The Fraud Advisory Panel's most recent survey said that fraud in the charity sector was low compared with the commercial sector. Sadly, having spoken to a number of people who can recall incidents of fraud in the sector, I have serious doubts about whether this is accurate. Such a survey can record only fraud that has been identified and, perhaps understandably, charities are reluctant to disclose fraud because they don't want to damage their reputations with donors and funders.
The Guardian recently reported the trial of two long-serving employees of a Citizens Advice Bureau who were alleged to have embezzled hundreds of thousands of pounds. While these stories grab the headlines, the sector - small charities in particular - remains vulnerable to fraud and is dogged by unscrupulous people and organisations looking to exploit the public's trust in charities.
We have all been approached by dubious people purporting to collect funds on behalf of unknown charities. There are also plenty of examples of organisations, such as bogus clothes collection firms, disguising themselves in charitable terms but actually being run on an entirely profit- driven basis.
Some frauds are relatively simple, involving employees creating receipts for the petty cash box or being in a position to authorise and pay invoices or count and bank money. Others are based on sophisticated forgery. The rise of identity theft means fraudsters can easily create apparently legitimate organisations through which to conduct their frauds.
There are also deceptions in which staff inadvertently pay bogus invoices because the organisation has no appropriate procedures in place to check that they are legitimate. Demands for renewal fees in respect of trademarks or domain names are a scam sometimes used by fraudsters, and we have no doubt all been tempted by very realistic emails encouraging us to disclose information that could be useful to fraudsters.
The Charity Commission issued its guidance CC8 - Internal Financial Controls for Charities in December 2003. It sets out some commonsense processes and procedures for internal financial controls, while recognising that no system is infallible.
Charity trustees have a duty to preserve the assets of their charities. A reckless failure to implement controls can result in personal liability for a trustee - even a trustee of an incorporated charity: so it is important to take this guidance seriously. Trustees are also under an obligation to report any "serious incident" to the Charity Commission.
The commission's guidance suggests a segregation of duties to avoid a single member of staff recording and processing transactions and to prevent mistakes and dishonesty. A charity must ensure appropriate records are kept of collection box totals and ticket or lottery sales. It should be standard practice for cheque signing and other financial transactions to require two or more authorities and signatories. Increasing use of internet banking means that similar procedures should be put in place for electronic transactions, ensuring passwords are known to and used by authorised people only.
Access to cash, cheque books, equipment and computers should be regulated, and there is an increasing need to ensure access to information contained on computers is regulated and password-protected.
It is often very difficult to implement procedures in small charities, especially those without any permanent employees, because roles often cannot be effectively segregated. In these circumstances, trustees must be more actively involved and cannot shirk their responsibilities. A review of existing systems and processes and continued vigilance are the order of the day.