Subscribers | Charities Management magazine | No. 150 Early Summer 2023 | Page 1
The magazine for charity managers and trustees

Charities managing fraud risk

ARLENE CLAPHAM, senior risk and assurance manager at accountancy firm SAYER VINCENT, looks at the common areas of fraud risk for charities, how to operate deterrence and how to investigate when fraud does occur.

Charity fraud is on the rise. Action Fraud found there was a 44% increase in the value of charity frauds between January and November 2022, compared with the same period the previous year.

According to charity insurance firm, Third Sector Protect, charity fraud results from many reasons – a high level of cash flow, which means that suspicious transactions will be harder to identify; the goodwill and trustfulness of those involved with a charity; and the lack of effective process design and oversight at certain charities.

Several factors in the current working climate could have contributed to the rise in fraud. There has been a growing reliance on technology; more people are working remotely since the pandemic, plus cost cutting in organisations has meant workforces are more streamlined and there is less opportunity to observe people and processes.

Reading about frauds committed on charities is never a positive experience. Whether the fraud has been committed internally, by trusted staff or volunteers or happened externally – usually the reporting is restricted to the value of the funds lost and how long the fraud continued before being detected.

True learning

Sometimes reports include who did it and how it was detected but it doesn’t provide an opportunity for true learning; except to raise awareness that fraud in the sector is a big risk.

Charities which have suffered a fraud may make a statement to say they are recovering the losses and that controls have been strengthened, but without transparency around the points of failure. Perhaps the sector could do more to share the why and how. This could lead to an overall improvement in controls across the sector.

Key measures

There are some key measures that all charities could be undertaking to protect themselves, starting by thinking through where the opportunities are for potential fraudsters, both internally and externally. It’s the duty of management teams to identify weak spots and to regularly assess these. They will be different for each charity but the common areas where fraud occurs are:

  • Payroll and expenses.
  • Payment and procurement processes.
  • Fundraising activities.
  • Grant making.
  • Cyber risks.

Building awareness

Building awareness that fraud could happen and developing a culture where people are willing to challenge non-compliance are essential. This can be done by openly discussing the risks and developing genuine accountability.

Senior management and trustees must lead by example and ensure they adhere to policies too. Charities could encourage the management team to try to go outside the guidelines to see if requests that do not follow due process are challenged.

Charities which don’t already have anti-fraud, bribery and corruption policies should create these, aligning them with other procedures and ensuring they are transparent across the organisation. This includes confirming where reports go and who is responsible for responding to a potential fraud, and having a whistleblowing policy in place.

It’s important that staff and volunteers believe that action will be taken if they do report something, otherwise it can feel like a waste of time or that the charity doesn’t care.

Deterrence as control

As most frauds are committed by long serving members of staff or volunteers, now is a good time to consider how the charity could affect a potential fraudsters’ decision making. If they think they will get caught, would they still do it?

For the fraudster, it is the perception of how the fraud risk is being managed that determines whether they will or won’t commit fraud. By altering whether an employee or volunteer thinks a fraud will be detected can impact on whether they commit the fraud.

The theory of the fraud triangle gives three key areas to focus on: motives, opportunity and rationalisation. When it comes to motivation having a good understanding of the welfare of people makes for a better charity employer and ensures the employer continues to make good decisions, for people and for the charity.

Arguably now, the motivation to commit fraud is on the up. The economic climate is taking its toll on many and it is becoming more difficult to make ends meet. A staff member or volunteer may not have had the same motivation to commit fraud in the past.

Internal controls

With opportunity, if a potential fraudster believes they can get away with the fraud and are motivated to do so, they might try. Many charities have invested in designing internal controls to prevent fraud, implementing approval thresholds, segregation of duties and the like. And this is all good.

But where there is a will, there is a way and a savvy potential fraudster will be fully aware of what is looked at, when and by whom. Charities can be guilty of relying on trust as a key control, and if someone has been fulfilling their role well, their work may not be scrutinised in the same way it might have been when they first joined.

Finally, rationalisation, how a fraudster justifies their actions depends on their motivation and the opportunity. Again, the current climate could be having a real impact on people and it’s possible that the fraud could be seen initially as an interim measure.

Feeling overworked and underpaid

As many charities have streamlined since the pandemic it is possible staff and volunteers are feeling overworked and underpaid, which could support their justification for committing fraud.

Charities can influence the perception that a fraud will be detected by doing the following:

  • Talking about - this raises awareness and puts it to the forefront of people’s minds.
  • Reviewing the control processes and challenging them. Times have changed. Are they fit for purpose?
  • Undertaking ad hoc, specific reviews, perhaps by internal audit. Knowing that someone with fresh eyes could look at the processes and transactions can act as a deterrent.
  • Undertaking job rotation – this is not only a positive for retaining talent and developing staff, but it also can act as a deterrent.

Establishing the above, and communicating it, can play a part in deterring internal fraud. Ultimately, charities want to demonstrate to their staff and volunteers that they will not get away with it, thereby affecting their decision as to whether to commit a fraud or not at the outset.

Investigating a fraud

Where a fraud is suspected the fraud response plan, if it exists, will likely include the roles and responsibilities for deciding how an allegation of fraud will be handled. It is important to be clear on what individuals must not do in response, such as not alerting the potential fraudster, not communicating outside the agreed protocols, and not carrying out their own investigation without appropriate approval.

In deciding when and how to investigate, it’s important to consider what the intention of the investigation is. It is usually important for charities to be able to quantify the loss, identify the points of failure, identify further training needs or improvements required to processes, and manage the risk of further losses. The intention of the investigation may aid a decision on who is best placed to execute it, be it internal or external, and what steps and communications need to take place and when.

The perceived quality of an investigation can be impeded if it is thought not to be independent and objective. External investigators could therefore be considered. As well as having suitable experience, they increase the perception of independence and objectivity.

Key part

A key part of planning an investigation is to carry out a risk assessment that includes consideration of its impact on normal operations and to appropriately resource the investigation work (in time and money).

The preliminary part of an investigation to confirm or dismiss the suspicion may lead to the suspension of staff or volunteers pending further investigation, and removing access to systems and assets. This should be the point at which the charity decides on who needs to know about the investigation and the levels of confidentiality that may need to be managed.

If it has been established that criminal activity has taken place, the police should be informed and legal advice may be required, depending on the scale of the loss. The outcome of the investigation will determine how it’s reported and who to - including, Action Fraud, the Charity Commission, donors and other relevant stakeholders, internally and externally.

In the aftermath of the investigation, a review of internal communications and of key controls is essential to reduce the risk of fraud in future.

First arm of defence

Most frauds are identified by having good internal controls so ensuring these are fit for purpose is the first arm of defence. Taking time to understand the charity’s vulnerabilities, and having policies and response plans in place that are transparent and communicated across the organisation will help safeguard the charity, as far as possible, from fraud.

END OF ARTICLE

Return to top of page

NEXT ARTICLE

Next Article