Mark Athitakis is a contributing editor to Associations Now.
Small associations can have a difficult time making sure that their finances are safe. But as one chapter learned, the consequences of doing nothing can be severe. Here are some ways to ensure your accounts are protected, even if the finance department is just one person. (Titled "A Lock on Your Finances" in the print edition.)
It took less than a year for one of Phyllis Shurn-Hannah's chapters to get its bank account almost completely drained.
Shurn-Hannah, the Northeast field services director for the Society for Human Resource Management, is the liaison for SHRM chapters throughout the mid-Atlantic region. About two years ago, one of those chapters discovered that the check it cut to pay for one of its monthly meetings had bounced. Soon after, chapter leaders learned that the overdraft wasn't a bank mistake or accounting oversight: The volunteer treasurer had been cutting checks to herself under the previous treasurer's name. In all, she had embezzled approximately $25,000. "Which is a lot of money for them—90 percent of their revenue," Shurn-Hannah says.
Worse, because the account had been emptied over time—more than 30 days before the embezzlement came to light—the chapter wasn't insured by the bank for the lost funds. The treasurer had been showing up to monthly board meetings and saying that the chapter's finances were fine, but nobody was double-checking by looking at the actual accounts.
"The lesson learned was immediate: Oh my God, how could we have done that?" says the chapter's current president. "And we're HR people. We're supposed to be thinking about how to do that in a responsible fashion." (The president asked that the former treasurer not be identified. To respect that request, Associations Now is not disclosing the identity of the specific chapter and its leadership.)
Theft from nonprofits is nothing new: According to a 2007 article published in the Nonprofit and Voluntary Sector Quarterly, the nonprofit sector loses about $40 billion annually to fraud. But in a sluggish economy, the risk of embezzlement from nonprofits may be even more pronounced. The methods for minimizing that risk are often simple, but for associations with small staffs or run entirely by volunteers, a bit of creativity will be necessary as well.
Theft from nonprofits is on the rise, says William H. Devaney, a lawyer for Venable, LLP, who specializes in white-collar crime.
"That's what I've seen not just in terms of what we've been doing but also what you're seeing in the press," he says. "And it's really across the board. You can see it in both large and small nonprofits. I think nonprofits, regardless of size, are generally more susceptible because they don't often have the same level of financial controls that their for-profit counterparts have."
A handful of recent incidents show the consequences when those controls are lacking:
In those three cases and in many others, Devaney says, three factors are at play. One is motivation on the part of the embezzler—financial distress, for instance, or addictions that require feeding. Second is rationalization—the embezzler telling himself or herself that the funds will be repaid or that that organization won't really miss the money. Third, and most critically, is opportunity—a lack of oversight that allows a person assigned to handle funds to abuse the position.
So how do you limit the opportunity for embezzlement? Many of the tools are straightforward:
Devaney says that there's no "right" way to establish internal controls; different associations will have to design different systems that work best for them. "You don't need a 100-page compliance program with a dozen different certifications from employees and people in the financial-reporting arm," he says. "But you do need something, and the board needs to have ownership of that."
As the board establishes policies to address the opportunity problem, it can play a role in attacking the rationalization problem as well. Any orientation meetings or group discussions of financial controls should include staff and volunteer leaders like the CEO and board chair alongside rank-and-file staff. And leaders should recognize that conspicuous spending by leadership can send a signal to staff that they're within their rights to be profligate themselves, albeit illegally.
"It's simply about setting a good example," he says. "If employees see that a director is taking a car home every night or going out to lavish dinners on the organization's dime, that tends to create an atmosphere within an organization of, 'Well, I should be able to get my fair share, too.' You not only have to talk the talk but walk the walk."
It's a common mantra that it's harder for small associations than large ones to maintain and enforce internal controls. But Douglas M. Kleine, CAE, president of Professional Association Services, notes that size can be a disadvantage.
"In large associations, there are more people involved, but if supervisors are not diligent, lower-level employees can run schemes," he says. "For example, if the accounting system is not linked to membership and conference registration, checks can be diverted and membership records updated so the member continues to get stuff, and staff puts the check elsewhere."
Still, what do you do when you don't have a big enough staff to establish optimal internal controls? Judy Oiler, CAE, executive director of the American Physical Therapy Association of New Jersey, has been managing this issue since she took on that role in 1999. The chapter has not had a staff of more than four people since the mid-1990s, she says, and it currently employs her full time and another person at three-quarter time.
One thing she's learned after more than a decade on the job is that best practices for internal controls can be difficult to implement in the real world. She doesn't have the staff for double signatures, and volunteer leaders don't always share the knowledge of (or interest in) accounting and financial stewardship.
