In the last few years, I’ve encountered a surprising number of cases of embezzlement–the internal theft of assets–at many of the non-profit organizations where I’ve worked or been on the board. The experience not only undermines the trust among colleagues and friends, but also threatens the survival of the organization, many of whom are often skirting the edge of bankruptcy and now have a smaller bank account and a diminished reputation. Given how frequently I’ve encountered it, I did a quick search about embezzlement at museums and historic sites in the last five years and discovered nearly a dozen heart-wrenching stories:
- ANA Money Museum ($500,000 in rare coins stolen by the collections manager)
- Bellevue Arts Museum ($300,000 stolen by the chief financial officer)
- Bordentown Historical Society ($80,000 stolen by the treasurer)
- Fruitlands Museum ($1 million stolen by chief operating officer)
- Guggenheim Museum Bilbao ($775,000 stolen by the financial officer)
- Independence Seaport Museum ($1 million stolen by the president)
- Mark Twain House ($1 million stolen by controller)
- National Archives and Records Administration ($30,000+ in historic objects stolen by a department head)
- Olympic Museum ($1.8 million stolen by museum store manager)
- Salisbury Historical Society ($4,800 stolen by the treasurer)
- Tucson Museum of Art ($1 million stolen by the bookkeeper)
There are probably many more, but I suspect they’ve kept their stories secret out of embarrassment (but search for “embezzlement” at the Chronicle of Philanthropy to see how widespread it is in the non-profit world). Despite this small sample, there seem to be some common patterns:
- It often involves a senior staff member, frequently the treasurer or chief financial officer, who has access to the organization’s assets (money or collections). As they say in the crime novels, they have “opportunity” but the motive isn’t to steal food because they’re hungry or to provide medicine for their family. The embezzler at the Independence Seaport Museum earned a salary of $300,000 annually and his house was provided by the museum.
- If often involves a person who’s been on staff a long time and has developed a high level of trust, so no one asks questions or evaluates their work. At the Tucson Museum of Art, they discovered that they allowed themselves to become overly “trusting of this employee” because she had worked at the museum for 18 years and “was doing her job well.”
- The embezzler understands financial management much better than others in the organization. At the Mark Twain House, the embezzler, “submitted false information via the Internet to the organization’s payroll management vendor to receive additional pay that she was not entitled to. The money was deposited directly to her personal bank account as payroll advances. She then adjusted the general ledger to hide the advances by classifying the amounts as payments to other accounts, including maintenance and utilities.”
- Embezzlement is often part of a more complex system and sorting it out is difficult. You may know something is missing, but it can be hard to find because it can involve fraudulent credit cards, hidden financial accounts, falsified reports, or clever money laundering. At the Mark Twain House, the embezzler used the organization’s check-writing system to write checks to herself, forging her supervisor’s signature and depositing them in her personal bank account. She then adjusted journal entries in the general ledger and falsified bank statements to hide the fraudulently prepared checks.
- Embezzlement typically occurs over a course of years and is not a one-time event (or perhaps those one-time events are too small to make the news). At the Bellevue Arts Museum, it happened over18 months; at the Tucson Museum of Art, it was five years; and at the Fruitlands Museum it was eight years.
- Organizations often have financial controls and policies in place but they’re either not followed or inadequate to guard against embezzlement. At the Tucson Museum of Art, they believed they were, “doing everything right with our internal systems, including having full financial audits conducted every year with an independent firm specializing in nonprofits.” And yet, more than $1 million was siphoned off over five years.
At non-profit organizations or small businesses, it’s often a serious challenge to defend against embezzlement and you can feel as vulnerable as a henhouse with a fox inside. We rely heavily on trust among a small staff and rarely understand finances. Even if we follow the standard tactics, such as segregation of duties, requiring receipts, and two signatures on checks, we may be still become victims. Banks rarely have the time to verify signatures on checks, online banking allows for the transfer of funds with little oversight, and the embezzlers are wise to the usual tactics. But we shouldn’t give up hope, we just need to recognize that we have to update our thinking. Here are a couple suggestions:
1. Don’t assume an independent audit will catch fraud. It’s still a good idea to conduct an audit, but catching fraud is not the primary intent of an audit. An audit provides an “opinion as to whether the financial statements are fairly stated and comply in all material respects with Generally Accepted Accounting Principles.” If the embezzled funds are properly recorded, it’s hard to smoke them out. For example, an audit won’t catch someone using a company credit card to buy office supplies, then selling those supplies on eBay for personal gain. What an audit can do is “review the financial reporting processes and internal accounting controls to assure that the company’s systems are appropriately designed and operating effectively.” In other words, they can identify weaknesses in your financial management and tell you how to improve. If you get this type of advice, ignore it at your peril. If embezzlement later occurs, you’ll have a lot of explaining to do. Tracy Coenen provides more details in the Wisconsin Law Journal.
2. Develop new policies for using credit cards. Several embezzlement cases involved the use of credit cards, but often they’re the only way to conduct business so they can’t be eliminated without difficulties. We need to go beyond the usual policy that, “company credit cards cannot be used for personal expenses” and look at having unique cards for every user (rather than loaning the one credit to anyone who needs it), establishing credit limits, subscribing to credit card company alerts, and reviewing the entire credit card statement regularly with its associated receipts. James Leisner at StoneBridge Business Partners has a useful check list.
3. Credit is easy, both for you and criminals. Identity theft is not just about someone using your existing credit cards without your authorization, but to use your personal information to obtain new accounts. It’s become so prolific that the IRS has listed identity theft at the top of their “Dirty Dozen Tax Scams” for 2012. Both individuals and businesses can have their identities stolen. For example, an employee can open a business account without your knowledge at a hardware store to buy supplies for his own home; a deceptive person can create a website or email that imitates you to steal your members’ or customers’ financial information; or if the thief is the CFO, he or she has access to your personal information and can get a credit card in your name (at the Fruitlands Museum, the fraud was conducted with 14 credit cards using the names of three co-workers!). Obtaining a credit report annually can reveal if anyone has taken a credit card out in your name. Since embezzlement is an inside job and you will know the perpetrator, the non-profit Identity Theft Resource Center has a fact sheet addressing what to do if you personally know the imposter.
4. Get a better handle on your finances. The two failings I see most often with non-profit boards:
- Most directors and board members do little more than look at the bottom line. If it’s a big positive number, it’s assumed everything is okay.
- Elect the professional accountant as the organization’s treasurer so that the rest of the board never has to look at the financial statements (whew!). If the treasurer says it’s okay, it must be okay.
Sorry, but if you’re a senior staff member or a trustee of a non-profit organization, you really need to analyze financial statements on your own to make sense of them. You don’t need to be an accountant or know the difference between debits and credits. You just need to be a better steward by spending some time studying and evaluating the information in the reports. We have got to get away from flip statements like, “we made a lot of money on our last event” to more thoughtful ones like, “compared to the last three years, this event earned significantly more revenue, however, we continue to run a deficit”. Books like Financial Intelligence by Karen Berman and Joe Knight are a great place to start. You may also need to rethink your financial management structure and have separate audit and finance committees. Karl Baker at Feeley and Driscoll, PC provides a slideshow on the changing financial responsibilities of non-profit boards and forensic accountant Tracy Coenen has some suggestions on internal controls for small companies.
5. Talk about it. Embezzlement is embarrassing but it is occurring far too frequently and threatens the future of our cultural institutions, so let’s learn from each other so we can outsmart, outhink, and outlast the criminals, even if they are working around us. We’ve got to stop this dirty little secret.