While the term ‘financial controls’ will be mainstream for all finance professionals, knowledge of it does not always translate into having the right tools, resources and capabilities to ensure your organisation is protected. Plus, as a sector that faces many challenges – be it funding, resources or hybrid working patterns – charities can be more vulnerable than their corporate counterparts.
These vulnerabilities are no more evident than in the case of fraud. A report by Civil Society showed that £8million was lost due to fraud in the first year of the pandemic. Triggered by this anti-fraud campaign, the Charity Commission found that home working had only increased this risk, due to processes having been relaxed for convenience, to make things quicker and simpler. As a result, wrongdoings and mistakes were much easier to slip through the gaps.
Along the same lines, the second biggest vulnerability appears due to the charity sector’s tendency to place a lot of goodwill and trust in individuals. As charities, the people who join your organisation will undoubtedly believe in the cause that the charity supports, and teams have a trusting environment, and everyone is working towards the same goals. Unfortunately, putting a lot of trust in employees, without the right controls in place, can lead to some taking advantage. It can also allow one person to take too much power and control, which, even with good intent, can lead to disaster.
Key takeout: Charities can be vulnerable without the right controls due to the goodwill nature of teams allowing too much power for one individual, the risk of fraud, and the temptation to slacken processes due to working from home convenient working-from-home practices.
In this real-life example, £900,000 was stolen by a charity’s Finance Director over the course of seven years. Despite such a long period of time, nothing was noticed until the FD was made redundant, and discrepancies between payments were noticed, triggering an investigation. It transpired that this FD was able to create transactions, approve them and transfer money to themselves.
The problem, here, was the lack of segregation of duties. The same person should never be able to create and approve; and it was the lack of controls in place that enabled the FD to continue in this way. Furthermore, as a respected employee with authority, this FD was bestowed a lot of trust to act in charity’s best interests without anyone challenging his activities – meaning there was a single point of failure and too much power and control given to one person.
Key takeout: This FD had too much power and was able to cover tracks without seeking approval from anyone else in the organisation.
This example did not involve fraud; however it resulted in the loss of a huge sum of income, purely due to poor record keeping. One of this charity’s trustees was using their personal bank account for several transactions. All of those payments were then expensed, without any supporting documentation. It was this lack of supporting documentation that led to an audit failure.
As in the example above, we see the same case of too much power being given to just one person. This trustee was not only using a personal account, but was also able to raise expenses and approve them directly. Despite this, no one in the organisation challenged the individual.
So, we can see that a seemingly small issue of expenses can lead to an audit failure; however, that is not the end of the story.
If we take the use of personal bank accounts out of the equation, the lack of supporting documentation alone was enough for this story to appear in the news, highlighting the name of the charity. If you support a charity, and found out in the news that they could not prove that a lot of their expense were spent to support that cause, would you still support them? Would you have trust and belief that they spend their funds in the right way? This damage to reputation could be far greater than a failed audit. Other income streams, such as regular donations, corporate donors, funding bodies or else, could all choose to remove their support. In the worst-case scenario, with income streams decreasing, the charity could cease to exist.
Key takeout: Trustees also need to be held to account, and bad publicity can cause great financial risk.
“We wanted a system that could adapt to strategic requirements in the future, could produce reports that would be useful to the rest of the business (not just finance), and we also wanted to improve data quality, especially for year-end. And what we have now with Xledger is yards ahead of what we had before.”
Thankfully, these examples are avoidable. Here are some key pillars to consider:
Security through having the right tools: These tools don’t need to be state-of-the-art, but they do ensure accountability is tracked. For example, each individual is linked directly to their user profile. This is bespoke to them and can’t be shared with others.
Segregation of duties: The same person should never be able to create and approve payments. Even without a big finance team, there should be at least one other person who can approve (they could be outside the finance function if, for example, there is only one finance manager). Modern tools nowadays have mobile applications that make it very easy to implement for those users who are not necessarily tech-savvy.
Full traceability: An understanding of who did what, when. This protects the individual as well as the organisation. If anything happens, you can find out in seconds.
