Instances of fraud are rising across charities so it is vital to have robust controls in place to protect the organisation, explains Arlene Clapham, senior risk and assurance manager, Sayer Vincent
Arlene Clapham, Risk and assurance manager, Sayer Vincent
Fraud is a very real risk but something that tends not to be discussed enough in charities despite figures showing it is on the rise.
According to Action Fraud there was a 44% increase in the value of frauds between January and November 2022 compared with the same period last year.
A BDO and anti-fraud charity Fraud Advisory Panel survey found that almost six in 10 charities believe the risk of fraud will increase in 2023 with misappropriation of funds by staff now posing the biggest threat.
Charities identified the economic downturn and the cost of living crisis as potential catalysts, while 40% of respondents felt that hybrid working had increased their fraud risks.
Charity fraud is an important issue for charities to address, not only because of the financial loss but because of the potential reputational damage which could affect future income, as well as the charity’s ability to recruit and retain staff.
Several factors about the current working climate could have contributed to the rise in fraud. There has been a growing reliance on technology; more people are working remotely and cost cutting in organisations has meant workforces are more streamlined and there is less time to oversee people and processes.
There is also the cost of living crisis so staff and volunteers will be experiencing this in varying degrees. It is therefore vital that charities focus on identifying their weaknesses and risks, and put measures in place to help prevent fraud.
Here are five steps to managing fraud risks:
1. Accept fraud exists
Fraud is a real risk both externally and internally, so charities need to accept this. It could be the dominant CEO, the trusted finance manager or someone on the board of trustees. It could be a volunteer in a retail shop, or the office temp. Fraud is conducted by people so it could be anyone inside or outside the organisation.
Cybercrime through phishing emails and ransomware is an area of growing concern too. Last year the Charity Commission reported that one in eight charities had been affected by cybercrime in the past 12 months. Also, people using a charity’s name to fundraise is something organisations need to be aware of and monitor.
2. Understand vulnerable areas
When thinking about fraud risk charities should take a step back and think through where the opportunities are for fraudsters to commit fraud. They will be different for each charity but the common areas where fraud occurs are:
• payroll and expenses;
• payment and procurement processes;
• fundraising activities;
• grant making; and
• cyber risks.
It is the duty of management teams to identify weak spots and to regularly assess these.
3. Build awareness and the right culture
Build awareness of where fraud could happen and develop a culture where people are willing to challenge non-compliance. Openly discussing the risks and developing genuine accountability which is part of good governance is essential.
The senior management team and trustees should always lead by example and ensure they adhere to policies. Charities also need to encourage the management team to test policies and try to go outside of the guidelines to see if staff reject requests that do not follow due process.
Some charities do not have fraud, bribery, and corruption policies but it is important to create these and ensure they are aligned with other procedures and that they are transparent across the organisation. Also having a culture that regularly communicates fraud risks such as reminding staff not to click on phishing emails can help prevent fraud.
Finally, whistleblowing is a common route for becoming aware of fraud but charities need to consider where whistleblowing reports go and who is responsible for what happens if someone highlights a potential fraud. It is important that staff and volunteers see that action will be taken if they do report something, otherwise it can feel like a waste of time or that the organisation does not care.
4. Review and assess your controls
As working practices have changed with more people working at home, it is a good time to review what controls are in place and check they are still fit for purpose.
This may feel like just one more thing that charities do not have time to do as they are already stretched but it is really important to be proactive in this area. For charities that have not considered fraud as a high priority risk area now is the time to re-evaluate this.
Thinking about how the organisation would respond to an allegation of fraud and having a fraud response plan is vital too. This should include how the charity decides if they have the skills and capacity to investigate internally and whether those with the right skills are suitably independent.
5. Report and take action
If fraud does occur, it should be reported to the appropriate organisation, which may be the police, Action Fraud, or the Charity Commission. It is also essential to think about whether insurers, donors or auditors need to know, as well as brief spokespeople if it is expected to be picked up by the media.
To conclude
Most frauds are identified by having good internal controls so making sure these are robust and fit for purpose is the first arm of defence. Whistleblowing is the next way fraud is uncovered but charities must make sure they have a process for collating and dealing with these allegations.
Taking time to understand the organisation’s vulnerabilities, and having policies and response plans in place that are transparent and communicated across the organisation will help safeguard the charity as far as possible from fraud.
Comments