In identifying how to best protect your charity, you should consider:
- its ethical culture
- the communication flow within it, and
- its formal policies and procedures.
Importantly, these things must be considered together.
For example, detailed policies are ineffective if they are not promoted or championed by those who hold positions of responsibility, such as directors or CEOs.
With this in mind, we've listed six key things you can do to protect your charity:
1. Be clear about ethical values your charity prioritises, such as honesty and accountability. Talk about them and model them
It is important for board and committee members and managers to 'set the tone at the top’ on fraud and criminal behaviour. This includes ensuring that fraud, and the approach to responding to fraud, is understood within your charity.
Setting the tone at the top includes:
- establishing and communicating clear expectations about behaviours, roles and responsibilities
- developing a ‘no blame’ culture that enables the concerns to be voiced and queries listened to and followed up, and
- promoting fairness, and
- protecting those who report concerns.
2. Be open with those in your charity about the possibility of fraud, even if risk is low
Discuss what fraud is, what it might look like in your charity, and reaffirm you take the threat of fraud seriously.
3. Identify the types of fraud - both internal and external - your charity may be susceptible to
Fraud can be very difficult to identify, and opportunities for fraud exist at every stage of a charity’s activities.
Assessing your risks can help your charity prevent fraud by becoming more aware of the vulnerabilities it has.
Consider the risks relevant to your particular charity, such as those related to the types of activities it undertakes, the roles and responsibilities of staff/volunteers, and the banking procedures and fundraising methods it uses.
From there, document your risk assessment and schedule regular reviews of procedures. This is especially important if your charity's situation changes - for example, changes to activities, staff or funding levels and sources.
4. Understand your charity’s ‘red flags’ for fraud
It is important your charity understands any specific warning signs that may indicate fraud.
Your charity’s financial procedures
Most fraud can be detected by a charity’s internal controls or audit process. Regularly check your charity’s accounts and records and look for the following warning signs:
- Are reconciliations completed on a regular basis and checked for discrepancies?
- Have any documents, books or records gone missing?
- Are your financial documents photocopies rather than originals? This can indicate counterfeit documents
- Do alterations or deletions frequently appear on documents? This can indicate falsified records
- Are there any duplicated payments or cheques?
- Do transactions take place at unusual times with irregular frequency? Do they involve unusual amounts or unknown recipients?
- Are suppliers submitting electronic invoices in a format that can be altered?
- Are there unexplained variances from agreed budgets or forecasts?
- Have audits or reviews highlighted any inconsistencies or irregularities?
Behaviour of those in your charity – board or committee members, staff or volunteers
Most people who work and volunteer for charities are honest and law-abiding. But being a charity does not automatically make you immune from dishonesty.
When it does happen, fraud is often carried out by employees, including people in positions of trust.
A significant proportion of the fraud allegations the ACNC has received relate to the conduct and activities of senior and trusted members of the charity, including CEOs, directors and financial officers.
People commit fraud for a variety of reasons – to pay debts, out of greed or through opportunism. Be alert to the following behaviours:
- Does any person have sole control of a financial process from start to finish?
- Are vague responses being given to reasonable and legitimate queries? Are legitimate queries taking a long time to resolve?
- Does anyone with financial management responsibilities seem reluctant to accept help with their tasks, or unwilling to take holidays or leave?
- Has the format of financial information provided to your board changed or become more complicated?
- Is anyone trying to delay work reviews or audits?
When looking at risk indicators, it is worth remembering that:
- The typical perpetrator of fraud is a paid employee
- the most common types of fraud suffered are cash theft, payroll or credit card fraud, and
- having internal financial controls remains one of the most effective ways to uncover fraud.
5. Develop sound written policies and procedures
Sound written policies provide accountability and fraud prevention.
Detailed and robust financial procedures
The steps you take will depend on your charity's size and complexity.
We recognise that small charities often do not have access to the same resources, professional advice and risk management processes as large charities.
However, all charities can take some practical and sensible steps which will significantly reduce the risk of fraud. Use your judgement and knowledge of your charity to ensure that anti-fraud measures are appropriate and proportionate.
We suggest you:
- Separate duties where possible. For example, one person should not be solely responsible for authorising, completing and reviewing your charity ís financial transactions
- Keep proper financial records, and retain records of finance-related decisions as they are made. This might be in the form of meeting minutes, or emails and email exchanges.Transaction records should be detailed enough so that you can check that funds have been spent as intended
Keeping records is also a requirement for registered ACNC charities.
