Articles

Kaley Crossthwaite, Head of Fraud, BDO LLP

In recent years charities have had to react to ever-increasing financial pressures. From the far-reaching impacts of the Covid-19 crisis to the ongoing cost-of-living crisis, the sector’s assets are being stretched to breaking point. Charities may be struggling to keep services running even as demand for services is rapidly increasing and levels of institutional funding and donations from the public are in decline.  Day-to-day financial pressures are further elevated when considering the ever-changing fraud risk landscape, with fraudsters constantly evolving and innovating to find new, inventive ways to access a charity’s resources.

The challenge facing charities is to mitigate fraud risk and prevent fraud losses that could significantly impact on their ability to carry on providing those desperately needed services.

The media often portrays fraudsters as faceless external threats to an organisation, particularly when it comes to cyber threats and phishing-related frauds. However, recent research and client experience has shown that this is not always the case.

In November 2021, BDO LLP and the Fraud Advisory Panel conducted a survey, ‘Charity Fraud in the Pandemic’, which identified an equal split between perpetrators being internal (i.e., a member of staff or a volunteer) or external (i.e., a person with no connection to the charity) in charities who suffered a fraud between September 2020 and September 2021. Therefore, charities need to focus their efforts on fraud prevention against both internal and external threats.

The Covid-19 pandemic altered the way in which most organisations work, with increased levels of hybrid working, and this opens the opportunities for fraudsters to slip through existing controls which have not been updated to reflect newer styles of working. The hybrid working model, whilst incredibly beneficial in many ways, often amalgamates both manual and automated actions and approval processes. If not proactively assessed for risk this can cause ambiguity in existing processes and controls, gaps in communication, and therefore increased vulnerability to fraud.

Considering that external and internal threats should be treated equally, it is vital to ensure that controls are fully embedded and that the importance of those controls are understood by employees to prevent fraud attacks. Even when fraud controls have been recently reviewed and strengthened – were the human elements considered properly? Controls are only as good as the person who is operating them, and humans can be the weakest link in the chain – whether they fall victim to a social engineering attack from an external actor or are circumnavigating existing controls because it allows for a quicker and easier process.

It is crucial that employees fully understand the gravity of the fraud risks their organisation faces, and their role in ensuring controls are effective.  Educating employees about fraud risk and the importance of controls can create a more ‘fraud-proof’ working environment and will pay dividends if it stops a threat.

How can charities prevent fraud?

There is unfortunately no ‘silver bullet’ in preventing charity fraud. However, experience tells us that it is usually something incredibly simple (i.e. an additional review or checkpoint in a process) which could have rendered a fraud attack unsuccessful.

Below are some simple mitigation techniques to consider today:

• Do your IT systems and accounting software support hybrid working practices (e.g. electronic approvals with clear audit trails)?
• Are queries being resolved as quickly as they would be in an office environment and could this increase levels of fraud or error?
• Is your employee/supplier/customer/financial information stored securely (e.g. accessible by only those who ‘need’ to know)?
• Have your finance employees been appropriately trained regarding the risk of social engineering by external fraudsters?

Have your say on charity fraud

Help us to understand the fraud landscape and raise awareness of the fraud risks in the UK charity sector post-pandemic, by taking part in our annual Charity Fraud Survey.

The questions in the survey relate to your charity’s experiences of fraud and how your organisation manages fraud risk. The information provided will be treated in confidence and only used to inform results for this study. All answers will be anonymous. No individuals or individual charities will be identified. The results of the survey will be shared, providing you and the sector with powerful insights so you can be fraud aware and act against fraud in your charity.

If you have any questions regarding the Charity Fraud Survey 2022, please contact Tracey Kenworthy, Forensic Director at BDO.