It is the headline that board members dread: “Former Treasurer Charged with Defrauding [name of the organization]”. Yet, in the past month, I’ve caught two of those headlines in my local newspaper. It’s by no means the first as I’ve seen several such headlines over the years and met board members who tell me horror stories in which their organization was a victim of such fraud.
Consequently, I’m not shocked when I see the headline; but I am surprised when I meet board members or CEOs who are under the impression that their organization is immune to such an outcome. On the basis of the first hand descriptions and news-articles, I can safely say that the offence can occur in any type of organization. I’m aware of cases in large sophisticated non-profits, small faith based groups, closely held intimate and new co-operatives , long-standing regulatory organizations, charitable foundations, and more. The offences occur in urban centres and in rural communities. As with most any “white collar crime”, the perpetrator does not wear an identifiable label. He or she (this is a gender equal opportunity) walks and talks much the same as the rest of us.
Of course, there isn’t a board that would want such a headline and some do try various measures to reduce the risk of occurrence. Years ago, prior to electronic banking, I witnessed a board combing through the cheque book and bank statements to identify where the money was going. I give them credit for trying, but I don’t think that they had thought of the various ways that such an examination could be circumvented.
However, there are resources available to help out as can be found by doing a search online for “internal financial controls”. Better yet, professional accountants should be able to steer you in the right direction for your type and size of organization.
Of course, if your board is using Policy Governance, it should start with the right policy. Consider an executive limitation, such as:
The CEO shall not receive, process or disburse the organization’s assets under internal controls insufficient to detect, deter and prevent fraud or insufficient to prevent and detect significant deficiencies or material weaknesses.
And then monitor….rigorously!
Whatever the CEO presents as her interpretation of the policy, look for rationale that justifies why the systems being used are sufficient for the purpose. Have the systems she has put into place been validated by an independent financial professional as appropriate for the organization?
Does evidence demonstrate that the systems are consistently being applied? Or does it just demonstrate that they are in place in the operations policies and procedures manual?
From time to time, ensure that the financial auditor conducts an arm’s length monitoring of the policy. The independence will add a higher level of assurance that the systems have consistently been applied.
Of course, the most conniving of crooks can circumvent the best systems. However, think of it as the difference between leaving your keys in an unlocked vehicle versus locking the vehicle, taking the keys, and turning on the security system. The more difficult it is to steal from the organization, the less likely it will happen.
Doesn’t the ownership deserve that level of care for the organization?