Vol. 42, No. 6

Fraud and the culture of the bar association: A Bar Leader Q&A

by Marilyn Cavicchia

In a brief “sprint” program at the 2018 ABA Bar Leadership Institute, Gene Takagi, managing attorney at NEO Law Group and a frequent writer and speaker on nonprofit law, addressed several areas of risk that can affect bar associations. One of these was fraud.

Takagi acknowledged the importance of audits and employee background checks, but he also advised attendees to take a good look at the overall culture of their bar association and realize that even a “good” person with no previous record may be tempted to do bad things—and that an audit might not necessarily catch the resulting fraud. Bar Leader recently asked Takagi to expand on some of those observations; what follows is an edited transcript of that exchange.

BL: One of your slides at BLI highlighted some “scary stats” pertaining to fraud in the workplace and within organizations such as bar associations. Could you please share those again?

GT: Sure. Here are some statistics that will help give association leaders a good snapshot of fraud and how much of a risk it is:

  • The typical organization loses 5% to fraud each year.[1]
  • Median losses for nonprofits totaled $100,000.[2]
  • Reported frauds last approximately 18 months before detection.[3]
  • Approximately 85% of fraudsters are first-time offenders.[4]

Many organizational leaders find this last statistic surprising and understandably scary. Rigorous background checks may screen out persons who have a checkered or troubled record, but they won’t necessarily reveal the virtuousness of their character or their future circumstances. Good people under harsh circumstances can do bad things, particularly when they feel taken advantage of, the chances of being caught appear remote, and they don’t believe their actions will significantly harm anybody they care about.

BL: People might feel confident that if they're having external audits done in the right manner and on the right schedule and they always come back clean, it means they're safe. But at BLI, you said that external audits uncover very little fraud. How little, exactly—and how is fraud usually detected?

GT: In the United States, the top three ways occupational fraud is initially detected are tips (37%), management review (14%), and internal audits (13%); external audits uncover only 3 percent of occupational fraud.[5]

An auditor “has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.”[6] However, if the fraud is not through a material misstatement of the financial statements, the auditor is not responsible for detecting it. For example, if the fraud is perpetrated by a theft of a cash donation that is never reflected on the books, the auditor may have no way of detecting such action.

An audit is very different from a fraud examination or investigation, which might be instituted when a fraudulent act is reasonably suspected, is already occurring, or has occurred. Small businesses tend to have fewer anti-fraud controls than large businesses, making them particularly vulnerable to fraud.[7]

BL: Especially for those who didn’t hear you speak at BLI, could you share some tips on how to create an environment that proactively discourages fraud?

GT: An organization’s culture affects its risks of fraud. It’s a common saying that the tone is set at the top. For a typical bar association, the top refers to the board of directors, the body ultimately responsible for its activities and affairs. A board that provides strong oversight and establishes policies regarding whistleblowers, document retention and destruction, contract signing authority, check signing authority, expense reimbursements, organizational credit card use, financial management, internal controls, financial reserves, investments, and other key areas of management will signal to its employees the importance of compliance and the proper use of the association’s assets. In contrast, a board that “rubber stamps” all of the decisions of its executive and provides little oversight and risk management leadership may signal the association’s vulnerability to fraud.

An association with a board that recognizes its weakness can change its course and set the right tone at the top. We often hear of stories where this happens after an organization is victimized and eyes turn to the board. Board members may state they trusted management and could not believe the fraud occurred. But if reasonable steps can be taken after the fraudulent acts, it’s likely that at least some of those steps should have been taken before. Boards should recognize and identify the risks in advance, develop the right strategies to mitigate those risks, and allocate appropriate resources to implement those strategies.

BL: Another risk factor you identified was a work culture where employees are unhappy and underpaid, which can encourage fraud even by those who have no previous history. Given that these are challenging times for a lot of bar associations, how can they help prevent the scenario where employees become disgruntled and commit fraud?

GT: It may be prudent for an employer to perform some level of background check before hiring a prospective employee. Such diligence may be particularly important where the employee is to have supervisory authority and/or responsibilities regarding the organization’s financial management or bookkeeping. But circumstances can change over time. While past issues uncovered by a background check at the time of hiring may serve as an indicator of future risks, such a background check may have been performed many years ago and likely would not accurately reflect many employees’ current circumstances.

The quality of the work environment can impact the association’s exposure to fraud. An environment that is characterized by feelings of unfair treatment, distrust, and lack of leadership may heighten risks of employees using association resources for personal use and/or benefit. Such misappropriations may be seen by the perpetrators as deserved compensation to offset the perceived wrongs they may have suffered in the workplace. Small acts, like getting inappropriately reimbursed for a personal meal or wrongfully taking a paid sick day, can lead to bigger acts. And when employees are in particularly difficult personal financial situations, which they may blame in part on low pay, they may commit fraudulent acts that they may have never considered in the past.

Even if raises aren’t possible, a positive work environment can significantly help deter fraud while improving the morale and loyalty of employees. Ethical leadership, shared values, supportive management, and collegial atmospheres can, to some extent, offset lower salaries and increase productivity

BL: Can you think of a recent example in the nonprofit sector where fraud was committed not simply because someone was clever and eluded certain controls, but because of something more pervasive in the organizational culture (whether at the board level, as a workplace, or both)?

GT: Unfortunately, yes—the Somerville Homeless Coalition. The organization’s then-COO allegedly embezzled approximately $108,000 over 18 months. He supplemented his own pay, used the organization’s credit card for personal expenses, and added his middle-aged son to the group’s health insurance. He tried to partly justify the embezzlement by stating he typically worked seven days a week, took only three holidays a year, and skipped taking vacations. The organization’s executive director admitted that the organization had believed it had good controls and financial systems, but had neither. (To learn more, read this article from the Boston Globe.)

BL: Other than the resources you’ve already cited, where can people learn more about fraud and how to prevent it?

GT: The following will provide additional food for thought:

[1] http://www.acfe.com/press-release.aspx?id=4294973129

[2] See https://www.slideshare.net/McKonlyAsbury/nonprofits-fraud-protecting-the-people-you-serve. The median loss for all organizations is $140,000.

[3] http://www.acfe.com/press-release.aspx?id=4294973129

[4] http://www.acfe.com/press-release.aspx?id=4294973129

[5] https://s3-us-west-2.amazonaws.com/acfepublic/2018-report-to-the-nations.pdf

[6] Auditing Standard (AS) 1001, Responsibilities and Functions of the Independent Auditor

[7] https://www.acfe.com/rttn2016/docs/Fraud-in-Small-Business.pdf