofits
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–1Safeguarding Oregon Nonprofits
Helping Nonprofit Clients Avoid and Manage Embezzlement
OREGON DEPARTMENT OF JUSTICE
CHARITABLE ACTIVITIES SECTIONSUSAN A. BOWER, AAGLOTTIE ZORN, CPA
IntroductionsInstructors
Function of Charitable Activities Section
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–2Safeguarding Oregon Nonprofits
Course Objectives
Why nonprofits are vulnerable to embezzlement
How to reduce the risk of embezzlement
How to detect embezzlement
What to do when embezzlement occurs
Tales from the Trenches
CCaassee ssuummmmaarryy:: TTrriifflliinngg TTrruusstteeee
•Charitable trust fund created solely to provide college scholarships to low-income students•Trustee had full control of assets, no oversight, wife terminally ill, son with addiction issues•DOJ audit:
$200,000 total expenses$167,000 trustee personal spending$ 33,000 actual scholarships paid
RReessuulltt:: rreeppaayymmeenntt,, AAVVCC,, lliiffeettiimmee bbaann
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–3Safeguarding Oregon Nonprofits
Tales from the Trenches
CCaassee ssuummmmaarryy:: SStteeaalliinngg ffrroomm SSiicckk KKiiddss
•Nonprofit established to support diseased children•Executive director was trusted with all financial tasks while facing divorce and gambling addiction•No board oversight, no bank statement review, no budget/financial analysis•Fraud was undetected until the bank called to say that the savings account was empty•DOJ audit:
At least $670,000 embezzled over 7 yrs
RReessuulltt:: 33 yyeeaarrss pprriissoonn,, AAVVCC,, lliiffeettiimmee bbaann
Fraud Facts - Losses
Average duration of fraud scheme – 14 months (Average duration of payroll scheme – 24 months)
Median loss across all industries - $125,000Median loss to nonprofits - $75,000
2020 Report to the Nations, Association of Certified Fraud Examiners
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–4Safeguarding Oregon Nonprofits
Fraud Facts – Perpetrators at Nonprofits
Director/Executive – 39% of casesMedian loss of $250,000
Manager/Supervisor – 35% of cases Median loss of $95,000
Employee – 23% of casesMedian loss of $21,000
2020 Report to the Nations, Association of Certified Fraud Examiners
Fraud Dynamics
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–5Safeguarding Oregon Nonprofits
Why Nonprofits Are Targets
Fewer resources and smaller staff
Mission-focused and over-reliant on trust
Inattentive or unskilled board
Low salaries may amplify financial crisis or rationalization
Fraud Types in Nonprofits
2020 Report to the Nations,Association of Certified Fraud Examiners
Corruption 41%
Billing 30%
Expense reimbursements 23%
Cash on hand 17%
Noncash 16%
Skimming 15%
Check and payment tampering 14%
Cash larceny 12%
Payroll 12%
Other
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–6Safeguarding Oregon Nonprofits
Ways to Reduce Risk of Fraud
•CCrreeaattee aann aattmmoosspphheerree ooff aaccccoouunnttaabbiilliittyy•SSaaffeegguuaarrdd yyoouurr aasssseettss•IImmpplleemmeenntt iinntteerrnnaall ccoonnttrroollss•WWaattcchh ffoorr rreedd ffllaaggss
Create Accountability
•Active board oversight•Strong compliance program•Ethics training at all levels•Encourage whistleblowers
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–7Safeguarding Oregon Nonprofits
Safeguard Assets
•Physical safeguards•Digital safeguards•Inventories•Theft/forgery insurance
Internal Controls:
POLICIES
•Risk analysis and response
•General financial controls
•Conflicts of interest
•Data protection
•Financial reports and budgets
•Documentation of control activities
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–8Safeguarding Oregon Nonprofits
Internal Controls:
ACTIONS
•Segregation of duties
•Background checks
•Monitor financial accounts
•Regular account reconciliation
•Cash and noncash income sources
•Inventories
•Timesheet controls
•Sporadic self-audits
•Talk to donors and clients
•Analyze variances
Revenue and Cash:
Know your sources of funds and how to protect each source
Grant funds
Contract payments
Cash donations (money, checks, credit)
Noncash donations (goods, stocks, software, professional services, free rent, advertising)
Special events
Thrift stores and other enterprises
Conduct random audits and perform analytics
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–9Safeguarding Oregon Nonprofits
Debit and Credit Cards
• Limit the number of cards issued
• Set spending limits on each card
• Have written agreements with each card holder
• Require original receipts for every purchase
• Someone other than card holder should review and reconcile statements monthly
• Cancel cards immediately when the card holder separates from the organization
Disbursements
•Documentation: invoice, contract, or similar writing required for all payments•Separation of duties: Someone other than the person writing the check (or digital payment) should review and approve•Automated controls: bank notifications, positive pay•Employee reimbursements: require pre-approval, original receipts
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–10Safeguarding Oregon Nonprofits
Timesheets and Payroll
PPaayyrroollll iiss oofftteenn tthhee oorrggaanniizzaattiioonn’’ss bbiiggggeesstt eexxppeennssee aanndd ggrreeaatteesstt rriisskk
• Timesheet review and approval
• Payroll report review and approval
• Documentation of hiring rates, raises, terminations, draws
• Sporadic audits for ghost employees, unauthorized raises, duplicate checks, unpaid draws
Budgets:A key internal control
Should be developed in advance
Can be revised within reason
Help maintain compliance with grant/contract spending requirements
Board and management should be familiar with the budget and notice deviations
Compare budget to actuals; compare current period to prior periods; adjust expectations when
warranted
Ask questions and inspect supporting documentation
