Introduction
Fraud poses a significant threat to any not-for-profit (NFP) organisation, capable of causing devastating financial losses and reputational damage. Such incidents not only divert critical resources away from community initiatives but also erode the public trust and confidence essential for the NFP sector’s survival and success.
For leaders in the Australian NFP sector, preventing fraud requires a proactive approach focused on organisational integrity. This guide provides a comprehensive framework for strengthening your NFP’s internal controls and fostering an ethical culture, offering practical strategies to protect your assets, reputation, and mission from the inside out.
Understanding Common Fraud Risks for Australian NFPs
Why a Culture of Trust Can Increase Vulnerability
NFP organisations are often built on a foundation of trust, volunteerism, and a shared commitment to a common mission. While this culture is essential for achieving charitable goals, it can also create vulnerabilities that individuals with fraudulent intent may exploit.
Management and board members, driven by their dedication to the organisation’s purpose, may become overly trusting, leading to relaxed financial safeguards and less suspicion of misconduct. This high-trust environment can provide a cover of respectability for those committing fraud, allowing unscrupulous individuals to operate with less oversight.
The inherent belief that fraud is unlikely to happen within a mission-driven NFP organisation can result in inadequate scrutiny of financial processes, making the sector susceptible to exploitation by those who take advantage of misplaced trust.
Common Internal Fraud Schemes in the NFP Sector
Internal fraud, a criminal offence committed by individuals connected to an NFP organisation, poses a significant threat. These schemes are often carried out by senior or trusted members, such as chief executive officers (CEOs), financial officers, or long-serving employees, who have the access and authority to bypass controls.
Some of the most common types of internal fraud schemes seen in the Australian NFP sector include:
| Scheme Type | Description |
|---|---|
| Misuse of Banking Facilities | Using charity credit cards, debit cards, or internet banking accounts to pay for personal expenses unrelated to the organisation’s purpose. |
| Inappropriate Expense Claims | Submitting claims for non-existent, inflated, or excessive expenses to receive improper reimbursements. |
| False Invoices | Creating fake or inflated invoices and purchase orders to secure payments for goods and services that were never actually supplied to the NFP. |
| Payroll Fraud | Establishing non-existent employees or beneficiaries within the payroll system to direct unauthorised payments to personal accounts. |
Applying the Fraud Diamond to Your NFP
To better understand why fraud occurs, many organisations use the Fraud Diamond model, which identifies four key elements that are often present when fraudulent activity takes place. When these factors converge within an NFP organisation, they can create an environment ripe for misconduct.
The four elements of the Fraud Diamond are:
| Element | Definition | Examples in an NFP Context |
|---|---|---|
| Pressure | The motivation or incentive that leads an individual to commit fraud. | • Personal financial hardship • Gambling debts • A desire to maintain a certain lifestyle • A sense of revenge against the organisation |
| Opportunity | Weaknesses in an organisation’s systems and internal controls that create openings for fraud. | • Lack of segregation of duties • Inadequate supervision • Poor security • A weak ethical culture |
| Rationalisation | The internal justification an individual uses to make their fraudulent actions seem acceptable. | • “It’s only a loan, and I’ll pay it back” • “I’m just taking what I deserve and should have been paid” |
| Capability | The individual’s personal traits and abilities that enable them to recognise and execute a fraud opportunity. | • Having the necessary position or authority • The expertise to exploit weak controls • A strong ego • The ability to lie convincingly and handle stress |
Request a Free Consultation with one of our experienced Lawyers today.
Get Your Free Initial Consultation
Building an Ethical Culture & Governance Framework
The Board’s & Management’s Role in Setting the Tone
The board and senior management of an NFP organisation are fundamentally responsible for instilling an ethical culture that operates with integrity. Their commitment sets the standard for required behaviour across the entire organisation, as they must lead by example.
A strong ethical culture, clearly modelled by leadership, is a significant factor in decreasing the likelihood of fraud. To effectively set the tone, an NFP’s leadership should:
- Establish clear expectations regarding behaviours, roles, and responsibilities for all staff and volunteers.
- Ensure appropriate policies and internal controls are implemented, regularly monitored, and supported with necessary resources.
- Understand fraud-related risks and independently assess the effectiveness of programs and controls designed to prevent them.
- Ask penetrating questions of management to ensure oversight mechanisms are functioning correctly and to foster accountability.
- Promote a ‘no blame’ culture that encourages concerns to be raised, ensures queries are listened to, and protects those who report issues.
Developing & Implementing a Code of Conduct
A formal code of conduct is a best practice for any NFP organisation, serving as a key document for describing the standards of behaviour expected from all personnel. It provides an “ethical roadmap” for employees by documenting minimum standards and offering guidance on how the organisation expects them to respond in various situations.
Implementing a prominently displayed code of conduct helps to:
- Set clear standards for ethical behaviour that are consistent with the organisation’s values and public sector ethics principles.
