As my previous blog posts have demonstrated, no internal control system can provide complete security against fraud. A staff member intent on de-frauding a charity can often still find an opportunity. But assuming the basics of internal controls are in place these opportunities will either by small scale or short-lived.
The situation can be different for more senior members of staff who have more control and can exert greater influence. In the wrong culture, they can abuse this influence for larger frauds.
This example revolves around a charity CEO who had successfully built up a charity. He believed that the success he had delivered for the organisation was worth more than his salary. Using access to charity letterhead and trustee signatures and identifications he was able to set up a bank account in the name of the charity with a bank not previously used by the charity. He then had private discussions with potential wealthy donors who paid grants and donations to the charity (unknown to other staff or trustees) into the new bank account. The CEO was able to fraudulently use these donations (the final amount was £650,000) – initially to pay off personal debts and then to fund a lavish lifestyle.
The fraud lasted for over 4 years and was finally uncovered by a staff whistle-blower. But this whistle-blower had had suspicions for a long time and never felt that the trustees or other senior staff would be receptive to a whistle-blower.
Once again, it is back to organisational culture. The CEO (with tacit support from the Board) fostered a closed culture – where individuals were able to do their own thing without full accountability. The organisational culture as much as the inherent risk of a powerful CEO provided the opportunity for the fraud to take place and to continue for so long undiscovered.