Everyone liked Sally - not her real name.  Well, they didn't exactly like her.  They put up with her intimidating asides, her "non answer" answers, her controlling of everything in the church office.  She was, afterall, the bookkeeper, and the secretary, and the keeper of the calendar of events, and the scheduler of wedding receptions in the hall, and her list of responsibilities and duties went on and on. She explained that the Pastor was simply an employee that she had to manage!  And she would tell you at great length 'til you were nearly in tears yourself of all the sacrifices she and her family made for the church so the parishoners could be supported.

Marathon Technology Group supported the church and "Sally"  from an IT standpoint.  My first red flag was when she didn't want us to dig too deeply into her Quickbooks problems.  "Oh.  I'll figure it out," "Sally" would say. "It's too much for you to understand."  That was typically followed by her blaming her predecessor for his lack of skills and knowledge.  She was, afterall, trained to perform this function.  When I couldn't figure out what she'd done to create the problem I was called in to fix, she quickly told all who'd listen - or in the sound of her voice - that I wasn't that skilled in computers, Quickbooks, or office procedures in general.  I had disrupted a well-oiled machine.  I was "a problem". "Why are you asking so many questions?" she groused.

The Pastor and I and Don would laugh off "Sally's" remarks. Frightened people in over their heads often deflect criticism by belittling the one who's closest to discovering the Rabbit Hole!  I remember vividly the day we received the call to change the password on an employee's system.  We wanted to walk Sally through it over the phone.  "No.  Sally can't do it," said the Pastor.  "We need to change Sally's password."  Silence on the phone.  "Oh.  Wow!  Okay," Don said. "We need you to come in and talk with us about Sally's computer," the Pastor continued. 

The meeting that followed was tense.  The police had been called.  We secured the hard drive.  We uncovered hidden files and separate entries.  The church stopped counting at $80,000.  Sally, self-proclaimed protector of the church's treasures had taken her own share to compensate for all she'd given to the church.  It was, in her mind, only fair.  It would, in her mind, one day be paid back.

Embezzlement -- fraud committed by employees and volunteers -- is especially painful in churches and community nonprofits.

Not only is real damage done to the organization, but members feel that their cause has been betrayed by someone they trusted and perhaps even liked. Members worry that donors and grantmakers will be less likely to give money and support if news of the fraud leaks out.Embezzlement is often kept quiet in nonprofits because board members think that we are the only ones to experience it. Members are embarrassed for not seeing any signs, for being snowballed by a con artist, or being bullied by a power seeker.

What are some of the most common types of nonprofit embezzlement and how can you avoid having it happen in your non-profit organization?

Theft of property, such as computers, cameras, art.

Prevention steps: Lock it up. The Grateful Dead's musical instrument cage in their rehearsal space had a sign posted that read: "Locks keep honest people honest."

Theft of organizational checks.

 If "the money person" of a small organization leaves a few blank checks in the safe before going on vacation without alerting all parties in the organization that he's done this without stipulating why the checks are left, be concerned. As one non-profit board member explained, the CFO of their organization used the blank checks to pay for his OWN vacations, recording them in the accounting system as "other" legitimate expenses: $300,000 worth.

Prevention steps: Never have any blank, signed checks. Lock up checks. Have someone other than a check-signer physically open the bank statements and reconcile them, every month. Purchase fidelity bond insurance.

Thefts of checks from donors or members:

One community nonprofit, usually known by its acronym (let's say "ABC") had a staffperson taking donor checks made out to ABC, depositing them in a business account she had opened with the same acronym, and used organizational letterhead to send thank-you notes to the donors. The donors had canceled checks and thank-you notes: who's to know? Discovered at $60,000.

 
Prevention steps: Have two people physically open the mail together, recording incoming checks. In fundraising letters or membership renewal forms, ask donors and others to write out your organization's whole name on their checks.

Thefts of cash from special events:

The "Here, Betty Sue, you look like you're busy and pretty swamped right now. Just give me the cash.  I'll count it for you and take care of it."  Poof!  Receipt?  Verification?  Starting and ending cash drawer balance anyone?

