POLICY AGAINST FRAUD

For more information or assistance on any risk management topic, visit www.nonprofitrisk.org or call (202) 785-3891.

Nonprofit Risk Management Center

1130 17

Street, NW

Washington, DC 20036

(202) 785-3891

www.nonprofitrisk.org

SAMPLE FRAUD POLICY

Introduction

Like all organizations, [Name of Nonprofit] is faced with risks from wrongdoing,

misconduct, dishonesty and fraud. As with all business exposures, we must be prepared

to manage these risks and their potential impact in a professional manner.

The impact of misconduct and dishonesty may include:

• the actual financial loss incurred

• damage to the reputation of [Name of Nonprofit] and [Name of Nonprofit]’s

employees

• negative publicity

• the cost of investigation

• loss of employees

• loss of customers

• damaged relationships with [Name of Nonprofit]’s contractors and suppliers

• litigation

• damaged employee morale

[Name of Nonprofit]’s goal is to establish and maintain a business environment of

fairness, ethics and honesty for [Name of Nonprofit]’s employees, guests, suppliers and

anyone else with whom we have a relationship. To maintain such an environment

requires the active assistance of every employee and manager every day.

[Name of Nonprofit] is committed to the deterrence, detection and correction of

misconduct and dishonesty. The discovery, reporting and documentation of such acts

provides a sound foundation for the protection of innocent parties, the taking of

disciplinary action against offenders up to and including dismissal where appropriate, the

referral to law enforcement agencies when warranted by the facts, and the recovery of

assets.

For more information or assistance on any risk management topic, visit www.nonprofitrisk.org or call (202) 785-3891.

a. Purpose

The purpose of this document is to communicate [Name of Nonprofit]’s policy regarding

the deterrence and investigation of suspected misconduct and dishonesty by employees

and others, and to provide specific instructions regarding appropriate action in case of

suspected violations.

Definition of Misconduct and Dishonesty

This policy of misconduct and dishonesty includes but is not limited to:

• acts which violate [Name of Nonprofit]’s Code of Conduct

• theft or other misappropriation of assets, including assets of [Name of

Nonprofit], [Name of Nonprofit]’s guests, tenants, suppliers or others with

whom we have a business relationship

• misstatements and other irregularities in company records, including the

intentional misstatement of the results of operations

• wrongdoing

• forgery or other alteration of documents

• fraud and other unlawful acts

• any similar acts.

[Name of Nonprofit] specifically prohibits these and any other illegal activities in the

actions of its employees, managers, executives and others responsible for carrying out the

agency’s activities.

Policy and Responsibilities

Reporting

It is the responsibility of every employee, supervisor, manager and executive to

immediately report suspected misconduct or dishonesty to their supervisor or the

Executive Director if the supervisor is involved, or the Board President if the Executive

Director is involved. Supervisors, when made aware of such potential acts by

subordinates, must immediately report such acts to the Executive Director. Any reprisal

against any employee or other reporting individual because the individual, in good faith,

reported a violation is strictly forbidden.

Due to the important yet sensitive nature of the suspected violations, effective

professional follow up is critical. Managers, while appropriately concerned about “getting

to the bottom” of such issues, should not in any circumstances perform any investigative

or other follow up steps on their own. All relevant matters, including suspected but

unproved matters, will be referred immediately to [Name of Nonprofit]’s auditor and

attorney.

For more information or assistance on any risk management topic, visit www.nonprofitrisk.org or call (202) 785-3891.

To facilitate reporting of suspected violations, especially in those situations where the

reporting individual wishes to remain anonymous, [Name of Nonprofit] will receive

anonymous reports of suspected fraud by calling either the Executive Director or the

[alternative contact person].

Additional Responsibilities of Supervisors

All employees have a responsibility to report suspected violations. However, employees

with supervisory and review responsibilities at any level have additional deterrence and

detection duties. Specifically, personnel with supervisory or review authority have three

additional responsibilities.

First, you must become aware of what can go wrong in your area of authority.

Second, you must put into place and maintain effective monitoring, review and

control procedures that will prevent acts of wrongdoing.

Third, you must put into place and maintain effective monitoring, review and

control procedures that will detect acts of wrongdoing promptly should prevention

efforts fail.

Authority to carry out these three additional responsibilities is often delegated to

subordinates. However, accountability for their effectiveness cannot be delegated and

will remain with supervisors and managers.

Assistance in effectively carrying out these responsibilities is available upon request from

the Executive Director or his/her designee.

Responsibility and Authority for Follow Up and Investigation

The Executive Director has the primary responsibility for all investigations involving the

organization. The Executive Director may request the assistance of an independent

auditor in any investigation, including the evaluation of internal controls.

Properly designated members of the investigative team will have:

• free and unrestricted access to all agency records and premises, whether

owned or rented

• the authority to examine, copy and/or remove all or any portion of the

contents of files, desks, cabinets, and other storage facilities (whether in

electronic or other form) without the prior knowledge or consent of any

individual who might use or have custody of any such items or facilities when

it is within the scope of investigative or related follow up procedures.

All investigations of alleged wrongdoing will be conducted in accordance with applicable

laws and agency procedures.

For more information or assistance on any risk management topic, visit www.nonprofitrisk.org or call (202) 785-3891.

Reported Incident Follow Up Procedure

Care must be taken in the follow up of suspected misconduct and dishonesty to avoid

acting on incorrect or unsupported accusations, to avoid alerting suspected individuals

that follow up and investigation is underway, and to avoid making statements which

could adversely affect the agency, an employee, or other parties.

Accordingly, the general procedures for follow up and investigation of reported incidents

are as follows:

1. Employees and others must immediately report all factual details as indicated

above under Policy.

2. The Executive Director has the responsibility for follow up and, if

appropriate, investigation of all reported incidents.

3. All records related to the reported incident will be retained wherever they

reside.

4. Do not communicate with the suspected individuals or organizations about the

matter under investigation.

5. The Executive Director may also notify the auditor of all reported incidents so

that it may be determined whether this matter should be brought to the

attention of the Board of Directors.

6. The Executive Director may also obtain the advice of an attorney at any time

throughout the course of an investigation or other follow up activity on any

matter related to the report, investigation steps, proposed disciplinary action or

any anticipated litigation.

7. Neither the existence nor the results of investigations or other follow up

activity will be disclosed or discussed with anyone other than those persons

who have a legitimate need to know in order to perform their duties and

responsibilities effectively.

8. All inquiries from an attorney or any other contacts from outside of [Name of

Nonprofit] including those from law enforcement agencies or from the

employee under investigation, should be referred to [Name of Nonprofit]’s

attorney.

Investigative or other follow up activity will be carried out without regard to the

suspected individual’s position, level or relationship with [Name of Nonprofit].

Questions or Clarifications Related to This Policy

All questions or other clarifications of this policy and its related responsibilities should be

addressed to the Executive Director, who shall be responsible for the administration,

revision, interpretation, and application of this policy.

Approval

For more information or assistance on any risk management topic, visit www.nonprofitrisk.org or call (202) 785-3891.

________________________________________ ___________

(Executive Director) Date

==============================

Acknowledgment

My signature signifies that I have read this policy and that I understand my

responsibilities related to the prevention, detection and reporting of suspected misconduct

and dishonesty.

I further acknowledge I am not aware of any activity that would require disclosure under

this or other existing [Name of Nonprofit] policy or procedure statements.

Signature: ________________________________________

Print Name: _______________________________________

Date signed: _______________________________________