Strategies to Prevent and Detect Fraud at Your Foundation

Five Policies and Procedures to Adopt in 2025

By Michael Koenecke, CPA Partner, Judith Hamilton, Supervisor and Tonya Fletcher, Associate

Unfortunately, the philanthropic sector remains a continued target of fraud. As we close out 2024 and move into a new year, it’s critical to reevaluate your foundation’s strategy now to determine how to better mitigate fraud risk in 2025.

To help you with this process, offered below are five effective policies and procedures proven to detect and mitigate fraud. We include practical examples that any foundation can adopt.

As a reminder, we encourage you to revisit our November 2023 Bulletin on Protecting Your Foundation from Disbursement Fraud, which offers effective and relevant cybersecurity control applications to consider. We invite you again to join us on December 5, 2024 at our 17^th Annual Private Foundation Executive Symposium.

1. Information Technology Standard Operating Policies and Procedures: A strong information technology (IT) and cybersecurity environment is by far the most effective fraud mitigation strategy your organization can adopt. While we always recommend conducting a holistic cybersecurity assessment to understand your foundation’s full exposure, standard IT operating policies and procedures allow your foundation to effectively control cyber and fraud risk to acceptable levels.
   
   How to Adopt: IT standard operating policies and procedures should include elements of the following:

• • Acceptable Use Policy: Establishes expectations of employees with respect to security and protection of foundation information assets.
  • Access Control: Ensures employee accounts are appropriately and securely created with correct access levels.
  • General Network Security: Ensures all security standards are applied to all devices managed by the foundation.
  • Third Party Risk Management: Ensures confidentiality, integrity and availability of foundation data that may be accessed, created, stored or maintained by any third-party contracted by the foundation.

2. Grant Management Policies: Establish and adopt formal procedures that outline how funds earmarked for grantmaking and programmatic purposes are to be disbursed.
   
   How to Adopt: Your foundation could implement a policy where all grant-payment requests undergo a multi-step review and approval process. This might include conducting charity checks prior to releasing payment to ensure the grant recipient exists and is an active public charity in good standing. Additionally, your management team may consider preparing all recommended grants to the foundation’s President or Board of Director for final approval.

3. Vendor Procurement Policies: Establish and adopt formal procedures that outline how funds earmarked for vendor-procured goods and services are to be disbursed.
   
   How to Adopt: Your foundation should implement a policy for procurement of vendor-produced goods and services, which would typically include the following elements:

• • Contract Negotiation
  • Spending Limits
  • Roles and Responsibilities,
  • Compliance Standards/Criteria
  • Vendor Criteria
  • Purchase Order Review
  • Performance Evaluation.

4. Conflict of Interest Policy: As the IRS defines, an important part of a conflict-of-interest policy is providing strategies that will help an organization avoid the appearance or actuality of private benefit to individuals who are in a position of substantial authority. A conflict-of-interest policy is a document we encourage your organization adopts to establish procedures that will offer protection against charges of impropriety involving officers, directors or trustees.
   
   How to Adopt: Create a formal conflict-of-interest policy and recommend that all officers and board directors annually reveal their affiliated organizations and any known conflicts. These attestations should be kept on file in accordance with your foundation’s document retention policy.

5. Whistleblower Policy: Your foundation should adopt a whistleblower policy for the reporting of alleged illegal, dishonest, unethical and/or improper behavior within the foundation. Whistleblower policies are critical tools for the protection of foundation employees.
   
   How to Adopt: Make a physical drop box available for anonymous delivery of complaints, with the location disclosed in your human resources employee manual. Your foundation may also offer a hotline for employees to leave anonymous voicemail complaints. Also consider providing a secure email address for employees to send their complaints.

We Can Help

By proactively addressing the risk of fraud, your private foundation can better protect its assets to successfully achieve its mission. We can help as your organization evaluates its current policies and looks to adopt new and improved in 2025

For an update on emerging cybersecurity threats, we also invite you to join us at our 17^th Annual Private Foundation Executive Symposium on December 5.

Contact Us

We welcome the opportunity to answer any questions you may have related to this topic or any other accounting, audit, tax or advisory matters relative to private foundations. Please call 212.286.2600 or email any of the Private Foundation Services team members below:

• Thomas F. Blaney, CPA, CFE
  Partner, Co-Director of Foundation Services
  tblaney@pkfod.com
• Joseph Ali, CPA
  Partner
  jali@pkfod.com
  
  Scott Brown, CPA
  Partner
  sbrown@pkfod.com
• Anan Samara, EA
  Partner
  asamara@pkfod.com
• Christopher D. Petermann, CPA
  Partner, Co-Director of Foundation Services
  cpetermann@pkfod.com

  
  Elizabeth Gousse Ballotte
  Partner
  eballotte@pkfod.com

  Raymond Jones, Sr., CPA
  Partner
  rjones@pkfod.com 
  
  Michael R. Koenecke, CPA
  Partner
  mkoenecke@pkfod.com