The founder and former president of Native Relief Charities was sentenced to three years in prison for stealing US$4 million from the organization, which provides college scholarships for poor Native American students,
The Oregonian reports. A U.S. District Court judge in Portland, Ore. found Brian J. Brown guilty last year of conspiring with one of the charity's board members to commit mail and wire fraud and money laundering. According to prosecutors, board member William Peters set up a US$4 million endowment at Native Relief Charities between 2006 and 2009, from which Brown took US$3 million and Peters received nearly US$1 million. Brown produced tax statements showing that Native American students were receiving the money. Brown was arrested after federal agents received a tip about the fraud, which prevented 650 students from attending college, prosecutors say.
The size of the nonprofit sector and the fraud activity related to it are substantial. According to the
National Center for Charitable Statistics (NCCS), there are more than 1.5 million nonprofit organizations in the United States, including more than 1 million public charities, 101,558 private foundations, and 369,176 other nonprofits such as chambers of commerce, fraternal organizations, and civic leagues. These organizations reported more than US$1.65 trillion in total revenues and US$1.57 trillion in total expenses in 2012, the last year when figures were available.
The 2014 Association of Certified Fraud Examiners (ACFE)
Report To The Nations On Occupational Fraud And Abuse (PDF) reports that fraud in nonprofit organizations has been growing steadily since 2010 and represented 10.8 percent of the cases reported in 2014. Median losses for nonprofits have grown from US$90,000 in 2010 to US$108,000 in 2014.
The reputational damage may be far worse. According to a recent report by the London-based Centre For Investigative Journalism, the 50 worst charities collectively raised more than US$1.3 billion over the past decade and paid nearly US$1 billion of that directly to the companies that raise their donations. This story of insider fraud and theft committed against Native American students adds to this grim picture.
Nonprofit organizations and their directors can consult a vast amount of guidance to better equip themselves to detect and prevent fraud, including from sources such as the ACFE, The IIA, and the National Council of Nonprofits. But what else can internal auditors learn from this situation?
Get up to speed regarding new "single audit" requirements for nonprofit organizations. U.S. regulations (albeit complicated regulations) require nonprofits to conduct an independent financial audit if the organization receives federal funds above a specified amount in a single fiscal year. The U.S. government passed the Single Audit Act in 1984 to ensure that those organizations receiving substantial federal funds use the funds in compliance with the federal government's funding requirements. "Single audit" refers to one of the objectives of that law: to replace the need for the federal government to audit the same nongovernmental organization multiple times.
In December 2013, the U.S. Office of Management and Budget issued new guidance, called
"Uniform Guidance," that applies to audits of nonprofit organizations that receive federal grants, effective for Dec. 31, 2015 year-end audits. All non-federal government agencies and nonprofit organizations that expend US$750,000 or more in federal awards in a fiscal year are required to conduct a single audit (the previous threshold was US$500,000). The overall single audit scope may focus on ensuring that the organization's financial statements are presented fairly, have an adequate internal control structure, and comply with any special government regulations and laws that apply to the specific type of federal funding. However, a single audit is significantly more detailed than a regular independent audit. Auditors performing single audits are required to receive an enhanced level of certification, and they must conduct higher levels of testing on expenses to ensure that federal funds have been used appropriately and are documented and reported correctly in the nonprofit's financial statements.
Advise on governance and regulatory oversight. Auditors can go beyond compliance issues by making observations and providing recommendations to help improve the governance and regulatory framework surrounding nonprofit organizations. This framework is so fractured it is difficult to know who is in charge and who is watching whom. In the Native Relief Charities case, the U.S. Internal Revenue Service (IRS) was able to catch the fraudster. But the regulatory approach taken is either "front-end loaded" (e.g., to grant tax-exempt status) or focused on catching up to the thief after the crime has been committed. Setting up a subsidiary or parallel nonprofit structure to hide fraudulent activity, as in this story, does not seem to receive particular scrutiny. Once nonprofits start raising money or spending grants, oversight is largely left to state governments. In a December 2014
report (PDF), the U.S. Government Accountability Office (GAO) critiqued the IRS for failing to track how well its regulators are doing their jobs in this area. The GAO also observed that the IRS doesn't have the manpower to go after charities that flout the law and could do more to help state regulators target the crooks operating within them.
The situation at the state level also needs improvement. The authorities in charge vary significantly. For example, in Pennsylvania the Department of State is responsible; in California it is the Attorney General; and in Florida the Department of Agriculture and Consumer Services has this authority. Moreover, the rules from state to state are even harder to follow. Various state and local laws may also require an independent financial audit for charitable nonprofits that receive funds from state and local governments, but only 23 states require charities to undergo an annual audit. Regulatory offices nationwide are overflowing with information on charities, but they may not be able to analyze it deeply for signs of fraud. Penalties, including for multiple violations, also vary enormously and often are small compared to the impact of the fraud. Regulators have yet to create a national list to track violators or a formal system to share information, and a fraudster forced out of one state can readily move to another state.