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–11Safeguarding Oregon Nonprofits
Require Regular Financial Reports
Financial Reports should be prepared regularly and promptly
Late or missing financial reports are a red flag
Analytics are a key detection method:• Compare results to expectations, prior
periods, similar organizations, and market trends
• Compare actuals to budget
• Ask questions and inspect supporting documentation
Documentation: if it isn’t documented, it didn’t happen
• Sign and date every review/authorization
• Organize and maintain the filing system
• Have and follow a document retention & back-up policy
• Prepare for the unexpected, e.g.: illness or separation of key employees, natural disasters, loss of key information due to fraud
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–12Safeguarding Oregon Nonprofits
Conflict of Interest Policies
•Corruption (e.g., bribery, kickbacks, conflicts of interest) is the most common form of nonprofit fraud
•Organizations should have a written conflict of interest policy
•Directors must understand and apply the policy
•Board minutes should reflect how and when the policy is implemented
Data Protection
• Limit and monitor access to critical systems
• Every user should have a separate login
• Log out when not at your station
• Protect and control mobile devices (phones, tablets)
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–13Safeguarding Oregon Nonprofits
Data Protection:
CONTINUED
• Random system audits to ensure no unauthorized access, stale accounts, compromised data
• Train all users to prevent digital theft, phishing, social engineering
• Cancel access immediately when the user separates from the organization or suspicious activity discovered
• Regular system back-ups
Remote Work Security:A Brief Overview
PPhhyyssiiccaall SSeeccuurriittyy
Locked doors, line-of-sight privacy, no devices left unattended/in cars, document protection
TTeecchhnniiccaall SSeeccuurriittyy
No public WiFi, use VPNs, separation of personal/employer devices, encryption, external drives/hardware
CCyybbeerr AAttttaacckkss
Phishing, social engineering, spearfishing, whaling, links, attachments, hijacking, ransomware, thumb-drive-drops
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–14Safeguarding Oregon Nonprofits
Oregon Data Breach Laws
OOrreeggoonn CCoonnssuummeerr IIddeennttiittyy TThheefftt PPrrootteeccttiioonn AAcctt:ORS 646A.600 through 646A.628
IItt ccoovveerrss:Giving a breach notice, freezes on credit reports, no public display of SSNs, data security requirements
EEnnffoorrcceemmeenntt:DCBS and DOJ
Oregon Data Breach Reporting
MMuusstt nnoottiiffyy wwiitthhiinn 4455 ddaayyss:All persons compromised by the breach
IIff 225500++ ppeerrssoonnss ccoommpprroommiisseedd:Must also notify the Attorney General
SSeeaarrcchhaabbllee ddaattaabbaassee ooff bbrreeaacchheess:https://justice.oregon.gov/consumer/databreach/
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–15Safeguarding Oregon Nonprofits
Detecting Fraud
Means of Detection
2020 Report to the Nations, Association of Certified Fraud ExaminersTips 40%
Internal Audit 17%Management Review 13%By Accident 7%Document Review 6%Other
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–16Safeguarding Oregon Nonprofits
Organizational Red Flags
Unusual/unexplained revenue decrease or expense increase
Lack of receipts/invoices for reimbursements/bill payments
Disorganized financial records
Equipment, inventory, or petty cash is missing
Vendors or employees don’t have legitimate contact information
Complaints from donors or clients
EmployeeBehavioral Red Flags
Living Beyond Means
Financial/Emotional Difficulties
Unusually Close Vendor/Client Relations
Unwilling to Share Duties
Irritability/Defensiveness
Overwork/refusing vacation
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–17Safeguarding Oregon Nonprofits
What to Do If Embezzlement Occurs
Action Steps:
MITIGATE
o Secure documents and assets
o Rescind digital and physical access of suspects
o Notify the Board of Directors
o Assess the need for confidentiality
o Engage experts (outside counsel, forensic accountant, digital expert)
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–18Safeguarding Oregon Nonprofits
Action Steps:
INVESTIGATE
o Contact ODOJ – we can help
o Police report if appropriate
o Investigate facts and losses
o Identify/interview witnesses
o Documentation
Action Steps:
OBVIATE
o Recover funds/assets
o Identify weaknesses that may have precipitated the loss
o Anticipate employment law issues
o Anticipate liability issues
o Take steps to prevent future occurrences
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–19Safeguarding Oregon Nonprofits
Action Steps:
COMMUNICATE
o Inform stakeholders
o Inform major funders
o Press releases
o Form 990 disclosures
o Disqualified persons
A Few Resources
Oregon Department of Justice Charitable Activities www.doj.state.or.us/charitable-activities/
Committee of Sponsoring Organizations of the Treadway Commission (COSO) www.coso.org
Oregon Department of Justice Consumer Protection Division data breach pagehttps://www.doj.state.or.us/consumer-protection/id-theft-data-breaches/data-breaches/
National Council of Nonprofits www.councilofnonprofits.org
Nonprofit Association of Oregon www.nonprofitoregon.org
CPA Hall Talk: How to Lessen Segregation of Duties Problemshttps://cpahalltalk.com/how-to-overcome-segregation-of-duties/
Association of Certified Fraud Examiners: www.acfe.com
Chapter 1—Presentation Slides: Helping Nonprofit Clients Avoid and Manage Embezzlement
1–20Safeguarding Oregon Nonprofits
Thank you!
Susan A. Bowersusan.a.bower@doj.state.or.usOregon Department of JusticeCharitable Activities Section100 SW Market StreetPortland, OR 97201971.673.1940
Lottie Zornlottie.g.zorn@doj.state.or.usOregon Department of JusticeCharitable Activities Section 100 SW Market StreetPortland OR 97201971.673.1922