by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
GRC Professional : GRC Winter 2012
WHAT WENT WRONG? 10 GrC Professional • winter 2012 Lessons learned from the HSU case When it comes to protecting against fraud, not-for-profits are among the most susceptible to reputational risk. By MATThew SMITh WHEN FAIR WORK AuSTRALIA PuBLISHED a report in May this year alleging that MP and former Health Ser vices union (HSu) national secretar y Craig Thomson had used his union MasterCard to procure $5,793 worth of escort services, not-for-profit GRC managers countrywide must have felt a pang of anxiety. Reputation is everything for unions and charities in the not-for-profit sector, which rely on voluntar y support and member ship fees for thei r existence. Allegations of fraud or misappropriation of funds can seriously undermine the NFP model, comments Vera Visevic, partner with law firm Mills Oakley, who specialises in providing advice to companies in the NFP sector. “Charities in particular are afraid of tarnishing their reputation because it directly relates to trust and their ability to take donations,” Visevic says. In addition to the alleged MasterCard misuse, the Fair Work r epor t al so states that Thomson made un author ised cash withdrawals and provided his union credit card for use by a nother per son. Thom son, who is suspended from the L abor pa r ty, denies the allegations and, at the time of writing, no criminal charges have been laid. While the Thomson fraud scandal is among the most high-profile cases in recent times, it’s certainly not alone in the NFP sector. According to a repor t published this year by BDO, an Australian audit, tax and advisory firm, 12 per cent of NFPs participating in the sur vey said they suffered fraud that accounted for almost $3 million in the last 12 months. Almost one in three NFPs with a tur nover exceeding $10 million have suffered a fraud during the 2011/12 survey timeframe, and the average fraud amount across NFPs of all sizes sur veyed was $31,007. Credit card fraud was the third most common method of fraud among NFPs (10%) behind payroll fraud (14%), and cash theft, found to easily be the most common type of fraud by the study at 40%. “The risk of fraud within the not-for-profit sector can often be g re ater because ma ny organ isations have limited resources and they operate in what is considered a trusting environment. Counter to this is the impact on not-for-profits which, because of the nature of their funding options, have a greater risk profile than other sectors regarding their degree of damage and recovery from a fraud that might occur,” said David Williams, BDO partner. Credit card risks Minimising credit card risk should be the first thing organisations think about if they want to protect against a scenar io similar to the HSu/Thomson example. Gerard Menses, Quietly Consulting’s principle consultant, and chair of the National Roundtable of Nonprofit Organisations and Corporate and Governance Committee, Vision 2020, says credit cards are traceable and therefore misuse should be detected and avoided by organisations with a clear policy framework and internal controls. using the reimbursement process as a tool to track spending can help to detect potential frauds before they occur. Menses says employees using their own credit cards and then submitting expenses subsequent to purchases can circumvent a lot of potential issues. In instances where organisations give employees company cards, spending limits enforced by the bank are helpful in terms of minimising the size of potential credit card fraud exposure, he adds. When it comes to guarding against people who use a credit card for illegitimate purposes, he says a ver y clear policy framework that stipulates no personal expenses along with a structured approval process is essential. “Of course any system will have a loophole. What you want is to have a balance between protecting against the possibility of the fraud and the size of risk,” he says. Any risk protocol to protect against credit card fraud should be addressed under the financial categor y minimising credit card risk should be the first thing organisations think about if they want to protect against a scenario similar to the hsU Thomson example.
GRC Autumn 2012
GRC Spring 2012