This presentation will highlight statistics for security and fraud of non-profit organizations. The webinar will also involve reviewing two non-profit case studies and the best practices that would have prevented a fraud or data breach event from occurring. We will look into how you protect your most valuable assets (employees, donors, the people you serve, etc.) and what it is that you have that fraudsters want. The webinar will give you information that you can use to start protecting your organization immediately.

1. Cybersecurity
Frameworks and You
The Perfect Match

2. Building Successful
Employee Relationships
A Cornerstone to Fraud Prevention
and Risk Management

3. Building Successful
Employee Relationships
A Cornerstone to Fraud Prevention
and Risk Management

4. Nonprofits and Fraud:
Protecting The People You
Serve
Janice Snyder, Partner
David Hammarberg, Principal
Jim Shellenberger, Principal

5. Introductions
Janice Snyder
• Partner
• CPA
• Audit Segment Lead
David Hammarberg
• Principal
• CPA, CFE, CISSP, GSEC,
MCSE, CISA
• Fraud Segment Lead
Jim Shellenberger
• Principal
• CPA

6. News Headlines
• Pa. busts 45 for welfare fraud - January 12, 2017
• Man stole more than $6K from Boy Scouts – March 3, 2017
• Former PTO president stole $8.4K from teacher school supply fund -
April 5, 2016

7. Agenda
• Fraud Statistics
• Fraud Triangle
• Case Studies
• Implement the following Best Practices Today
• Questions?

8. Fraud Statistics
• The CFE’s who participated in the ACFE survey estimated that the
typical organization loses 5% of revenues in a given year as a result
of fraud.
• The median loss for all Nonprofit cases in the ACFE study was
$100,000.
• Frauds are more likely to be detected by a tip (50%) than by audits,
controls, or other means… but controls are still important.
Association of Certified Fraud Examiners 2016 Report to the Nation

9. Fraud Statistics
• The longer a fraud lasted, the greater the financial damage it
caused. While the median duration of the frauds in our study was 18
months, the losses rose as the duration increased. At the extreme
end, schemes that lasted more than five years caused a median loss
of $850,000.
• In 94.5% of the cases in our study, the perpetrator took some efforts
to conceal the fraud. The most common concealment methods were
creating and altering physical documents.
Association of Certified Fraud Examiners 2016 Report to the Nation

10. Fraud Statistics
• The median loss suffered by small organizations (those with fewer than 100
employees) was the same as that incurred by the largest organizations
(those with more than 10,000 employees). However, this type of loss is
likely to have a much greater impact on smaller organizations.
• Organizations of different sizes tend to have different fraud risks.
Corruption was more prevalent in larger organizations, while check
tampering, skimming, payroll, and cash larceny schemes were twice as
common in small organizations as in larger organizations.
• External audits of the financial statements were the most commonly
implemented anti-fraud control; nearly 82% of the organizations in our
study underwent independent audits. Similarly, 81.1% of organizations had
a code of conduct in place at the time the fraud occurred.
Association of Certified Fraud Examiners 2016 Report to the Nation

11. Fraud Triangle
Opportunity
• A perceived or actual opportunity to
commit fraud
• A belief that no one will notice
Pressure
• Personal debt
• Costly addictions such as gambling
• Unforeseen expenses
Rationalization
• I’ll pay it back
• Other people are doing it
• They don’t pay me enough
Motivation
For
Fraud

12. Nonprofit Case Study #1
Student run Bookstore for a small private religious school
• Total of $13,600 was misappropriated over one school year.
• One school employee, Jane Doe, had oversight over the school store
and was the ultimate decision maker.
• Reconciliations were done by Jane Doe.
• Jane Doe had a son with a medical condition that put her behind on
her bills.

13. Nonprofit Case Study #1
• Jane Doe recently went through a divorce that added a financial strain
to her already tough situation.
• There was no oversight of Jane Doe. No review of her reconciliations.

14. Nonprofit Case Study #1
Were there Warning Signs of a high likelihood of fraud occurring?
• Lack of segregation of duties.
• No oversight or review.
• Noticeable financial strain on employee.
• Cash based business - Majority of the payments at the bookstore
were in cash.
• Jane Doe was a trusted employees with 7 years of service.

15. Nonprofit Case Study #1
What we can learn from this case?
• Fraud is preventable with the right controls in place.
• Enough external pressures can cause a loyal trustworthy employee to
“borrow” funds from their organization.

16. Nonprofit Case Study #2
Non-Profit Adult Day Camp for the mentally challenged.
• Total of $53,000 was stolen from a basic check tampering scheme by
the accounts payable clerk.
• No forethought or planning surrounding accounting controls or
controls around collected data.
Is the largest risk to the organization the leak of participant data or
the possibility of misappropriations caused by a fraud event? HIPAA
violations?

17. Nonprofit Case Study #3
Cancer Fund of America, Cancer Support Services, the Children’s
Cancer Fund of America, and the Breast Cancer Society
• Allegedly committed fraud on a portion of $187 million in donations.
• They were charities run by the same family/business associates, and
most of the hundreds of millions of dollars donated to the
organizations allegedly went into the family’s pockets for personal
expenses, including trips, clothing, meals, jewelry, etc.

18. Nonprofit Case Study #3
• They also allegedly inflated or fabricated the value of donated goods
received and then sent to those in need to make it appear that they
spent hundreds of millions of dollars on those suffering from cancer
all over the world.

19. Nonprofit Case Study #3
Were their warning signs?
• Before this charity was even indicted, if you, the donor, had
conducted research on the organization or the CEO, James Reynolds
Sr., you would have noted the following: The organization was on the
Worst 50 Charities in America list, had very poor rankings on Charity
Navigator, Charity Watch and other charity ranking sites, there were
articles going back to 2013 about the family and their charity
“empire”, lawsuits against Mr. Reynolds going back to the 1980s/90s,
etc.

20. Nonprofit Case Study #3
Review the Form 990, the Information Return that is filed with the
IRS, is public information that can be reviewed for free on
www.guidestar.org by anyone.
• Overreliance on for-profit fundraisers – Cancer Fund of America
disclosed that they received income due to telemarketer activity of
approximately $5 million, but the charity only kept $870,000 of those
proceeds!

21. Nonprofit Case Study #3
From a Donor’s perspective what can be learned?
• Make sure you perform your due diligence with an organization
before donating. As discussed above, their 990 is a great place to
start. Think about calling up someone at the organization to ask
questions about how the organization is run, program
accomplishments, etc.

22. Nonprofit Case Study #3
From an internal perspective what can be learned?
• The nonprofit organization needs to make sure that there is a strong,
independent and competent board in place.
• The culture of the organization trickles down from the top, so if the
Board had discussions about fraud, set-up a fraud hotline for
employees to call, had fraud policies in place, this possibly could have
been averted.

23. Nonprofit Case Study #3
• With respect to the employees, there always needs to be appropriate
segregation of duties. No one person, such as the CEO or CFO in this
case, should have too much control over the day to day operations.
There should always be a system of checks and balances in place,
even with small nonprofits.
• Segregation of Duties would most likely have prevented this fraud
from occurring.

24. Best Practices
• Segregation of Duties
• Fraud Awareness
• Trust, but Verify
• Fraud Hotline
• Strong Independent Board
• Know Your Risks! Only way to know what to mitigate

25. Fraud Resources
• www.acfe.com - Association of Certified Fraud Examiners

26. Questions?
Janice Snyder
• Partner
• CPA
• JSnyder@macpas.com
David Hammarberg
• Principal
• CPA, CFE, CISSP, GSEC, MCSE,
CISA
• DHammarberg@macpas.com
Jim Shellenberger
• Principal
• CPA
• JShellenberger@macpas.com

27. Building Successful
Employee Relationships
A Cornerstone to Fraud Prevention
and Risk Management

28. Questions?
• Documents:
• https://www.nist.gov/cyberframework
• NIST Cybersecurity Framework website
• http://energy.gov/sites/prod/files/2014/03/f13/C2M2-v1-1_cor.pdf
• Maturity model
• https://www.sans.org/media/critical-security-controls/critical-controls-
poster-2016.pdf
• SANS Top 20 Critical Security Controls

29. Questions?
Janice Snyder
• Partner
• CPA
• JSnyder@macpas.com
David Hammarberg
• Principal
• CPA, CFE, CISSP, GSEC, MCSE,
CISA
• DHammarberg@macpas.com
Jim Shellenberger
• Principal
• CPA
• JShellenberger@macpas.com