Prevention steps: Insist that everyone use a shared cash box or boxes throughout the event rather than their own pockets or envelopes until the end. Create an atmosphere of integrity by counting the cash box. Keep an eye out, and don't hesitate to say, "Hey, I know it's faster to make change out of your own pocket  (like you just did) and turn it in later, but we're supposed to use the cash box--it's a pain but we'd better do it."

Improper checks or signature cards signed by a busy executive director or board member who doesn't look while signing them.

If you are that exec or board member, you can't be expected to scrutinize each check and know from memory whether the check is appropriate and for the right amount. But you CAN: Make sure there is an invoice attached to each check, and an authorization signed by a designated staff member. Initial the authorization to demonstrate that you've seen it, and so that un-initialed documents can't be substituted for the ones you saw.

Prevention steps:  Occasionally pick out a large check and phone the relevant staff person to make sure the expense was authorized; not only is this a good check but word that you did so will quickly spread.

Payments to fictitious employees, un-authorized raises, and non-submission of payroll taxes.

Because payroll involves substantial funds it is a tempting place for theft, and because it involves so much detail it is often overlooked.

Prevention steps: Even small organizations should use a payroll service and have a copy of the payroll register sent directly to the treasurer.

Another story shared by a non-profit board member, not an MTG client.

"I was a middle manager of an organization where we discovered, after the CFO left, that the CFO had embezzled $33,000. He had opened up a bank account in the agency's name at a local bank where he knew the employees. He told the ED and the board that he needed to re-do the signatures for an existing account; filled in the card where they should sign, and marked that only one signature (his) was needed to write checks. When the embezzlement came to light, the board refused to report this to the police or the insurance company. They were afraid they would be blamed."

Embezzlement myths

Five common (but unstated) myths about embezzlement in community nonprofits are:

1. "It hardly ever happens to nonprofits so we don't have to worry that much."
   (Actually, it is more common than you think because it is so often kept quiet.)
2. "Mrs. X is the most dedicated, honest, sweetest person I've ever met."
   (Funny thing is that the only people who steal are people we trust. That's because if we didn't trust an individual, we wouldn't give him or her the easy opportunity to steal.)
3. "Everyone who works here is really a good person."
   (In my direct experience with people who have embezzled from nonprofits, they had all convinced themselves that they were "just borrowing the money temporarily," making up in a small way for perceived under-paid work, or fulfilling the organization's mission: "the mission is to help families and this is helping my family." In other words, people who do bad things don't think of themselves as bad . . . and as a result, don't come across to others that way either.)
4. "We don't have enough staff to have financial controls."
   Try these: In an all-volunteer organization, don't have the treasurer be a check-signer, and have a copy of the bank statement given to the board president every month. In a one-staffperson organization, have the bank statement reconciled monthly by a board member. If you have an audit, insist that he or she recommend controls in writing.
5. "Audits catch embezzlement and fraud." (Actually, auditors explicitly state that an audit is neither designed to find fraud, nor an assurance that there was none. Auditors DO catch embezzlers, and having an audit may deter embezzlers, but they can't guarantee that they will do so. In particular, it's very hard to catch fraud that involves two employees acting in collusion, or a junior person going along (either knowingly or unwittingly) with a senior person's misdeeds.

One more story.  This didn't happen to one of our clients, but we learned of it through a non-profit educational group:

"I was one of the ones [board members] who wanted to keep [the embezzlement] quiet. I was afraid it would affect donors.  But then on one of the conference calls where we were discussing how to deal with it, someone said, 'If someone broke into your house and stole $250,000, wouldn't you report it to the police?' We ended up reporting it, and also issuing a statement about what happened and what we were doing to correct the situation. It was fine."

Embezzlement is a more common and bigger issue than we may think. In the for-profit sector, it's estimated that 7% of gross revenue is lost to employee fraud (Association of Certified Fraud Examiners report). (Imagine if we budgeted 7% of our budgets for fraud loss!) 

Embezzzlement not only hurts an organization, it hurts the people it serves and the community that supports it. We can't expect to prevent it 100%, but a few simple steps can reduce its likelihood substantially.

But perhaps the most important step is to set an atmosphere and climate of accountability and transparency.  In doing so your organization will project an image of unity, trust, and ethical treatment of it's members and constituencies.