Five Things Non-Profits Can Do to Deter Fraud in a Work-from-Home Environment

Fraud occurs in good times and bad. The pressure to commit fraud increases during times of uncertainty and financial distress, which many are experiencing today with the COVID-19 pandemic. While a number of businesses have transitioned to working from home, others have seen significant layoffs or a reduction in hours due to the continued spread of COVID-19. Many families are navigating a spouse being out of work; children being home from school; and an overall sense of uncertainty about their finances and the future.

Non-Profits face even greater risks and potential for fraud due to their mission-driven operations. Because of tight operating budgets, they may overlook crucial areas such as accounting and internal controls and may result in a decrease in staff, less sophisticated software, and lack of an internal audit function. These characteristics coupled with a work from home environment may also afford people more opportunity to commit fraud.

According to the Association of Certified Fraud Examiners (ACFE), Non-Profits are more susceptible to fraud1. The typical time to discovery of fraud is 14 months, and of those, 54 percent recovered nothing2. Fraud deterrence and prevention is the most cost-effective way of mitigating fraud. While having internal controls in place alone won’t always prevent fraud, enforcing effective controls will help mitigate the risk of fraud within your organization.

Assess Your Internal Controls

Internal controls should provide order and efficiency to processes; accuracy and completeness of data; and prevent fraud, waste and abuse. In assessing your internal controls, ask yourself these questions:

  • Has the culture and tone remained positive within your organization?
  • Has working remotely impacted your ability to maintain strong segregation of duties, specifically with cash management and disbursements?
  • Are reconciliations and internal financials still being completed and reviewed timely?
  • Are journal entries being reviewed to prevent inconsistencies or unnecessary adjustments?
  • Do limitations of your general ledger software or computer equipment put your data at risk?
  • Are your employees equipped with the security tools and training needed to securely work from home?

When answering these questions, it is important to remember that trust is not an internal control. In fact, according the ACFE, the most common fraudster is a trusted employee who made a bad decision in the face of pressure3. It is imperative for organizations to have a strong business continuity plan and intact internal controls in order to protect both the business and its employees.

What can you do?
  1. Perform a fraud risk assessment
    By having to work from home, processes and responsibilities may look a bit different and new challenges in monitoring information and approving transactions are likely to arise. Ask questions such as “what could go wrong” or “where are we most susceptible” when assessing fraud risk. According to the ACFE, disbursement or vendor fraud is one of the most common frauds for which non-profits fall victim. Ensure grants and other disbursements are regularly reviewed, reconciled and no one person has control over the disbursements process. Include a review of physical security controls in your risk assessment. Consider the overall office physical security as well as the location of blank checks or other valuable assets and who has access to them.
  2. Maintain segregation of duties
    Maintaining segregation of duties can be challenging for smaller staffs but that doesn’t mean it should fall by the wayside. Look for controls to evolve in the “new normal” of day to day operations. Do not circumvent controls just because they were previously executed in person-- utilize virtual review, electronic signatures, and shared drives to keep controls operating and effective.
  3. Strengthen information technology (IT) and data analysis capabilities
    Non-Profits may lack strong exception reporting in their IT software and financial systems. Investing in or upgrading technology to ensure that sufficient data analysis and monitoring can occur for financial transactions is key to reducing fraud risks.
  4. Educate employees on cybersecurity
    Cyber criminals capitalize on unfortunate situations and the risk of these attacks now extend beyond the office to home networks. Employees are likely seeing an increase in phishing or vishing attempts. Ensure employees are aware and properly trained to identify phishing/vishing and are educated on handling sensitive information.
  5. Emphasize a culture of internal controls
    Communication and collaboration are essential to an effective internal control system. As we navigate working from home and experience isolation from our teams, it is important to still engage your organization through regular check-ins and virtual meetings.

Remember, internal controls exist to protect the organization and the employee. Consider obtaining objective and independent input. Incorporating an internal audit or external evaluation in your business can help you spot any anomalies or control weaknesses and implement preventative measures.

For questions or more information on the fraud deterrence tips offered in this article, contact us at


  1. Association of Certified Fraud Examiners (ACFE) Report to the Nations, 2020.
  2. Association of Certified Fraud Examiners (ACFE) Report to the Nations, 2020.
  3. Association of Certified Fraud Examiners (ACFE) Report to the Nations, 2020.


Mark Nicolas
Managing Partner, Non-profit, Education & Government

Ashley Counce
Senior Associate, DHG Assurance

Chris Kalafatis
Senior Manager, DHG Risk Advisory

© Dixon Hughes Goodman LLP. All rights reserved.
DHG is registered in the U.S. Patent and Trademark Office to Dixon Hughes Goodman LLP.