In New Zealand, the common “she’ll be right” attitude can further discourage checks and accountability, making these organisations even more vulnerable.
According to the Association of Certified Fraud Examiners (“ACFE”), NFPs lose about 5% of revenue annually to fraud, and small businesses globally have an annual median loss to fraud of $200,000. In addition to financial hardship or even businesses ceasing to trade, fraud can have a hugely negative impact on key people within organisations. Business owners and NFP leaders can suffer seriously negative emotional impacts, health issues and even breakdowns in relationships with communities and family members.
Understanding fraud
Fraud often brings to mind cash theft, but it’s much broader and can include:
- Asset misappropriation which can involve stealing stock or fixed assets, using the organisation’s equipment for personal use, inflating expense claims and timesheets, submitting false invoices, or redirecting payments to the wrong bank account.
- Corruption happens when financial decisions - like hiring, supplier selection, or decisions about money - are influenced by personal gain rather than the organisation’s best interests. It includes bribery, kickbacks, conflicts of interest, nepotism, and cronyism.
- Financial statement fraud occurs when someone fakes or amends the numbers. This includes inflating incomes or asset values or hiding expenses or liabilities to make the organisation’s performance look better than it is. It can also be used to hide theft. Modern accounting systems such as Xero and MYOB are not immune. These platforms can still be manipulated by those with access and intent, making strong oversight and controls essential.
Even if you hire people with a high level of integrity (or who appear to have a high level of integrity), the perfect storm can still lead to the occurrence of fraud. Trust itself cannot be relied upon as an internal control. The above types of fraud can occur when three specific conditions intersect:
- Pressure (Motive): Personal financial struggles, addiction issues, or sudden lifestyle changes can create intense pressure. Some fraudsters will also “perceive their need” to justify greed.
- Opportunity (Means): Weak internal controls, one person managing all payments, excessive trust in one individual, or inadequate oversight provide openings for fraud.
- Rationalization (Justification): People justify their actions by thinking “I deserve this,” “I’m just borrowing it,” or “The organisation can afford it”.
Practical steps that can reduce the risk of fraud
Limited resources in SMEs and NFPs often mean key people end up wearing multiple hats, juggling compliance and administration. With a strong sense of purpose, a lean structure, and close-knit culture, there’s opportunity for thriving success but also a susceptibility to fraud.
The first steps to reducing the risk of fraud within your organisation start with two important steps: awareness and formal implementation of internal controls.
Awareness
Awareness within your organisation can help the detection of ongoing fraud, and it starts with training everyone - from staff and volunteers, right through to board members. This training will generally cover the following areas:
- Types of fraud and common schemes used
- Risk factors and red flags; these are behaviour indicators such as lifestyle changes and unusual transactions, as well as high-risk areas like cash, vendor management and financial reporting
- Education about the policies and procedures in place to help detect and reduce the risk of fraud in your organisation
- How to report fraud if it occurs
People are more likely to identify common fraud schemes and red flags early on with the right training. Hotlines and whistle blowing platforms can be the most effective when it comes to detecting fraud. They can provide the means through which people are empowered to speak up regarding suspicious behaviour. According to the 2024 ACFE Report to the Nations, adding a confidential hotline cuts the median loss of a fraud scheme in half and reduces its duration by about half as well.
Implementation of controls
While there are many internal controls that can be used to reduce the risk of fraud in your organisation, a great place to start is understanding and implementing the concept of Segregation of Duties.
Segregation of Duties ensures no one individual has control of multiple (or all) steps of an operational or financial process. Initiating a transaction, approving the transaction, recording the transaction and reconciling it to supporting documents should be separated wherever possible. Essentially, it means those who prepare transactions should not be the ones who also approve them. For example, in an accounts payable process, segregation of duties can be implemented by the person entering the invoices not also being able to approve payments, along with a different person being responsible for reconciling bank statements.
Here’s a few practical ways to implement segregation of duties:
- Having payment systems that require more than one person to carry out the tasks of authorising payments, uploading payments to the bank, and reconciling bank statements.
- Requiring two approvals within the bank to make payments.
- Having different people responsible for entering payroll data, approving timesheets, and approving the actual bank transfers.
- Requiring a second person to approve a change in vendor or employee bank account numbers, as well as the input of new vendors and employee bank account information.
- Requiring a second person to review large or manual journal entries to be posted.
- Requiring a regular one-up review of financial reconciliations and reports.
- Performing a regular review of who has access to various systems, and at what levels of access.
These steps may sound like more administration and an additional burden, particularly if your resources are already stretched – but they far outweigh the time you would have to spend correcting errors or trying to manage the harm caused by fraud.
Robust internal controls don’t just safeguard the organisation—they also protect individuals from potential accusations or misunderstandings. When clear checks and approvals are in place, it’s easier to demonstrate accountability and integrity, reducing personal risk for those involved in financial processes.
How does this look in practice?
According to the Serious Fraud Office (SFO), a former employee misappropriated more than $1 million in funds between 2019 until 2021 from a Porirua social services Trust. This was done through replacing a supplier’s bank accounts with their bank account and transferring funds directly from the Trust to their bank accounts. The transactions would then be recorded as “genuine expenses” through inputting manual journal entries in the accounting records.
SFO Director Karen Chang stated that “This case is a reminder that trust, while important in the workplace, is not a substitute for robust internal controls. When financial functions lack proper oversight and checks, they create opportunities for serious misconduct. Every organisation, public or private, should ensure their finance functions have strong internal controls that protect against fraud.”
If there was one person uploading the payments into the banking system, and two different people checking the payment for approval, the suspicious payments could have been detected. In addition, a review of changes in vendor bank accounts (a match can also be made to employee bank account numbers during this process) could have caught the change in vendor information. In short, one person shouldn’t be preparing and approving bank payments, as well as recording journal entries without any checks or approvals.
If you think it won’t happen to you, it will
Fraud occurring within the SME and NFP space is an ongoing problem – but there are solutions. Shifting mindsets from ‘it won’t happen here’ to ‘how do we reduce it’ empowers SMEs and NFPs to act early. With awareness, strong internal controls, and a culture of accountability, you can protect your people, your profits, and your purpose. Taking action can be as simple as reviewing processes and scheduling fraud awareness training for your team. Keep your resources where they belong — helping communities and building thriving businesses — not in the hands of fraudsters.
Get articles and updates relevant to your business and industry delivered directly to your inbox.