• Living beyond one’s means (fancy car, expensive home, lavish vacations)
• Experiencing financial difficulties
• Suspicious behavior
• Too controlling – wants to do everything
• Caught in lies (often insignificant)
• Works odd hours (always the first to arrive or last to leave; works weekends when workload doesn’t indicate the need)
• Password protects files on server that shouldn’t be
• Takes loan from 401k
• Gets very defensive when asked a question about work
• Unusually close relationship with vendor or customer
• Addiction, gambling or legal problems (How do they pay for these issues?)
• Won’t take vacation (or comes to the office during vacation to “take care of business”)
• Doesn’t follow the internal controls that are set up
• Unusual number of manual journal entries
• Excessive number of voided transactions
• No original documentation – everything is scanned in or copied
• Lot of errors in work

These red flags don’t necessarily mean that someone is committing fraud; however, coupled with other indicators, the employee should warrant closer supervision, surprise internal audits, etc. You may also want to review your internal controls for any possible weaknesses.   Being alert to these red flags can go a long way to preventing fraud and keeping your organization financially sound. (Note:  This is the first in a series of posts about fraud.  Check back for future postings.)

Whether you use the IRS rate as your reimbursable amount or some other rate, here are some suggestions to manage these reimbursements:

1. Review the policies at least annually.
2. Ask staff how they interpret these policies, and address any ambiguities.
3. Usually organizations only reimburse employees for mileage in excess of the miles that would be driven to the place of employment. For example, a case worker drives directly to a client’s house, which is 10 miles from the employee’s house. Your office is 6 miles from the employee’s house. Typically, you would only reimburse the employee for 4 miles of travel.
4. As part of the hiring process, inform new staff of the organization’s policies and give examples of what is allowed and what is not.
5. Periodically review these policies at staff meetings.
6. Employees should keep a written log of the mileage, which should include at a minimum for each trip:  Date of travel, destination, purpose of trip, and miles driven.  If you receive federal or state grants, the granting agency may require you to keep more detailed records, such as odometer readings, address of the destination, or attach maps showing mileage.
7. Prior to reimbursement, the mileage logs should be approved by the employees’ supervisors who are knowledgeable of their activities. The logs should also be periodically reviewed for inconsistencies, errors, redundant trips, and abuse.

     What are you required to do? According to OMB Circular A-133 (which governs the administration of federal awards), organizations are required to:
“Maintain internal control over Federal programs that provides reasonable assurance that the auditee is managing Federal awards in compliance with laws, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its Federal programs.”
       To ensure that you have the proper controls in place, it is a good idea to perform an assessment of each of the compliance requirements that affect your federal grants. Here are a few questions you can ask yourself and others involved with the administration of the grant:
     “How do we know that case managers who are carrying out the program are fully informed of the provisions of the grant?”
     “What process do we have that would prevent an unallowable cost from being charged to the grant?
     “How do we know that participants in the program are eligible to receive services? Does anyone verify eligibility after the initial assessment?”
     “How do we make certain that we have paid for allowable costs before we request reimbursement from the grantor?”
     “How do we communicate changes involving the grant to those personnel who need to know?”
     “Do we routinely check the “Excluded Parties Listing System” to ensure that we are not doing business with any vendors that have been suspended or debarred?”
     “What process do we have in place to make sure that all reports were filed accurately and timely?”

     After doing this assessment, you may find that your internal controls need to be strengthened. If you need assistance with this, please give us a call.

• The by-laws of the organization require an annual audit of the financial statements.
• Affiliated fund raising organizations, such as United Way, may require recipient organizations to have an audit as a condition of receiving allocations.
• Lending institutions may require audited financial statements before making a loan and in each year that the loan has an outstanding balance.
• Potential donors, especially foundations, may ask for a copy of the most recent audited financial statements. Although it may not be a prerequisite to receiving funding from them, it is a tool that the foundation can use in its decision-making.
• The federal or state agency from which you are seeking funding requires an audit.
• Management and/or the Board of Directors believe that it is a “best practice” to have an annual audit.

This last reason is the one that I like the most because there is no outside interest that is forcing an audit. I have a friend who recently became a controller at a local church that had never been audited. He requested that his Board of Trustees hire a CPA firm to conduct an audit because he wanted to start his tenure with a clean slate and to have full accountability. What better way to demonstrate to your Board that you are above board, capable, and fiscally responsible than to open your books and records to professionals trained in auditing that will provide an opinion on whether the financial statements are free of material misstatements.

If you’ve never had an annual audit (or it has been a long time since your last audit), some may ask when you should start. Following are a few ideas:

• A year or two before launching a capital campaign
• If there is an expectation that you may be involved in a merger or acquisition
• Before starting a new program that may require some creative funding
• Construction of new facilities that may require interim or permanent bank financing

If you are wondering if the organization you are involved in should have an audit of your financial statements, give us a call.

