Skip to content Skip to sidebar Skip to footer

The Importance of Assessing Fraud Risk for Nonprofits

Those who work for nonprofits are frequently asked what processes they have in place for identifying, responding to, and monitoring fraud risks. Most times, the response describes an informal process which includes a description of the segregation of duties and review procedures in place.

Given that nonprofit-focused schemes aren’t going out of style anytime soon, it is important that organizations have a concrete fraud risk assessment process.

A tarnished reputation is one of the most damaging effects a fraudulent incident can have on a nonprofit organization. Sure, fraud resulting from an employee skimming funds certainly has an immediate financial impact, but the resulting blemish on an organization’s reputation can have severely detrimental long-term consequences.

The goal of a fraud risk assessment is to identify the vulnerabilities and gaps in internal control systems that could leave the organization exposed to both financial and reputational damage. Developing a proper fraud risk assessment should involve input from all members who have their hand in managing the finances of the organization, from the board of directors to the staff accountant.

An organization can implement procedures to strengthen internal controls and ultimately help reduce the risk of fraud. However, that risk will never be fully eradicated, because as soon as a new control is implemented, someone out there will start crafting a way to sidestep it.

The American Institute of Certified Public Accountants (AICPA) has offered some guidance when developing a fraud risk assessment.

First, consider the types of fraud schemes that can potentially occur, as well as concealment strategies that could be used by a fraudster to avoid being caught.

Next, think about the positions which pose the highest risk of committing fraud and what controls your organization already has in place to deter, prevent, and detect fraud.

Finally, create a list of red flags that board members and employees can reference to be on the lookout.

It is also important to remember this is not a one-and-done effort. As systems, processes, positions, and responsibilities change within an organization, so should the assessment of fraud risk.

If you have any questions about the information above, please contact your E. Cohen advisor.


Matt Duvall, CPA

Matthew (Matt) Duvall is a Principal in the Assurance Services Group at E. Cohen. He has been with the firm since 2016 and has more than 18 years of experience providing auditing, accounting, tax, and consulting services to a broad range of clients in the Washington, D.C. Metropolitan area, including nonprofit organizations, government contractors, and employee benefit plans.

Matt’s specialization is with nonprofit organizations, where he has expertise in providing financial audits,