- Clarify the organisation’s zero-tolerance stance on fraudulent and corrupt activities.
- Provide a benchmark by which all behaviour is judged, making it clear that breaches may be grounds for disciplinary action.
- Support other human resources procedures and fraud prevention policies, creating a cohesive framework for integrity.
Ensuring Transparency & Accountability in Operations
Transparent operations and clear governance structures are essential for reducing opportunities for fraud within the NFP sector. When financial affairs are managed responsibly and openly, it becomes more difficult for misconduct to go unnoticed.
The board must ensure that its governance framework actively promotes both transparency and accountability. Key strategies to enhance these principles include:
- Transparent financial reporting, which demonstrates to stakeholders that funds are being managed responsibly and used for the charity’s intended purpose.
- Clear policies on managing conflicts of interest the right way, which help to manage situations where personal interests could potentially influence professional decisions.
- Accountability for the end-to-end funding cycle, which is crucial for preventing the diversion of funds, especially when operating in high-risk environments or through local partners.
- Regular board training on fraud prevention to ensure leadership remains informed and vigilant against emerging threats.
100% Obligation-Free
Speak to one of our Experienced Lawyers Today
Strengthening Your NFP’s Internal Controls
Implementing Segregation of Duties
A fundamental principle of internal control for any NFP organisation is the segregation of duties. This practice ensures that no single individual has complete authority over all aspects of a financial transaction, from initiation to completion and review. By dividing responsibilities, your organisation significantly reduces the opportunity for asset misappropriation and other fraudulent activities.
Applying this principle means separating key functions. For example, the person responsible for authorising payments should not be the same individual who processes the transaction or reconciles the bank accounts. This separation creates a system of checks and balances, making it more difficult for fraudulent actions to go undetected.
While smaller NFPs may face challenges in fully separating duties, increased supervision by management or the board can serve as a crucial compensating control.
Establishing Robust Financial & Human Resources Procedures
Sound written policies and procedures provide a framework for accountability and are essential for preventing fraud. Implementing detailed and robust financial and human resources (HR) procedures helps protect your NFP organisation from both internal and external threats.
Key financial controls that should be established include:
| Category | Control / Measure | Description |
|---|---|---|
| Financial | Dual Signatories | Requiring at least two authorised individuals to approve all bank account activity, including online banking and card issuance. |
| Financial | Regular Reconciliations | Consistently checking bank statements and reconciling supplier invoices with payments to verify accuracy and receipt of funds. |
| Financial | Payroll Reviews | Conducting regular and unannounced spot checks of payroll records to identify irregularities or non-existent employees. |
| Financial | Access Management | Limiting access to bank accounts and accounting systems and regularly changing passwords. |
| Human Resources | Thorough Screening | Conducting comprehensive screening for new employees in financial roles, including detailed reference checks and qualification verification. |
| Human Resources | Clear Documentation | Using clear job descriptions and including fraud prevention policies in a staff handbook to outline roles and responsibilities. |
| Human Resources | Supervision and Monitoring | Introducing appropriate supervisory checks and dividing duties among staff to allow for the detection of irregularities. |
Conducting Regular Fraud Risk Assessments & Audits
To effectively protect your NFP, you must proactively identify and understand your organisation’s unique vulnerabilities. This is achieved through a continuous process of risk assessment and auditing, which should be embedded into your governance framework rather than being treated as a one-off event.
A fraud risk assessment, often documented in an ACNC risk register, is a systematic process to identify the areas most susceptible to fraudulent activity. This involves:
- Establishing the internal and external context of your organisation’s operations.
- Identifying potential fraud risks across all functions, from financial management to program delivery.
- Analysing the likelihood and potential impact of each identified risk.
- Evaluating the effectiveness of existing internal controls in mitigating these risks.
Regular audits, both internal and external, are crucial for testing the strength of your controls and detecting any fraudulent activity. Internal monitoring allows for continuous review of procedures and transactions, while independent external audits provide an objective assessment of your financial statements and compliance with policies.
These reviews should be conducted periodically, at least every two years, or whenever there is a significant change in your organisation’s operations or environment.
100% Obligation-Free
Speak to one of our Experienced Lawyers Today
Fostering a Vigilant & Supported Workforce
Providing Fraud Awareness Training for Staff & Volunteers
A well-informed and vigilant workforce serves as the first line of defence in preventing fraud within an NFP organisation. Ongoing training and education are essential to equip both staff and volunteers with the knowledge to identify and respond effectively to potential threats.
This training ensures they understand what fraudulent activity looks like within the specific context of their NFP, can recognise potential red flags, and are aware of the correct procedures for reporting any suspicious behaviour.
To be effective, fraud awareness training must be a continuous process rather than a one-off event. Cyber threats and fraud schemes are constantly evolving, so regular training keeps your team updated on the latest risks and reinforces best practices.
