Nonprofit Employee Embezzlement Prevention: Red Flags to Look For and Prevention Strategies

Organizations can learn from others’ mistakes

With a feel-good mission to positively impact its community, many people assume that the staff of a not-for-profit organization are committed to protecting and achieving the charity’s goals. So the idea that an insider would violate its trust is distressing, to say the least. Yet no company is immune to embezzlement — employee theft or misappropriation of employer funds — not even charitable organizations.

Often times a not-for-profit organization is more susceptible to financial misconduct due to factors such as lacking the attractive deep pockets that for profit companies may have, the small size of the organization, fewer processes and procedures, reduced layers of authority and oversight, and antiquated systems.

Red flags

In its 2022 Report to the Nations, The Association for Certified Fraud Examiners, or The ACFE, found that not-for-profit organizations suffered a median loss of $60,000. According to The ACFE study, in 85% of fraud cases at least one red flag had been identified, and multiple red flags were present in 51% of cases. Spot the warning signs of nonprofit embezzlement and you may be able to protect your organization.

Here are five examples of embezzlement red flags to look for when an employee with access to the organization’s financials does the following:

1. Avoids time off. In this day and age, where words like “balance” and “parameters” define our work culture, an employee who elects not to take vacation might be cause for concern.

2. Has a change in lifestyle that doesn’t match their salary. There may be obvious signs of living beyond their means. Brazen employees may even flaunt their new luxury car, designer clothing, and/or exotic vacations.

3. Is defensive and/or aggressive in their response to questions and requests they find threatening. A highly trusted, sometimes tenured employee or volunteer is most commonly the embezzler. This person feels safe from suspicion, discovery, and repercussions.

4. Delays or avoids a request for information. Financials should always be available and accessible to senior members of leadership and the board of directors.

5. Blocks access to a vendor or customer. Close associations can be an indicator, as the relationships provides multiple opportunities for theft and for cover up.

Risky business – The importance of internal controls at nonprofit organizations  

One of the best ways to implement the proper internal controls at your organization is to learn from experiences other organizations have weathered. A BoardEffect article highlighted several embezzlement schemes that not-for-profits have encountered.

1.  A low-level accounts receivable employee created fake companies, assigned vendor numbers to them, and then submitted invoices for work never performed resulting in an almost $1.5 million loss over five years.

2. A former chief financial officer wrote fraudulent checks to herself, totaling $500,000, forging her supervisor’s signature on them. Her crime was uncovered when she resigned from her position, and the new CFO discovered the missing checks.

3. An interim director embezzled over $60,000 making 83 personal transactions using the nonprofit’s credit card.

4. An employee embezzled $1.4 million through more than 350 unauthorized wire transfers and issued over 250 checks to herself, her husband, and several of her creditors. She was arrested and placed on a pretrial release with the condition that she refrain from illegal activities. However, she used a different name to secure employment with a different not-for-profit and failed to disclose her prior indictment, stealing an additional $57,000 from the second not-for-profit.

5. An administrative assistant admitted to embezzling over $5.1 million in a scheme that went unnoticed for eight years. The employee had access to critical financial systems, and she created fake invoices in the names of legitimate groups. She approved the invoices for payment, and when the checks were ready, she cashed them herself.

Embezzlement in not-for-profits occurs more frequently than we know or hear. The lack of awareness is due to the organization’s decision to not report the theft because leaders and boards fear irreparable damage to the organization’s reputation from negative publicity. Termination is the most common outcome, but without legal accountability, the perpetrator is able to move to another organization.

An ounce of fraud prevention at nonprofits

The least risky solution is to implement stringent internal controls. The ACFE reports that the top three causes of not-for-profit embezzlement* are 1) a lack of internal controls, 2) lack of oversight of existing internal controls, and 3) overrides of existing internal controls. Top-down proactive oversight and accountability is critical to deter fraud.

More comprehensive accounting automation reduces the likelihood that errors or fraud occurs as the result of manual processing and limited or no separation of duties. Benefits also include easier monitoring of transactions, facilitating accurate invoice processing, streamline expense report approval, and reliable reviews of the organization’s real-time financial status.

The MAXIS solution

Using MAXIS® by Freed Maxick, a high-tech outsourced accounting solution, not-for-profit organizations are able to automate processes and create a strong internal control environment. Outsourcing the accounting function also provides proper segregation of duties and an outside layer of oversight to the books and records or the organization. The technology is updated frequently to ensure seamless continuity of business with faster data recovery and because it’s cloud-based, it has better reliability, timeliness, accessibility, and security. 

Proper nonprofit fraud prevention policies and procedures are needed that not only monitor and catch embezzlement, but prevent it. That’s where MAXIS comes in. Schedule a complimentary consultation with Holly Hejmowski, Director of Assurance and Advisory Practice, at Holly.Hejmowski@freedmaxick.com.