Embezzlement Triad: How NPOs Can Avoid Common Embezzlement Schemes

Written exclusively for My Community Workplace for Not-For-Profits Organizations

Dwarne Hawkins, former executive director of the Whitefish Housing Authority, was indicted in U.S. District Court in Missoula, Montana, on one count of theft from an organization receiving federal funding and five counts of wire fraud.

He pled guilty to embezzling more than $100,000 from the nonprofit during his tenure. The organization receives federal funds from the U.S. Department of Housing and Urban Development. https://billingsmix.com/whitefish-housing-authority-exec-confesses-embezzling/ Oct. 13, 2024.

Commentary and Checklist

According to the DOJ:

In court documents, the government alleged that from about May 2023 to January 2024, while working as the executive director for the Whitefish Housing Authority, Hawkins embezzled from the organization. The Whitefish Housing Authority provides safe, decent and affordable housing options for low-income families in the Whitefish community and received approximately $468,616 in federal funds from HUD during the period of the indictment. Hawkins stole housing authority money by diverting and inflating payroll, fraudulently paying personal expenses with the Whitefish Housing Authority credit card and creating and paying fraudulent invoices to businesses over which he had control. As an example, in January 2024, Hawkins created bogus invoices from companies in which he held a controlling interest. Hawkins paid the invoices by fraudulently wiring money from the housing authority for $76,750 on Jan. 16, 2024 and for $23,250 on Jan. 22, 2024, for a total of $100,000. The investigation identified approximately $150,000 in restitution.

https://www.justice.gov/usao-mt/pr/former-whitefish-housing-authority-executive-director-admits-embezzling-least-100000 (Oct. 09, 2024).

The perpetrator used three common embezzlement schemes:  paying personal expenses with credit cards, paying fraudulent invoices to contractors in his control, and inflating payroll for personal benefit.

Credit card fraud occurs when organizations provide credit cards but fail to provide strict oversight over credit card expenditures. In the above matter, it is likely the perpetrator approved his own expenses. 

Ghost work is when a perpetrator of fraud pays invoices to contractors he or she controls. Of the three, it is the most difficult to uncover especially if the work is commonly performed and invoiced. Prevention begins by developing and enforcing standards for contractors that include not using contractors where the ownership as a conflict of interest.

Inflating payroll can happen when standards are absent to approve payroll changes. In addition to setting standards, here are some additional tips:

  • Develop, distribute, and enforce a policy promoting honesty and integrity and prohibiting fraud. Have all employees acknowledge in writing their receipt and understanding of the policy
  • Develop and enforce standards of checks and balances regarding payroll and other wage and pay issues
  • Develop standards for issuing payroll in a timely and secure manner
  • Create, implement, and enforce a timekeeping policy requiring employees to properly and contemporaneously "clock in" and "clock out", specifically prohibit allowing others to "clock in" for another employee, or leaving work for any reason without properly clocking out and back in again
  • Create a system of oversight so multiple people can view and/or oversee how payroll is managed and how hiring is conducted
  • Perform due diligence on employees who will oversee and manage payroll, including criminal background checks
  • Do not provide access or oversight of payroll to employees with a history of fraud or other fidelity crimesUse a neutral, third-party payroll processing company for distributing employee checks
  • Make certain the third-party payroll processing company allows for online access and monitoring of the organization's account
  • Set up an Automated Clearing House (ACH) filter at the organization's bank to ensure only authorized companies can access and debit the organization's account
  • Use direct deposit for distributing payments instead of paper checks. Do not permit payment in cash, barter, or other methods
  • Strictly limit the number of employees with access to the payroll management system to those who need access to perform the functions of their job and provide sufficient oversight over payroll functions
  • Do not allow the same individual who approves payment to prepare payroll and send data to the payroll service
  • Train employees with access to the online payroll processing service to secure their online identities including not writing down, changing, sharing, and/or employing weak passwords
  • Ensure that employees processing and reviewing payroll have a secure place to perform to perform those duties and an uninterrupted time to do so
  • Employees performing payroll should never interrupt the payroll process and should completely log out of the system when taking a break or when finished
  • Prohibit employees from leaving open payroll processing screens unmonitored
  • Before payroll is submitted require employees to review the data and flag any unauthorized or unexpected changes in wage rate, bonus, employee numbers, names of employees, or deposit instructions for employees
  • Send payroll data to the payroll processor two to three days prior to the payment release date to allow time for additional review and investigation. Avoid last minute changes, if possible
  • If there are any inaccuracies on the payroll, the reviewing employee should immediately contact the payroll processing company
  • Ensure no single employee has the ability to access and make changes to the payroll software, including altering direct deposit information, hours, or other information
  • Reconcile organizational bank accounts after every payroll cycle
  • Do not provide "hiring authority" without oversight and frequent review
  • Require all applicants to complete an application and be interviewed in person by multiple people before hire
  • Perform due diligence on job candidates, including providing photo identification, calling past employers, securing recommendations, performing a review of all public social media profiles, and, if warranted, a criminal background check
  • Make certain that all employees are physically accounted for during the workday including periodic "eyes on" audit of employees performing their duties, especially at remote locations
  • Hire third parties to audit payroll and the workforce. If reports or other payroll data are printed or recorded, ensure that all documents are secured, locked, or retained or thoroughly destroyed when disposed of
  • Immediately change the credentials of any employee with access to the payroll service immediately upon quitting or notice of resignation
  • Change the credentials of any dismissed employee with access to the payroll service prior to his or her dismissal
  • Provide a means for employees and others to report suspicions of wrongdoing - including payroll fraud, employee embezzlement, and/or theft - easily, safely, and without retaliation
  • Consider a third-party mechanism for employees and other workplace participants to anonymously report suspicions of wrongdoing, including payroll fraud
  • Promptly investigate complaints from employees regarding payroll issues or employees on payroll not arriving for work
  • Investigate suspicious or unusual payroll activity or employees not arriving for work in a prompt, thorough, and objective manner
  • If an investigation is warranted, use a person trained in investigating fidelity crimes and/or a person experienced in forensic accounting
  • If embezzlement or fraud is detected or reasonably suspected, consult legal counsel immediately
  • Do not terminate a person or make accusations of embezzlement, fraud, or other fidelity crimes without seeking information from law enforcement and advice from an attorney
Finally, your opinion is important to us. Please complete the opinion survey:

Site Zones