It is a common misconception that the smaller the charity the less susceptible it will be to employee fraud. In reality smaller charitable entities are likely to have more simplistic controls, which can lead to temptation getting the better of a minority of employees.
The risk of fraud may be split into two categories:
1. the risk that charitable funds might be misappropriated
2. the risk that a fraud might lead to misstatement in the financial statements
The duties of trustees
The fundamental duty of every trustee is to protect the property of the charity they serve and ensure that the resources attributed to the charity are allocated in such a way as to achieve its charitable objectives. If the trustees are not seen to have considered internal controls nor implemented or tested them, it is possible that the trustees might be found to have been negligent and become liable for such fraud.
Most fraud is fairly unsophisticated and if a charity establishes the basic internal controls and regularly tests that they are being implemented, then a charge of negligence will be more difficult to sustain.
Below are some common examples of how the two types of fraud noted above may crystallise in an organisation and some examples of simple controls that might be implemented to reduce the risk of such eventualities.
1. the risk that charitable funds might be misappropriated
Payroll Fraud
For charitable entities which employ a large number of staff, it becomes much easier for those charged with producing the payroll run to establish false members of staff, where monies might be diverted to a fake bank account.
Control: In most cases this type of fraud will be mitigated by stringent recruitment controls, which will include the copying of personal identification documents (such as a valid passport), obtaining references, the signing of an employment contract and the review of the monthly payroll run by a senior member of staff.
Of course the question then arises ‘What if the senior member of staff chooses to amend the payroll run to their own benefit, without the knowledge of the payroll clerk?’ This risk may be reduced by the installation of a further process of review where salaries may not be paid until approval by the entities treasurer.
Banking fraud
The risk of fraud has in many ways been heightened by the onset of internet banking, which clearly has its benefits in respect of convenience, given that the appropriate trustee cheque signatories may not be available, but also has its drawbacks in terms of security. Banks require identification numbers and passwords for transactions to be approved and there is a risk that this information could fall into the wrong hands (a temporary employee or volunteer), leading to the diversion of funds.
Control: This risk may be mitigated by dispensing with the use of internet banking altogether and instead pass the cheque signing duties to two independent responsible individuals. It is also worth noting that regular bank reconciliations would be likely to highlight any irregular transactions at an earlier juncture.
2. the risk that a fraud might lead to misstatement in the financial statements
Recognition of income from donations and legacies
It can often prove to be difficult to know when a donation or a legacy should be recognised in the accounts. Should it be recognised upon receipt, or should it be recognised upon notification from the donee/executor?
Income recognition must follow UK accounting standards, in particular FRS 5 Application Note G and UITF 40. These stipulate that income may be recognised depending on the following factors being met:
- entitlement
- certainty
- measurement.
It is often due to the inherent uncertainty in respect of donations and legacies that fraud may be committed. For instance if an employed administrator is paid a bonus based on incoming resources or the surplus achieved in any financial period, there may be scope for fraud. It may be the case that for one period, the target has been met, the bonus secure and then a letter arrives in the post informing the charity that it is due to receive a further legacy. Charity administrators have been known to defer such information until the next financial year, in order to give a head start on the next years figures and thus help to achieve next years bonus. This could be a fraudulent act, in that the conditions of income recognition have been met, therefore a debtor and income should have been recognised in the accounts on the date the letter was received. The charities funds are in this case being misappropriated by the administrator.
Control: It is very difficult to set up a system to prevent such an action occurring. By their very nature, legacies are not usually that simplistic and the value may often change from that which was originally notified. The best way to prevent such fraud would be to remove temptation and in the example above, that would be to eliminate bonus related remuneration. However if this is not an acceptable course, the bonus criteria could be adapted to eliminate any income received in respect of donations or legacies. This action might be controlled further by ensuring that two responsible officers of the charity are always present when the post is opened.
Conclusion: Charities that are considering the above may find guidance from the Charities Commission, but a more concise guide might be found at Community Accountancy Self Help’s (CASH) website www.cash-online.org.uk. For more complex problems our advisers at Smith & Williamson will be delighted to provide detailed guidance on how a explicit system of controls might be enhanced and tailored to cover the risks facing your specific organisation.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.