User Access Controls protect user access to automated financial systems. These controls restrict user access only to authorized users and only for the functions they need to perform their jobs. Effective user access control practices help to mitigate the risk to nonprofit organization of unauthorized or fraudulent activity occurring.
User Access Controls include assigning:
Login Rights-designate who is authorized to log onto a system and how they log on
Permission Rights-designate which functions each user may perform within the system, for example, input, edit, delete or view only.
Financial fraud not only depletes an organization's assets but also affects their reputation, once the fraud is publicly disclosed. Although nonprofit organizations do not anticipate being victims of fraudulent activity, they should be aware of areas where they might be at risk. Remote working, downsized workforce and changes in staff roles and responsibilities may contribute to incidents of fraud. With proper internal controls, policies and procedures in place, this risk can be mitigated or even eliminated.
In the new environment of remote or hybrid work, many nonprofits are implementing or expanding the distribution of their organizations' credit cards.
The risk of improper or fraudulent use of an organization’s credit cards can only be mitigated by the implementation, administration and oversight of an efficient and effective credit card program.
With cybersecurity concerns, the advent of remote working and the increased risk of fraudulent activity, an independent assessment of your nonprofit’s finance operations is essential. Perhaps your staff is too busy with day-to-day tasks and deadlines to review and evaluate your procedures. They may find it easier to continue doing things the way they have always been doing them.
Could This Embezzlement Have Been Prevented?
A former employee of a nonprofit substance abuse rehabilitation center embezzled over $600,000 from the organization by stealing checks made payable to the organization from the desks of other employees and depositing them in a bank account she set up in her own name on behalf of the nonprofit. The former employee pled guilty and was sentenced to three years and four months in state prison and was ordered to pay the nonprofit over $600,000 in restitution.
5 Missed Steps in the Nonprofit Procurement Process: See How We Assisted One of Our Clients
A nonprofit client downsized their procurement department. This resulted in changes to workflow, staff roles and responsibilities. I was retained to review and evaluate their procurement processes to ensure that there were proper internal controls, efficient workflow and best practices in place.
I began my assignment by meeting with the procurement team. I reviewed and documented the processes that each member followed. My investigation identified 5 critical missed steps in their procurement processes:
Is your nonprofit's finance department prepared to face the challenges of a post-Covid-19 world? Here are some of those challenges:
Do not wait until a problem arises…It may be too late!
Some questions your finance department should consider and actions they should undertake:
Did your operating processes change due to a downsized workforce?
Review and document your operating processes and ensure they include proper internal controls. This will mitigate the risk of fraud and provide for the ongoing operation of the finance department.