FinOps Partners

A UK charity has been a victim of financial fraud after discovering it had lost £860,000 to a Head of Finance who was able to abuse their position.

Headlines like this are absolutely heartbreaking, especially considering a charity was the target, but unfortunately, this is not uncommon.

For those of you who don’t know me, my name is Carl, and I’m the CEO and founder of FinOps Partners. I’m an ex Big Four auditor, Chartered Accountant, and now a proud business owner helping SMEs strengthen and optimise their financial operations.

I’ve worked with countless charities over the years, and it saddens me to say I’ve worked with organisations that have experienced the devastating impact of financial fraud. I’ve also personally identified fraud, so I know how difficult it can be for justice to be served when trust is betrayed.

The thought of charitable funds being fraudulently misused, instead of serving the communities they are intended to help, really does keep me up at night.

When resources are limited, structures are less formalised, and there’s an over reliance on trust, this can create vulnerabilities within financial processes, which makes these organisations prime targets for fraudulent activity.

However, with the right controls in place, these risks can be mitigated, protecting the organisation’s assets, reputation, and long-term sustainability.

In this blog post, we’re going to go through key controls SMEs and charities can implement to minimise financial fraud risk while highlighting practical strategies that balance operational efficiency with safeguarding against malicious activity.

If you would like more information about how your organisation can strengthen its controls, please book a free strategy call by clicking the button further down this page.

Segregation of Duties (SoD)

Segregation of duties is one of the most effective fraud prevention mechanisms. By ensuring that no single individual has control over all aspects of any critical financial process, you create checks and balances within the organisation.

When multiple people are involved in financial processes, like payments for example, it reduces the risk of fraud as everyone involved in that process would need to collude for financial fraud to be committed.

So, here’s how to implement:

• In SMEs, where limited staff may make it challenging to implement full SoD, focus on separating key responsibilities, such as:
  • The person who approves purchases should not also process payments.
  • The employee reconciling the bank account should not be the one handling cash deposits.
• For charities, ensure different people are involved in receiving, recording, and depositing donations.

Even with a small team, using technology to automate parts of the financial process can help create an electronic paper trail and additional oversight.

Internal Audits and Independent Reviews

Internal audits and independent financial reviews are essential for detecting and deterring fraud. Regularly scheduled and surprise audits send a strong message that fraudulent activities will not go unnoticed.

These can be performed formally by independent third parties, or they can take the form of a spot check. The end goal is to bring high levels of accountability into financial process to reduce the risk that individuals feel like they could get away with it.

Key actions:

• Implement periodic internal audits to review financial records, focusing on areas with high-risk exposure like cash handling or vendor payments.
• Engage external auditors for independent reviews, especially if the organization is growing. External audits offer an impartial evaluation and can provide additional credibility, which is vital for charities seeking to maintain donor trust.

Charities, in particular, may face intense scrutiny from regulators and donors, so transparency and independent verification of finances are crucial.

Expense Management Controls

Expense fraud is a common form of financial fraud, and it can take various forms, such as submitting inflated or falsified expense claims. Implementing stringent expense management controls can mitigate this risk.

It can be very difficult to verify expense claims. Pushing back when it is suspected that an expense claim isn’t correct also takes a strong and diplomatic type of person.

Steps to reduce risk:

• Establish clear policies outlining what qualifies as a reimbursable expense. Use expense reporting software that requires employees to submit supporting documentation, such as receipts and explanations for large expenses.
• Set up tiered approval systems for high-value expense claims, ensuring more oversight on significant outlays.
• Conduct random audits of expense claims, sending a message that all submissions will eventually be reviewed.

For charities, where public trust is crucial, enforcing strict oversight on how donations are spent is essential to maintain reputation.

Vendor Verification and Payment Controls

Vendor fraud, where fake or inflated invoices are submitted for payment, is another area where financial controls are essential. This can happen when internal employees collude with external vendors or when fake suppliers are set up.

Steps to mitigate risk:

• Require all new vendors to go through a verification process, including proof of legitimacy, tax documentation, and business history.
• Maintain an updated approved vendor list, and only allow payments to vendors on this list. Regularly review this list to ensure its accuracy.
• Implement a purchase order (PO) system to track and approve all purchases. Ensure that the person approving the purchase is different from the person who processes the payment.
• For payments, use dual authorisation, especially for high-value transactions. This ensures that at least two individuals review and approve the transaction before money is disbursed.