But she's taken steps to make sure she's not operating in a vacuum. Oiler established multiple logins to the chapter's bank account online so the treasurer can view its activity. "That's some oversight," she says. "You have somebody who can go in at any time and see what checks are going out or debits that go through that account."
When an expense represents a sizable enough proportion of her $400,000 budget, Oiler informs the board and requests a formal signoff. "If it's something really big that we're doing, I'll get backup," she says. "I'll ask the executive committee to have a meeting and put [the expenditure] in the minutes. That way I have it in writing that up to this amount of money, it's been approved, so I have something to help back me up."
One of those recent expenditures was passed in part to build more transparency and efficiency into the association's financial activity. A new database will allow members to register for events online, removing a series of manual data-entry steps that can potentially lead to mistakes.
"When somebody registers for our conference and they pay by credit card, I get the credit card number, I go to our virtual terminal, and I type in their number. Then I go into the database system and mark their confirmation. Then I go into QuickBooks and put the deposit," Oiler says. "Hopefully [with the new database] it'll be one step. … Each time you have a step, that can be an error in keying data in."
Even with those moves toward transparency, a year and a half ago the chapter conducted an audit of its finances. "I begged them, 'Please, please, please start doing that,'" she says. "It's an audit, so of course [the accountant] saw a lot of things that weren't best practice." Oiler hopes to have the chapter conduct an internal audit annually, and the board plans to budget for an external audit every five years.
There will probably never be a foolproof way to prevent a determined staff person or volunteer from stealing from an organization. Though Venable's Devaney recommends regular audits, associations should know their limitations when they have them performed. "So many people think that audits are designed to catch fraud, and they're not," he says. "They're designed to make sure that your financial statement is accurate."
Still, it's better than nothing—and nothing was pretty much what the SHRM chapter that lost $25,000 had in terms of financial controls. And what controls the chapter did have were neglected, says the chapter's president: "Online banking did exist, but we didn't pay a whole lot of attention to it. We just figured the treasurer would take care of all that stuff. It was basically a role that we completely took for granted at the time."
Things have changed since then. The current treasurer passed a background check. The president and president-elect are empowered to access the online bank account to review funds. Bank statements are sent directly to the president. "I think it's just a matter of having multiple sets of eyes looking on a monthly basis," he says.
Shurn-Hannah says that what happened to that chapter can happen to any organization, and the experience delivered an important lesson about being constantly on top of your financial activity—and the people you appoint to manage it.
"It was a case of trusting someone that they'd known for years, but things change," she says. "When I talk to other chapters and tell them about this example, I say, 'I know you think you know people. You know your volunteers, and this person may be a friend. But circumstances change. You have to put those checks and balances in place to protect everybody.'"
Mark Athitakis is senior editor of Associations Now. Email: [email protected]
Below is a credit-card-use agreement that Douglas Kleine, CAE, used while he was executive director of the Soil and Water Conservation Society.
I accept the corporate credit card assigned to me and agree to the following terms and conditions:
I agree that I will limit my use of this card to the payment of reasonable business expenses. When I am on travel, reasonable business expenses will be those that are in accordance with the travel-reimbursement policy.
When using the card for non-travel expenditures, I will use it only in accordance with purchasing guidelines and the authority inherent in my position to make expenditures on behalf of the association.
I will not use the card for cash advances or the purchase of traveler's checks.
I agree to obtain and keep in good order receipts for all expenditures and to furnish those receipts promptly, together with such additional documentation that may be required by IRS and good business practices, including but not limited to person, place, purpose, and account to which each expense should be charged.
I agree that the use of this card is just as conditional as the expenditure of personal funds in anticipation of reimbursement. I understand that receipts, monthly statements, and periodic reports will be reviewed and that expenditures may be denied upon review, or that I may be required to reimburse the association for an expenditure that is later determined to be improper or unauthorized. If I fail to make prompt reimbursement, I agree to having the amount deducted from my pay.
I understand that this card is not intended to be used for personal expenses. Should a dire and rare emergency force me to use this card for personal purposes, upon my first day back in the office I will inform the association in writing of the circumstances and make immediate reimbursement.
I will take reasonable care of this card and reasonable precautions for its security. Should the card be lost or stolen, I will promptly notify the association and the company that issued the card and cooperate with them fully.
I agree that the assignment of this card to me is for my convenience when traveling and that under normal circumstances I will not need a travel advance because I have this card.
I understand that this card is not my property, and I agree to surrender it anytime and for any reason that the association or the issuing card company so requests.