Caring Hands was a non-profit organization providing mental health care and substance abuse rehabilitation services in Pennsylvania. Ms. Graham, one of Caring Hands’ social workers, visited clients’ homes to provide social services for families and children. Ms. Graham would compile case notes and information for families and children and submit timesheets to Caring Hands; Caring Hands, in turn, would bill the Pennsylvania Medicaid program.
Caring Hands’ IT department was testing employee data and found personnel records for Ms. Graham did not reconcile with the State Department of Licensing. Upon further investigation, it was determined Ms. Graham was not a licensed clinical social worker in Pennsylvania. Caring Hands also discovered Ms. Graham had been submitting timesheets for visits she (Ms. Graham) did not perform. Caring Hands contends Ms. Graham was overpaid approximately $132,000.00 for 6 ½ years of work.
Non-Profit Organizations Victimized
Non-profit, community organizations like Caring Hands are not immune to fraud committed by employees and volunteers. In fact, they are frequent targets due to their size and lack of internal controls. According to a recent report by the Association of Certified Fraud Examiners, non-profits across the U.S. lose approximately 7% of annual revenues to employee fraud. The risk of theft is especially prevalent for home healthcare because services are provided in the private homes of clients.
How the Fraud is Perpetrated
The nature of the fraud often depends on the type of non-profit organization. It can include, but is not limited to:
Theft from the Organization Itself
- Theft of property, such as computers and cameras.
- Theft of the organization’s checks.
- Theft of checks from donors or members.
- Theft of cash from special events.
- Payments to fictitious employees or vendors.
- Unauthorized raises, and non-submission of payroll taxes.
Theft from the Organization’s Clients
- Theft of clients’ monies or property.
- Intentional incorrect billing of Medicare. According to the Senior Medicare Patrol (SMP), “An estimated $250 million is lost to purposeful health care fraud each year.” After the Damage is Done.
Assessing internal controls is key for any organization victimized by fraud. Non-profits are no different. Taking stock of attitudes and internal controls is key to preventing and mitigating future incidences of fraud. Often non-profits suffer common misconceptions such as:
It hardly ever happens to nonprofits so we don’t have to worry that much.
Mrs. M is the most dedicated, honest, kindest person I’ve ever met.
Everyone who works here is really a good person.
We don’t have enough staff to have financial controls.
Audits catch embezzlement and fraud.
Realizing fraud lurks in the corner of every organization – no matter the size or mission – is the first step. The second step involves strengthening both accounting controls and employment controls as applicable to the organization. For example:
- Don’t maintain a stock of blank, signed checks. Have someone other than a check signor physically open the bank statements and reconcile them, every month.
- Have two people physically open the mail together and record incoming checks.
- Ask donors to write out your organization’s whole name on their checks.
- Use a shared cash box throughout fundraising events. Create an atmosphere of integrity by counting the cash box.
- Check to ensure invoices are attached to checks for payment and authorizations are signed by designated staff members. With checks for significant amounts, contact the relevant staff members to make sure the expenses were authorized.
- Conduct surprise audits.
- Screen employees during the application process and perform criminal background checks.
- Utilize behavior-based interview questions and personality profile assessment tools.
- Validate references. Verify proper licensing, if required for the position.
- Consider implementing a drug and alcohol testing program.
- Investigate customer complaints.
- Implement written policies regarding theft and related behavior with a zero tolerance clause.
- Be aware of upset or stressed employees as they can be more likely to commit fraud.
- Have a confidential hotline for employees to report suspicious activity.
- Have written employment policies to set expectations for employee behavior and delineate the consequences of noncompliance.
- Make unannounced telephone calls and perform in-person interviews with clients and family members. Document questions and answers.
- Report allegations of theft or abuse to police. Suspend suspected employees from duties during the investigation.
- Encourage clients to place valuables in safekeeping, such as a storage locker or safe deposit box.
- Maintain an inventory of unsecured valuables, requesting the client, family members and caregiver sign the list.
- Create a reporting process for missing items or financial loss.
- Urge clients to limit the availability of cash in the home to an amount that will meet current needs.
- Minimize the handling of money and credit cards by the caregiver.
- Prohibit caregiver access to sensitive client information, including bank and checking account records, passwords and personal identification numbers (PINs).
Mitigating employee fraud or dishonesty is unfortunately a necessary part of doing business – even for non-profits. They face not only the resulting financial damage to the organization, but also concerns donors are less likely to give money in the wake of fraud and the resulting negative impact to the community being served. Recognizing the potential for fraud and implementing basic internal controls can help to protect not only the organization, but the clients it serves.