By Rosemary Lamaestra CPA, CFE

I am sure you have read newspaper articles or heard rumors about a community sports league or a church bingo where “someone has embezzled funds!” Maybe it’s one of the community not-for-profits to which you have given your hard-earned money to promote and further its mission. How could this happen?

Nonprofits can be particularly vulnerable when it comes to fraud and theft. In smaller not-for-profits, there just may not be enough hands to manage day-to-day functions. Those who are employees may not be paid very well. With volunteers, they may not have the time necessary to devote to running an organization. Similar to small for-profit companies, the No. 1 control that is often missing is segregation of duties. Many times, there is only a CEO or executive director along with a bookkeeper. The bookkeeper is charged with running the accounting functions as well as preparing reports for the board.

Not enough time in a day can lead to error or mischief. Therefore, the CEO as well as the board chair and/or treasurer should be involved with the accounting functions. One person alone should not be opening the mail, posting the receipts, making the bank deposits, reconciling the bank statement, paying the bills, and preparing reports. Here are a few suggestions for better internal control:

• Check-signing authority should be assigned to the CEO. A second signature could be required for payments in excess of an established threshold set by the board.
• Next to the checking account, the second most at-risk area is the credit cards. If a credit card is issued to an employee or volunteer, receipts must be required and matched to the monthly statement to hold the employee accountable.
• Bank statements should be delivered to the CEO unopened and, if possible, the CEO should reconcile the checking account to the statements.
• The board chair and/or treasurer should review the bank reconciliations on a monthly basis. They should be involved more frequently than just the scheduled board meetings.
• If cash is a means of receipts, be sure more than one person is involved in collecting and depositing the funds. Adding-machine tapes, copies of checks, and deposit slips should all be required and reviewed by the CEO.

CPAs often are asked to join boards of directors specifically because of their financial expertise. Reading financial statements, working with accounting systems, and corresponding with outside auditors is second nature, so their inclusion proves to be a perfect fit. Of course, not all board members are CPAs and schooled in financial matters. Yet, it is the fiduciary duty of board members to become knowledgeable in these areas to maintain the organization’s values and mission. For this reason, it is important that the board meet and discuss areas where the organization may be susceptible to theft. They must be realistic in identifying who and what the vulnerable areas are. Often times you will hear, “She is honest as the day is long; I do not have any problems with trusting this person,” with regard to one or more employees or volunteers. Unfortunately, that trust is one of the factors that can make it all-too-easy for fraud to flourish. If you find your nonprofit leaning too much on trust alone, your organization could be ripe for abuse.

Rosemary Lamaestra, CPA CFE, is a manager at RLB Accountants in Allentown, Pa. A PICPA member, she serves on its CPA Image Enhancement, Bylaws, and Forensic committees, is chair of the PICPA Lehigh Valley Chapter’s Member Services Committee, and is a Trustee of the Scholarship Fund. She is a past president of the Lehigh Valley Chapter.