- Regularly checking your bank statements to ensure all amounts you expect to be banked are actually received in your charity's bank account. Have the accounts reviewed by more than one person
- Reconcile supplier statements, invoices and creditor balances - to check that invoices match payments
- Regularly change your internet banking password and limit the number of people who have access to it
- Make sure you know which staff or volunteers can access the charity ís accounts, including their level of access to the accounting system, and put in place a system to independently check transactions
- Establish a system where only certain people can approve orders or payments which exceed a particular amount of money. You can do random checks on spending below this amount
- Require at least two signatories for all bank account activity, including new debit or credit cards, and online banking. Ensure no banking can be done without both people signing
- Regularly review and spot check payroll records for any paid staff.
A fraud prevention policy
A fraud prevention policy is a written document that:
- describes actions and responsibilities for preventing, identifying and responding to incidents of fraud
- outlines the key responsibilities of senior staff and board or committee members (or trustees).
Developing and implementing a fraud prevention policy can help raise awareness of fraud risks, as well as help staff and volunteers take appropriate steps to prevent, detect and act if there is fraud.
Such a policy can be endorsed by a charity's governing body.
In developing a fraud prevention policy for your charity consider including:
- a short statement about what fraud means within the context of your charity - you could start with our simple definition of fraud and explain how it may apply to you
- a plan for how your charity will respond to fraud - who in the charity needs to be told and if anyone outside the charity needs to be informed
- how suspicions of fraud will be reported
- how your charity will provide fraud prevention training
- how and when your charity will review the policy.
Human resources procedures
Consider your recruitment process, ongoing training and how you communicate with staff. Practical steps include:
- using a clear job description and sufficiently detailed application form, and reference checking procedures
- ensuring certain standards are met when using volunteers, particularly in the areas of fundraising and money handling
- including fraud prevention policies and procedures in a staff handbook, and having designated staff responsible for them
- where possible, dividing duties between staff so irregularities can be spotted
- introducing supervisory and monitoring checks, where appropriate
- encouraging fraud awareness by training staff in the use of fraud prevention measures, such as financial controls and reporting suspicions
- making risk assessments a regular feature on the board meeting agenda - this ensures fraud is always considered and provides an opportunity to raise concerns
- having a whistleblowers policy that is supported
- having a prominently displayed code of conduct that sets out your charity's ethical culture and is used as a standard by which behaviour is judged.
6. Reporting suspected fraud or other criminal activity
Reporting fraud to the police
If you suspect a crime has been committed in your charity then you should report your concerns to the police as soon as possible. This helps ensure your charity, and the sector, is protected from fraud.
Where Commonwealth laws have been broken, the Australian Federal Police has primary law enforcement responsibility for investigating serious or complex fraud. More information can be found on the Australian Federal Police website.
Consider reporting fraud to your local police, particularly if the situation is urgent and there is a risk of immediate loss or harm.
Reporting fraud to your bank
If the fraud relates to your charity's bank account, cheques or your debit or credit card, you should immediately contact your bank or credit card company to organise a stop is put on access.
Reporting scams, misrepresentation or other fraudulent behaviour to other regulators
You can report a scam (like a fake website in a charity’s name) to SCAMwatch, a website run by the Australian Competition and Consumer Commission that provides information about how to recognise, avoid and report scams.
You can also report fraudulent behaviour to your state or territory consumer regulator, such as a consumer affairs or fair trade agency.
Reporting fraud to the ACNC
Criminal activity in a charity can indicate mismanagement. The ACNC will then consider if we need to act to protect the charity and those it helps.
Reporting incidents of fraud to the ACNC allows us to work with charities to manage the consequences of fraud and to support charities to act to better protect themselves.
We take information-handling and privacy seriously, and do not comment publicly about individual ACNC investigations.
The ACNC Act requires charities to report breaches of the Act as soon as practicable, and no later than 28 days after the charity has knowledge of the breach.
Reporting an incident of fraud to the ACNC is simple and easy to do. Please contact us – you may be asked to fill in a form and detail your concerns.
You can use Form 3C: Notification of contravention or non-compliance to do so.
There is no minimum level that must be reported – charities themselves need to decide whether the incident is serious or significant enough to be reported. You should take into account the actual harm or potential risk to your charity - including to those it works to help, its assets, its staff, members, donors, funders and the public.
The ACNC expects instances of high value fraud or theft, or instances when there is media or public interest, to be reported immediately.
And while low value incidents may not seem important, they may be an indicator of a deeper issue in your charity. If you decide fraud is too minor to report, you should keep records and document your decision.
Reporting an incident is one way to demonstrate that your charity’s board or committee members (or trustees) are dealing with the issue appropriately.
Read more about our policy on handling complaints from the public about charities.