It’s Charity Fraud Awareness Week between 21st-25th October. This annual event aims to raise awareness on fraud in charities and demonstrate the ways to combat it...
Fraud is on the rise in charities and every organisation has a duty to protect their assets and defences so they are as resilient as possible against it. How a charity responds to fraud can affect its reputation, its ability to raise funds and its culture. It can be demoralising for staff if they hear rumours of fraud, where no action is or has been taken or no information about it is communicated. A good fraud response plan enables organisations to respond in an appropriate, measured and consistent way to any allegation of fraud, minimising the financial, reputational and legal risk.
However, this less about ensuring everyone has shared responsibility in reporting suspicions of fraud and more about concentrating on the organisational response mechanisms.
At Sayer Vincent we have seen many fraud response plans that are too theoretical or trying to do too many things. These often exist to communicate responsibilities for reporting and to deter insider fraud by their mere existence or to meet a donor’s expectations.
Despite the name, fraud response plans aren’t usually the “go to” place once a fraud is suspected. One of the issues preventing this is it is very difficult to assign reporting lines and responsibilities because so many frauds have, historically, involved those in more trusted, senior positions.
So how can charities overcome these challenges? Is there a plan and is it 'fit of purpose'?
Often, plans that have been created are written to satisfy donors, the Board, staff and the Charity Commission, and are filed away and never used. Or they are too generic and lack flexibility.
However, there is no ‘one size fits all’ solution. A plan must be flexible and tie in with other policies, such as whistle blowing or other disciplinary procedures. Organisations need to be able to differentiate between responding and investigating. If a fraud is reported, the organisation will first need to decide if it warrants investigation.
The process may not be straightforward – especially if the plan says that all suspected fraud must be reported to the Chief Executive. In this case, what if the CEO is suspected or if it’s a senior person the CEO is keen not to lose?
Broadening the decision-making process
Having just one person responsible for decision making is often where a plan fails. This risks things being swept under the carpet or the suspected fraud not being properly investigated.
Charities must broaden their decision-making process and have a matrix of decision-making so it is clear who can and can’t make decisions on fraud within an organisation. It’s a mistake to rely on one individual. HR, finance and IT, for instance, may need to get involved when a fraud comes to light, as evidence may need to be gathered from financial accounts or emails. HR should be involved from the start to ensure the correct steps are taken.
When a fraud is suspected, communication guidelines are needed to cover how and when the organisation communicates with the person suspected. Should this be immediate, at which point the suspected person could potentially remove evidence, or after evidence is gathered? The difficulty is that, in reality, it depends.
How internal and external communications are conducted about an investigation and its outcome should also be planned. Often staff hear rumours and don’t hear anything more. If a fraud is being investigated, charities must communicate the outcome to ensure people know the organisation is taking fraud seriously. This will send a clear message that people can’t get away with fraud. The communications team should also be alerted to ensure they have a media response prepared and that they aren’t caught off guard.
Seeking outside help
While organisations may feel they have an effective fraud response plan they may need guidance from an independent, external source. Legal advice is often necessary to ensure the right procedure is followed and the correct paperwork gathered in case it ends up in a court case. It’s important to know at what point this would be recommended.
Reviewing the plan regularly
Finally, it’s important that once a fraud happens to look at the process and see if the response plan worked. Was it useful and how could it be improved? No one likes having to deal with fraud but it’s something organisations must do.
A robust fraud response plan is a good starting point but it’s important that it isn’t just a paperwork exercise that no one ever refers to and it’s a well-thought out plan, that it is regularly reviewed and adapted to ensure its fit for purpose.