U.S. nonprofit organizations, unlike publicly traded companies, don't have to comply with the Sarbanes-Oxley Act. But they could deter fraud if they emulated SOX's best practices. Here's help for nonprofits that want to construct anti-fraud programs.
Cindy was ready for a change. She had done well as a Certified Fraud Examiner and vice president of internal audit at a large U.S. publicly traded company. But when the Stufflemeyer Foundation, a small nonprofit organization, asked her to become its chief audit executive, she quickly accepted.
Stufflemeyer Foundation's savvy board of directors wanted Cindy because she was familiar with the stipulations of the 2002 U.S. Sarbanes-Oxley Act (SOX), which Congress passed in the wake of numerous well-known corporate scandals. The recession had halved contributions to Stufflemeyer and the foundation didn't want to lose any more money to possible hidden fraud schemes. Even though the foundation wasn't bound by SOX's directives, it knew that it would benefit from implementing the act's best practices.
During Cindy's first week she began to establish an internal audit function by planning the foundation's first audit committee – an independent oversight panel. She wrote a document retention policy and she began a whistle-blower program that would allow employees to anonymously report any irregularity.
Cindy knew this was only the beginning; she still wanted to construct a special investigation unit comprised of CFEs, fortify internal controls, develop contacts with external auditors and investigators, and train managers. The Stufflemeyer Foundation board of directors could now breathe a bit easier as Cindy pursued fraud examination best practices.
Deterring, detecting, and investigating fraud are especially important functions to nonprofit organizations because few regulations govern them. Though Cindy's story is fictitious, it illustrates the path that nonprofits should take because some statistics indicate that financial fraud is higher in nonprofits than it is in private business or government. (See sidebar below.)
Here, we offer general guidance for constructing a fraud-prevention system for nonprofit organizations, a discussion of SOX, and a list of best practices.