Unfortunately, I have run into more than my share of embezzlers in the nonprofit world. Usually when I find fraud, the Executive Director is truly shocked. And, one of the first things she says to me…
“But we are audited every year.”
Yeah. I get that. The word “AUDIT” carries a lot of weight. The fiscal year-end is a busy time. Audits are expensive and tedious. Your staff jump through all sorts of hoops to produce documents and proof of transactions. The auditor is not always satisfied with the sources provided, creating a need for more documents, phone calls, downloads, etc. etc. Surely after all of that, you are SAFE from fraud.
But these audits are usually limited. Auditors are hired to ensure that basic accounting procedures are in place: that you are recording transactions correctly, that balance sheets actually balance, that cash reported equals cash in the bank. And, this is very important! However, this is about as far as they go. Most auditors will warn you of fraud if they see it. But frankly, they aren’t taking a deep dive into all of your financials, and they may not be trained in forensic accounting.
Auditors rely on your staff to tell them if controls are in place. If you present your bookkeeper as trustworthy, and she describes cash controls effectively to your auditor, then the auditor believes, in good faith, that these controls exist and are being used. Most auditors don’t hang around for the Friday night fundraiser to watch how cash is actually handled on site. Instead, they believe what your bookkeeper tells them. If your bookkeeper says that cash is supervised and counted by two non-related individuals before being locked in her drop box and recounted by her in the morning with a witness and with all discrepancies accounted for, then the auditor is generally satisfied that everything is running as it should.
If a cash handler and your bookkeeper are skimming bills off cash receipts before they are even deposited, then they are taking the money BEFORE it enters your accounting system. The auditor does not know this, and therefore will not and cannot report to you about it.
Auditors generally don’t check the small stuff. You are probably used to your auditor checking the minute details of a $100,000 gift of stock. But does your auditor really have time to check on the thousands of smaller gifts and expenses that make up the biggest part of your transaction count? How can an auditor know that the $780 check to John McAdams for “security” was really on a night where no security was needed? Or that John is your bookkeeper’s cousin? Or, how can the auditor determine that the $1,300 refrigerator for the break room was really only a $400 mini fridge…and that the new Frigidaire is in the bookkeeper’s kitchen?
MOST nonprofits experience theft at some point, and the stolen amounts aren’t trivial. How does 5% of your gross revenue sound for starters*? On a million-dollar budget, you would be losing $50,000 per year. On a five-million-dollar budget, you would be losing $250,000 per year. Do you really have the kind of donors who can make that up? What if they thought YOUR lack of oversight was an issue in the theft? That sort of negative PR can hamper giving–and your career–for many years.
Don’t fall victim to the auditor’s myth. An audit does not inherently mean you are safe. You still have to actually check up on these things. If you don’t, then you are leaving the door wide open….
*statistics on fraud from The Association of Fraud Examiners