Fraud risk assessments – an effective way to prevent fraud and corruption risks within nonprofit organizations

Written By yas Froemel

Justine Radnedge, Kroll

The COVID-19 pandemic and the economic, politic and environmental context in which nonprofit organizations intervene has intensified incentives to commit fraud and corruption. It is therefore crucial for nonprofit organizations to adopt a preventive approach to fight against fraud and corruption. In this context, fraud risk assessment appears as an effective way to identify, analyze, evaluate and remediate the fraud and corruption risks to which organizations are exposed, and will contribute to the achievement of programmatic objectives.

Fraud, bribery and corruption: increasing risks for NGOs

According to recent United Nations estimates, an estimated USD 1 trillion is paid in bribes every year and a further USD 2.6 trillion is stolen through corruption. Fraud, bribery and corruption pose a serious risk to achieving the mission objectives of nonprofit organizations (NGOs) jeopardizing access, efficacy, efficiency, equity, and the quality of humanitarian aid, draining resources from where they are needed most and threatening furthermore the ability to reaching Sustainable Development Goals.

Despite an increased focus on combatting financial crime in the past years, as well as digitalization and sophisticated data analytics tools and capabilities, NGOs still face unique challenges such as limited resources, complicated implementation arrangements, diversity of stakeholders and political challenges, which make fighting fraud and corruption difficult in practice. This has resulted in a reactive approach to fraud, rather than working proactively to prevent and detect fraud before it happens.

Fraud Risk Assessment: an effective preventive approach

Fraud is inherent across all processes, therefore the assessment of fraud should be repositioned at the center of programmatic activities. Organizations need to design their own methodology to assess fraud risks based on their risk appetite and objectives, to identify which risks they are exposed and to adopt a pragmatic risk-based approach to fraud. A proactive approach will help organizations design appropriate and proportionate remediation measures to minimize the impact and likelihood of fraud risks on their activities. By employing this approach, the fraud risk assessment becomes the basis to build capacity for the future and to raise awareness within the organization on the level of fraud risks.

Considering the diversity of actors operating within NGOs, there is no standard “one size fits all” approach to assessing, identifying, and mitigating risk but there are multiple sources that set out good practices, international standards, and other policy guideline texts issued by leading professional bodies that can be used as reference points from which to conduct fraud risk assessments. Most important is to have a fraud risk assessment methodology and a remediation strategy that is well structured, consistent, and proportionate to the objectives, scope, and risk appetite of the organization. In addition, to ensure the assessment is appropriate and proportionate to the risks to which the organization is exposed, the organization must first define what falls under fraud risks and clearly establish the scope of the assessment to create a common ground with all stakeholders. A roadmap defining priority areas, required actions, ownership, and resource requirements will provide a linkage between the scope of the assessment and the manner and timing of which the steps of the process will be pursued. The fraud risk assessment process should then be split into three steps:

1.       The identification of the fraud risks that might prevent the organization from achieving its objectives, using the ‘fraud triangle’ theory or equivalent.

2.       A risk analysis to determine the level of inherent risk exposure to the organization through assessing the likelihood and the impact on the quality of overall achievement of objectives.

3.       The risk evaluation to rank and prioritize the most pressing and programmatically critical risks.

Subsequently, there should be a focus on the design of proportionate internal controls to address the residual risk to a level that is acceptable to the risk appetite of the organization. Particular attention should be paid not to add disproportionately burdensome internal controls, or internal controls that can be easily overridden.

Creating a culture of fraud prevention and embedding fraud risk assessments into activities

Regardless of the methodology that is used to conduct a fraud risk assessment, the critical objective is not considering this as a “one-off” exercise, but rather an iterative process that is monitored and evolves with the organization’s risk appetite and against ever-changing political, social, economic, technological, organizational, and environmental factors. There should be a strong monitoring and evaluation framework in place, and a dedicated team to ensure ownership of the process. The level of integration of the risk management process within the organization and whether fraud risk assessments should be conducted by a dedicated internal team and/or with the support of external specialists is a matter of internal resource availability and is a strategic decision for the organization’s governance bodies.

yas Froemel
Previous

USAID’s Office of Inpector General: who we are!
Next

Do multilateral development banks have a trend-setting role to play in the fight against ESG violations?