Roles: Ensuring that people only have access to what they need to do. Strict roles and responsibilities are assigned to the tool they’re using and the action they need to take. This can then be managed in a secure way.
People: Following from above, having the right people in the right role, knowing what they can and can’t do, will mean accountability is much more streamlined.
Trust and culture: While we’ve talked a lot about the downfalls of trust, it is, of course, very important to have! Trust is important for an organisation’s culture, and could be a reason why people leave or stay with a company. It means: “I trust my colleague to question me if they’re not sure” and to question others, regardless of their role in the company, be it FD to trustee, to assistant. When employees feel comfortable questioning, it means fraud and mistakes are much less likely to happen. Therefore, an open and honest culture should be encouraged.
Key takeout: When things go wrong, it can feel very personal. If a charity ceases to exist, the impact is huge. Not just on the employees, but the community, the donors, and most importantly the recipients of the charity’s service. By putting the right controls in place, you are protecting your staff, your organisation, and the end users of your service.
“Charities have great trust and goodwill with their teams, as you tend to hire people that care and support the vision. Having the right tools ensures you protect yourself and the whole team from risk of fraud.”
As a specialist in risk advisory, Amanda has worked across internal audits, tech assurance, governance, controls, counter fraud and more, both in-house and as a consultant for charities and not-for-profit organisations. Here is an overview of the key discussions.
Lack of investment in core back office systems: There is naturally a desire to spend money on the delivery of services, rather than processes. This makes sense, as the charity’s purpose is to help those in need, and your team will likely feel guilty spending money on anything else. Small teams are often leading these decisions, and there can be a lack of automation in embedded systems, all of which leads to the issues raised by Veronika above.
Trust: In a report recently produced by Evelyn Partners for a large charity client, the biggest problem encountered was trust. While having confidence in your team is essential, trust needs to be balanced in order to create value for the recipients.
Inconsistent tone and blurred lines of accountability: In charity settings, leadership is shared between the senior team and the Board. If the tone isn’t clear, pockets of the organisation can be operating in silos, some might not understand or even respect financial control. To avoid this, trustees and executives must come together and communicate.
Risk management: This is not specific to charity, however there is a naivety in how to maximise risk management. Often, there is enthusiasm and need to focus on what the risks are; yet not so much on how they could be mitigated, or what the opportunities are.
Fraud: It is a challenging environment now. The fraud triangle consists of three motivating factors: pressure, opportunity, rationalising. At the moment, the environment is rife for these to come together in a perfect storm. With over 20 years’ experience, Amanda added “I’ve never seen it like it is now.” Reasons being, the cost-of-living crisis (pressure), poor controls (opportunity), or poor tone from top (opportunity). Thirdly, poor morale (rationalising) and lack of staff mean that people are working harder than ever, feeling fatigue around their challenges, and could feel more justified in their actions. In a recent fraud review, 66% was down to poor financial controls.
All of these challenges can seem overwhelming; however, there are key steps you can take to eradicate the risks and find added value in a more controlled working environment.
Leading on from Amanda’s fourth point, she adds her top tips for choosing a new finance system.
See implementation as digital transformation: Whatever you choose, see it as an opportunity to train people well and communicate effectively. Always involve senior leaders and finance teams, not just IT department.
Cleaning data: Don’t underestimate how much time this takes! You don’t always need the old data, so think about what you need.
Assurance: Get good advice; it doesn’t need to be costly consultants, but you need someone to help advise.
Get your trustees and execs together: Everyone should align their understanding and know how to approach the project.
Find out more about our work with charities, or get in touch with our dedicated team.
From shrinking public sector budgets, local authority cuts and lack of long-term funding, charities across the UK are feeling the financial strain of a volatile economy.
Watch to discover:
We met with the Finance Operations Manager in the spring of 2022 to understand what they thought of their experience with Xledger and the value it has added to their organisation. Trussell is a national charity that exists so we can all be free of hunger.
Have any questions on Xledger’s finance software?
Get in touch with one of our dedicated team.
United States
Norge
Sverige
Suomi
UK