Fraud Risks and Prevention Techniques for Exempt Organizations

David Zweighaft, CPA/CFE, CPE
Published Date:
Jun 10, 2014

On Oct. 26, 2013, the Washington Post published a database of frauds against nonprofit organizations, dating back to 2008. This information came from the defrauded organizations themselves; on page 6 of Form 990, Return of Organization Exempt from Income Tax, there is checkbox for “diversions greater than $250,000 or 5% Gross Receipts or Total Assets,” and on Schedule O, there is additional space for a brief description of “any unauthorized conversion or use of the organization’s assets other than for the organization’s authorized purposes, including but not limited to embezzlement or theft.” According to the IRS, 285 diversions occurred in 2009 alone, totaling $170 million.

The article accompanying the database explained that the victim organizations are typically reluctant to prosecute and would rather seek settlement or restitution in order to avoid adverse publicity that might deter potential or existing donors. This reluctance, coupled with the frequently resource-constrained environment found in nonprofits, creates numerous opportunities for fraud and misappropriation.

Reliance on documents is often the basis for initiating, recording, or approving accounting transactions—and, in a perfect world, that would be reasonable and acceptable. Unfortunately, there is always the risk of fraud in clients’organizations. Tax advisors must assist in preventing, deterring, and detecting unauthorized transactions that would result in misappropriation of assets or misleading or incorrect financial statements. In the course of an accounting period, transactions and entries are generated by various classes of documents that ultimately become part of the company's books and records. The following represent some of the types of fraudulent documents often encountered by tax advisors.

Expense Reimbursements

Employees might attempt to “maximize their travel and expense reimbursement” by submitting additional or duplicate expenses, or by fabricating receipts and other supporting documents. In addition, an employee might forge a supervisor’s approval on an expense report and submit it for reimbursement, knowing that the report contains items that would otherwise be rejected (e.g., unauthorized travel or excessive meals and entertainment expense).

Appropriate controls to address this risk include having clear guidelines for travel and expense reimbursements that are frequently communicated to all employees, requiring original documents in support of all reimbursement items, using an authorized credit card for all company-related expenses, and periodically having an internal review and audit of employee travel and expense reimbursements.

Fictitious Vendors

A vendor entity controlled by an employee can allow that employee to overcharge the company, or provide substandard or nonexistent goods and services and direct payment to his bank account. Vendor applications can be forged and supporting due diligence documents can be fabricated to allow a vendor placement on the company’s approved-vendor master file. This scheme occurs in the procurement or accounts payable areas, where employees have the opportunity to approve purchase orders and payment requests.

Techniques to prevent these schemes include the following:

  • Cross-reference vendor master files to employee data in the human resources files, including addresses and bank accounts.
  • Enforce competitive bidding for goods and services.
  • Perform thorough background checks of proposed vendors, preferably by a third-party service or by asking other companies for references.
  • Enforce adequate segregation of duties for entering new vendors into the vendor master file.
  • Conduct periodic vendor reviews and include an audit clause in all vendor contracts.

Inflated Vendor Billings

An unscrupulous vendor might attempt to overcharge, double bill, or otherwise attempt to defraud a customer by either charging more than the agreed-upon amount or by delivering less than the contracted value of goods or services for a given invoice. Invoice amounts could be obliterated or changed using a photocopier and redaction fluid, or an invoice could be completely fabricated to extract an unwarranted payment from the customer. Inflated invoices could be the work of a vendor or an employee colluding with a vendor in a kickback scheme (the employee approves the payment of a vendor’s overstated invoice and receives a percentage of the excess payment for herself).

Some effective detection controls for these fraud schemes are periodically analyzing accounts payable; examining year-over-year trends for total spending by vendor, by expense line item; and reviewing credit memos. Other useful controls include duplicate-invoice testing and three-part matching of purchase orders, invoices, and shipping receipts. Likewise, conducting periodic vendor reviews and including an audit clause in all vendor contracts will prevent and deter potential frauds.

Ghost Employees

These schemes are considered one of the most common forms of payroll fraud. They can involve adding deceased individuals, family members, and even managers’ own children to the payroll. But there are many other forms of payroll fraud to beware of as well:

  • Unauthorized work or work not performed is paid (“inflated hours”).
  • Employee benefits (e.g., vacation pay, sick leave) are recorded but not earned, or earned but not recorded.
  • Employees have authority to manipulate payroll systems to give themselves pay increases.
  • Withholding tax is fraudulently reduced.

The documents typically used to perpetrate a ghost scheme include fraudulent HR files and redacted termination data.

The top 10 controls to prevent and deter a ghost employee scheme are as follows:

  • Stringently limit access to payroll records to prevent fraudulent addition of ghosts.
  • Require dual verification of new-employee information (e.g., human resources and department head; human resources and supervisor).
  • Segregate duties of entering payroll data into the financial records and ensure federal payroll tax information reported is accurate and timely. (Neither human resources, payroll, or accounting should control this alone).
  • Conduct rigorous background checks on all new employees and existing finance staff (including credit checks, as permission is granted).
  • Require mandatory job rotation in payroll department.
  • Ensure that adequate segregation of duties exists throughout the payroll process.
  • Implement physical and access controls over the process of printing paper payroll checks.
  • Implement dual verification that terminated or resigned employees were properly recorded and processed in the payroll system.
  • Implement and enforce tight access controls over secure payroll systems.
  • Require mandatory vacation for payroll and human resources staff.

Journal Entries

Recording top-side journal entries is a frequently abused practice in which management fraudulently manipulates finance reports to close gaps between actual operating results and results reported to third parties. Such entries are recorded at the entity level, thereby bypassing the scrutiny of intermediate management review. Other schemes relating to fraudulent journal entries include forged approvals evidencing supervisory or management review, fabricated support documents, collusion between individuals, and undue influence of a manager or supervisor over staff accountants.

Typical procedures to test for fraudulent journal entries include analyzing the timing of entries (e.g., on weekends, after normal business hours, etc.), the magnitude and complexity of entries, and the related supporting documentation; testing for trends or anomalies in recurring entries; and identifying inappropriate levels of management approvals.

Because fraud risk exists in every organization, this is a concern for management, both internal and external auditors, and accountants. In the nonprofit sector, this risk is compounded by the fact that staffing budgets are stretched and resources are often constrained. By focusing on the relevant controls, the risks of fraud due to forged or fabricated documents can be minimized.

David Zweighaft, CPA/CFE, CPEDavid Zweighaft, CPA/CFE, CPE, is managing director at DSZ Forensic Accounting and Consulting Services LLC in New York City. He provides financial, investigative, and consulting services to the lawyers and their clients across a wide variety of industries. He has served as an expert in state and federal court regarding financial damages and other issues. He can be contacted at or at 212-699-0901.

Views expressed in articles published in Tax Stringer are the authors' only and are not to be attributed to the publication, its editors, the NYSSCPA or FAE, or their directors, officers, or employees, unless expressly so stated. Articles contain information believed by the authors to be accurate, but the publisher, editors and authors are not engaged in redering legal, accounting or other professional services. If specific professional advice or assistance is required, the services of a competent professional should be sought.