News & Events

Nonprofit fraud prevention: 6 internal controls + how AI can help detect and prevent fraud

Article
04.14.2026

By Mark Banks, CPA, CFE, MAFF, Director, Advisory Services, and Alexis Regester, CPA, Advisory Services, Boyer & Ritter

Summary: Well-designed and consistently applied internal controls remain the best defense against fraud within nonprofit organizations. When implemented appropriately, AI tools can further enhance fraud detection efforts when they are used carefully and reviewed by humans.

  • Fraud risk drops when duties are split, approvals are documented, and reviews happen routinely.
  • Most nonprofits can establish a strong baseline by implementing six core internal controls.
  • AI can flag anomalies and monitor activity faster; however, its effectiveness depends on the quality of the underlying data, privacy safeguards, and ongoing human oversight.

Whether it’s a PTO president using the organization’s credit card for $5,000 in personal expenses or executives misappropriating millions of dollars for lavish travel, fraud impairs the services that a nonprofit can provide and erodes the trust of donors and the public.

It’s easier for nonprofits to prevent and detect fraud than it is to remediate the resulting damage after fraud has occurred. Organizations must implement efficient and effective internal controls to mitigate fraud risk, even though the specific controls needed can differ for each entity.

What is nonprofit fraud? (Fraud triangle explained)

Opportunity, pressure, and rationalization constitute the “fraud triangle” that convinces someone to commit fraud. An organization’s elevated risk-taking and lack of controls open the doors to opportunity.

According to the Association of Certified Fraud Examiner’s 2024 Report to the Nations, about 89% of all fraud is classified as the misappropriation of assets. This typically consists of the theft of cash, physical assets, or intellectual property. The median loss in these cases is $120,000.

While only about 5% of cases are labeled as fraudulent financial reporting, the median loss skyrockets to $766,000.

How do fraudsters conceal their schemes? Most commonly, they create or alter physical or electronic documents. The surge in AI is making these tactics easier to commit and harder to spot.

Fraudsters might also destroy or withhold physical or electronic documents. Accounting systems are also often affected by altering, deleting, or falsifying transactions; however, an astounding 11% of fraudsters do not conceal their actions according to the Association of Certified Fraud Examiner’s 2024 Report to the Nations.

Nonprofit internal controls: what to implement to prevent or detect fraud

Internal controls are policies and procedures established to safeguard organizational assets from theft. They also assist nonprofits in meeting financial reporting objectives and compliance requirements in an effective and efficient manner.

Six key internal control elements to strengthen a fraud prevention plan:

  1. Segregation of duties: One individual should not have the ability to authorize, handle, and record the same transaction. Splitting these responsibilities reduces opportunity for both cash and noncash misappropriation.
  2. Authorization: Require documented approvals for significant purchases, payments, and reimbursements to reduce skimming and improper disbursements.
  3. Completeness: Record all transactions in a complete and timely manner. Checks and invoices should be sequentially numbered. Regularly review these sequences to find any gaps or missing items.
  4. Accuracy: Match entries to source documents and reconcile routinely (especially bank activity) to catch errors and suspicious items early.
  5. Existence, or validity: Confirm transactions are legitimate, allowable, and properly classified. Review transactions for overstated or fictitious expenses. Common weak spots include reimbursements, payroll, and vendor payments.
  6. Independent checks: Transactions should be reviewed by appropriate personnel for errors at each stage of processing. Any errors should be promptly corrected and communicated to the appropriate level of management.

Additional elements of a strong fraud prevention plan include requiring background checks for money-handling roles, conducting periodic surprise audits, and reviewing the functionality of strong physical and system access controls such as locks, passwords, and role-based permissions.

Ultimately, internal controls are the responsibility of management.

Using AI for nonprofit fraud detection and prevention

AI is making it easier than ever for fraudsters to enact their schemes and undermine public trust in nonprofits. They are impersonating influential figures or flooding inboxes with charitable appeals in the wake of natural disasters. Some are even using AI to create amazingly realistic-looking nonprofits, counting on donors' compassion to open their checkbooks.

Nonprofits can also use AI to strengthen fraud protection in a few practical ways:

  1. Anomaly and pattern detection: AI learns what “normal” looks like and flags unusual transactions, vendors, donors, or expense trends.
  2. Real-time monitoring: AI allows organizations to monitor transactions continuously, instead of waiting for month-end reconciliations. With real-time monitoring and oversight, organizations can quickly pause payments and promptly investigate any issues.
  3. Automated internal controls: Automate routine checks and documentation review to improve consistency and reduce opportunities for collusion.
  4. Predictive analytics and risk assessment: AI can use past patterns to forecast where breakdowns are more likely to occur. This provides organizations with the opportunity to implement controls in high-risk areas before an issue arises.

When using AI tools within your organization, it is essential to avoid entering confidential donor, payroll, banking, or proprietary information into open or public AI sources. Using paid or enterprise tools that offer straightforward privacy settings is considered the best practice.

Although AI offers significant assistance and resources, human oversight is imperative. Always review and verify all conclusions before implementing any actions.

Bottom line

For help navigating an increasingly complex world, contact Boyer & Ritter. The Boyer & Ritter Advisory Services Group offers the experience and expertise to help nonprofits operate more efficiently and securely through controls, processes, fraud prevention, and use of AI.

With guidance from Boyer & Ritter, your nonprofit can stretch its resources as you work toward having a meaningful impact in your community.

Related Industries

Jump to Page

Boyer & Ritter LLC Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek