Nonprofit organizations face unique vulnerabilities to fraud. While focused on their charitable missions, many nonprofits operate with limited resources, staff, and oversight, creating an environment where fraud can flourish undetected. According to the Association of Certified Fraud Examiners’ (ACFE) 2024 report, nonprofits incurred a median loss of $76,000 due to fraud and were more frequently fined by authorities for noncompliance related to fraud than other types of organizations. 

The Vulnerability of Trust

From employees who embezzle funds to criminals who exploit disasters for profit, charitable organizations are vulnerable to many types of fraud schemes. Perpetrators use various methods to deceive donors and charities, threatening the ability of these organizations to carry out their philanthropic missions. 

Nonprofits often operate on a foundation of trust, but this very trust can become a liability. The recent case of Feeding Our Future highlights how vulnerable charitable organizations can be. In this massive scheme that defrauded the U.S. government’s child nutrition program of $250 million, the organization’s founder and others diverted funds meant to feed children during the pandemic to purchase luxury items, real estate, and international travel. 

Common Fraud Risks in Nonprofits

Nonprofit organizations face both internal and external fraud treats:

Internal Threats

Charities face risk from different directions, with threats from both internal (i.e., insiders) and external parties. Common insider fraud schemes include: 

  1. Misappropriation of funds: According to BDO’s U.K. Charity Fraud Report 2024, 50% of charity fraud cases detected involved staff, volunteers, members or trustees, and 40% of fraud was due to misappropriation of cash or other assets. 
  2. False invoicing: Employees may submit false invoices and purchase orders, inflate expense claims, or skim cash from charity accounts. Some might divert mail or award contracts to suppliers who inflate charges in exchange for kickbacks. 
  3. Fundraising fraud: The proceeds from fundraising activities are particularly easy targets for internal perpetrators. An employee might divert funds from donors, misuse restricted donations, or create fictitious expenses to conduct vendor and supplier schemes. 

External Threats

External charity fraud is carried out by individuals or organizations outside the charity and may involve cyberattacks or soliciting funds through fake charities. In 2024, the amount of external fraud in U.K. charities increased from 23% in 2023 to 29%. 

Common external threats include: 

  1. Payment diversion fraud: The most common form of external fraud is authorized push payment fraud, also known as payment diversion fraud, where fraudsters impersonate suppliers, creating or altering seemingly legitimate invoices to redirect funds to their bank accounts. 
  2. Cyberfraud: Fraudsters employ deceptive practices to unlawfully obtain funds or sensitive information via computer attacks. They might impersonate a charity to solicit donations or manipulate financial records to misappropriate funds. 
  3. Disaster-related schemes: Schemes to defraud donors include disaster relief fraud, where fraudsters create fake organizations to divert donations intended for victims of disasters. Other schemes involve veteran and public servant fraud, and animal welfare fraud. 

Why Nonprofits are Easy Targets

Several factors make nonprofits particularly vulnerable to fraud: 

Opportunity is perhaps the most significant factor enabling schemes against charities. Charities might operate on limited budgets and staff, but they make up for those deficiencies with an abundance of trust in employees, volunteers, and the public. 

This trust leads to weaknesses in internal control systems, providing perpetrators an opening to commit fraud and evade detection. In fact, the Charity Fraud Report 2024 reveals that the most significant barrier to preventing fraud in U.K. charities is an overreliance on trust, which 57% of charities identified as a primary concern. 

Other vulnerabilities include: 

  • Limited oversight and insufficient separation of duties 
  • Cash-based fundraising activities that increase exposure to fraud 
  • A culture of trust that can lead to complacency 
  • Operational risks at every stage, from fundraising to fund distribution 

International operations that face challenges like local corruption 

The Value of Expert Evaluation

Bringing in external expertise to evaluate your nonprofit’s internal controls can significantly reduce fraud risk. Professional internal auditors bring several advantages: 

  1. Objectivity: External experts provide an unbiased perspective free from organizational politics or biases. 
  2. Specialized knowledge: Professional auditors like Certified Fraud Examiners (CFEs) and Certified Internal Auditors (CIAs) have specific training in fraud detection and prevention. 
  3. Best practices: Experts bring knowledge of current best practices and standards from across the nonprofit sector. 
  4. Comprehensive approach: Effectively combating insider fraud requires a comprehensive approach with robust anti-fraud controls, investment in technology and cybersecurity, anti-fraud education for staff, continuous fraud risk assessments, and current information about evolving fraud tactics and prevention techniques. 

Key Elements of Fraud Prevention

When working with an external expert to strengthen your nonprofit’s fraud defenses, focus on these critical areas: 

1. Strong Internal Controls 

The most crucial control for organizations is a strong culture that rejects fraud and encourages employees to report suspicious behavior. Charity organizers can teach that stolen funds harm valuable causes, and leadership must set an example by adhering to integrity. 

Building a strong ethical culture within charitable organizations involves several key strategies: leadership modeling ethical behavior, clear policies and a comprehensive code of conduct, ongoing training, open communication, regular audits, and aligning performance metrics with ethical behavior. 

2. Continuous Risk Assessment 

Charities must continuously revisit their fraud risk assessments, understanding that different types of fundraisers — from in-house experts to third-party volunteers — require ongoing oversight. Establishing procedures for identifying and responding to fraud and formulating guidelines for whistleblowers are essential elements for fraud risk management. 

3. Technology and Cybersecurity Investment 

Charities should prioritize investment in technology and cybersecurity to combat fraud. Effective measures include integrating phishing email identifiers, updating policies to align with evolving digital landscapes, implementing comprehensive cyber-response plans, and conducting regular cybersecurity risk assessments. 

4. Anti-fraud Training and Awareness 

According to the 2024 Report to the Nations, nonprofit organizations have the lowest implementation rate of fraud awareness training compared to other organizations in the survey. Many charity organizers, in their zeal for their missions, can develop blind spots for fraud, not considering the possibility that they could be defrauded and thus develop relaxed attitudes toward safeguards and training. 

The work of nonprofit organizations is too important to be derailed by fraud. By bringing in expert evaluation of internal controls, nonprofits can better protect their resources and ensure that funds reach their intended beneficiaries. As noted in Fraud Magazine: “Fraudsters will take advantage of tragedy, lax controls, scarce resources, and generosity. Contributing to worthy causes or working for organizations established to help others and fraud awareness aren’t mutually exclusive — people shouldn’t put on blinders to fraudsters and their malicious intents. Charitable organizations structured with adequate tools, protections, and well-trained staff and volunteers are better able to guard against fraudulent attacks from both outside and within so that those they intend to help can receive the funds they need.” 

About the Author: Jodell Ford Renn is an Associate Director at Dean Dorton, a regional accounting and business advisory firm providing services in audit, tax, technology consulting, and business services. With over 30 years of experience, including over 25 years in management and internal auditing, Jodell is a Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Fraud Examiner (CFE), and holds the CRMA designation.