An effective training program should include:
| Program Component | Description |
|---|---|
| Regular and Relevant Content | Training should be conducted regularly and tailored to specific roles using real-world examples from the NFP sector. |
| Induction for New Personnel | All new employees, board members, and volunteers should receive training to establish a clear understanding of policies and obligations from the outset. |
| Specialised Training | Employees in high-risk roles (e.g., finance, procurement) require more in-depth and specialised training. |
| Interactive Learning | Engaging formats like workshops and case studies are used to solidify understanding and build practical skills. |
Implementing Effective Whistleblower Protection Policies
Employees and volunteers are often in the best position to detect internal fraud, but a fear of reprisal can prevent them from coming forward. Implementing a robust whistleblower protection policy is a critical detection control that creates a safe and confidential environment for individuals to report suspected misconduct without fear of negative consequences.
Such a policy empowers people to act on their concerns, reinforcing the organisation’s commitment to integrity and accountability. To be effective, a whistleblower policy should establish clear and trusted channels for reporting.
Key elements of a strong policy include:
| Policy Element | Description |
|---|---|
| Anonymous Reporting Channels | Providing options like a hotline or confidential email to allow individuals to report suspicions without revealing their identity. |
| Clear Investigation Procedures | Outlining a formal and transparent process for how reports are received, assessed, investigated, and resolved. |
| Guaranteed Protection | Explicitly stating that any individual reporting concerns in good faith will be protected from any form of reprisal or victimisation. |
| ‘No Blame’ Culture | Actively promoting a culture where raising concerns is encouraged and viewed as a vital contribution to protecting the NFP. |
Supporting Your Team with Employee Assistance Programs
The Fraud Diamond model highlights that “pressure,” often stemming from personal hardship, can be a powerful motivator for fraudulent behaviour. An individual facing financial difficulties, workplace stress, or mental health struggles may feel driven to exploit an opportunity to commit fraud.
Employee Assistance Programs (EAPs) are a proactive prevention control designed to mitigate this very risk. By offering confidential support, EAPs help alleviate the personal pressures that can lead to desperate actions, thereby reducing a key driver of fraud.
These programs demonstrate an organisation’s commitment to the well-being of its people, fostering a more supportive and ethical workplace culture. Support offered through an EAP typically includes:
| Support Type | Description |
|---|---|
| Financial Counselling | Providing assistance with personal debt, budgeting, and financial planning to help manage financial hardship constructively. |
| Mental Health Support | Offering access to confidential counselling services to help staff cope with stress, anxiety, addiction, or other personal challenges. |
| General Support Services | Creating a safe outlet for employees to discuss a wide range of personal or work-related issues that may be causing distress. |
Responding to Suspected Fraud
Developing a Clear Fraud Response Plan
When fraud is suspected within an NFP organisation, a swift and structured response is crucial to minimise damage. Having a pre-defined fraud response plan ensures that your NFP can act effectively and decisively, rather than reacting under pressure. This plan serves as a clear guide for all personnel involved.
An effective incident response plan should outline the specific procedures to follow. Key components of a comprehensive plan include:
| Plan Component | Description |
|---|---|
| Who Manages the Allegation | Clearly designating a person or unit responsible for overseeing the response to a fraud allegation. |
| Investigation Procedures | Defining how an investigation will be conducted and whether external investigators or police should be engaged. |
| Notification Protocols | Establishing who needs to be informed internally (board, management) and externally (insurers, authorities). |
| Media & Stakeholder Communication | A strategy for managing communications to protect the organisation’s reputation. |
| Handling the Perpetrator | Outlining the process for dealing with the individual involved, including potential disciplinary action under employment law or other legal proceedings. |
Your Legal Obligations for Reporting Fraud in Australia
The Responsible People of an NFP organisation, such as board or committee members, have legal ACNC and ASIC duties under Governance Standard 5. These duties require them to act in the charity’s best interests, which includes protecting its assets and ensuring financial affairs are managed responsibly.
Fulfilling these obligations means taking decisive action when fraud is suspected. If your NFP organisation falls victim to fraud, you should report it to the police as soon as possible.
In addition to notifying law enforcement, Responsible People have a duty to report significant breaches to the Australian Charities and Not-for-profits Commission (ACNC), a process that may require guidance from administrative lawyers, under the Australian Charities and Not-for-profits Commission Act 2012 (Cth). The ACNC expects instances of high-value fraud or those with public or media interest to be reported immediately, and doing so demonstrates that the board is managing the issue appropriately.
100% Obligation-Free
Speak to one of our Experienced Lawyers Today
Conclusion
Preventing fraud in the NFP sector requires a multi-faceted approach, combining a strong ethical culture and robust governance with practical internal controls. By fostering a vigilant and supported workforce and having a clear plan for responding to suspected incidents, an NFP organisation can effectively protect its assets, reputation, and mission.
To ensure your NFP organisation has the right legal frameworks in place, contact our not-for-profit lawyers at LawBridge. Our firm provides trusted expertise to help you strengthen your internal controls and safeguard your mission.
