Three years ago, a trade association came to me with a general suspicion that their Executive Director was “doing something funny” with their finances. Indeed he was. Over six years, he had stolen $1.6 million. His methods were both modern – electronic transfers from the association’s account to his – and archaic – writing checks between $6,000-9,000 made out to “cash” and cashing them at the association’s local bank. He had grown so brazen, he even stopped filling out bogus expense reports to cover his crimes. Today, he is sitting in a state jail in Florida (why is it always Florida?) awaiting trial and facing 10 years. Fortunately, the association has been able to recover.
For-profits and nonprofits alike face the risk of an employee bleeding them dry through embezzlement. It is a fiduciary duty of a governing board to adopt and enforce policies to minimize this risk. After seeing numerous cases of embezzlement over the past 20 years, I can offer these recommendations:
- Grant spending authority only to essential employees. Treat it like your handing out keys to your bank account – because you are. Thieves with keys are a lot more dangerous.
- Adopt a policy that requires 2 signatures for checks over a certain amount and/or for specific purposes, such as capital expenditures. Every business is unique, but the goal should be to ensure that only the payment of ordinary expenses, like office supplies and birthday cakes, require just one. And never pre-sign checks and entrust them to one employee in order to avoid inconvenience. (Note, today most banks disclaim liability for 2 signature systems. It still is effective as an internal control, but a bank probably won’t enforce it and may require the business to indemnify and hold them harmless for losses sustained due to paying an item.)
- Adopt a similar two-person written approval requirement for other payment methods like wire transfers, account transfers, bill pay systems, and other electronic means. It has become so easy to transfer funds electronically, you must ensure that your approval methods keep up with the technology.
- Make sure that the employee who reconciles accounts does not also cut checks, conduct transfers, or handle cash.
- Adopt an expense reimbursement policy and enforce it. Such a policy is only as good as its procedure – i.e., create a good form and have a user-friendly system for circulating it and receiving approval.
- Adopt a gift policy that requires gifts to employees over a de minimus value be treated as gifts to the business organization and not used for personal benefit.
- Adopt a whistleblower policy that ensures that employees who bring potential policy violations to the board’s attention are not retaliated against.
- Have an outside CPA conduct an annual audit. Be aware, however, that this is not a foolproof method for detecting embezzlement.
- Always include a CPA or other financial expert on the board of directors who is capable and willing to review financial statements, balance sheets, auditor reports, and other data to detect irregularities. Larger organizations should have audit and finance committees dedicated to such matters.
- Require management to provide monthly financial statements. If management cannot provide such information quickly, it could be a sign that someone is doctoring information.
- Acquire and monitor the organization’s Dun & Bradstreet report to detect unpaid vendors or creditors. Unpaid bills is a common sign that an employee is siphoning off funds.
With just a little policy adoption, enforcement and vigilance, a board can greatly reduce the potentially disastrous effect of theft by an employee. Not only is it advisable, but it also fulfills a director’s fiduciary duty to oversee finances.
Todd McKee is an attorney with McKenzie Laird PLLC focusing on employment, business and nonprofit law. He can be reached at 615-916-3224 or email@example.com.