IT & Technology
A 5-step plan to reducing charity fraud
As fraud continues to cost charities billions every year, reducing fraud risk is paramount to increasing the funds available to beneficiaries.
The Annual Fraud Indicator 2016 estimated that the cost of fraud to the UK economy is £193 billion per year. In the charity sector alone, it is costing almost £2 billion a year – approximately 3-8% of charity income – which is money that won’t be getting through to beneficiaries.
Fraud affecting charities
There are many types of fraud that can impact charities. Some common cases of internal fraud include the misuse of charity money by staff or volunteers or the submission of false expenses. In terms of external fraud, you should look out for false invoicing, credit card scams and unauthorised fundraising, which are some of the key risks.
A growing new area of fraud is cybercrime and, in recent years, the sector has seen a significant increase in phishing incidences, which can be devastating.
Earlier this year, Chester Zoo was a victim of an email scam that saw them pay £1.26 million into the bank account of fraudsters. This occurred after staff had been emailed a change of bank details, supposedly from a contractor they were working with who was building a new experience at the zoo. Unfortunately, it was a scam which resulted in them paying a genuine invoice into a fraudulent bank account.
A five-step plan
Charities must think carefully about how they can protect themselves against fraud and cybercrime. Here is a five-step plan that can help charities mitigate the risks:
- Accept the premise that the potential for fraud exists in your organisation.
- Analyse your weaknesses and vulnerabilities and consider where they could be targeted internally and externally. There are key questions for a board to consider here: is there a fraud policy in place and response plan for dealing with fraud? Are there strong controls in place in payroll and expenses? Are the payment and procurement processes watertight? Have all the key suppliers been vetted and checked? Are there good controls and processes around fundraising? Is the IT security robust enough to prevent cybercrime? What could be improved?
- Build awareness of fraud and establish a culture where fraud is openly discussed. Everyone should understand the policies around fraud, bribery and corruption. Employees should know what fraud and theft means to your organisation, the responsibilities of staff in managing fraud, the fraud risks, how your charity would detect fraud, details of any whistle blowing plan or policy and crucially, how your charity will react to fraud.
- Review and asses controls regularly and do not assume you are covered. There are always new trends emerging and so controls must be updated. You should stress test your organisation’s controls to ensure they aren’t weak and ensure your board is making decisions based on risk assessment.
- Report fraud and take action. If the fraud response policy is to take decisive action against fraud, you must follow through and report fraud to the appropriate authorities, including the police, the Charity Commission and Action Fraud.
Although no organisation can eradicate fraud completely, these steps can help you to reduce fraud risk which, in turn, will increase the funds available for your charity’s work.
Share this article
Jonathon is a partner at Sayer Vincent and has previously worked as a freelance internal auditor in the international development sector and head of consultancy at Mango.Read more articles by this author