Companies & Industries

Non-profit boards need a hands-on approach

Lessons from the Salvation Army case.

Major John Murray of the Salvation Army speaks at a news conference in Toronto. (Photo: Chris Young/CP)

Non-profit and charitable organizations have stretched resources, which makes them particularly vulnerable to fraudsters.

The Salvation Army is currently going through such a situation after a whistleblower informed the organization that $2 million in donated toys had disappeared from—or wasn’t delivered to—their main warehouse in north Toronto over roughly two years.

Fortunately, the police have recovered the majority of stolen items, but not before the Salvation Army fired David Rennie, the executive director of the warehouse, last week. Rennie turned himself into detectives on Monday and was charged with multiple offences, including theft and breach of trust.

It’s highly unlikely that 100,000 toys were carried out under one’s arm. Instead, it’s possible that internal controls over the segregation of duties and the safeguarding of assets were inadequate. Theft happens when there is opportunity, incentives and a lack of internal controls. A board happens to control and approve all these factors, especially the latter one. The trouble is that many boards aren’t exercising their power over internal controls.

After the XL Foods crisis, I spoke to a room full of directors on beef association boards in Calgary. “Do you approve the internal controls over food safety?” I asked. Not many hands went up. “Do you take tours of the plant, see the production line and talk to workers? Do you have an internal audit function that tests the design and effectiveness of internal controls? If so, does it report directly to you?” Again, not many hands went up.

A proper board will want to see confirmation and accountability of the internal controls over all material risks, which aren’t just financial. This includes operational controls, such as the line in a meat plant, or the warehouse with toys in it.

Internal controls basically constrain management. No one likes being controlled and there’s an obvious aversion to management controlling itself. But in a non-profit environment with tight resources and volunteers, vulnerabilities can be exploited by fraudsters. Controls need to be person-proofed and require a diligent board with authority and competency.

Sadly, the Salvation Army was exploited to the tune of $2 million. The organization has a national advisory board, but it’s unclear whether it has a proper, functioning board of directors that oversees risk and controls. Advisory committees advise, but cannot direct.

By exercising greater authority over internal controls, the Salvation Army’s board may have been able to prevent this situation from happening in the first place.