As a nonprofit, you work hard for your money, so it’s important to safeguard it. While it is difficult, if not impossible, to eliminate the risk of fraud, you have a fiduciary responsibility to minimize the risk.

A well-functioning cash receipts process (including currency, checks, credit card transactions and electronic transfers) is a critical component of a well-designed system of internal controls. When determining the cash controls your nonprofit requires:

  • Start by assessing your risks. Ask yourself, “With the way that we process money, what could possibly go wrong that could lead to theft?” It can be a useful exercise for senior management and the board to discuss this question in a brainstorming session.
  • Once you’ve identified what can go wrong, come up with some reasonable measures to mitigate those risks.

It’s up to each organization to find the right balance between control and risk. Implementing additional internal controls can be expensive in terms of staff time but a lack of controls can be expensive when fraud occurs.

Generally, more well-designed controls equal lower risk – but there are no absolute guarantees. You might have poorly designed internal controls and escape fraud through luck. On the other hand, you might have top-notch controls, yet still fall prey to a clever fraudster bent on circumventing even the strongest systems.

That said, these best practices commonly employed by small nonprofits should provide you with some guidance:

Segregate duties

Make sure that no one individual has too much power over a process. The idea here is to avoid a situation where an employee can misappropriate a customer or donor payment and then cover their tracks so they don’t get caught.

Consider this scenario involving the scheme commonly known as “lapping”. A small nonprofit has an office manager who wears many hats, including bookkeeper and receptionist. When she receives a pledge payment from Donor A, she deposits it into a secret “off the books” bank account to which only she has access. She knows that Donor A will make a fuss if he isn’t thanked for his donation, so she subsequently uses a payment from Donor B to credit the account of Donor A, and the cycle continues.

In an ideal situation, individuals who receive and deposit payments should not be in a position to enter the transactions in the accounting system or the donor database. For example, if the office manager makes the bank deposit, but a second individual posts the payment to the accounting system, then the lapping scheme will not work. As such, many nonprofits will enlist an administrative assistant to open the mail and deposit checks. Scanned images of the checks are then provided to accounting and development staff for entry in their respective systems.

If staffing levels permit, internal control can be enhanced further by enlisting two people to open, tally and deposit the payments together. A bank deposit scanner can help facilitate this process.

The employees involved in these processes should also be required to take periodic vacations so that duties can be rotated in their absence. Schemes like lapping will often fall apart if the perpetrator is not continuously in the office.

Segregation not an option?

You may be one of the many nonprofits who would like to effectively segregate duties but just don’t have the head count to do so. If this is the case, consider these options:

  • Transition your donors and customers from paper checks to electronic payments. (Be sure to set up the electronic payments so that they can only end up in a bank account belonging to the nonprofit.)
  • Employ a bank lockbox service, whereby donors and customers mail payments directly to your bank, who then deposits the funds into your account. This can significantly enhance internal control, and free up your staff to focus on other things.
  • Send donors year-end statements of itemized contributions from your donor database. Concurrent with this process, make sure that the revenue totals from the donor database match (or at least reconcile with) the general ledger. Sending donor statements might feel like taking a shot in the dark but some donors will be quick to point out errors or omissions.
Centralize receivables

Whenever possible, customer receivables should be recorded in the accounting system as soon as customers become obligated to pay the organization. Likewise, pledges and grants receivable should be recorded as soon as donor commitments have been made. Accounts receivable aging reports should be closely monitored, and a staff member not involved in collecting payments should follow up with delinquent customers and donors.

The goal here is that the checks and balances act as a deterrent to the would-be fraudster. Furthermore, if a customer issues a payment but their balance isn’t credited, the disconnect will be investigated and the fraud likely detected.