Not-for-Profits are High Risk for Occupational Fraud: Prevention Strategies to Consider

By Holly Hejmowski, CPA on July 12, 2023

Stay up to date

Back to main Blog
Holly Hejmowski, CPA



Vigilance reduces opportunities for employee theft

How high on your list is fraud prevention? If yours is like most not-for-profit organizations, it’s a threat, but buried beneath many other important obligations. With limited resources, few formal processes and internal controls, and outdated software and systems, many not-for-profits find fraud deterrence difficult to implement and overwhelming to monitor. But with methods for theft becoming more sophisticated and, quite frankly, easier, it is imperative for organizations to elevate deterrence to the top of the proverbial “to-do” list. Not only are the potential financial implications of fraud very significant, the financial cost to reputation, donor trust, and credibility are immeasurable.

Not-for-profits are not exempt from fraud

The Association of Certified Fraud Examiners (ACFE) reports that not-for-profit organizations lose approximately 5% of their annual revenue to occupational fraud. While seemingly not a significant amount, the impact even a small loss has on a not-for-profit can be devastating.

In its “Occupational Fraud 2022: Report to the Nations", the ACFE examined the costs, methods, victims, and perpetrators of more than 2,100 occupational fraud cases. It uncovered that not-for-profit organizations were the victims in 9% of reported cases, suffering a median loss of $60,000, and up to 18-months wasted in uncovering activity.

Nonprofit fraud prevention: Be aware of deceptive practices

The reason ACFE cites for the fraudulent activity in not-for-profit organizations is that they have fewer internal controls than companies in other industries. Leadership is often focused on courting donations or overseeing the administration and distribution of funds to take notice of anything that might be amiss. Not-for-profit organizations are acutely challenged by deficits in staffing, relying on individuals who may not be adequately trained, placing an over-dependence on volunteers, and a lack of security protocols that expose vulnerabilities.

In addition to inside threats, because they obtain sensitive donor information including but not limited to credit card and bank accounts, not-for-profit organizations are also a prime target for cyber-attacks that steal data and other confidential information to use for their monetary benefit or extort for financial gain.

Fraud threats to not-for-profit organizations are real. And, common

Perpetrators need only 1) the opportunity to steal and conceal; 2) the motive, such as financial pressure due to a divorce, debt, or addiction; and 3) the ability to perceive and rationalize their behavior as deserving for working more and being paid less. The ACFE report found that 85% of all fraudsters displayed behavioral red flags such as living beyond their means or demonstrating unusually close association with a vendor or customer. The report also notes that the longer the tenure of the employee, the higher the loss.

How do they do it? The ACFE highlights three categories of occupational fraud:

1. Asset/Cash Misappropriation, which necessitates an employee stealing or misusing the employers resources for personal gain. It occurs when cash or other assets (i.e. computers) are intentionally taken off premises — stolen — by an employee. This is the most common form of occupational fraud.

2. Financial Statement Fraud involves a perpetrator intentionally causing a material misstatement or omission in an organizations financial statements and rerouting the money elsewhere.

3. Corruption includes bribery, conflicts of interest, and extortion. For instance, vendor kickbacks are facilitated through inflated or fraudulent invoices that are paid and then divided between both parties (vendor and employee).

In addition to those three, there are other favored not-for-profit fraud methods:

  • Ghost employees: Paychecks are issued to a non-existent employee or an individual who doesn’t work for the organization. The fraudster receives and cashes the check.
  • Check fraud: A more complicated method that involves forging checks or otherwise altering information from a check for personal use.
  • Expense and billing fraud: Generally committed when an employee submits fake or overstated expenses or fraudulently submits falsified invoices.

Fraud prevention is always your best option: Nonprofit internal controls to consider

Although not-for-profit organizations are more susceptible to fraud, safeguarding their assets isn’t as difficult as it seems.

First, mitigate risk by learning to identify the signs, such as unclear invoices, unknown vendors, large invoice totals with unknown origin or approval, and sudden increases in volume and/or totals on vendors’ invoices, that should raise a red flag.

Second, proactively setting, communicating, training, and measuring clear policies and a code of conduct for ethical behavior establishes a firm foundation of intolerance and consequences (i.e. termination, arrest, reimbursement). Some other effective steps and internal controls include:

  • Segregation of duties - The ACFE study shows that 65% of fraud cases were perpetrated by a manager, executive, or owner. Eliminating reliance on one individual to oversee financial transactions and payments processes is one way to deter opportunities. In smaller organizations with insufficient staff and less oversight, identifying a member of the board of directors or outside accounting firm can accomplish the same safe outcomes.
  • Establish a process that enables easy and confidential access to a whistleblower hotline, anonymous email portal, or suggestion box. According to the ACFE study, 42% of cases are detected through a tip, with 55% of all fraud reporting coming from anonymous employees. (Note that only 16% of detected cases came from internal audits and only 12% came from management review.) ACFE also reported that fraud was detected and addressed six months faster in organizations with a fraud hotline — 12 months instead of 18. Those organizations also incurred a smaller financial impact.
  • Automating repetitive tasks, like bill pay and payroll, provides oversight in places where there is less risk for being caught. Not only does automation create accountability, mundane, repetitive tasks become smoother and more efficient. Accounting and financial information is centralized for more accurate, timely, and reliable information for invested parties with access, like outside accountants. The other benefit of automation is that it doesn’t replace staff, it frees up their time to be able to participate more proactively in the success of the organization with internal projects or high-level analysis.

The MAXIS® solution for nonprofits

More comprehensive accounting automation reduces the likelihood that errors or fraud occurs as a result of manual processing and limited or no separation of duties. Benefits also include easier monitoring of transactions, facilitating accurate invoice processing, streamlining expense report approval, and reliable reviews of the organization’s real-time financial status.

MAXIS® by Freed Maxick is a high-tech outsourced accounting solution for nonprofits that automates processes and creates a strong internal control environment. Because it’s cloud-based, it has better reliability, timeliness, and security. Outsourcing the accounting function also provides proper segregation of duties and an outside layer of oversight to the books and records of the organization. Cloud-based tools have better reliability, timeliness, accessibility, and security. The technology is updated frequently to ensure seamless continuity of business with faster data recovery.

MAXIS® can help to deter, detect, and mitigate fraud in not-for-profit organizations.

Can it work for your organization? Schedule a complimentary consultation with Holly Hejmowski, Director of Assurance and Advisory Practice, at

New call-to-action

Stay up to date