In charities, where vendors might be providing services or goods for fundraising events or operations, maintaining control over vendor selection and payments is crucial to ensure the organisation’s resources are being used responsibly.

Cash Handling Procedures

Both SMEs and charities often deal with cash, which is particularly vulnerable to financial fraud. Without strong cash handling controls, it can be easy for money to go missing without a trace.

Effective cash handling controls:

• Limit cash transactions as much as possible by encouraging electronic payments, which leave a clearer audit trail.
• When cash handling is unavoidable, ensure there are always two people present when counting and recording cash to reduce the risk of theft.
• Implement daily cash reconciliation processes, ensuring that all cash collected is compared against receipts and deposited at the bank promptly.
• Use locked cash drawers or safes to store cash securely before it is deposited.

For charities, having a strong process for collecting and recording donations—especially during events where large sums of cash may be handled—is critical.

Bank Reconciliation and Monitoring

Bank reconciliation is the process of comparing an organisation’s financial records to its bank statements. Regular bank reconciliation is an essential fraud detection tool that helps catch discrepancies between recorded transactions and actual bank movements.

Recommended practices:

• Reconcile bank accounts at least monthly, ensuring that any discrepancies are investigated immediately.
• Assign bank reconciliation to someone who is not involved in cash handling or payment approval.
• Use accounting software that automatically imports bank transactions, simplifying the reconciliation process and reducing human error.
• Implement real-time banking alerts for large transactions to quickly catch any unauthorized activity.

Regular monitoring of bank statements helps catch fraudulent activities like unauthorised withdrawals, stolen checks, or incorrect deposits, protecting the organisation’s financial integrity.

Cybersecurity and Access Controls

As financial processes become more digital, cybersecurity has become a key element of fraud prevention. Unauthorised access to accounting systems or online banking platforms can lead to significant losses.

How to protect against cyber fraud:

• Implement strong password policies and two-factor authentication (2FA) for all financial systems, ensuring that only authorised individuals have access.
• Regularly review user permissions in accounting software to ensure that employees only have access to the functions they need for their job role.
• Train staff on cybersecurity best practices, such as recognising phishing attempts, avoiding unsecure networks, and reporting suspicious activity.
• Regularly back up financial data and ensure that the organization’s systems are updated to protect against the latest cyber threats.

For charities, where many employees and volunteers may not be the most tech-savvy, cybersecurity training is especially important to ensure that online donation platforms and financial systems are not compromised.

Whistleblower Policy and Fraud Reporting

A culture of openness and accountability can go a long way in preventing fraud. The hiring process plays a crucial role in onboarding staff with strong personal values such as integrity and honesty, that align with their role and the wider organisation.

Implementing a whistleblower policy encourages employees to report suspicious behaviour without fear of retaliation. It can be really tough to blow the whistle when trust is compromised and emotions are involved, but employees should always feel empowered to put the best interest of the organisation and the communities served first.

Key actions:

• Create a clear, anonymous reporting channel for employees, volunteers, and stakeholders to report fraud or suspicious activity.
• Ensure the whistleblower policy is communicated to all staff and regularly remind them of their responsibility to report concerns.
• Act swiftly on any reports of fraud, conducting thorough investigations and taking corrective action when necessary.

For charities, this transparency can also reassure donors that their contributions are being managed ethically.

Conclusion

Fraud prevention requires a proactive approach and a culture of accountability. By implementing robust financial controls such as segregation of duties, expense management policies, and cybersecurity measures, SMEs and charities can protect their resources and maintain the trust of stakeholders.

Even with limited resources, simple but effective controls can make a significant difference, reducing the risk of fraud and ensuring financial stability.

Controls are preventative measures that mitigate the risk of fraud. Proactively implement these controls so you don’t have to deal with the retrospective disaster of experiencing fraud.

Once implemented, organisation’s should regularly review their fraud prevention strategies, adapting to new threats and continually improving their internal controls to stay one step ahead of potential fraudsters.