Fraud is on the rise and it’s estimated by the Annual Fraud Indicator 2017 to cost the UK economy £190bn per year. Charities are far from immune. Recent cases have highlighted the vulnerability of the sector. Ahead of the Charity Accountants’ Conference, Jonathan Orchard, Partner at Sayer Vincent, has put together a five step plan to help your charity avoid the financial and reputational damage that fraud can wreak.
Accept that fraud exists
Organisations are estimated to be losing between 3 to 8 per cent of their income due to fraud – income that won’t get through to beneficiaries. Additionally, the impact of fraud on a charity’s work, beneficiaries and reputation can be hugely damaging, so the first step towards reducing fraud is to accept it exists.
Understand your own vulnerabilities
Charities need to think like fraudsters and really scrutinise their organisation’s weaknesses and vulnerabilities. There are common areas for fraud such as payroll and expenses, payment and procurement processes, fundraising and of course cyber risks –which must all be considered.
Given the scale of cyber risks, we advise that charities should consider what information they are putting in the public domain and how that information could be used in the wrong hands. For example, publishing important contact details such as finance personnel or the names of key suppliers or senior managers on their website. Having access to these contacts makes it easier for fraudsters to engage in phishing.
Build awareness and the right culture
Fraud risks should be openly discussed internally with trustees, staff and volunteers. There needs to be clear policies around fraud, bribery and corruption that everyone understands. To develop the right culture, employees need to understand what fraud and theft means to the charity, the responsibilities of staff in managing fraud, details of any whistle blowing plan or policy and crucially, how the charity will react to fraud.
Review and assess controls
Just because your charity has controls in place, don’t assume you are safe. Risks keep evolving and charities must too. New trends are always emerging and controls must be up dated and regularly assessed. Charities should also be regularly stress testing their controls to ensure they aren’t weak and ensure their board is making decisions based on risk assessment. If Chester Zoo had questioned the email and called up their contractor to double check if their bank details had been changed, perhaps they would have been alerted to the email scam before paying the invoice.
Report and take action
Does your charity have a fraud response plan in place or does it need one? How will it respond to fraud? If the fraud response policy is to take decisive action against fraud, then the organisation must follow through and report fraud to the police or Action Fraud. With charities having to work harder than ever to survive, it’s imperative they take fraud seriously and ensure they have robust checks in place to minimise the risks.
*This article was first published in Civil Society Voices on 23 October 2017.