The charities sector faces an increasing burden of change greater emphasis on governance and risk management. In this environment it is easy to lose focus on day-to-day disciplines. Renewed attention to small details can pay dividends.
Fraud represents a very high risk for charities. An increasing number of attempted frauds on charities have shown that the fraudsters quickly discover any holes in the systems. This can damage both your charity's finances and, crucially, its reputation.
Good controls not only protect your organisation but also its staff. Anyone who has worked in an area subjected to a fraud investigation will describe the very unpleasant and demoralising effect of everyone coming under suspicion. A regular review of systems and controls ensure that these remain appropriate, and also advertised that you are in control.
You may have adequate measures, but when were they last reviewed? When did you last assess which external individuals have access to your offices outside working hours, and so may have access to confidential?
It is not only the professional criminal that we need to consider but also the opportunist. Therefore, it is sensible to ask yourself some questions about your controls.
Is your stock of cheques appropriate for your needs, or are you holding too many? Is it held in a secure place? Do you audit it are any missing? Its not uncommon for a cheque to be removed from the back or middle of a chequebook.
Are cheques do not expire after six months; they can be presented up to six years after issue. If the payee of an old cheque has not advised you of non- receipt a fraudster is less likely to be spotted, so check and cancel it.
Pre-signed cheques are often held for times when signatories are not available. This is very dangerous and must be avoided.
Bank statements can provide valuable information to the fraudster, so are they kept securely? Are they reconciled regularly and any discrepancies investigated?
What are your signing rules? Is there a limit over which more than one signature is required? Are the signatures at the bank up to date? Have you removed any signatories who have left?
Who has access to specimen signatures? Is there a signing-in book accessible to unauthorised personnel or visitors?
Are these kept secure and changed when staff change? Passwords must be kept confidential and not used by other are they?
Letterhead and even compliments slip can be helpful to the fraudster. They can be used to fraudulently instruct a bank, provide credence to a scam on a third party or help money laundering.
There is a large sum of money that your charity will receive by just sending your details this is a well-known fraud. While aware of this, you may not know that you must not respond in any way, as it can be dangerous. For example, by sending a rejection letter you will have provided a letterhead and possibly a specimen signature.
That such frauds are common occurrences suggests that not everyone follows best practice. It is often the simple thing that are exploited and the simple controls exploited and the simple controls that are the best preventative.
For all but the smallest charity, a vital ingredient for success is excellent information systems. What characterises this excellence and how is it achieved?
At its simplest, the twin functions of systems are to warm managers when action is needed and provide reliable, relevant information for decision-making.
The needs of your charity, your resources and the styles of your managers dictate aspects of your information systems. Therefore, your systems are probably unique, even if they use third party software and processes.
However, there is a common starting point for systems design the end, i.e. to identify the questions that the systems are expected to answer. This means considering who wants what information, how soon, how accurately and in how much detail. As part of this you should consider the following:
You also need to distinguish what information is critical what is needed more frequently or with greater accuracy, and what needs wider distribution or availability? For example, critical information for trustees is needed more quickly and in a more summarised form than the detailed operational information needed by charity executives.
Information systems can be categorised as informal (those established by networking and customer contact) and formal (typically computerised to provide fast and accurate information for decision-making).
A system must possess a number of characteristics to be judged successful:
The quality of information output depends on the reliability of the inputs. Ensuring that inputs are complete, accurate and include the non-routine will result in higher quality outputs, enabling better decision-taking and improved performance.
Systems need proper controls to ensure the high quality of information and to alert management to adverse developments. Instituting effective, yet non-stifling, controls benefits from advice from people with experience if implementing appropriate and proportionate controls.
However well designed and operated, systems must evolve to reflect the development of your charity, as well as changes in the business and technology environments. To ensure that you continue to get the most from your systems they require periodic review, starting again with the needs analysis, and considering consequences for your current system design and operation.