Organizations in Action
Tuesday May 18, 2021
Any accounting business and tax advice contained in this podcast is not intended as a thorough in depth analysis of specific issues. Nor is it a substitute for format information. Nor is it sufficient to avoid tax related penalties. If you have specific questions that you need advice for, be sure to schedule a strategy session and not solely rely on information in this podcast. All right, back to the episode. If your organization is wanting the link to the fraud risk assessment questions, check out the show notes. We will have a link for them there.
Hey, it's Chyla Graham, you're listening to another episode of The Nonprofit Ace podcast here. I want to make sure that nonprofit leaders feel comfortable talking about money, part of those conversations need to be about fraud. Are you susceptible to it? How could it happen? How will we stop it? How will we catch it? What will you do after it's happened? And so this season, I wanted to make sure you get some of those practical tips. We are doing our fraud risk assessment, check out the show notes, you can get the download and ask yourself these questions during your next board meeting. This week's set of questions about the organization in action.
So there's always this what we say we do and then there's how we actually do it. And so these are the questions you want to ask yourself specifically around cash. So who can get their hands on cash? So think about who collects money? Not in theory, but an actual practical application, who collects money? Who's doing the deposit? Who's recording the cash? Who's signing the checks? What's the approval process when we want to spend money? Who has access to debit and credit cards?
Think through the practicality of the actuality of things, so that you can say, Okay, are we circumventing what we said in theory? Think about who has access to sensitive or valuable information? So think about your physical documents. So if you're still writing checks, where are the physical checks, maintain, who has access to your bank account information, who can log into the bank account, who has access to payroll information, who can log into the payroll system, who can update the payroll system, this is important because you want to make sure one useful thing is to have unique logins. So if you know, oh, only this person is using that login, you can better track if something goes wrong, more than likely it's this person unless their login was compromised.
You want to think about who has access to payroll information and who can update it. Because you want to be able to say, we're not just changing payroll, based on a conversation, there's been approval, this one to the board, there is a process to this. So if you don't already have a payroll change form, again, Google, it's a very easy place to get that. But you want to think of, Hey, what's going to be on this? One, you want to know, what was their old rate? What's their new rate? Who approved this? When is it effective? Why? Because if you send me an email, you say, hey, you kind of change how this pay, right? And I don't know why. If this information is wrong, I have no justification, I have no way to protect myself. And so when you're thinking about fraud and how it occurs, and how to stop it, you're not just thinking about the organization, you're also thinking about the reputation of your employees. And once you need to safeguard.
So another question about your organization and action is are you cross training staff. So when someone goes on vacation, who will do that work? A lot of fraud occurs when, or a lot of fraud is uncovered when people go on vacation, and someone else has to fill in, because there's a standard process. They know, okay, these are steps that are involved. When they go to complete those steps. They might see like, this doesn't look like that's how it was done. That seems weird.
They can ask questions because they're looking at this is what's supposed to happen. So that's why it's important that you documented, that's why it's important that you encourage people to go on vacation, because you want to know that your system works even if they are not there. Another thing you should be checking on is when and on what does the board chime in on? So if your policy is saying yes, the board approves purchases above 10,000, if we were to look at your cash records about cash that went out, I was sure the actual minutes those are mentioned.
So there’s a clarification that needs to be done, oh, the board chimes in on things not already approved above this threshold. So that it's clear what the board is actually going to say, Yep, that's our fault. We missed that. And what they might say, Oh, we should have caught that in a different way. It wasn't because the approval went out wrong. The other thing, I guess, an approval is like what deviations are possible. So if you know your process is that checks over $5,000 require two signatures. Does your system require that? So if the check got to the bank, would they still cash it? Yes, and that's a deviation from your system. And a possible solution is to look at a system like Bill.com where it says you can put in those parameters. So we need approvers. So because they're digital, they're not physically signing check. There's a different way.
So you say okay, we need two approvers if it's above this amount, and because those Bill.com is not personally invested, there's no sob story, you can tell Bill.com like, Can you just skip? Can we not do it this one time, both comments like, well, when that second person approves it, that's when I will send this checkout. And so think about that.
So as you get through this week, think about the things that your organization actually does, not what it says it does or what it wants to be doing, but what actually is happening at the organization so that you can document that. Compare it with what you're targeting to do, and you can work towards it, you can think of ways to improve.
Remember, during your fraud risk assessment is not just about protecting the organization. It's also about protecting the reputation of your employees and your workers. Alright, then. Have a good day. This has been another episode of The Nonprofit Ace Podcast.
Sign-up for Six Week Course: Impact Basics
Download your FREE Fraud Risk Assessment here: http://cnrgaccountingadvisory.com/fraud