Jonathan Orchard: A five-step plan to reduce charity fraud

23 Oct 2017 Voices

To launch Charity Fraud Awareness Week, which encourages those working in the charity and voluntary sector to become more fraud aware and resilient, Jonathan Orchard, partner at Sayer Vincent, has come up with a five-step plan to reduce charity fraud.

Fraud is on the rise and it’s estimated by the Annual Fraud Indicator 2016 to cost the UK economy £193bn per year. Charities are far from immune.

We simply do not know how much money is lost to charities as a result of fraud but some estimates have put at the figure at up to £2bn a year. The most common types of fraud include internal fraud, such as misuse of charity money and false expenses, and external fraud, such as false invoicing, credit card scams and unauthorised fundraising.

The Charity Commission reported last year that more than a third of fraud incidents reports it received involved a charity’s staff, trustees or volunteers.

The consequences of fraud can be devastating and even lead to charities having to close. In July, a Welsh homelessness charity, Cyrenians Cymru went into liquidation largely as a result of a former head of finance being found guilty of a £1.3m fraud conducted over a six-year period. 

Cybercrime is also presenting a major new challenge for organisations and the sector has seen a significant increase in phishing incidences over the past few years.

Just this year Chester Zoo fell victim to an email scam that saw it pay £1.3m into the bank account of fraudsters. Unwittingly, staff at the zoo were tricked into believing an email they received, telling them about a change in bank details was from a contractor they were working with to build a new safari experience. This error resulted in them paying almost £1.3 million into a fraudulent bank account.

While no organisation can eradicate fraud completely, there are steps a charity can take to reduce fraud risk. We advocate a simple five step plan that can help charities reduce fraud.

1. Accept that fraud exists

Organisations are estimated to be losing between 3 to 8 per cent of their income due to fraud – income that won’t get through to beneficiaries.  Additionally, the impact of fraud on a charity’s work, beneficiaries and reputation can be hugely damaging, so the first step towards reducing fraud is to accept it exists.

2. Understand your own vulnerabilities

Charities need to think like fraudsters and really scrutinise their organisation’s weaknesses and vulnerabilities. There are common areas for fraud such as payroll and expenses, payment and procurement processes, fundraising and of course cyber risks – which must all be considered.

Given the scale of cyber risks, we advise that charities should consider what information they are putting in the public domain and how that information could be used in the wrong hands. For example, publishing important contact details such as finance personnel or the names of key suppliers or senior managers on their website. Having access to these contacts makes it easier for fraudsters to engage in phishing.

3. Build awareness and the right culture

Fraud risks should be openly discussed internally with trustees, staff and volunteers. There needs to be clear policies around fraud, bribery and corruption that everyone understands.

To develop the right culture, employees need to understand what fraud and theft means to the charity, the responsibilities of staff in managing fraud, details of any whistle blowing plan or policy and crucially, how the charity will react to fraud.

4. Review and assess controls

Just because your charity has controls in place, don’t assume you are safe. Risks keep evolving and charities must too.  New trends are always emerging and controls must be up dated and regularly assessed. Charities should also be regularly stress testing their controls to ensure they aren’t weak and ensure their board is making decisions based on risk assessment.

If Chester Zoo had questioned the email and called up their contractor to double check if their bank details had been changed, perhaps they would have been alerted to the email scam before paying the invoice.

5. Report and take action

Does your charity have a fraud response plan in place or does it need one? How will it respond to fraud? If the fraud response policy is to take decisive action against fraud, then the organisation must follow through and report fraud to the police or Action Fraud.

With charities having to work harder than ever to survive, it’s imperative they take fraud seriously and ensure they have robust checks in place to minimise the risks.  


National Charity Fraud Awareness Week promotes fraud awareness and runs from 23 to 27 October 2017.


More on