Fraud Risks in Nonprofit Organizations: Eight Steps Nonprofits Can Take Today To Mitigate Fraud Risks

By Sly Atayee, BDO USA, and Cynthia Rowland, Farella Braun + Martel

Fraud is a pervasive and costly issue that can affect all types of organizations, including nonprofits. Nonprofit organizations are especially vulnerable due to limited resources, less staff resources, and, in many cases, reliance on volunteers with minimal oversight. Fraud can not only result in financial losses but also erode public trust, leading to long-term damage to the organization’s reputation.

While it is impossible to completely eliminate fraud risk, there are practical steps nonprofits can take to significantly mitigate these risks. In this article, we highlight eight strategies a nonprofit can start implementing today.

1. Conduct Self-Audits

One of the most effective ways to detect and prevent fraud is by conducting regular self-audits (sometimes called internal audits). This involves performing internal reviews that go beyond the scope of your standard annual external audit. According to the Association of Certified Fraud Examiners (ACFE), only about 4% of fraud cases are discovered through external audits, which are primarily designed to validate financial statements, not uncover fraud.

Self-audits don’t need to be costly or time-consuming, especially for smaller organizations that don’t have an internal audit department. Simple spot checks, such as reviewing supporting documents for a small number of high-risk transactions, can go a long way in identifying red flags. Importantly, these checks should be performed by someone independent from the person responsible for the original transactions—whether that is a board member or an outside party (e.g., a forensic accountant).

For instance, consider periodic spot-checking of travel expenses or payroll details. These areas are commonly abused in fraud cases, where someone might submit inflated travel costs or overpay themselves through payroll. Spotting such discrepancies early can prevent large-scale fraud down the line.

2. Ensure Segregation of Duties

One of the most important controls any nonprofit can implement is proper segregation of duties. This principle ensures that no single person is responsible for completing all aspects of a financial transaction—processing, approving, and reconciling. Without this segregation, it becomes much easier for an individual to commit fraud unnoticed.

For example, someone who handles payroll should not also be responsible for bank reconciliations or signing checks. Even in small organizations with lean staff, responsibilities should be divided in such a way that no one has full control over a financial process. This might involve creating a matrix to map out who is responsible for each step in the process, especially if your organization has multiple offices or remote workers.

If your organization has many satellite offices with independent finance functions in each office, do a quick mapping of the top five most critical finance responsibilities to be sure they are not too highly concentrated on one person.

3. Conduct Fraud Awareness Training

It is everyone in the organization’s job to help prevent fraud. In order to do so, they need to be equipped with the proper knowledge. Employees should be trained on and educated about what fraud looks like, what the behavioral red flags are, and how to report concerns. Per the ACFE, 84% of all fraudsters displayed at least one behavioral sign, such as refusing to share responsibilities, exhibiting sudden wealth, or isolating themselves from the organization. Training is an effective tool—roughly 43% of fraud cases come through tips (which is more than 3x as many cases as the next most common method) (ACFE, 2024: A Report to the Nations).

Training should be an ongoing effort, not a one-time event. A good rule of thumb is to include fraud prevention as part of onboarding for new employees and provide annual refreshers. These can be short sessions that remind staff of the organization’s policies, inform them of current fraud trends, and review fraud indicators and the steps to take if they suspect misconduct (e.g., whistleblower hotline).

4. Conduct Thorough Background Checks

When hiring staff, especially for roles with financial responsibilities, thorough background checks are crucial. Many nonprofits already have some form of background screening in place, but it is important to ensure these checks are thorough. In several cases, an individual who defrauded an organization had committed similar offenses at a previous job.

Organizations should not just verify employment history but also dig deeper by asking about the nature of a candidate's previous roles and responsibilities. While former employers may be hesitant to disclose negative information, it is still important to ask the right questions.

It is also worth reviewing what sanctions lists your organization is screening against and if they are adequate per your donor or funding requirements.

5. Encourage and Facilitate Whistleblowing

An effective whistleblowing system is essential for fraud detection. Employees need to know how and where to report their concerns anonymously. However, having a whistleblowing hotline or policy isn’t enough if your employees don’t know how to use it. Regular reminders about the whistleblowing process, as well as assurances of confidentiality, are key to making this tool effective.

Training staff on how to report fraud and ensuring they feel safe to do so can prevent minor issues from escalating into major fraud cases. Additionally, make sure that whistleblowing mechanisms are accessible, easy to use, and well-publicized across all levels of the organization.

6. Enforce Policies Consistently

Having a set of strong policies in place is only useful if those policies are consistently enforced. For example, if your organization has a travel or expense policy, employees should know that expense reports will be reviewed thoroughly, and violations won’t be overlooked. This ties back to the self-audits mentioned above—you can perform spot checks to ensure policies, especially newer ones, are being followed.

7. Recalibrate Signature Authority

Signature authority should align with the organization’s actual purchasing behavior. This means regularly reviewing and adjusting who has the authority to approve transactions and at what threshold. Some nonprofits may have arbitrary dollar amounts set for approval levels, but these thresholds should be based on real transaction data.

For example, if your organization rarely processes transactions over $100,000, setting a high threshold for approvals could result in unnecessary risk. By recalibrating signature authority limits, nonprofits can ensure that larger, riskier transactions receive the appropriate level of scrutiny.

8. Ensure Financial Expertise on Your Board

Having at least one board member with financial or accounting expertise is invaluable for any nonprofit. This individual can provide insight into best practices for internal controls, segregation of duties, and overall financial management. Their role is not just advisory—they should actively participate in financial oversight, ensuring that the nonprofit’s control framework is sound and effective.

Additionally, a board member with accounting knowledge can help the organization navigate complex financial processes, such as audits, budget reviews, and financial reporting. They can also act as a bridge between the nonprofit and external auditors or advisors, ensuring that the board is well-informed and able to fulfill its fiduciary responsibilities.

Sly Atayee is a director at the national accounting firm BDO USA and a certified fraud examiner. He can be reached at [email protected]. Cynthia Rowland is a partner at Farella Braun + Martel and chair of its Exempt Organization Group. She can be reached at [email protected]. Learn more about financial fraud at nonprofit organizations by listening to the EO Radio Show's nonprofit fraud prevention podcast series.

Fraud Risks in Nonprofit Organizations: Eight Steps Nonprofits Can Take Today To Mitigate Fraud Risks, Sly Atayee and Cynthia Rowland, Board and Administrator for Administrators Only, Volume 41/No. 10, Copyright © 2025, copyright owner as specified in the Newsmagazine, Wiley Periodicals Inc.