Fraud is a buzzword no one particularly enjoys talking about. The word itself carries a negative connotation for all the obvious reasons and many organizations completely avoid the subject. However, anyone who undergoes an annual audit knows that auditors are required to inquire about any real or suspected fraud within an organization and any steps that the organization has taken on behalf of fraud prevention. Auditors ask these questions not to annoy you and make you uncomfortable, but rather to ensure that your organization is taking the necessary steps to protect itself and its employees. A study performed by the Association of Certified Fraud Examiners (ACFE) in 2014, and reported in their Report to the Nations on Occupations Fraud and Abuse, found the following:
- A typical organization loses 5 percent of revenues each year to fraud.
- The median loss caused by the frauds was $145,000 with 22 percent of the cases involving losses of at least $1 million.
- The amount of time from when the fraud commenced until it was detected was 18 months.
- Asset misappropriations were the most common frauds, occurring in 85 percent of the cases, causing a median loss of $130,000.
As you can see from the findings above, ignoring the fraud talk can have serious implications for your organization. Furthermore, these statistics beg the question, “Why would someone do this to our company?” The answer lies in what is known as the fraud triangle.
From The University of Indiana. http://www.usi.edu/internalaudit/what-is-fraud
Those who commit fraud all have three things in common; the pressure, the opportunity, and they can rationalize their wrongdoing. Of the three areas of the triangle, only opportunity can be controlled by the organization.
Pressure can be real or perceived, but regardless of its source, stems from an internal belief that cannot be controlled by an outside entity. Common pressures can include family medical bills, credit card bills, mortgages, etc.
Opportunity is a product of the internal control structure in place at an organization. If the organization has strong preventative controls in place, then the opportunity to commit fraud is greatly reduced; however, if the organization has instituted little to no controls then the opportunity to commit fraud is prevalent.
Lastly, rationalization is the fraudster’s belief that what they are doing is okay. Rationalization, like pressure, is derived internally and cannot be controlled by outside sources. It is often driven by the individual’s belief that they are being treated unfairly or that what they are doing will not affect the organization. For example, an employee who steals from their employer might rationalize their behavior by saying, “I’ve given this organization 20 years of my life and barely make more than the day I started. I am vastly underpaid, and they don’t appreciate me.” Or, “This company makes so much money, they’ll never miss what I’m taking, and besides, I need it more than they do.”
Focus on what you can control.
To effectively manage someone’s opportunity to commit fraud, it is vital to implement a system of preventative controls. Unlike detective and corrective controls, preventative controls seek to eliminate the problem before it starts by taking a proactive approach instead of reacting to an existing problem.
Preventative controls are established through segregation of duties. Segregation of duties is the idea that one person should not be able to complete all critical functions of a transaction from start to finish. For example, the same individual should not be responsible for collecting money, entering the transaction, making the deposit, and reconciling the bank account. For some organizations, the logistics of segregating responsibility can be daunting due to the limited number of employees, yet, even if the organization only has two employees, separation of duties can exist. The following lists were created by the AICPA to demonstrate how responsibilities can and should be shared amongst an organization with two employees and those that have three or more.
Even with only two employees, organizations can implement controls to separate duties. This prevents any single employee from having custody, authorization, and recording abilities for transactions. This would prevent any one employee from taking a transaction from start to finish. CommunitySuite helps manage this separation of duties using permissions and groups.
Every CommunitySuite site comes loaded with four default groups. These groups include Admin, Accounting, Staff, and Audit. Each of these groups has their own unique permissions built in that allow pre-set access to a foundation’s site. These permissions range from full access to the system, Admin, to read-only access, and Audit. An organization should start with these default groups and edit their permissions based on their needs and number of employees.
Instead of starting from scratch, CommunitySuite lets your copy existing permission settings to create new groups. This preserves default templates. Permissions cover every CommunitySuite area, offering tailored access: no, read-only, full, or custom.
Once an organization creates groups and assigns applicable restrictions, the organization can assign users to those groups. The assigned group then determines a user’s rights in the site. Each user should only be in one group, as CommunitySuite will default to the user the rights of the least restrictive group. Below, we show you have you can split responsibilities in CommunitySuite’s Voucher area. You can customize permissions in many other areas as well. This is just one of the many areas where permissions can be customized.
No one likes to talk about the potential of fraud within their organization. However, ignoring the topic can result in substantial loss to a company. While no company can prevent all fraud, an organization can implement preventative controls that include proper segregation of duties.
Strengthen your fraud prevention
CommunitySuite can aid in fraud prevention through proper segregation of duties and customizable permission settings. By leveraging CommunitySuite’s built-in permission groups and tailored access controls, your organization can minimize fraud risk and ensure financial integrity.
Take control of your fraud prevention strategy today. Explore how CommunitySuite can help safeguard your organization—schedule a demo or reach out to our team to learn more!
About the Author
Foundant Technologies has specialized in making philanthropy easier and more impactful through innovative software solutions and exceptional client experiences since 2007. Passionate about philanthropy, our team is dedicated to meeting the unique needs of grantmakers, scholarship providers, community foundations, and nonprofits to enable change-makers to make the world a better place for all.