Nonprofits cannot *prevent* fraud but they can reduce the risk
Sam Antar is a convict and former CPA. He was the CFO of Crazy Eddie, which by his description was an intentionally fraudulent business.
I recently had opportunity to interview him by phone. Will have more of our conversation in future posts.
What I’m going to do in these discussions is combine his comments and ideas with my thoughts. Cross-posted from my other blog, Nonprofit Update.
Advice for charities
I asked him what advice he would have for small charities to prevent fraud.
Wow, was that a mistake. I should not have used the word “prevent.”
You can’t prevent fraud. If someone is intending to steal or is completely determined to cook the books, they will find a way.
Any sort of complex structure has limitations. As we read the headlines, even organizations with strong ethical cultures and huge internal audit teams can wind up with a fraud that makes headlines.
Later in the discussion he mentioned the distribution of ethics we hear about often:
- 10% of people won’t steal under any circumstance whatsoever;
- 80% of people probably won’t but could with the right pressures and opportunities;
- 10% of people will find some way to steal.
Mr. Antar clearly told me he was in the last category. He and his cousin ran the business just to have ways to steal.
What that description means is that in any large population there is a good chance you have someone somewhere that will try to steal.
There will likely be many people who could if the circumstances and pressures came together in a bad way.
You can deter fraud
He said there some kinds of problems that just cannot be solved. Certain things can only be managed or minimized or contained.
Fraud is one of those. You cannot “prevent” it.
What you can do is put in place policies and procedures, screen new hires well, pay attention to your current staff, and be diligent. That will manage and minimize your risks. That will contain the damage and harm caused by one of the bottom 10%.
What charities can do is reduce the risk of fraud, minimize the damage any one person could do, and mitigate any fraud discovered.