Preventing Embezzlement from Your Organization

To most of us, stealing money from a charity is unthinkable. Even so, embezzlement from nonprofit organizations is a serious problem. The Chronicle of Philanthropy reports that according to a 2007 study, 13% of the donations collected by nonprofits each year are lost to fraud. Further, the Washington Post reported that in 2013, more than 1,000 non-profits reported losses of $250,000 or more as the result of embezzlement, theft, misappropriation of funds, or investment fraud.

Losing that kind of money would sink–or at least seriously damage–a lot of organizations. Worse yet, the organization can be hurt even after the money is lost. Embezzlement or misappropriation can also discourage donors from supporting the organization, making it even more difficult to recover.

And worse yet, I suspect that smaller organizations are actually at greater risk than large ones. Why? Mostly, because large organizations are more likely to have controls in place. Also, I think there’s more of an expectation that a large organization will have and enforce those controls.

How can the organization’s property be kept safe?

There are two key ideas that should be part of your policies:

1. Physically protecting valuable things
2. Not letting one person handle finances and financial information

Protecting valuables

If it has value, and it’s not in use, lock it up. This includes cash on hand (and I’m not a fan of keeping cash laying around), checks, equipment, and anything else with value.

It's a door with "Please...DO NOT ENTER" painted on it.

This is probably not secure enough.

If you’re going to lock it up, you’re going to need keys. Those keys should be given out sparingly and the organization should insist upon the key’s return when a keyholder leaves the organization.

Checks and balances

The other key thing is not to give one person all the authority over the money in the organization. One person in isolation can steal fairly easily, but once people start double-checking each other, it becomes much harder.

What kind of checks should you install?

  • Cash should always be double-counted by two people in one another’s presence. Both people should agree on how much cash is there, and it should be recorded so that there’s not a question of how much money was involved later.
  • Someone who doesn’t write the checks should review the bank statement each month. Anything that looks odd–an unusual amount, an unfamiliar payee, a skip in the check numbers–is worth asking about.
  • Hang on to receipts, invoices, any proof of the transaction and the amount of money involved. If board members or staff pay for something for the organization on their own, insist on a receipt for reimbursement. Also, get invoices from vendors. Even if theft weren’t an issue, you should be doing this anyway so you can maintain your books.
  • Use multiple signatures on checks. Especially for large amounts, using multiple signatures might prevent a payment for an unauthorized purpose. However, this may not be as secure as it sounds–banks often don’t check for multiple signatures. That said, there are still a couple of advantages to using multiple signatures, especially with big amounts. First, making it a requirement will still add a second person into the transaction, making theft more difficult. Second, if a check lacks a second signature but was honored by the bank, you will have reason to investigate that transaction.
  • No exceptions. Allowing exceptions causes three problems. First, it creates openings for people to steal. Second, it suggests that the rules aren’t firm. The rules should be firm. Third, employees that don’t get exceptions may feel like they aren’t trusted or valued like the employees that do get exceptions.

Not sure where to start? I like this article from Blue Avocado about internal controls for very small nonprofits as a good place to start.

Next week, we’ll talk about what to do if embezzlement or misappropriation occurs.


Leave a Reply

Your email address will not be published. Required fields are marked *