7 tips to protect your Charity against internal fraud

Within the Not for Profit (NFP) sector the annual cost of fraud is estimated at over £2.5 billion for 2019. This is expected to have risen significantly in 2020.

What is fraud?

Fraud is defined by the Fraud Act 2006 and is essentially wrongful and dishonest behaviour undertaken for personal gain. The Act targets not just the consequences of the fraudster’s actions but their behaviour. There is therefore a need to establish an element of dishonesty and evidence of an intention to make a gain (or cause a loss).

The Act identifies three types of fraud, being:

1. False representation
2. Failing to disclose information
3. Abusing a position of trust

Examples of fraud

Fraudulent activity may arise from within an organisation (internal) or from an outside attack (external). The following gives examples of some common frauds to which a charity may be vulnerable:

Activity	Internal	External
Procurement fraud	Abuse of credit card Fake invoice creation	Hijacking the bank account Supplier bank details fraudulently changed
Diversion of income	Creation of “shadow” accounts	False fundraising in name of the charity Cheques / cash / donated goods stolen
Payroll fraud	Creating fictitious employees

The cost of fraud in the UK is huge and is growing. A few simple steps can reduce your chances of your organisation becoming a victim.

Internal fraud

This article focuses on instances and prevention of internal fraud. Another will follow next week focussing on external fraud.

There are a number of warning signs to look out for that may indicate internal fraudulent behaviour, as well as environmental circumstances that may facilitate it. Below are some of the key signs for consideration, with thoughts on what can be done to address them.

1. Staff living beyond their means:

This should suggest that perhaps something is amiss, although addressing any concerns is not straightforward. Apparent wealth may have been acquired through another source such as the staff member’s partner or an inheritance. However it at least acts as a prompt to keep a closer eye on things.

2. Dubious invoices:

The person ultimately responsible for a charity’s finances should have sight of all invoices over an agreed value. They should take the time to ensure they make sense. The larger the organisation, the more scope for things to slip through the net. The Head of Finance may have less knowledge of what is going on across the charity. If an invoice seems ambiguous, the supplier is unfamiliar or the project does not ring a bell, it is worth taking the time to verify it.

Periodical sense checks on invoices falling under the agreed authorisation level are also recommended. This could involve a random check on the multiple small invoices that avoid scrutiny as well as those falling just under the agreed level. This includes those from suppliers not on the usual payment runs.

3. Finance staff reluctant to take holiday or working outside normal hours for no obvious reason:

If a member of staff takes holiday they need to hand over their duties to another for a week or two. There is a higher risk of any fraudulent activity then being discovered. Working outside of office hours allows a fraudster to go about their business without the risk of detection. Compulsory use of annual leave of at least one-week duration at some point each year is good for mental health. It is also a tool for foiling fraud.

4. Lack of segregation of duties:

Probably the biggest weakness of all, allowing a fraudster to abuse the trust placed in them to operate unchallenged. Ensure that processing of invoices is separated from the payment run, that more than one signatories are required for major payments, and simply that the whole process is seen to be monitored.

5. Requests for blank cheques to be signed:

This is often justified as being for practical purposes where the Head of Finance is not always available. However, this practice should absolutely not ever happen. Thankfully this is now less of an issue with the reduced use of cheques but could also apply to the ill-advised sharing of login details.

6. Unexplained variances against budget:

Perhaps a case of after the horse has bolted. The requirement for monthly management information to be provided to the Board should mean that any anomalies can be identified and investigated early. Any necessary action should also be taken promptly.

7. Unusually high volume of new suppliers:

Oversight of the finance function and adequate segregation of duties is essential to ensure that what is going on here is understood. It should not be possible to add a new supplier to the system without dual authorisation, and adequate verification of suppliers should be undertaken before added. This should be a fundamental process from a regularity point of view as well as fraud prevention.

Next week: external fraud

Next week we will take a look at common examples of external frauds to which a charity may be vulnerable, including:

• Cybercrime: we run through a few simple steps on how you can improve your security and reduce the threat of falling victim to a cyberattack
• CEO Fraud: how to protect yourself against fraudulent emails claiming to be the CEO of the trust giving orders to make an immediate transfer to a third party account.

Where can I go for more information?

October 18th – 22nd marks Charity Fraud Awareness Week and is headed up by The Charity Commission. This year Charities and NFP’s are being asked to make a difference by signing the pledge to actively prevent fraud wherever it may occur in their organisation.

For more information about fraud, cyber crime, how to spot and prevent it and tips on what you can do to protect you and your charity against it visit the Gov.UK website.

For further advice or tips, get in touch with a member of our Charity and Not for Profit team on 01903 234094.