• Determine staffing during collection times. For receipts over a certain dollar amount, always have at least two employees present (counting/depositing) to help lower this heightened risk factor.
• If receipts are provided to the donor or client: consider using a triplicate form. One copy to the donor/client, one that is included in the deposit report sent to the accounting office , and one to be retained in numerical sequence for accountability over the forms used.
• Maintain a cash receipts log when using numbered receipt forms. The log should include receipt number, date received, name of payor, amount of payment, form of receipt (cash, check, money order, etc.), check number and date (if applicable), and purpose of payment (if known or applicable).
• Posting signs at collection areas informing payors that they should get a receipt showing their transaction.
• When transporting cash receipts from the remote location back to the central office or bank, utilize a courier service if possible or appropriate. Minimally, keep receipts in a locked security bag with a trustworthy employee not involved in the recording or reconciliation process transporting the bag. If there is a large amount of receipts being transported, have two employees be involved for additional safety.
• After depositing the funds: have an employee other than the person making the deposit reconcile the deposit ticket to the validated deposit slip.
• Reconcile the cash received to register tapes or the cash receipts log at the end of each day or employee shift. Match the daily receipts to those posted in the general ledger; the deposit slip and the bank statement.
• Bank reconciliations should be reviewed and approved by a supervisor independent of preparation. This same individual should verify the “book balance” agrees with the general ledger balance.
• Consider performing unannounced (surprise) audits of cash receipts at remote locations.
• Lead by example: show your employees that your policies and procedures are sound and important by always following them yourself and having that expectation of your employees, with clearly defined consequences for skirting them.

The overall goal of these “cash collection” controls is to minimize fraudulent activity and errors before they can occur. Although these particular suggestions may not be appropriate at every organization, you can evaluate and adapt them to be compatible with your own. You should be able to think of a few other ways to protect yourself even further with the in-depth knowledge you have of your particular organization and situation. In fact, please share your own suggestions with the other readers of Mission Accountable by posting a comment on this article. Remember, it is not through any one of these suggestions, but a combination of maintaining integrity of accounting records and a strong control environment, separating duties, and implementing accountability and oversight, physical protections, and strong policies and procedures that will truly help your organization to be as effective and efficient as possible.

Is your organization vulnerable for this scrutiny? Remember the key terms for establishing tax-exemption…organized and operated. Form 990 is the tool for reporting information annually to the IRS, substantiating the organization’s exempt purpose. Sources and uses…this will be interesting as the IRS moves forward in looking for additional revenue streams.

Is your organization vulnerable to this type of inquiry?  Call me. We can perform assessments to determine the organization’s risk.

For more information on this initiative, see this blog post by Land Trust Alliance.

One of the most important controls you can implement is separating the duties of collecting, recording, depositing, and reconciling cash receipts. This simple step can have a strong effect on preventing mishandling and safeguarding against losses. Unfortunately, many organizations do not have enough personnel to effectively separate these duties and, depending on the average value of these collections, it may not be cost-effective to hire someone new. This is why having other strong controls in place can really help safeguard your cash receipts.

The following are a few suggested controls that you can tailor to your particular organization to help mitigate the risk of loss:

• Establishing written collection policies and procedures to clearly outline duties and responsibilities to employees involved in the process.
• Restrictively endorsing all checks immediately upon receipt.  For example, you can imprint the checks with a stamp that says “For deposit only” as they are collected.
• Depositing cash receipts in the bank every day or as often as necessary for the circumstances of your particular organization and always depositing them fully intact to ensure that the total receipts is equal to the total bank deposits.
• Documenting and recording all cash receipts promptly.
• Utilizing strong physical controls, such as keeping the cash receipts in a safe or at minimum securely locked until deposited.

Remember, none of these suggestions are meant to be taken as-is: any one that you want to pursue needs to be tailored to your particular organization and situation and no one control will cover all of your risk areas.

However, as a general rule of thumb, if your organizational structure is prohibitive to implementing some of the more in-depth controls, focus more on the monitoring-type controls mentioned. When employees are aware that quality management oversight is taking place, they are far less likely to commit fraudulent acts.

Another post will follow shortly with even more suggestions for internal controls over cash receipts at remote locations. Don’t forget to check back soon!

Allowable and deductible can mean 2 different things?  First to the donee and then to the donor.

As long as the qualified charitable entity maintains control or “use of the funds” and uses these to further their exempt purpose, the contributions are allowable for the organization and deductible by the donor.

Donors may designate a program, ministry, event, project, endowment etc., of the qualified charitable entity as long as the church controls the funding. Be careful in not designating a specific individual as the recipient, this often disallows the deduction for the donor and the church is then required to report the funds as an “agency” transaction.

So the church can solicit contributions for general, administrative and fundraising functions? Yes, as long as the church retains control or “use of the funds” and the church is operating within its exempt purpose, as designated by its IRS code.

Questions? Give me a call or post a comment.

If that’s really true, then why are are nonprofit organizations involved in almost 10 percent of all fraud cases reported in the study?

We often let our desire to trust other people cloud our judgment. Especially people we hired personally and have spent years building relationships with Monday through Friday. Deep down, we all believe we’re exceptional judges of character.

And that’s when it happens. 

If the most important fraud control in place in your organization is the ability to judge character in the people you hire, you may already be a victim.

If you’re concerned that you may be the victim of a fraud, or want more information on preventing fraud, we can help.